We identify the gaps between your current practices and standards

Audit is a process of verification of current practices versus standards in order to identify gaps and take actions accordingly. Audit can be conducted either by external or internal professionals according to business requirements.

Audit objectives

Audit objectives can include but are not limited to:

+ Checking whether the systems are able to maintain system data, integrity, availability, and help achieve organization objectives

+ Detecting or preventing undesired events by ensuring that appropriate internal controls are in place

+ Identifying gaps between what should be done according to the standards and what is done

+ Checking the performance of the automated information systems in an organization

When performing an IS audit, our experts auditors follow the guidelines described in the ISACA’s Code of Professional Ethics. We begin by identifying and analyzing your business objectives to ensure that your security requirements are aligned and risk-based. Our risk-based audits help optimize efforts on sensitive areas.

 

Type of audit performed include

+Information security organization audit

+ Business, Operational and IT processes audit

+ Web applications audit

+ IT architecture and infrastructure audit

+ Configuration audit

+ Compliance audit (ISO/IEC 27001-2, CoBiT, PCI-DSS, HIPAA, NIST, etc.)

+ Application code review

Our risk-based audit relies on a methodology based on standards, guidelines and best practices from ISACA. The diagram above shows different steps used by our auditors to carry out the IS audit projects. These steps are adjusted according to the security requirements defined by our customers.

 

Audits tools used by CAPTOSEC’s certified auditors include

+ Questionnaires

+ Interviews

+ Matrix of controls

+ Standards

+ Frameworks, and

+ Specific software

+Audit charter

+ Audit planing

+ Recommendations for correctives actions

+ Audit report

+ Collected evidence

 

 

Why People Trust us ?

Client's Experience Counts

CAPTOSEC takes the needs and requirements of its customers to heart.

We Love Quality

CAPTOSEC relies on a holistic quality assurance process that helps enhance the deliverables and meet the clients’s satisfaction.

Our Motivated Team Uses Right Tools

By using right tools combined with good processes, CAPTOSEC meets the stakeholders’s expectations.

We Always Deliver On Time

CAPTOSEC’s Security Professionals listen and collaborate with clients throughout all phases of projects.

Our Security Professionals Are All Certified

In addition to their experience and skills, Security Professionals from CAPTOSEC hold Industry certifications such as CISSP, CASP, C|EH, CISM, CISA, Security+, CCIE, RHCA, PMP, E|CIH.

Other Expertise from CAPTOSEC

Design, development and improvement of information security processes

Development & enhancement of security policies, orientations, and guidelines

Threats modelling, Risks analysis and Recommendations

Quality Assurance of Deliverables in Information Security

Advice, Training & Awareness on information security

Design and Development of Security tools such as Template, Scripts, and Forms

Security audit & Assessment of Networks, Systems, Applications & Data

Assist the customers in their software and hardware acquisition processes

Penetration testing of Applications, Networks & Systems

Design & Assessment of Business continuity and Disaster Recovery Plans

Protection of Networks, Systems & Security Devices

Intrusion Detection & Forensic Investigation

Projects security support

Our Methodology

We understand the needs and context of the client

We validate with the client, the scope and deliverables

We collaborate throughout the project phases

We rely on standards, best practices & QA