IS Audit

​IS Audit

We execute information security audits from the procedural and the technical points of view. Our team has wide competencies for managing almost all the requirements for verifying compliance regarding either the Cyber Act, ISMS, personal data protection, or other specialized IT standards. We can also provide the customers' audit at your suppliers. Don't hesitate to contact us, and we will put together an individual IS audit for you for a reasonable price.

 

Our recommendations are exact and factual

One of the biggest banks in Slovakia went through a complicated restructuring. We cooperated closely within the project from the beginning, and so we had good knowledge of the environment and internal standards. After the implementation of security to the new systems we were entrusted to do a complete audit of these systems.

We invested a lot of effort in the audit's preparation by modifying of our own auditing software so the results would correspond with the bank's environment and would be the most relevant. Subsequently, we recommended the best measure for blocking the detected risks with minimal impact on the project’s course.

Due to our knowledge and our objective consultation during the audit, we recommended a factual remedy measure that was custom-made for the audited infrastructure. So the discussion about the recommendations was significantly shortened and the audit was finished ahead of time.

Systems' and devices' audits

Did you perform penetration tests, and are you still not sure if the security of the factual server or other application platform is sufficient? Do you need to have the security of the key components of your information system thoroughly tested?

The solution to these and other problems is to perform a detailed audit of the factual systems or devices' security within the company's information system.

While performing penetration tests, AEC specialists put themselves in the role of potential attacker. During the technical security audits, they approach the examined component in the role of the system administrator, and implementor of recommended measures for increasing its security. During the individual systems' setting check we take advantage of the knowledge and experience of AEC security and system specialists, producers' recommendations for hardening of the defined systems, etc.

All of the found deficiencies are described in detail in the audit report. There are vulnerability risks described and of course the proposals for their reduction.

 

 

Our services' benefits

  • ​More than 20 years of experience in the field of security in the Czech and Slovak Republics.
  • A large team of certified auditors and administrators with experience from dozens of audits performed every year.
  • We use commercial free and tools and scripts of our own, as well for data collection and follow-up analysis.
  • Evaluation of the company's ICT security level and definition of objective risks in the context of presumed impact on the business.
  • We perform audits according to the PCI-DSS a PA-DSS standards.

References

If you want to see the quality of the outcomes we provide, we can submit an example of an audit report for you to see. If you are interested to find out more about the way we work, don’t hesitate to ask one of the following companies for reference. They represent selected and approved recent references only.

  • Volksbank

  • ING bank

We regularly provide the security tests for our customers T-Mobile, Komerční banka, Česká spořitelna, ČSOB, Zuno bank AG, and Poštová banka.