Information security audit
NPO "Echelon" provides various types of information security audits:
- audit of Information Security Management Systems (ISMS) according to ISO/IEC 27001:2005 standard;
- penetration testing (ethical hacking);
- vulnerability assessment.
Information Security Management System is a part of an overall management system, based on a business risk approach, to establish how secure information is within a company. An audit of the ISMS is designed to focus on its processes and administrative controls, helping a company improve overall security and prepare for an official certification audit.
Penetration testing is a means of simulating an attack from both internal and external threats. The process involves gathering information about potential targets and assessing existing vulnerabilities, revealing non-trivial vulnerabilities and helping to demonstrate possible attack scenarios.
Vulnerability assessments identify and rank vulnerabilities in information systems, providing companies with a comprehensive map of existing weaknesses. Once found, these vulnerabilities can then be closed, leading to significant improvements in a systems information security.