Information security risk assessment
During the information security risk assessment, our goal is to accurately map the risks affecting our customers and to effectively support the risk management procedures. Our risk analysis methodology, primarily in accordance with the ISO27005 standard, ensures the full exploration of risks. In the course of our work we take into account and adapt to the internal regulations and methodologies of our customers, and relevant expectations of supervisory bodies, especially the recommendation of MNB 8/2020.
The risk analysis can be performed with the support of office softwares or optionally with the risk assessment software of PR-AUDIT Kft., called PCP. If required, we perform the business analysis that underpin the risk analysis – process assessment and business impact analysis, data asset assessment and classification, dependency analysis, security classification of IT systems – or we use and integrate the results of analysis available to our customers into our methodology.
Preparation and review of information security policies
We provide support to our clients in the preparation and updating of any kind of information security policy or procedure or achiving the required regulatory level following a compliance audit.
Secure configuration baseline services
Our Secure Configuration Baselines Service provides the foundation of a secure by default and secure by design approach to your business, reducing the attack surface of technologies and limiting the ability for hackers to exploit weak configuration and gaining access to critical systems or sensitive business data.
The service includes the following:
- Identification of critical infrastructure elements for which an SCB needs to be defined.
- Assess current practices and requirements
- Processing of IT and information security regulations in force
- Processing of current legal and compliance requirements
- Processing of SCBs in force
- Identify and document the current SCB based on the above.
- Hardening assessment (gap analysis) based on CIS and other manufacturer recommendations and processing the results with the customer
- Definition and documentation of SCBs.
- SCB application re-measurement (optional)
Supporting business continuity management
We provide support to our customers in the complete development, review, and updating of their business continuity management (BCM) frameworks or even in the design of the service continuity for a single service, process, or IT system.
The service includes the following:
- Developing a methodology specialized to the organization
- Mapping of business processes
- Conducting business impact analysis and identifying critical business processes
- Conducting a dependency analysis
- Conducting an operational risk analysis
- Preparing business continuity plans and IT disaster recovery plans
Supporting centralized log management
PR-AUDIT Ltd. has more than 10 years of experience in the development, integration and operation of centralized log collection and analysis systems. We can provide support if you experience that your SIEM system – which consumes significant financial resources – is not working efficiently, or you are looking for a way to meaningful log analysis, or just planning to integrate an SIEM system.
Our service includes a full review of current system audit, log collection and log analysis practices, the identification of deficiencies resulting the above obstacles and technical assistance in overcoming them – assessing SIEM capabilities, defining and setting system audit requirements, forwarding log files, creating log analysis reports, event normalization, etc.
Supporting the introduction of cloud services
The development of cloud services has reached the point that their complete exclusion from the IT and service provider portfolio could significantly reduce the business competitiveness of a given company. The recommendation of MNB (Hungarian National Bank) 4/2019 (IV.1.) on the use of community and public cloud services set out detailed requirements for the entire life cycle of services in line with the above noted. Full compliance with the mentioned recommendation means significant and varied preparation and workload.
It has become necessary to develop a comprehensive solution to support our customers, facilitate the deployment of cloud services, and effectively identify and manage risks. The service covers the development of the policy for the entire life cycle of the services, the support of the requesting, legal and IT departments in the implementation of the tasks according to the above policy, the performance of information security and data protection risk analysis and the related project management tasks.
ISO27001 certification audit support
ISO27001 certification of information security management system is now a tangible business benefit for most businesses. In many cases, we encounter the fact that financial institutions and multinational companies make the existence of a standard or an equivalent certificate a condition for concluding a contract or even participating in the selection process.
We can provide support to our customers throughout the process of implementing the standard, from the first steps to the completion of the certification process.
Supporting data loss prevention solutions
The goal of PR-AUDIT Kft. is to provide support to the customers with efficient and practical solutions to the information security, data protection, process organization and project management problems arising during the integration of the DLP system. Our experience is that, contrary to popular belief, with a well-thought-out, gradual implementation of the DLP project, the control can be implemented on a sustainable schedule without disrupting the project costs and business operations.
Our services include the preparation of the process-determining DLP policy, support in the creation of data inventory, the provision of training related to the DLP system, and the professional support of incident management.
PR-AUDIT fulfills the outsourced Information Security Officer role for multiple financial institutes. It covers the establishment, maintenance, and continuous assessment of IT security controls based on legal requirements and international standards (e.g., ISO2700x, COBIT, ITIL). It also includes IT audits, risk assessments and technological tests. Thus, we have extensive experience with combining business, IT and security needs and communicating them throughout an organization.
PR-AUDIT undertakes both the management and execution of information security tasks imposed on an organization. As a virtual Chief Information Security Officer, we offer the following services:
- Project management and leadership
- Build and operate or support a complete information security management system
- Establishment and management of controls
- Internal audits
- Risk assessments
- Social engineering
- Vulnerability assessment and Penetration testing services
- Hardening assessments