SecurityBraille can assist you with the development of your long range and annual IT audit plans that integrate seamlessly with internal audit strategies. Our services range from defining the audit universe and prioritizing audit activities, to developing an audit schedule. If you've already developed an annual IT audit plan, our experts will help ensure that it is comprehensive, manageable and appropriately prioritized. In addition our Audit-Start Service is design to kick start your individual IS/IT Audit project by providing step by step guidance for your own staff to execute the audit and gain confidence in the execution of similar audits.
IT Audit Co-Sourcing /Guest Auditor Services
If you have determined that you don’t have the internal expertise to execute certain aspects of your IT Audit plan, we can propose effective solutions for Co-Sourcing the work. Our “Guest Auditor” Service entails having your internal staff work closely with our consultant to ensure knowledge transfer. Our objective is to ensure that your internal staff would have acquired new skills to execute the assignment in the future. In short, we provide experienced professionals to supplement your existing IAD resources and help transfer knowledge and build skills internally within your team.
Your network perimeter is the first line of defense for any potential attacks. SecurityBraille reviews your network infrastructure to identify any vulnerability that pre-disposes your network to external threats. This process involves the assessment of the configuration of existing network servers, security appliances used to protect your network and security policies in place.
Because the external threats are ever changing, strategies put in place after a review to secure the network may soon me ineffective. For this reason we offer a supplementary service, Manage Network Vulnerability Monitory, which provides real-time monitoring of your network to protect against current threats.
Infrastructure and Application Auditing
We review how you use technology to track and report on financial and other data and maintain internal controls in your environment. We therefore take a holistic approach to application audit so the review is not limited to the computer application itself, but also the supporting network, operating system, and database and other computing infrastructure that supports the application.
Disaster Recovery Planning
To ensure your organization’s survival, you must have an effective plan for continuing to do business even in the face of catastrophic event. At SecurityBraille we have the experience needed to help your organization work through the complex process of identifying your critical systems, associated vulnerabilities and their potential impact. We use this information to develop an effective disaster recovery plan (DRP) to ensure uninterrupted operations.
Key aspects of our approach include preliminary work to analyze the impact on your business of a variety of potential disasters, developing recovery strategies and documenting recovery procedures. Periodic testing procedures are also developed to ensure that the DRP is kept current.
Data Privacy Reviews
More than likely your organization creates, processes, or stores personal information and other non-public data. Apart from the damage to your organization’s image, a data breach may lead to loss of customer support, regulatory investigations, and substantial fines. What's more, in many jurisdictions class action lawsuits are becoming the norm for data breaches involving significant numbers of affected individuals.
Given the number and complexity of privacy laws and regulations worldwide, and the severe penalties for violating them, every organization should strive to prevent the improper disclosure or use of personal customer or employee information. To make this task a little easier, internal auditors can help organizations reduce this learning curve by pointing out common compliance areas that overlap different data privacy laws and regulations. This, in turn, will help the organization chose and implement a compliance program that effectively mitigates internal and external security threats and stays up-to-date with the latest regulatory changes.
Our four step process for accessing data privacy in your environment includes:
1.Inventory. Identify where all of the sensitive information is in your institution, and how it’s used. 2. Minimize. Assess whether confidential information is kept and used only where necessary, and question whether all of such data is actually needed (for example, using only the last four digits of a social security number, instead of the entire number). Take into special consideration whether confidential data should be permitted at all on portable devices—laptops, PDAs, USB flash drives—which are so easily lost or stolen. 3. Protect. Determine the appropriate logical, technical, and physical security controls to safeguard those systems that still contain confidential information. Determine the appropriateness of access given to people who use those systems. 4. Educate. Create awareness that protecting sensitive data is everyone’s responsibility
IT Audit Department Quality Assurance Review
In response to regulators' increased interest in corporate governance and accountability, the Institute of Internal Auditors revised the standards for internal audits to require external quality assurance reviews. For most large organizations, the January 1, 2007 compliance deadline creates both a challenge and an opportunity.
At SecurityBraille, our professionals are experienced at helping clients measure the quality of their internal audit functions. We work to assess all the relevant features — from the structure of your team or department to the way you use your staff, technology and processes to accomplish your mission. Depending on your needs, we can report on our findings to management, your audit committee, or both.
Career Coaching & Placement Services
If you are an IT auditor presently in the transition stage and need guidance to prepare you for that new job, it’s important to have a coach that will ensure that there is a best fit with your potential employer. Our Coaching & Placement Services is headed by a professional recruiter who has over 25 years of proven experience in IT Audit recruitment. We ensure that you are not only placed in an environment in which you are financially rewarded for your expertise but your future professional development is given high priority as well.
