Menu

Poland

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

Sweden

Drottninggatan 86
111 36 Stockholm
+46 762 041 514
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

  • en
  • pl
  • se
  • Professional security audit

    Identify infrastructure threats and strengthen your company's security

    Security of IT infrastructure

    We know from experience that many companies are still struggling with configuration deficiencies, which result in the occurrence of more or less numerous single points of failure.

    Our audits allow us to detect such irregularities and indicate places where accidental disconnection of one, inconspicuous network cable from a switch causes a failure of the entire network.

    Downtime caused by damage to a single element of infrastructure can be financially disastrous for the company. It is better to regularly check and prevent than to cure – because sometimes it may be too late for treatment.

    First comes cybersecurity

    The modern economy is based on information and the ability to collect, process and use data to achieve the strategic goals of the organization. For this reason, systems and other IT resources are a key element in the functioning of both private enterprises and public institutions as well as all kinds of organized entities. Due to their importance for the operations of small, medium and large companies and organizations from virtually every sector of the economy, it is worth investing in solutions that ensure the maximum level of IT security. Audits performed by our team effectively serve this purpose.

    Security audit is the basic IT tool used to ensure the resistance of the IT infrastructure to cyberattacks. It is a comprehensive analysis of all aspects affecting the cyber security of your company and its resources – know-how, patents or your client’s data.

    What do we examine in an IT infrastructure security audit?

    Security of IT infrastructure

    We examine the correctness of the installation of the physical infrastructure: the design of server rooms, distribution points, the correctness of the installation of power supply systems, network connections.

    Security of campus networks

    We examine the configuration of switches and routers in terms of security. We identify unsecured ports and errors in network segmentation.

    Security of wireless networks

    We examine the configuration of access points, methods of granting access to the Wi-Fi network, especially for guests, and the password policy used.

    Server configuration

    We check whether servers are properly installed and configured, and the operating systems installed on them are secured.

    Information security

    We verify that access management systems, data encryption, event monitoring, data recovery, and information security policies are properly implemented.

    Application security

    We check whether applications and operating systems are up to date, well configured, and whether the services that run on them are configured to ensure performance and security.

    Security of end devices

    We verify whether computers, phones and tablets have security installed and properly configured (e.g. MDM) and whether the data on them is encrypted.

    Employee behavior

    We can check how well your employees can detect manipulation techniques and respond to them appropriately.

    Compliance with company security policy

    We check to what extent existing configurations are compliant with the developed and adopted security policy (if the company has one).

    Look what our client gained having conducted an IT infrastructure audit

    How do we run a security audit?

    security audit - preparation

    Preparation phase 

    • Defining the needs and establishing the scope of the security audit, consulting with our experts, and defining the customer’s problems. 
    • Question and answer sessions with IT managers and gathering the necessary information on specific customer issues and their impact on users.  
    • The signing of the audit agreement. 

    Research phase 

    • A thorough analysis of the architecture and systems under study. 
    • Examination of compliance with the company’s security policy and good cybersecurity practices.  
    • Penetration tests. 
    security audit - testing
    security audit - report

    Advisory phase 

    • Drafting of a comprehensive report detailing the defined problems and recommending solutions.  
    • Discussion of the report at a dedicated meeting with the customer. 
    • Advisory support for the implementation of safety recommendations.  
    • Verification of changes applied and recommendations implemented. 

    A security audit should be a mandatory part of your IT strategy if: 

    • You own a company that has an IT infrastructure
    • You manage a complex IT infrastructure
    • Your company may suffer high losses as a result of an attack
    • A ransomware attack may cause a leak of your customers’ personal data
    • You want to maintain production continuity
    • Your company is required to implement the NIS2 directive
    • You store data, especially sensitive and personal data
    • You want to protect your knowledge, patents and company know-how
    Marcin Bialy Network Architect

    In today’s reality, the methods and so-called vectors of attacks and spreading threats are exceptionally diverse, not to mention sophisticated. We are dealing with an increasing number of possible interfaces, protocols and contacts with individual parts of the IT environment. That is why it is necessary to take into account all the places where a potential attack can occur.

