One of the most specialised services in the NASK portfolio is Telecommunications and IT System Security Audits. The offered scope of tests allows a comprehensive evaluation of the security of customers' networks and systems.
Services of this kind are necessary in any enterprise, because they allow for a high level of information security.
NASK's IT security audits are designed to provide the broadest scope of information about the actual security level of telecommunications and IT systems that are subject to tests as well as their resilience to known attacks. Our tests and analyses enable detecting threats that result from:
1. Characteristics of the designed topology and system cooperation principles,
2. Applied security technologies and standards,
3. The quality of system implementation,
4. The architecture of interconnections,
5. Software vulnerabilities and the configuration of solution components, such as:
- transmitting devices,
- firewalls,
- other systems that provide services and support.
Audits detect threats that result from interconnections of different network types (e.g, a LAN and a public network) and—depending on the chosen options—potential threats from the internal network or applications in use. Audits also help to determine the compliance of system operation principles with the adopted security policy.
We do not offer “off-the-shelf” audits
Why? Because they are inefficient.
To satisfy our customers' needs, we analyse their specific requirements before making an offer. We strive to ensure that the testing scope and methods are flexible and focus on key elements that determine the security level of the customer's entire network and systems.
Depending on their type, tests are based on different methods, strategies and techniques.
To ensure that our audits are comprehensive, the tests and analyses we carry out cover the following aspects:
- penetration tests,
- a topology analysis of the entire system,
- a security analysis of the hardware configuration,
- an analysis of the compliance of hardware configuration and operation with security policy guidelines,
- an application vulnerability analysis,
- an application code analysis,
- periodic audits.
The methods, strategy and scope of telecommunication and data system security audits can be different. They depend on the application and function of the tested structures and customers' preferences as well as other factors, like the level of penetration while testing specific systems.
The measurable benefits that an IT security audit offers to the customer are for example:
- knowing the current and actual security level of the tested systems as well as their resilience to attacks,
- detailed knowledge of the protection level provided by security systems,
- recommendations for eliminating the detected weaknesses and—consequently—enhancing the security level of the tested systems,
- guarantee of an unbiased evaluation,
- the ability to plan optimised investments in IT security systems,
- security in pursuing the company's business objectives,
- credibility in the eyes of customers and partners.
Our offer includes support at all stages of the audit.
As a result of the conducted tests, the customer receives a post-audit report that includes:
- a description of the conducted tests,
- test results and their interpretation,
- conclusions from the audit,
- recommendations.
Our professional auditing team has expertise and years of experience in protecting telecommunications and IT infrastructure.
NASK's security related services are not limited to telecommunications and IT system audits. Our comprehensive portfolio also includes the design and implementation of security systems, including:
- pre-deployment consulting,
- integration with the customer's existing systems,
- administrative training,
- technical support,
- support for system development,
- management of the implemented solution.
NASK offers a wide range of other solutions for customers' telecommunications and IT security. We build consistent projects that meet our customers' current needs and provide support for the development of their systems.
|
