Security

We offer a wide range of audit services focused on ICT security.

Definition

An ICT security audit involves assessing the compliance of the audited system with current standards, norms and best practices. An audit may focus on assessing the compliance of
a security system with the ISO 27001 norm, or involve analysing and verifying the configuration of devices, systems and source code.

Service description:

Depending on the type of assessment, a security audit involves various methods, strategies and techniques. We use proprietary audit scenarios for particular ICT system assessment types, based on our own experience and methods developed by such sources as NIST (National Institute For Standards And Technology), CERT (Computer Emergency Response Team), OSSTM (Open Source Security Testing Methodology), OWASP (Open Web Application Security Project) as well as both Polish and international ICT security norms (PN-I-13335-1, ISO/IEC TR 13335-3, PN ISO/IEC 17799, ISO/IEC 27001).

Our methodology makes use of definitions and terminology compliant with the PN-I-13335-1 norm.

Service scope:

Our range of audits forms a comprehensive approach to assessing the resilience of networks, ICT systems and web applications based on BI-BEST, a set of auditing methods developed and used at NASK.

We offer a wide range of audit types:

  • Systems and network security assessment

- Vulnerability assessment

- Penetration testing

- Configuration security audit

- Topology security audit

  • Web application security assessment

- Vulnerability assessment

- Penetration testing

- Security audit

- Source code security audit

  • Wireless network security assessment

- Penetration testing

- Configuration security audit

  • Mobile environment security assessment

- Penetration testing

- Configuration security audit

  • Procedural security assessment

- Security audit – procedural compliance assessment

  • Security assessment using sociotechnics

- Sociotechnical penetration testing

- DoS/DDoS resiliency infrastructure testing

  • Verification assessment
 

Benefits:

Security tests offer the following benefits:

  • Practical verification of the effectiveness of existing security measures
  • An objective, reliable overview of the security of the audited elements
  • Our experts have years of experience and an extensive, certified knowledge of IT security, not only with regard to the technology involved, but also its organisational aspects.