SECURITY AUDITING

Acquire a complete understanding of your environment and application’s security profile.

Whether it’s for PCI-DSS, PIPEDA, SoX, HIPAA, other regulations, or internal standards, IONICA’s comprehensive information security audits uncover vulnerabilities, attack surface, and potential threats. Then we work with you to identify issues that affect your business and formulate a plan to achieve maximum security and standards compliance without business disruption.

Types of information security assessments IONICA performs:

  • Infrastructure – identify operating system and service vulnerabilities, OS and service-level configuration issues, open ports, examine system-level firewall rules, and more.
  • Application – uncover code-level security issues, such as cross-site scripting, cross-site request forgery, SQL injection vulnerabilities. Audit application configuration for security issues.
  • Network – assess network components, such as routers, switches, firewalls, DNS, and VPNs.
  • Physical environment – evaluate security posture of physical locations — data centres, wiring closets, office spaces.
  • Policy – audit organisation security and operating policies.

PROCESS

Gather information – meet with stakeholders to learn which security standards are to be met, which environments are to be assessed, and the business motivation behind achieving said standards.
Coordination – schedule appropriate times for each type of audit activity to take place, gain required approvals from managers,
Perform audit – assess environments and applications security posture. Identify areas of potential improvement. Document environment characteristics.
Present findings – all findings are documented in a comprehensive formal report. Report is presented to client, where each finding and recommendation is explained in detail.
Remediation planning – IONICA supports business in determining which elements of infrastructure and applications are to be modified after the presentation of findings. A plan and schedule is drafted to execute remediation.
Remediation – modify environments according to remediation plan, based on findings of security assessment. Remediation measures can be undertaken by client staff, development agency, or IONICA staff.