Business performance of any successful organisation directly depends on the efficiency of its IT systems and business processes. At the same time, threats to that technology and the business processes it supports continue to increase. Among the organisations most vulnerable to such threats are small and midsized companies, which have perhaps the greatest relative technology risks combined with the fewest resources allocated to identify and assess those risks.
HMM Accountants IT Auditservice is designed to assist small and medium-sized growth-oriented companies.
We assess the technology risks and the control environment as they relate to critical business processes. Our profound expertise in IT audit can help ensure the integrity, reliability, performance and security of the IT systems and processes.Through our expert resource and proven methodologies, our clients realise more effective and efficient technology controls aligned with their business needs and IT strategies.
Our key IT Audit services include:
Our Technology audit service is supported by most reliable tools,methodologies and experienced staff. The key audit areas include:
- Wireless Security
- Database Security
- Network Security
- Malware Prevention
- Mobile Device Security
- Web Application Review
- Data loss Prevention
- Application Systemssecurity & Control Assessment
- Application User Segregation of Duties
- Internal & External Security Vulnerability Testing (link to Security Risk Assessment and Testing)
- Penetration Testing (link to Penetration Testing)
IT Process Audits
The underlying IT processes, to develop and maintain IT systems and provide services,are as important as the technology itself. It often is there that we find root cause for symptoms experienced at the technology layer. IT process audits includes:
- IT Strategy & Business Alignment
- 3rd Party Service Management - ISAE 3402 and SSAE 16
- Change Management
- System Development life cycle (SDLC) and Project Management
- Business Continuity Management
- Portfolio/ Programme Management
- Security Monitoring & Response Procedures
- Back-up & Restoration Procedures
- Asset Management
- Incident and Problemmanagement
- User identity & Access Management
- IT Cost & Procurement Process
- IT Governance Procedures
IT Project Audits
IT projects are a major source of innovation and change for many organisation. As such, the risks to the success of those projects usually deserve special attention. Our IT project audits cover:
- • Pre-System Implementation Reviews – It provides a cost-effective approach to the enhancement of controls and security of the applications before systems are implemented into a production environment. This includes evaluation of project management practices, design of control structures and security requirements, participation during IT system testing, validity of data conversion, audit of system interfaces, and general controls surrounding new or modified systems.
- • Post-System Implementation Reviews – Through system implementation reviews, we can also help address risks associated with new and modified systems that are already being used in a production environment. These IT system audits ensure that systems are operating as intended, meeting expected business objectives, and that the security and general controls surrounding the applications are adequate.
Security Risk Assessment and Testing
Security Risk Assessment Service is a comprehensive approach which tell you what an attacker can potentially harm your network using vulnerability assessment; and to tell you the conformance to your existing IT security policy using security audit.
Vulnerability Assessment helps an organisation to determine what their network vulnerabilities are. Security Audit is a systematic and measurable technical assessment of how your corporate security policy is conformed. Our Security Risk Assessment Services combine these two approaches: a vulnerability assessment which tells you what an attacker can potentially do to harm your network, and a security audit that tells you it’s conformity to your existing IT security policy. It helps to:
- Reduce Operational & Maintenance Cost
- Increased Consciousness of Information Security
- Mitigate Security Risks Before Project Completion
- Advanced Knowledge of Residual Risks
- Assign Responsibility for Mitigating Security Risks Early in the Project
Penetration testing uncovers critical issues and demonstrates how well your network and information assets are protected. Combined with a comprehensive security program, penetration testing can help you reduce your risk of a data breach and become proactive about threat management. By engaging us to emulate your adversary, you can discover critical exploitable vulnerabilities and remediate them before they are exploited. Global Forum Consulting’s penetration testing services scale to fit your needs. The service can be customised to include:
- External or Internal Network Penetration Tests to Assess Operating System & Services Vulnerabilities
- Client-side Penetration Testing to Assess End-User Susceptibility to Phishing & other Social Engineering threats
- Application Penetration Testing
- Wireless Penetration Testing
Our penetration testing methodology includes working with your team to identify the threats to your organisation, the key assets that may be at risk, and the threat agents that may attempt to compromise them. Each engagement begins by identifying the goals of the assessment and the attack vectors and scenarios that will be used.
