CISecurity audit

Are you looking for a CISecurity Audit? Then you’ve come to the right place. The Center for Internet Security® (CIS) can be used for any type of organization and gives you direct insight into the state of your Cybersecurity. From there you can specifically strengthen the weaker areas in your online defense.

The possibilities

With regard to a CISecurity Audit, you can choose one of the following options. The first concerns a procedural audit in which we validate a whole set of security controls on the basis of a checklist. The technical audit concerns a security scan based on the benchmarks of CISecurity. Of course you can also use both options.

Procedural Audit

As a starting point, we will go through the Security Controls of CISecurity with you. On the basis of interviews and questionnaires we get a view of the general state of your information security. Based on the answers and the supplied proof, we will determine together to what extent a policy is formalized and to what extent the controls actually work.

At the end of this audit you will have a complete and good view of the security of your IT environment.

Technical Audit

You can take the technical audit as a supplement to the procedural audit or as a separate assessment. This audit gives you insight into the extent to which your IT components in your infrastructure are configured according to the CISecurity benchmarks. A secure configuration helps to prevent or even stop a breach.

At the end of this audit you will have concrete information to properly secure your ICT components.

Overview CISecurity Controls

Basic CIS Controls

  1. Inventory and Control of Hardware Assets
  2. Inventory and Control of Software Assets
  3. Continuous Vulnerability Management
  4. Controlled Use of Administrative Privileges
  5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
  6. Maintenance, Monitoring and Analysis of Audit Logs

Foundational CIS Controls

  1. Email and Web Browser Protections
  2. Malware Defenses
  3. Limitation and Control of Network Ports, Protocols and Services
  4. Data Recovery Capabilities
  5. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
  6. Boundary Defense
  7. Data Protection
  8. Controlled Access Based on the Need to Know
  9. Wireless Access Control
  10. Account Monitoring and Control

Organizational CIS Controls

  1. Implement a Security Awareness and Training Program
  2. Application Software Security
  3. Incident Response and Management
  4. Penetration Tests and Red Team Exercises

Would you like to know more about our services? Then contact us by phone. Or just send us an email and we will contact you as soon as possible.

• • •