About the service

A comprehensive security audit is an opportunity to assess the real level of security of the IT infrastructure and other IT assets of the organization. The service helps to identify possible information security (IS) risks - hacking, inaccessibility, failures, human factor - and determine how relevant they are for business.

ONESEC information security experts evaluate business processes, the company's IT assets and the state of information systems, analyze weaknesses and calculate information security risks for each asset, and also provide recommendations for their reduction.

What are you getting

•     A report with a summary analysis of information security risks for each IT asset (quantitative or qualitative indicators).
•     "Roadmap" for organizing information security and reducing information security risks.
•     Calculation of specific technical solutions agreed with the client at the previous stage.

Why identify risks

Based on the information security risk analysis, it is possible to unambiguously determine which IT assets (including information systems) and how should be protected in the first place, and which risks can be eliminated later or accepted.

Information security risk analysis helps to:

• Develop an action plan (roadmap) to organize information security.
• Correctly distribute the budget for information security, saving money and other resources of the company.
• Improve the efficiency of IT and information security departments.
• Determine the damage from a possible hack and the level of training of a potential attacker.
• Reduce the likelihood of negative consequences: hacks, data leaks, failures.
• Determine asset protection priorities.

How we are working

1.     We sign a non-disclosure agreement.
2.     We request preliminary information about the company's assets, their criticality for business.
3.     We conduct interviews with company employees in order to collect the necessary information about assets, their criticality, processed information and methods of protection.
4.     Checking the settings of the IT infrastructure components.
5.     We check the settings of information security tools.
6.     We determine the threats and vulnerabilities of each asset of the company.
7.     We calculate the IS risks for each asset.
8.     Based on the results of the security audit of the organization:

•     offer the best ways to eliminate vulnerabilities and minimize information security risks.
•     we prepare a report describing the current situation, our recommendations for improving it, and provide a summary analysis of information security risks with recommendations for their handling.
•     consulting and answering clarifying questions.
•     we are preparing a "road map" for organizing the work of the information security department and introducing information protection tools.

       9. We calculate the cost of specific technical solutions for information protection.

Who is the service suitable for?

You need a service if:

•     It is necessary to ensure the safety of critical data and the operability of the IT infrastructure.
•     You want to protect yourself from financial and reputational losses and at the same time not overpay for ineffective solutions.
•     Strive to improve the level of information security.
•     You have already experienced information security incidents.