Maxuar
Products and Solutions @ Maxaur
Security Auditing and Assessment

Overview

We provide three different kinds of audits:

  • Information security audits, which are done at one point in time.
  • Perpetual or ongoing real-time audits in the form of monitored security services.
  • Regulatory and standards compliance audit, which maps the results of a one point in time audit or an ongoing audit against a particular standard.

Information Security Audit

One point in time evidentiary audits pinpoint underlying evidence of vulnerabilities, explain the vulnerabilities and make recommendations of how to mitigate each vulnerability. Our audit methodology includes:

  • External security vulnerability and penetration tests.
  • Network security architecture audits.
  • Policy and procedures audits.
  • Internal audits.
  • Application and database audits.
  • Auto discovery of network devices.
  • Social engineering audits.
  • Access Control
  • Email Security
  • Firewalls
  • Intrusion Detection Systems
  • Malware
  • Network Access Control
  • Vulnerability Scanning
  • Network Security Audit
  • System Security Audit
  • Database Security Audit
  • Application Security Audit
  • Data Center Operation Risk Assesment
  • Business Risk Assesment
  • IT Project Risk Control
  • Spyware
  • VPN

Monitored Security Services

We transforms one point in time security and compliance auditing into real-time with perpetual audit or continuous audit service. We monitor event logs, alerts and alarms in real time, and create trouble tickets that identify critical security vulnerabilities and compliance violations and make recommendations of how to mitigate each security vulnerability and compliance violation. Our solution is equally suited for client owned / managed security technology and for outsourced managed IT security technology.

Compliance Audit

Our IT audit security audits provide the evidentiary foundation for the compliance audit. We map the results of a security audit which of course includes an investigation of adherence to policy and procedures onto various regulatory and industry best practices standards.

Financial disclosure: Sarbanes-Oxley (SOX), SEC rule 17a, Ontario Bill 198, OSC 52-109. Compliance audits to industry best practices: NIST, ISO 270001, ISO 17799, CobiT, Electricity utility standards: NERC 1200, CIP. Privacy Impact Assessment and identity management: The Canada Privacy Act, PIPEDA, HIPAA, California Identity Theft Law SB 1386.

We provides high-level technical recommendations of how to mitigate the vulnerabilities and compliance violations, as well as ROI cost justifications for implementing audit report recommendations.

ROI Based Risk Assessment

We not only identify information security vulnerabilities and compliance violations but translates them into business risks that executive decision makers can understand and can act upon as well.

We provides a pro-forma ROI business case based upon risk assessment to cost justify our audit recommendations, in every single audit report. This allows executive committees to base risk management expenditures upon dollars and risk.

Policy, Procedures, and Response Plans

Our staff of CISSPs write both comprehensive and outline format documentation for our clients including:

  • Security Policy and Procedures.
  • Governance planning for IT security.
  • Risk analysis for IT security.
  • Compliance gap analysis.
  • Business continuity plan (BCP).
  • Disaster recovery plan (DRP).
  • Recovery plan.
  • Cyber security event response plan.















1820 Michael Faraday Drive, Suite 19, Reston VA 20190 • info@maxaur.com • 703-956-9664 • Copyright @1999-2017