top of page
Business, Technology, Internet and netwo

Information Security Audits

Technology audits examine the risk management controls within an Information technology (IT) environment. The evaluation of obtained evidence determines if the architecture design and implementation safeguards assets, maintains data integrity, and operates effectively to achieve the organization's goals or objectives.



App%20InfoSec_edited.jpg

CTSA provides assessments services across all information security activities including:

Shot of Corridor in Working Data Center
Coding software developer work with AR n

Access Management

ACCESS CONTROL POLICIES (E.G., IDENTITY-BASED POLICIES, ROLE-BASED POLICIES,  POLICY-BASED ACCESS, CONTROL MATRICES, CRYPTOGRAPHY) CONTROL ACCESS BETWEEN ACTIVE ENTITIES OR SUBJECTS (I.E., USERS OR PROCESSES ACTING ON BEHALF OF USERS) AND PASSIVE ENTITIES OR OBJECTS (E.G., DEVICES, FILES, RECORDS, DOMAINS) IN INFORMATION SYSTEMS.

Identity Infrastructure

INVOLVES POLICIES, STANDARDS, PROCEDURES, GUIDELINES, AND TECHNICAL CONFIGURATIONS RELATED TO THE SYSTEMS THAT MAINTAIN IDENTITY ACCOUNT MANAGEMENT AND AUTHENTICATION FUNCTIONS.

Why Engage CTSA?

For each technology audit CTSA personnel will –  

  • Obtain an understanding of the activity being audited. The extent of the knowledge required should be determined by the nature of the enterprise, its environment, areas of risk, and the objectives of the engagement.

  • Consider subject matter guidance or direction, as afforded through legislation, regulations, rules, directives, and guidelines issued by government or industry.

  • Perform a risk assessment to provide reasonable assurance that all material items will be adequately covered during the engagement. Audit strategies, materiality levels and resource requirements can then be developed.

  • Develop the engagement project plan using appropriate project management methodologies to ensure that activities remain on track and within budget.

  • Include in the plan assignment-specific issues, such as:

    • Availability of resources with appropriate knowledge, skills, and experience

    • Identification of tools needed for gathering evidence, performing tests and preparing/summarizing information for reporting

    • Assessment criteria to be used – Reporting requirements and distribution

  • Document the technology audit or assurance engagement’s project plan to clearly indicate the:

    • Objective(s), scope, and timing

    • Resources

    • Roles and responsibilities

    • Areas of risk identified and their impact on the engagement plan

    • Tools and techniques to be employed

    • Fact-finding interviews to be conducted

    • Relevant information to be obtained

    • Procedures verify or validate the information obtained and its use as evidence

bottom of page