System Audit

Today, innovations in technology have changed the way enterprises do business. Technology is now linked to almost every aspect of business and with it, businesses are now more vulnerable to technology risks. Our technology professionals assist clients by identifying these risks and recommending measures to mitigate these risks.

The audit consists of an evaluation of the components which comprise that system, with examination and testing in the following areas:

  • High-level systems architecture review
  • Business process mapping (e.g. determining information systems dependency with respect to user business processes)
  • End-user identity management (e.g. authentication mechanisms, password standards, roles limiting or granting systems functionality)
  • Operating systems configurations (e.g. services hardening)
  • Application security controls
  • Database access controls (e.g. database configuration, account access to the database, roles defined in the database)
  • Anti-virus/Anti-malware controls
  • Network controls (e.g. running configurations on switches and routers, use of Access control lists, and firewall rules)
  • Logging and auditing systems and processes
  • IT privileged access control (e.g. System Administrator or root access)
  • IT processes in support of the system (e.g. user account reviews, change management)
  • Backup/Restore procedures