Information security audit


NPO "Echelon" provides various types of information security audits:

  • audit of Information Security Management Systems (ISMS) according to ISO/IEC 27001:2005 standard;
  • penetration testing (ethical hacking);
  • vulnerability assessment.

Information Security Management System is a part of an overall management system, based on a business risk approach, to establish how secure information is within a company. An audit of the ISMS is designed to focus on its processes and administrative controls, helping a company improve overall security and prepare for an official certification audit.

Penetration testing is a means of simulating an attack from both internal and external threats. The process involves gathering information about potential targets and assessing existing vulnerabilities, revealing non-trivial vulnerabilities and helping to demonstrate possible attack scenarios.

Vulnerability assessments identify and rank vulnerabilities in information systems, providing companies with a comprehensive map of existing weaknesses. Once found, these vulnerabilities can then be closed, leading to significant improvements in a systems information security.