Whether to determine your current situation at the beginning of a project or to conduct an in-depth, subject-specific investigation, the audit will be adapted to your needs and your budget.

How secure is data that is worth protecting?

You should be able to answer the following questions regarding the security status of your IT environment:

• Does your environment correspond to the current best practice in your industry?
• With regard to information security, where is your greatest need for action?
• Are you equipped to handle cyberattacks?
• Are your key assets adequately protected?

Would you like more transparency? We will help you create greater clarity here – with a professional audit.

Drivers for an audit

• Determining current situation
• Major technical changes (perimeter adjustment, new web app, change of outsourcer, insourcing, etc.)
• Compliance requirements
• Security incident in the company

More transparency though an audit

• Proactive addressing of the topic of security
• Decision basis for risk management
• Disclosure of internal and external dependencies
• Identification of sensitive information
• Knowledge of strengths and weaknesses
• Prioritizing of the necessary measures

Scope and content of assessment according to your needs

• Technology and/or organization
• Internal and/or external view
• White box or black box
• Breadth of investigation: IT infrastructure or only application
• Depth of investigation: Automated scans or manual investigations
• Framework conditions (budget, deadlines)

Predefined areas of investigation

• Assessment: a broad investigation for an initial overview of the hot spots
• Penetration Test: an in-depth analysis of a web application using the tools of a hacker

Your benefits from an audit by terreActive

• In-depth analysis based on high technical expertise
• Comprehensive assessment of the status quo by combining different sources and results (documentation, scan results, interviews, system inspections)
• Recommendation of measures according to cost/benefit analysis and taking into account our experience as a Managed Security Service Provider
• Quality control in accordance with the double-checking principle: The expertise of at least 2 auditors comes into play in each project

Our proven approach

• Kick-off meeting
• Obtaining information and initial investigations across a wide range of areas
• Interim presentation and joint definition of additional investigations (potential change in the thrust direction based on initial findings)
• Deeper investigation: Detailed, technical investigation of selected topics and areas
• Report preparation
• Final presentation
• Optional post-audit: Review of implemented measures

Need for Action – Content of an audit report

In addition to the management summary, the visualization is another part of the audit report.
It also includes the security analysis with its positive and negative aspects, the risk analysis and a list of countermeasures, including priority recommendations.