Cybersecurity Audit

We assists you in internal and external audits, assurance and compliance to keep you safe.

• Email and user audits

• Internet and configuration controls

• Mobile devices controls audit

• Laptop & Desktop devices, endpoints, servers, cloud controls audits

• Applications SaaS, onPrem and Hybrid controls audit

• Zero Trust layered data audits for data leakage prevention

Audit Highlights

• Quick snap shot audit

• Customization of tools and templates

• Customer early preview and acceptance

• Focus on high risk, business and mission critical areas

• Audit recommendations and high-level business impact analysis

Essential 8 Australian Government Controls audit:

• Scope definition
• Initial data gathering
• Current posture analysis and report
• Gap analysis
• Complete audit
• Recommendations for maturity level improvement

ISO 27001 and 27002, 27003, 27005 and industry-specific audits:

• Customised focus scope
• Controls based approach
• Risk profiling
• Security posture report in addition to audit reports

NIST, 800 Series, 800-30, 800-53:

• Updated NIST framework audits
• Developing an intern audit program
• Establishing the NIST best practices
• Continuous maintenance of risk profile post audit

• Data classification and protection

• ETSI Cyber Security Technical Committee (TC CYBER)

• NERC (CSS)

• ISA/IEC-62443 (formerly ISA-99)

• IEC 62443 Conformity Assessment Program

• CIP – Banking, Transportation, Power, Communications, Emergency services, Fire dept, Law Enforcement, Defence

Data classification and protection:

• Classification audit
• Data quality and gap analysis
• Automated classification and data protection

Technology Audits Including Cloud Services:

With cloud computing, applications and data are available to an organization’s user base, wherever and whenever users choose to connect. This means the business does not have to maintain the hardware and software required to deliver those services — or provide all the support to keep those infrastructure components updated, secure and available. Other potential benefits to organizations that embrace the cloud computing model are:

• Decoupling and separating the business service from the infrastructure needed to run it (i.e., virtualization)
• Flexibility to choose multiple vendors that provide reliable and scalable business services, development environments and infrastructure that can be leveraged “out of the box” and billed on a metered basis — with the potential for no long-term contracts
• Elastic nature of the infrastructure to rapidly allocate and de-allocate massively scalable resources to business services on a demand basis
• Cost-allocation flexibility for businesses using the cloud that want to move capital expenditures into operating expenses
• Reduced costs due to operational efficiencies
• More rapid deployment of new business services
• Operational risk reduction, if availability of services and operations are adequately protected within a contract

Operational Security Audits:

Risk audits to identify: Weakness in SCADA, Insecure OT networks, Weak protections, device level, device to device, device in a network and network to network risks and mitigation strategies and control recommendations will be provided.

Mission Critical Infrastructure Audits:

We penetration testing is through and a very deep technical exercise, including intelligence gathering, external foot printing, internal foot printing, vulnerability analysis, exploitation, post exploitation and extensive reporting is a critical service. CRISCOD provides this for both mission critical “Operational Technology” (SCADA, ICS, OT) and “Business Critical” (Edge device to end point). Testing gives you a 360 degree view of all your hacker exposures.