IT Security in Practice

IT Security Audit

Audits play a very important role in providing the executives and IT maintenance personnel of your network feedback about the status of corporate IT security. A traditional audit is for compliance only: it is basically a checklist that does not reflect how prepared your company is towards real-world threats and risks. Businesses that take IT security seriously perform penetration testing from time to time. Unfortunately, this is often done with automated tools and generic procedures.

In contrast, Cyber Core audits aim to understand how your system works in the first place, and gather as much information as possible. Using that information we fine-tune our process and make it specific to your environment. Whether you prefer a so called "black-box" penetration test done from the outside, an on-site penetration test with minimal access from the inside, or a system-wide audit giving us full access to your IT resources, we determine just how vulnerable your company is to practical attacks. You may also choose for us to examine your company's physical security and perform social engineering attempts.

The end product of such an audit is a comprehensive report. Many IT security companies these days fill their reports with the output of the automated tools. We believe this undermines the whole concept. Doing so does not provide the executives or IT workers proof or understanding about the risks. Cyber Core reports are constructed in a way that is useful to both the executives who need an oversight, and the people who are directly responsible for keeping your company secure. The reports highlight and explain risks, offer specific solutions or advice, explain the process with which we found the problems to bring the two worlds together.