HOME      ABOUT US      JOBS      Search      SITE MAP
 

   Audit

  
  The success of Security system lies in meticulous adherence to processes and ensuring each and every rule that is listed in Policy Document is followed. In most of medium and large organizations IT Management is responsible for overall maintenance of Security concerns and it is very difficult to ensure that all infrastructure consumers – internal and external follow policy. Here is the opportunity where Auditing is used to vouch legitimate use and consumption of corporate infrastructure, data and intellectual property.

HighSecure Audit practice precisely does same thing and helps IT Management in vouching security system policy follow through. In fact, HighSecure Audit follows “Audit” paradigm exactly like “Statutory Auditing” in Financial Accounting. Hence Highband, unlike most other Security services companies, differentiates between Assessment and Auditing. Assessment is much broad in scope exploratory work where as Auditing is vouching that preset or designed security policy and procedures are followed. HighSecure Audit additionally helps reporting diagnosis of health of Security system and risks for infrastructure.

HighSecure Audit - Periodic Audit Contractis a comprehensive Audit practice from Highband and it has two components to cover Policy / Process adherence and on going security threats. Typically HighSecure Audit service is offered on annual retainer model and is executed with combination of on-site and offshore services model

1.      Process Audit - HighSecure Audit team conducts periodic process audit to ensure security standards are met. In the same effort it checks various reports and policy templates that demonstrate areas like – access logs, traffic logs, permission violation reports, unidentified or forced access – successful / unsuccessful, availability of service records, etc on a predetermined frequency.  It also evaluates constantly if system and process are geared and updated to meet emerging threats, product updates etc. It appraises management of success of security policy adherence and reports loopholes if any.
2.      Vulnerability and Risk Audit - In addition to regular process audit as mentioned above, Auditing is also done to protect from the eventuality of external threats. HighSecure Audit team also performs:

Scanning of Vulnerabilities and Reporting
Corrective Action recommendation or execution of recommendation itself
Intrusion Detection tests / Penetration tests with tools like ISS, Cybercop, Cisco or freeware.
Incidence response and Corrective action.

HighSecure Audit - Monitoring Service is For clients not in contract or if they want a specific objective based monitoring of Security process and policies, HighSecure team can execute tailor made scope audit to monitor security and assess / report risk. The scope of the services is same as mentioned above, however, they are executed like an instance and responsibility ends when we submit the report / recommendations.