An cyber security audit is a process of obtaining objective reliable information about current state of IT-infrastructure and level of its real security, including two main points:

  • formal compliance requirements (Russiam Laws, Bank of Russia GOST 57580.1-2017, SOX 404, PCI DSS, NIST-800, etc.);

  • the adequacy of organizational and technical measures that ensure the correct functioning and security of information from theft (loss) - for example, such controls as the granting and sharing of access rights, administrative privileges, update management, backup, etc.

Audit acts as a tool for making management decisions, allowing to obtain:

  • objective information about the state of IT-infrastructure, including its level of security and assessment of its adequacy to existing cuber security threats;

  • an independent assessment of compliance with the mandatory formal requirements of domestic and foreign regulatory documents (to obtain or confirm a certificate or license);

  • input information for budgeting IT \ Security services, taking into account the current state and substantiated needs;

  • information for making personnel, organizational or technical decisions regarding IT / Security division.

and as a result, the financially significant benefits of an cyber security audit:

  • prevention of financial losses that could be the result of a hacker attack - downtime, loss of information, restoration of the health of the attacked nodes, reputation losses;

  • decrease in operating costs for information security as a result of the adoption of managerial decisions taken as a result of  audit;

  • an increase in the working capital of an organization or an increase in capitalization as a result of the savings achieved in the previous steps.