    Marcin Biały, Advisory Architect | Board Member at Grandmetric

    With our support, you can be sure that your key data is properly protected against theft and cybercriminals. You gain the ability to implement corrections and modifications, which will result in the highest level of security of IT systems. The IT audit performed by our company covers software and hardware, i.e. computer hardware, therefore the risk of its destruction or failure due to undesirable actions of hackers and malicious applications is reduced.

    Your benefits from a security audit

    You will better understand the risks 

    You will learn about the security gaps in your infrastructure. 

    You will improve security compliance 

    You will match solutions to the required security policies. 

    You will make the most of your equipment 

    You will learn how to get rid of vulnerabilities using existing solutions. 

    You will set up an IT recovery plan 

    You will receive detailed recommendations in line with the best security practices. 

    You will choose the best equipment 

    You will secure your business to the highest level, and we will ensure that you always have up-to-date licenses. 

    You will increase awareness of the risks 

    You will point managers toward the direction of investment in cybersecurity. 

    Why is it worth commissioning an IT security audit with Grandmetric?

    We have professional tools, many years of experience and specialist knowledge that allow for precise control of digital resources. We carefully analyze them in terms of resistance to attacks – our task is to detect errors, shortcomings and irregularities that may negatively affect the level of security. We perform an audit of the IT system, software, network connections and hardware, which culminate in a clear report containing conclusions from the analysis and suggested recommendations.

    What methods and guidelines do we use during security audits?

    • NIST SP800-115 (Technical Guide to Information Security Testing and Assessment)
    • OWASP (Open Web Application Security Project)
    • OWASP MASVS (Mobile Application Security Verification Standard)
    • OSTTMM (Open Source Security Testing Methodology Manual)
    • ISSAF (Information Systems Security Assessment Framework)
    • WASC-TC (Web Application Security Consortium Threat Classification)
    • PTF (Penetration Testing Framework)
    • OISSG (Information Systems Security Assessment Framework)
    • Common Weakness Enumeration CWE in Mobile Applications
    • NIST SP800-115 (Technical Guide to Information Security Testing and Assessment)
    • Common Vulnerability Scoring System (CVSS)

    Security audit – FAQ 

    How often should IT security audits be conducted?  

    It is best to do this periodically, at least once a year, and whenever changes are made to the systems.  

    How long does a security audit take?  

    An audit, depending on the type, size, and complexity of the structure being audited, can take from a few days to several weeks.  

    How much does it cost to carry out an IT security audit?  

    The rate for the service is determined on a case-by-case basis due to factors such as the type, size and complexity of the system being audited.  

    How to check the competence of IT auditors?  

    The technical competence of the experts carrying out the security audit is confirmed by certificates issued by international cybersecurity organizations. 

    What is the difference between a security audit and a penetration test?  

    A penetration test only deals with its specific part (infrastructure, application, network or website) and is part of a security audit. The audit covers the entire system being audited.  

    What does your security audit report contain? 

    Raporty bezpieczeństwa Grandmetric to szczegółowa i skrupulatnie wykonana dokumentacja. Standardowo zawiera:

    Wondering what type of audit will best serve your organization? Let's talk! 

      Talk to our expert

       
      *I consent to the processing of my personal data for the purpose of being contacted by Grandmetric Sp. z o.o. (data controller). I declare that I have read and accept the Privacy Policy. Privacy Policy

      Grandmetric engineers audited our IT infrastructure and IT systems. They were efficient, available, and located several potential trouble spots, which helped us avoid more serious problems. I was most impressed by the audit report – it described the state of our infrastructure in great detail and specifically indicated corrective steps in the area of ​​cybersecurity and network infrastructure.

      Robert Nowacki, IT Department Manager, Młyny Szczepanki

      Get to know more about security audits

      Grandmetric