An audit provides an organisation with a clear picture of their cybersecurity position, and a roadmap to establish and strengthen their defence against current and future cyber threats.
Cybersecurity Audit
& Assessment
Helping organisations enhance their cyber security posture & capability.
Step 01
Step 02
Step 03
Step 04
What is an Audit?
Process
Our four-step approach begins with a thorough assessment, identifying any gaps or weaknesses within a client’s cybersecurity. Conducted in person and on-site, it reviews all aspects of your business that may pose a threat – from your staff awareness, your systems, and processes and of course – your IT. It’s designed to uncover any vulnerabilities in protecting your data and digital infrastructure.
The audit report will outline a tailored roadmap with recommendations to improve your organisation’s cyber posture. From here we can provide various pathways for the remediation work, such as working with the company’s internal IT team or Managed Service Provider to implement.
Investment & Deliverables
An audit is a fixed fee project where you will receive a report detailing actionable recommendations in easy-to-follow language, accompanied by an action plan.
Cybersecurity Improvement Roadmaps
Aegis recognises that all businesses are at various stages of cybersecurity readiness. Depending on your position, the audit will provide a three-tiered roadmap to move your business to ‘bare minimum’, ‘business baseline’ or ‘business best practice’.
From here, we develop a scope of work for an initiative from the roadmap, determine products, vendors to implement, and manage the project delivery. This can be facilitated as a once off project, via ongoing retainer, or we can provide your team with the steps to manage through their managed service provider (MSP) or in-house team.
Should a client want to work towards ISO27001, SOC2, PCI-DSS (or any other security framework), Aegis can assist in this process.
Cybersecurity Resilience Planning
Once the fundamentals are in place, a business can move onto cyber resilience planning. A resilience plan examines how a business would recover in the event of a cyber-attack or a severe/extended disruption to business services.
This would typically incorporate cyber incident response plans and disaster recovery plans (and simulated events to test these plans at least annually). These plans provide the business with the documentation and framework to recover quickly and carry on servicing their clients minimising harm, damages, costs, and reputational impacts.
Examples of where these plans are needed include device ransomware, virus outbreak, fire, pandemic and extended power outage. Risk events that prevent the ongoing capability of your firm meeting client needs at a technical level can be examined, assessed, and have planned mitigations established through cyber resilience.
Plans vary greatly business to business – as we recognise there is no one size fits all. It takes a specialised approach to develop a testable and durable plan, that would adequately combat any incident.
Fractional CISO/vCISO
For when a company’s cybersecurity needs are complex and ongoing management is required, we can provide Chief Information Security Officer (CISO) services – either done fractionally or virtually.
A retainer-based service, CISO maintains ongoing visibility over an organisation’s cybersecurity governance risk and compliance position. Providing periodic reports and delivering tasks such as, overseeing the cybersecurity roadmap post-delivery, advising business leaders on cybersecurity strategy and governance, support with insurance policy questionnaires, disaster recovery and desktop exercises.
Read how we improved our client’s cybersecurity posture.
CONTACT US
Your most intelligent cybersecurity defence starts with Aegis.
Contact us to find out how we can help you.