- Regulatory compliance assessment
The design and operation of the information security control environment is increasingly regulated by legislation and supervisory recommendations for the financial (banking, insurance, treasury, etc.), public and municipal sectors.
Our compliance assessments help to fully detect deviations in our customer’s information security control environment from the requirements set out in various IT-related legislation and international standards (ISO 27001, PCI DSS, etc.) and regulatory recommendations.
- Cyber maturity assessment
Using the SANS “CIS Controls v8” control catalog, we can effectively examine the status of cyber security maturity of various sizes companies, government or non-profit institutions. Our service is primarily intended for organizations that are not subject to strict regulatory or regulatory requirements and haven’t implemented a certified information security management sytems but are interested in the level of protection of sensitive data they handle, taking into account international best practice.
- Third party security assessment
Responsibility cannot be outsourced, so the outsourcing company and the data controller are always responsible for the activities of subcontractors under its management and control. The practical implementation of control, in many cases due to the large number of service providers, requires significant resources and information security experience and expertise.
During our work, we take into account the internal regulations of our customers and the recommendations of the supervisory bodies, in particular MNB 7/2020. (VI.3.) about the use of external service providers, together with recommendation 4/2019. (IV.1.) on the use of community and public cloud services.
- „Home office” environment security assessment
Remote work has increased drastically, and at the same time, there are clear indications that hackers, foreign powers, and other cybercriminals are expanding their activities. Working from home poses an increased challenge for IT departments, now requiring flexible and secure solutions.
Our „home office” environment security assessment provides a comprehensive picture of the risks posed by remote work by conducting the following studies:
- Carrying out a gap analysis based on the recommendation of MNB (nr 12/2020) for remote work
- Examine the threats posed by remote work and conduct a risk analysis
- Black-box and gray-box penetration test of home office environment
- Conductiong social engineering assessments (phishing and pharming tests, and vishing)
Social engineering, i.e. the art of deception, is an old, highly effective form of attack which is still dangerously underestimated by users and corporate decision makers. It exploits the human factor as a vulnerability, by means of deception and disguise. We consider it extremely important that organizations should be aware of the preparedness of their own employees, as security-conscious behavior may determine the extent of the organization’s loss. The social engineering assessments of PR-AUDIT Ltd. are specially designed for the above listed challenges.