Home About
Services
Consulting and Expertise Security Management Security Governance Business Continuity Security Awareness
Formations
SECURITE OFFENSIVE - ETHICAL HACKING
Cybersecurity Awareness Hacking & Security: Fundamentals Hacking & Security: Advanced Hacking & Security: Expert Certified Ethical Hacker v10 Penetration Testing: Audit Simulation Web Site Audit Social Engineering and Countermeasures Conducting a Security Audit: SI Audit Method Certified Web Application Security Pentester Python for Pentesting Advanced Exploitation with Metasploit Certified of Cloud Security Knowledge Intelligent Android Application Testing
FORENSICS
Computer Hacking Forensic Investigator v9 Advanced Forensic Analysis and Incident Response Mobile Device Forensics
MANAGEMENT
ISO 27001: Certified Lead Implementer ISO 27001: Certified Lead Auditor ISO 27005: Certified Risk Manager ISO 27005: Certified Risk Manager + EBIOS Method Certified Information Systems Auditor Certified Information Systems Security Professional Certified Data Protection Officer Certified Information Security Manager ISO 31000: Certified Risk Management ISO/IEC 22301 Certified Lead Auditor ISO/IEC 22301 Certified Lead Implementer ISO/IEC 27032 Certified Cybersecurity Manager ISO/IEC 27034 Certified Lead Auditor ISO/IEC 27034 Certified Lead Implementer ISO/IEC 27035 Lead Incident Manager Certified Lead Pen Test Professional ISO 9001 Certified Lead Auditor ISO 9001 Certified Lead Implementer
SECURITE DEFENSIVE
Android Device Security Awareness >Linux Security Windows Security Network Security Technology Watch Security SIEM Implementation Secure Web Development: Python Session Secure Web Development: PHP Session
Team Contact

Language

FR EN AR
Home / Services / IT Security Audit

IT Security Audit

So you want to know more about IT security verification?

Audit
Security
Verification

IT Security Audit Services

In Tunisia, as elsewhere in the world, it is very difficult to estimate and identify the number of hacked companies. It's even harder to estimate the direct and indirect costs of these malicious acts. Several field organizations have issued alerts warning that a vast majority of companies don't have an emergency plan and that in case of an incident, many companies wouldn't be able to recover their data or continue their operations. This means that in such cases, they cannot quickly recover their data to resume normal operations. It's easy to imagine the dramatic financial and human consequences this entails.

A study in the United States shows that in one year (1999 to 2000), the cost of hacking increased from $265 million to $378 million (Computer Security & FBI Source), a 42% increase. Even worse, according to a Deloitte study, over 83% of financial institutions' IT systems experienced security issues in 2004. An alarming growing phenomenon, the same survey revealed "only" 39% of vulnerable systems in 2003.
"Viruses, worms, malware, sabotage, and identity theft are all means of attacking target systems," said Ted DeZabala, a spokesperson for Deloitte & Touche. Among the revelations of this survey were attacks conducted both externally and internally within companies...

Yet, it's entirely possible to significantly reduce these risks by implementing an effective security policy at a reasonable cost. The first reflex should be to take inventory: "What about my information system? Have the necessary measures for its protection and integrity been implemented?"

To answer these questions, one must start by taking a comprehensive snapshot of the perimeter to be evaluated. This "snapshot" is an audit. There are several categories of audits that can be implemented in a company:

White Box Audit

Security audit with information provided by the client. Completely transparent view of the technical and organizational security in place. Very useful before launching a website or new network architecture.

  • The client provides our team with all target documents (source pages, architecture plan, organizational documents...)
  • The team verifies, studies, tests, and validates the target with complete access to information
  • A detailed report is prepared by INTELLIGENT SECURITY IT highlighting identified weaknesses
  • Prioritized recommendations to secure the Information System
  • Post-audit meeting at your premises to discuss with technical teams

Black Box Audit

Blind verification without information provided by the client. Validates an existing website and provides a comprehensive view of technical security.

  • The client provides network access
  • No additional information is provided by the client
  • The team connects a machine to the network and tests vulnerabilities
  • Detailed report of the information system's strengths and weaknesses
  • Prioritized recommendations to secure the system

Intrusive Audit

Validates the network's resistance to intrusion. Can be conducted externally or from a specific point on the internal network.

  • No preliminary information provided by the client
  • Verification from outside or from a specific network point
  • Attempt to penetrate the client's information system
  • Documented evidence of successful intrusions (witness files)
  • Complete report of identified strengths and weaknesses
  • Priority security recommendations

Vulnerability Audit

Systematic analysis of existing vulnerabilities in your network infrastructure and systems.

  • Analysis of operating systems (Windows, Linux, Unix...)
  • Identification of flaws in installed applications and software
  • Verification of workstation and server configurations
  • Analysis of network vulnerabilities and exposed services

Code Audit

Validates program security by analyzing its source code. Confirms the security of any program written in various languages.

  • The client provides source codes of the site or application to analyze
  • The INTELLIGENT SECURITY IT team tests and validates the provided code
  • Detailed report of strengths and weaknesses in analyzed codes
  • Prioritized recommendations to secure verified codes
  • Post-audit meeting with development teams

Organizational Audit

Considers overall company security. Evaluates all aspects of IT security, beyond just technical.

  • General security assessment
  • Physical security evaluation
  • Organizational security evaluation
  • Study and implementation evaluation
  • Production and operations evaluation
  • Logical and telecom evaluation
  • Detailed report of strengths and weaknesses by category
  • Customized prioritized recommendations

Don't hesitate to contact our experts for any additional information, study, and free quote for an audit service.

Information security is essential for any company that needs to protect and enhance its information assets.

Contact Us