Security Auditing
To successfully complete a comprehensive security audit, we must take different aspects related to data security. In this way, break down the security audit in two parts, logical audit and physical audit. Given these two parts can ensure a correct data integrity and a secure backup of all information.
Logic Audit
The logic audit refers to the logical software security, protecting company data, processes and programs as well as ordered and authorized access of users to information.
The logical security audit covers the following areas: Architectures (Windows, OSX, BSD, Unix and Linux), Servers (Windows, OSX, BSD, Unix and Linux), Firewall Policy filtering and configuration of traffic in the LAN/WAN. In the case of logical security audits are two different scenarios:
a) Audit External Access Penetration, for example, audit systems so that they are protected from attacks from outside the organization. This uses own tools and commercial tools for help to identify the vulnerabilities of the system.
b) Audit Internal Access penetration, in this case consists in the same study that the external penetration, but with the assumption that the attack will come from inside the company, ie, by system users.
To make this type of audit requires appropriate technology to verify the status of the security infrastructure. 26Soluciones, is a consultant specializing in information security, with the latest technologies specialist for it.
Physical Audit
Physical Security Auditing refers to the physical protection of hardware and data containers, as well as the safety of buildings and facilities that host them. In this case to situations such as fires, floods, sabotage, theft, natural disasters, etc..In this type of audit are controlled, for example: access control, identification, facilities, Datacenters, servers, storage media and processes, backups, etc ...