|
Conceptual/Organizational Audit
An IT threat and risk analysis (IT risk analysis/IT
threat analysis) is used to check for security vulnerabilities and
loopholes in every IT-related factor (human beings, organization,
technology) that has an influence on the test object, and develop
countermeasures. IT threat and risk analysis is often a part of
Business Continuity
Planning (BCP).
Procedure
Successful security audits with a conceptual and organizational
approach need an especially high level of management attention.
A combination of workshop-based on-site activities plus off-site
activities means the amount of management time required for project
work can be kept to a minimum.
Possible proceduref
The project is carried out in line with individual requirements
and best practices. For this reason, the actual project phases may
differ from those shown above. We recommend the following methods
and guidelines:
- ISO/IEC 27001 (BS 7799) and ISO/IEC 17799:2005
- BSI IT Grundschutz (Basic Protection) Manual
If you're interested in OneConsult and you'd like
a no-obligation consultation or more information, please contact
us.
Further Information
| 
