IS Security (Plan Do Check Act)
Information security audit is a methodical, calculable technical assessment of how the organization's information systems security is been deployed or carried out all over the organization or particularly to a site.
Elate IT Team performs Information security audit by understanding the information technology atmosphere by conducting general and specific interviews, vulnerability tests , examination of system settings, analyzing network and communication current and prior data records. The entire purpose to conduct the Information Security Audit is to find out the information systems and information technology control weaknesses.
Information system audits itself is a very large domain hence at Elate IT we have sub divided Information Security audit in to following areas. A company can go for evaluation of one area or multiple or choose evaluation and audit of whole organization.
Security of the Servers
As Information and its flow are getting more and more critical its bit difficult for companies to limit that information in their business boundaries. Servers Proxy, Application or database have always been critical part of business as they are like a backbone of organization, now days organizations cannot afford to compromise on security of their servers. Elate IT provides assistance & assurance to the organizations in their related server security level issues, which could either be related to Configuration management, policies or controls.
Security of Applications
Companies often put significant amount of money and their IT related resources in business applications development and software’s, which becomes company’s prime assets. Elate IT team examines client’s software applications to identify any ambiguity, process inadequacies and control weaknesses that encourage defects in the system. These reviews are conducted to determine application performance with regard to functionality, security and controls
Security of Operating Systems
To secure information effectively, it needs to be secured from all perceivable threats organization often neglects their operating systems and put their entire IT infrastructure at stake. The operating system is the primary link between the software and the physical data and all attempts to read, write or manipulate the data must pass through the operating system.
Elate IT process of auditing OS security includes evaluating whether the security features have been enabled and parameters have been set to values consistent with the security policy of the organization, and verifying that all users of the system (user IDs) have appropriate and authorized privileges to the various resources and data held in the systems of organization.
Security of Databases
The current trends in application software design include frequent use of a database management system that actually handles data manipulation inside its tables, rather than it being done by the OS itself in files. DBMS follows integrity rules and constraints built into
the database definitions if they are compromised organization valuable data may get hacked or stolen. Elate IT caters all kinds of such issues in database systems and can provide assurance in relation to system integrity, confidentiality and authenticity.
Security of the Networks
Today we live in a world where everything more or less connected. Communication is a key requirement for all systems. A network could be as simple as a small local area network (LAN) connecting a few computers inside a single room or a building, or it could be something that connects computers at factories and offices spread over a number of cities or even countries as the networks grows the level of threat from external and internal areas increases which should be preplanned and countered.
Elate IT has grouped network vulnerabilities into three broad categories
Interception: The data that are transmitted over the network pass through some medium that consists of a carrier and other equipment, often in the physical control of other third parties. Hence possibilities of data been intercepted increases and once intercepted, there is a risk of undesirable disclosure, for instance someone stealing data or modifying the intercepted data, resulting in loss of integrity and consequent other, more material losses
Availability: As networks grow, more and more users are remote and access their applications over the network, crossing hundreds or thousands of miles. If network connectivity fails or becomes unavailable for any reason, there would be serious interruption to business and consequent damages.
Access/Entry Points
The network provides the ability to extend the system to users across geographical boundaries, resulting in conveniences and efficiencies otherwise impossible. But on other hand network provides the feasibility for access to the system from anywhere. A single weak point can provide many points of entry for intruders, interceptors and malicious code-like viruses, worms and Trojan horses. The ability of the network to enable access to a system from anywhere is the most serious of a network's vulnerabilities.
Our Methodology
Elate IT follows ISMS approach of Plan-Do-Check-Act
Plan
Scope The first step is to define the scope of the ISMS. It could be the whole of your organization. It could be a particular site. It could be just a particular service - Internet banking for example.
ISMS Policy Why is information security important to you? Is there a particular threat, or other worries that concern your organizational objectives? What do you want to achieve, for example in terms of confidentiality, integrity and availability?
Risk Assessment Now you know what you are trying to protect and what is an acceptable level of risk, what is your actual risk? You have defined a method that is appropriate to your organization. Elate IT team will conduct a comprehensive evaluation analysis of impacts that would occur or already occurred by keeping your organization objectives in front.
Risk Treatment Plan After completing your assessment of risk, Elate IT will evaluate what measures have been taken to treat that risk. Are you just going to accept the risk and rely on your ability to promptly detect and respond to security incidents?
Statement of Applicability (SOA) Elate IT will learn either your organization has gone through all specified controls which are related and applicable as per your organizational needs.
DO
The DO part of the cycle requires you to operate the controls. Here we will evaluate your procedure, as mentioned above, to ensure that prompt detection and response to incidents controls are rightly managed and in operation, also that all staff is security aware, and are appropriately trained and are competent to carry out their respective security tasks.
CHECK
The purpose of the CHECK phase is to ensure that the controls are in place and are achieving their objectives.
ACT
Elate IT team will evaluate the outcomes of the CHECK activity. There are three varieties: Corrective action, Preventive action, Improvements. |
