Cyber Security Audit Services
What is a Cyber Security Audit?
Cyber security audits are one of the most fundamental ways of identifying the security risks to your business and preventing cyber attacks. They are crucial to the effective management of an organisation and are a great acid test to check that your risk management and risks assessments are on the right track.
Audits should be carried out in line with the risks to the business and should also extend beyond your own organisational boundaries, both logical and physical, and include third party suppliers.
It’s paramount that effective internal audits should target people, processes and technology.
Our Cyber Security Audit Services
Here at Romano Security Consulting we use our extensive experience of conducting cyber security audits to offer you a tailored audit solution.
All our auditors are ISO27001 Lead Auditor certified, CISA certified and CCP IA Auditor Senior Practitioner certified.
If you are looking for a compliance or risk based audit, then we can audit against one or a culmination of the standards and frameworks listed below:
ISO 27001
SOC 2
SOC 1
NIS Regulations
UK Government Security Initiatives e.g. SPF, IAMM, 10 Steps to Cyber Security, PSN, Cyber Essentials
Cloud Security Alliance (CSA)
NIST
CIS 20 Critical Security Controls
DSP Toolkit
If you don’t have the skills, expertise or resources in house or just don’t know where to begin then we can offer you one of our risk based, basic or advanced audit solutions. Please see below:
Basic Cyber Security Audit
The basic service is a one-day audit offering a high-level review of your organisation and your IT infrastructure.
The basic audit is a valuable pre-cursor towards assessing conformity with regulatory requirements, such as the EU GDPR or standards and frameworks such as ISO 27001, Cyber Essentials, NIS Regulations, NHS DSP Toolkit.
The audit identifies cyber threats, vulnerabilities and cyber risks in your organisation and covers the following areas:
Governance and strategy
Data security and privacy
Risk management
Training and awareness
Legal, regulatory and contractual requirements
Policies and information security management system
Business continuity and disaster recovery
Incident management
Technical IT security controls
Physical security controls
Third-party management
Secure development
Cloud security
The output of the is a summary report of the risks, threats and vulnerabilities identified.
Advanced Cyber Security Audit
The advanced service is a two day in depth review offering a no stone unturned in-depth audit of your organisation, IT infrastructure and security practices.
The advanced cyber security audit service is ideally tailored to form part of an annual external review process, provide assurance to prospective clients, investors or the board of directors.
Typically the first day examines your approach to cyber security, your ISMS and includes a physical audit and the second day examines the technical controls in place within the organisation.
The audit identifies key threats, vulnerabilities and risks in your organisation and covers the following areas:
Governance and strategy
Data security and privacy
Risk management
Training and awareness
Legal, regulatory and contractual requirements
Policies and information security management system
Business continuity and disaster recovery
Incident management
Technical IT security controls
Physical security controls
Third-party management
Secure development
Cloud security
The output of the advanced cyber security audit is a detailed report of the risks, threats and vulnerabilities identified and recommendations on how to remediate and prioritise the risks, threats and vulnerabilities identified and how to protect your sensitive information.
Third Party Supplier Audit
Are you as confident that your third party suppliers have a robust security solution in place to prevent them from being the source of your data breach or incident? Get the assurance you need with our Third Party Supplier solution. We can audit your third party suppliers and provide you with a detailed report and recommendations.
Physical Security Audit
Our physical audit adopts a no stone unturned approach to reviewing your onsite physical and environmental security and identifying your physical and environmental risks, threats and vulnerabilities. We’ll start at your outer security perimeter and work our way inside examining all your physical entry controls, secure areas, environmental controls and everything in between. Following the audit our findings and recommendations will be outlined in a detailed report.
Cloud Security Audit
If you are a cloud hosting provider or a SaaS software developer and you are looking for assurance that your cloud infrastructure or SaaS development environment is secure then our Cloud Audit can provide you with that assurance and also provide recommendations for improvement. Our Cloud Security audits are conducted in line with industry standards such as the Cloud Security Alliance (CSA) Cloud Security Matrix (CSM) and Security, Trust, Assurance and Risk (STAR) Registry.
Audit Remediation and Corrective Action
The audit is the start of the journey, once this has been conducted and the report written the hard work starts. If you need assistance with the remediation then we are here to guide you through the next steps with our extensive experience of remediation planning and control implementation.
Case Study
Below is a Cyber Security Audit case study compiled by Romano Consulting to demonstrate and provide an insight into the work that we have carried out on a previous project and that might be of interest to our prospective clients.
G Cloud Approved Cyber Security Audit
Romano Security Consulting are approved to supply our Audit services under the UK Government Crown Commercial Services G Cloud 14 Digital Market Place.
The Digital Marketplace is an online procurement service for any public sector organisations to procure services, resources and technology for digital projects, quickly and cheaply.
The G Cloud procurement process eliminates the need to go through a full tender process as suppliers have to apply to and be approved by the Crown Commercial Service via the G Cloud application process.
Please click on the button below to access our services on the Digital Market Place.