Configuration / conformity audits

What is a compliance (configuration) audit:

The security of an information system is closely related to the quality of the configuration of the elements belonging to this information system. This is the reason why we propose compliance audits (also called configuration audits), that allow to estimate the level of security of your information system based on the configuration of your technical components.

Those latters can be operating systems, middlewares, application servers or framworks. During those audits, our experts examine those elements in order to pinpoint any potential security flaws that misconfiguration could lead to.

How do we conduct compliance audit?

audit-conformite-configuration

As opposed to pentests, during compliance audits, our auditors will have access to all the necessary information: administrator account, detailled infrastructure map, as well as all the necessary technical details/documentations. The audit can be decomposed into 4 main phases:

a preparation meeting where will be set the scope of the audit and collected the necessary documents/information.
the operation officer and the auditor agree then on the best way to conduct the audit
the system administrators and the auditor run the various scripts that will extract all needed security configuration data
the auditor checks then the compliance against the reference framework, and generate her/his report

The important components of an audit report:

the report must clear state the reference framework used (ex: CIS)
a high-level summary
the good practices revealed by the audit
the compliance rate of each of the audited element (according to the reference framework used)
the most critical aspects that need immediate attention and swift correction
a comprehensive list of the conducted tests

We can realize compliance audits with respect to following reference frameworks:

CIS (Center of Internet Security)
SOC2 (Service Organization Control)
PCI DSS (Payment Card Industry Data Security Standard)
Swift (Society for Worldwide Interbank Financial Telecommunication)
ANSSI (Agence Nationale de la Sécurité des Sytèmes d'Information)

Download one of our reports Let's discuss about your needs

Specialists in information security in Lyon, Paris, Grenoble and Saint-Etienne in France

You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.

Configuration / conformity audits

What is a compliance (configuration) audit:

How do we conduct compliance audit?

The important components of an audit report:

Our identity

Vision

Our references

Research & Development

Infrastructures

Working at AlgoSecure

Security audits and pentests

Web application audits

Mobile application audits

Internal networks (LAN) audits

Red Team audit

Cloud infrastructure audits

Configuration / conformity audits

Code security audits

IoT environments audits

Industrial systems audits

GDPR compliance audit

Reverse engineering

Security assistance

Integrating security products

Security training

Computer forensics

Security monitoring

Risk analysis

ISO 27001 certification

Cybersecurity contracting authority support

DPO/GDPR conformity services

Ransomware assistance

Trainings

Lyon Security Mornings

Our news

Our technical blog

They talk about us

Configuration / conformity audits

What is a compliance (configuration) audit:

How do we conduct compliance audit?

The important components of an audit report:

Subscribe to our newsletter!