Audit of the security of IT systems, devices and Applications is a comprehensive collection of information and assessment of the state of security.
The audit consists of:
– reading and evaluating IT system documentation (documentation of IT systems, as-built documentation, timeliness of documentation, Procedures, Instructions, Policies including security policy and GDPR policy)
-getting acquainted with the assessment of completeness and timeliness of the inventory of all IT systems
– Familiarization and evaluation of materials and systems regarding accesses, accounts, passwords
– verification of the state of validity of systems, devices, IT applications
– verification and analysis of UTM, Firewall systems
– verification and analysis of End Point Protection systems (formerly Antivirus)
– variation and analysis of the state of cloud services such as Microsoft365, Azure, AWS, GCP and others
– verification and analysis of standardization of objects in the network (workstations, mobile devices, etc.)
– verification of physical security and working conditions for server rooms, distribution points
– verification of the condition of wiring and crossover connections
– verification of service contracts and payments for IT systems, devices and applications
– verification of WiFI solutions and configurations
– ON ADDITIONAL REQUEST: performing penetration tests of systems, devices, applications, websites and other resources indicated by the customer, using a specialized application licensed to every single IP address in
ON ADDITIONAL REQUEST : analysis of IT product licensing
ON ADDITIONAL REQUEST: scanning of the indicated devices in order to accurately verify the technical parameters
NA ADDITIONAL REQUEST: implementation of the LANSweeper inventory system
ON ADDITIONAL REQUEST : Preparation of documentation, instructions, procedures
In order to carry out the audit, at least one local visit (8 hours) must take place, the rest of the work, depending on the complexity of the system and technical capabilities, is carried out remotely. The results will be processed over 7 working days.
Results of work:
The results of the work will be presented in the form of a post-audit document and, if necessary, we will prepare presentations for the Management Board.
The results of the work will include a description of the actual state of system security and tips on how to remove the indicated defects, errors and other occurring problems.
If penetration tests are performed, the result of these tests will be attached, indicating how to remove the vulnerability. In addition, Lizard will present the concept of updating the system and its monitoring in terms of security, periodic scanning and care of the system along with the interpretation of events that occur in it.
The results of the work will also include proposals of technologies that the customer can use or commission and use to modernize or migrate their systems.
Penetration Tests for business
Penetration Tests - do you have any questions?