ICT Security Audit encompasses a detailed assessment of an organisation’s security posture and measures to protect the IT infrastructure. It starts with a policy review that determines the risk tolerance of the organisation and the intended mitigations to avert or recover from the realisation of a risk or manifestation of a threat.

The Security Risk Assessment determines the threats that the organisations ICT infrastructure is exposed to and the impact on business continuity should those risk materialize. Risks are identified, categorized and rated, with attendant safeguards assessed for capacity and efficacy in dealing with the risks.

A Vulnerability Assessment entails reviewing system and control weaknesses and providing insight on the likelihood, scale and impact should they be exploited. This allows an organisation to seal loopholes and “tighten the ship” in matters ICT.

Penetration Testing involves simulating attacks or hacks on ICT infrastructure to establish the resilience of ICT security measures already in place. It is practised with the latest technology and ensures that organisations are made aware of new threats and methods as they develop.

Security Awareness Training equips users with knowledge on potential threat scenarios and exploits that may target them and how to address these challenges. It provides a healthy dose of scepticism when interacting with ICT resources and provides a first line of defence for the organisation. Forewarned is forearmed.