With regard to a CISecurity Audit, you can choose one of the following options. The first concerns a procedural audit in which we validate a whole set of security controls on the basis of a checklist. The technical audit concerns a security scan based on the benchmarks of CISecurity. Of course you can also use both options.
As a starting point, we will go through the Security Controls of CISecurity with you. On the basis of interviews and questionnaires we get a view of the general state of your information security. Based on the answers and the supplied proof, we will determine together to what extent a policy is formalized and to what extent the controls actually work.
At the end of this audit you will have a complete and good view of the security of your IT environment.
You can take the technical audit as a supplement to the procedural audit or as a separate assessment. This audit gives you insight into the extent to which your IT components in your infrastructure are configured according to the CISecurity benchmarks. A secure configuration helps to prevent or even stop a breach.
At the end of this audit you will have concrete information to properly secure your ICT components.
Overview CISecurity Controls
Basic CIS Controls
- Inventory and Control of Hardware Assets
- Inventory and Control of Software Assets
- Continuous Vulnerability Management
- Controlled Use of Administrative Privileges
- Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
- Maintenance, Monitoring and Analysis of Audit Logs
Foundational CIS Controls
- Email and Web Browser Protections
- Malware Defenses
- Limitation and Control of Network Ports, Protocols and Services
- Data Recovery Capabilities
- Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
- Boundary Defense
- Data Protection
- Controlled Access Based on the Need to Know
- Wireless Access Control
- Account Monitoring and Control
Organizational CIS Controls
- Implement a Security Awareness and Training Program
- Application Software Security
- Incident Response and Management
- Penetration Tests and Red Team Exercises
Would you like to know more about our services? Then contact us by phone. Or just send us an email and we will contact you as soon as possible.