SECURITY AUDITING

Protect your critical systems

The IT landscape of your organisation – and therefore its cyber attack surface – can change dramatically within a short period of time, for instance, when you add new hardware, software or office locations.

For this reason, regular information security audits are an essential tool to ensure that your cyber defenses remain fit for purpose.

WHY CONDUCT REGULAR SECURITY AUDITING?

Highlight any vulnerabilities or weaknesses that put you at risk of a security breach.

Assess whether you have the necessary infrastructure and security policies in place – and whether those policies are being followed.

Prioritise security investment to reduce risk and build a business case for expenditure.

Pinpoint remediation measures.

What we do

Whether you require a cloud security assessment, a build or a code review, our expert team can help.

We produce a comprehensive audit report with an executive summary and vulnerabilities listed in order of risk, with our remediation recommendations.

Cloud Security Audit - AWS, Microsoft Azure or Google Cloud Platform

Each cloud service has its own terminology and configurations, requiring a number of specific security checks – but overall, the audit process is similar .
Dionach will identify information assets such as instances, storage, identity management (Active Directory, IAM), databases, key vaults, and then carry out a comprehensive range of checks .

Build Review

Our auditing team carries out build reviews of standard operating system builds, either servers or endpoint, such as Windows 10, Windows Server, Linux servers or Mac OSX.

Build reviews are based on the appropriate standards such as the specific CIS Benchmark or the specific NCSC End-User Device Security Guidance.

We carry out a full range of checks on a server VM or endpoint build that you provide.

Code Review

Our consultants provide security reviews of the application code. We generally follow the OWASP code review guide. First, we determine the threats and context of the application and then we carry out a code review by sampling different areas of code to determine the effectiveness of a range of controls. The code review will involve both static analysis and manual review to identify potential vulnerabilities.

If required, we will review the code to determine compliance with the supplied or best practice coding standards, to ensure that the code can be maintained and supported.

WHY CHOOSE DIONACH?

FLEXIBLE PRAGMATIC APPROACH

Our recommendations are based on a proper understanding of your business in the real world. We will not give you a list of suggested remediation measures that are simply unrealistic for your organisation and industry.

v

CONTINUITY

Our service doesn’t end with your report. Our auditors are always on hand for further meetings and discussions to help fix any issues.

h

CRYSTAL CLEAR REPORTING

With all our audits you will receive a non-technical overview of the risk level posed by your security vulnerabilities and the likely impact, along with full details of the audit or review findings, comprehensive descriptions of any issues identified and recommendations for resolution.

EXPERIENCE

Highly qualified (CISSP) auditors with internal audit experience.

Find out how we can help with your cyber challenge

CONTACT US