Throughout the engagement, we stay in close contact with your organisation to provide on-going status reports, immediate identification of critical risks, and knowledge transfer to your technical team. We complete this process with a thorough outbrief, ensuring a complete understanding of the exploitable vulnerabilities in your environment and recommended enterprise-level strategies for remediation.
Cyber Security Services
Our cyber security services bring together business knowledge and technical expertise to offer a market-leading, end-to-end cyber security capability that helps organisations to significantly improve their cyber security and resilience.
Our cyber security services include:
- Security strategy, leadership and governance –to ensure that you have a properly informed, risk and resilience-led security strategy with clear accountability and responsibility.
- Risk management and assurance – We offer security auditing and assessments against all industry and regulatory standards, such as ISO27001 and PCI DSS. We use the emerging cyber security best practice standard– PAS555 – to support your compliance initiatives, identify areas for improvement and help deliver improvement plans.
- Technical security services – Our technical security services include penetration testing, computer forensics, enterprise architecture, identity management, secure coding and infrastructure, and SCADA and process control security, to give you practical help and tools to implement, test and assure your security solutions.
- Security culture development – We can help identify and develop pragmatic and effective cultural solutions to reduce the cyber risk created by the actions of your people, including social engineeringvulnerability assessment, behavioural analysis and development of an effective security culture.
IT Risk Advisory & Assessment
Our IT Risk Advisory and Assessment servicesprovide support small and medium-sized businesses in making their IT systems and environment secure, well-controlled and in line with legal and regulatory requirements. We help to identify and assess information security and IT operation risks, which may significantly influence the continuous and secure operations and viability of the business. Furthermore, we assist in designing and implementing information security and IT operation controls that are in compliance both with legal requirements and international standards.
We draw on in-depth technical and IT-related risk management knowledge to help organisations to address the challenge of managing IT risks in a way that is in line with your business strategy.
Information Security Policy Development & Assessment
Strong information security policies and standards guide an organisation towards a robust security posture and demonstrate management’s commitment towards information security.
Whether you like to develop information security policy for ISO27001 certification or to document and regulate IT and security processes – we can support your organisation at accomplishing the task. Our methodology, which considers acknowledged international standards (e.g.: ISO27001, COBIT, etc.) helps developing such information security policies, and supporting procedures, which establish an advanced documentation background for information security. The documentation system developed is in conformity with the mentioned international standards, recommendations and legal requirements, considers the practice established at the Company, and develops procedures that are practice orientated and easily implementable.
We can also review your existing IT and information security policies and procedures to assess their quality and up-to-date content. We examine whether the policies meet the requirements of relevant international standards and guidelines, as well as laws and regulations. Further we check if these are in-line with the current practice of the company.
Business Continuity Planning
Without robust business continuity planning many organisations will not be sufficiently prepared to respond to incidents that threaten their business's continuity. Losing critical systems, processes, or data in a security breach could result in sever financial and reputational loss.
A business continuity plan is an enterprise-wide group of processes and instructions to ensure the continuation of business processes – including, but not limited to, Information Technology - in the event of an interruption. It provides the plans for the enterprise to recover from minor incidents (e.g., localised disruptions of business components) to major disruptions (e.g., fire, natural disasters, extended power failures, equipment and/or telecommunications failure).
We helpenterprises identify and manage disruption risks and reducetheir vulnerability to a wide range of potentially destructive events– from application outages to devastating disasters.
These services cover the broad spectrum of the continuity /contingency management discipline. The overriding goal ofBCM is to help an organisation resume critical operations as smoothly as possible following an interruption within an acceptable time frame and cost level.
Our expert methodology for business continuity planning service will ensure that:
- Risks are appropriately identified and evaluated by focusing on the impact of known and potential risks on business processes
- The costs of implementing and managing continuity assurance are less than the expected losses and within management’s risk tolerance
- The business priorities are addressed: critical applications, interim processes, restoration activities and mandated deadlines
- Manual interfaces to automated processes are identified, personnel are trained and practice drills are conducted
- Expectations are managed with realistic goals
Please contact us to learn how we can assist you.