Cybersecurity audit

A cybersecurity audit is a process that systematically assesses and evaluates an organisation's security measures, technologies and procedures to identify and address potential risks and vulnerabilities in cyberspace. The audit includes an analysis of information systems, network infrastructure, and security policies, and provides recommendations for improving protection against cyber threats. The goal is to ensure the integrity, availability and confidentiality of data and protect the organization from potential cyber attacks.

Service description

The cybersecurity audit process begins with gathering information about the organization's infrastructure, information systems, policies and procedures related to security. This is followed by a thorough analysis and evaluation of this information, which includes a review of compliance with regulations and standards, system vulnerabilities, network security, permissions management, access monitoring, data backup and recovery, incident response, and other key aspects of cybersecurity.

During an audit, various techniques and tools are often used, such as penetration tests, vulnerability testing, log analysis, documentation review and interviews with responsible personnel and key process sponsors. The goal is to identify potential gaps and weaknesses in cybersecurity that could be exploited for unauthorised access, data leakage or other cyber attacks.

Once the analysis has been carried out and deficiencies identified, the audit provides outputs in the form of a report. This report includes the identified deficiencies, their severity and recommendations for improving the organisation's cyber security, both in terms of legislation and best practices. Recommendations may include implementing new security measures, updating systems, training employees or modifying policies and procedures. A management summary and graphical output for senior management is also included.


Who is the service for?

The service is intended for organizations that need or want an independent assessment of the level of information security, according to a benchmark chosen by the customer.


Main advantages of the service

Identification of risks and vulnerabilities

Improving security measures

Compliance with legislative regulations and standards

Increasing credibility

Prevention of financial losses

Incident preparation (faster detection and mitigation)

How is the implementation done?

  1. Kick-off and introduction to the analysis process
  2. Determination of the scope of examination (whole / part of ISO 27 001, ZoKB / VoKB )
  3. Understanding the main objectives of the organisation
  4. Workshops with guarantors of key processes
  5. Workshops with responsible IT and security staff
  6. Analysis of the information obtained
  7. Processing of the first version of the report and delivery to the customer
  8. Modifications in accordance with additions and comments of the contracting authority
  9. Transmission of the final report
  10. Presentation of audit results to the customer