Audits and Security Tests

This service was designed to aid your decision making about investments in Information Security. An audit or test can clearly identify the most vulnerable parts of your company information security.

A brief summary of the service key features

The key purpose of ANECT´s "Audits and Security Tests" service package is to make your important assets secure and to describe the problematic parts of your system security.

It is designed to aid your decision making and highlight the areas in which it is highly advisable to invest and enhance your security, but it can also identify the areas where such investment would be useless, as it could not improve protection of your assets and information any better.

The key components of the service:

Our team of ICT Security Auditors and Consultants (ready to help you during the implementation process)

• Performs security tests, audits and analyses
• Describes the results of the tests and analyses
• Suggests what steps should be taken in order to fix the issues identified in the tests/analyses

The team uses the following standards:

• ISO/IEC 27001 - Information Security Management System - ISMS
• BS 25999 - Business Continuity Management Standard (BCMS) or BS 27999 ICT Continuity Management
• ISO/IEC 20000 IT Security Management System - ITSMS
• CobiT - IT Governance

Why is ANECT a.s. a suitable provider?

• ANECT is able to assess, design and implement very complex ICT solutions
• The company experts follow these standards and recommendations:

a. ISO/IEC 27001 - Information Security Management System - ISMS
b. BS 25999 - Business Continuity Management Standard (BCMS) or BS 27999 ICT Continuity Management
c. ISO/IEC 20000 IT Security Management System - ITSMS
d. CobiT - IT Governance
e. Testing methodologies (OSSTMM - Open Source Security Testing Methodology Manual, OWASP - Open Web Application Security Project)

• All of our auditors attend regular trainings and have auditing certificates
• Nonetheless, they are always ready to follow other auditing criteria in order to meet your specific needs

In what ways can the service be provided?

• As a project-oriented task with agreed output
• Invoicing: lump sum (for the whole project) or stage payment - phase by phase

What are the main benefits for the client?

• You can avoid financial losses caused by negative events. You will be able to spot untreated dangerous areas of ICT infrastructure processes and systems in advance, and propose adequate and effective countermeasures in order to avoid higher losses related to untreated events in the future
• You can optimize your investments - the results of the audit or tests will identify the most vulnerable parts of your company information security and highlight the areas in which it is advisable (or necessary) to invest in the security of your important assets and key business data
• All directives and legal requirements in IT Risk Management will be met
• The service supports the process of your business information security management