_edited.png)
SECURITY & GDPR AUDITS SOLUTIONS
IT security audits
A security audit is an evaluation of a system, product, process and/or organisation, in order to visualise the weaknesses as well as the strengths of the a associated information system, before these vulnerabilities are exploited by malicious actors.
A security audit is generally carried out by external service providers who are experts in the field.
​
An audit can be technical (i.e. the detection of security flaws and vulnerabilities within a system, product or application) or non-technical, i.e. the security of internal organisational practices.
​
​
1- Technical safety audits
When it comes to safety audits, three methodologies exist :
-
Black box audit : this audit technique aims to reproduce a cyber-attack in order to identify a certain number of flaws that could allow hackers to compromise the system. The consultant has no information about the company when he undertakes his attack, except for a company name and/or IP address, which is very easily retrievable information for the attackers. The real conditions of an attack are then reproduced. This type of audit is also called a pentest (for 'penetration testing').
-
The grey box audit : the consultant carries out his attack, this time with some additional information (such as user access, an administrator login, etc.) representing a gateway to the organisation. Here again the consultant uses information that the attacker could have previously retrieved to carry out his attack. This type of audit is also considered as a pentest.
-
The white-box audit is not a pentest as such: no attack is perpetrated. It is a much more thorough security analysis. The white-box audit is so named to emphasise the aspect of 'transparency': for this type of audit, the requesting organisation provides the consultants with all the information concerning the data, its storage, processing, information systems, etc. The consultants are then responsible for identifying the problems that may have arisen. The consultants are then tasked with identifying flaws and vulnerabilities in the system presented to them. This type of audit allows a 360° consideration of the flaws and vulnerabilities of an organisation. By not only testing a product/application or network infrastructure, but going through the entire design of the information system in detail, the white-box audit provides a more complete and holistic view of the situation.
​
​
While we tend to favour the white box methodology for its comprehensiveness, each of the audits proposed below can be conducted in white, grey of black box mode.
​
To find out more about our black box audit services (pentest), please consult this page.
* The production of optional deliverables is not included in the duration or price of the service and these additional elements will be added to the overall service.
2- Non-technical safety audits
​
Non-technical audits do not focus on a specific product, application or information system, but on internal security practices. CyberSecura offers the following non-technical audits :
-
Organisational audit, in order to assess your internal security practices, procedures and policies.
-
Internal audit, as part of the pursuit of an ISO 27001 certification and to test the ISMS in place, verify internal procedures and policies, etc.
-
Gap Analysis, also in the context of pursuing an ISO 27001 certification and in order to take stock of the current and future elements.
GDPR compliance audits
The purpose of these GDPR regulatory compliance audits is to provide you with an initial overview of your level of compliance as well as your priority compliance issues.
* The production of optional deliverables is not included in the duration or price of the service and these additional elements will be added to the overall service.
N.B. : the hourly volumes are given as an indication only, and may vary according to the size of the organisation, the audit objectives, the scope of the audit, etc.
Are you a start-up or a small business?
Discover our service offers exclusively for small businesses!