Axoss provides security audit services to assess an organization's security posture without incurring the costs of an incident. A security audit systematically evaluates how effectively an organization's security policies are implemented and identifies vulnerabilities. It is an ongoing process as organizations evolve. Axoss' security audit involves interviewing staff, reviewing network architecture and access controls, analyzing policies and procedures, and attempting to answer key questions about password strength, access controls, auditing practices, and disaster recovery plans.

1. Services DataSheet

2. WHAT ?
SECURITY AUDIT is
• a SYSTEMATIC, measurable technical assessment of how the organization's
ABOUT AXOSS
security POLICY is employed.
• one of the best ways to DETERMINE the security POSTURE of organization without Axoss is a vendor independent
incurring the cost and other associated DAMAGES of a security INCIDENT. Information Security Consulting firm
that delivers Security Assessment
Services across the public and private
sectors.
Axoss was founded by information
security experts, to provide top of line
Security Consulting Services that
tailored to meet our clients' needs.
WHY ?
Security Audit is ESSENTIALLY an assessment of how EFFECTIVELY the organization's security Axoss core services can be broken
policy is being implemented. Of course, this assumes that the organization has a security policy down into four categories:
in place which, UNFORTUNATELY, is not always the case. Even today, it is possible to find a • Penetration Testing
number of organizations where a WRITTEN SECURITY POLICY does not exist. Security policies • Vulnerability Assessment
• Security Consulting
are a means of STANDARDIZING security practices by having them codified and AGREED to by
• Security Training
EMPLOYEES who read them and sign off on them. When security practices are UNWRITTEN OR
INFORMAL, they may not be generally understood and practiced by all employees in the Axoss has in‐depth knowledge of the
organization. challenges faced by many
organizations in protecting users,
networks and critical business
information from malicious attack or
theft.
We always aim to deliver scalable
WHEN ? solutions so that every company,
whatever their security budget, can
It must be kept in mind that as organizations evolve, their security structures will change as
continue to enjoy access to our
well. With this in mind, the computer security audit is NOT A ONE‐TIME TASK, but a expertise.
CONTINUAL effort to IMPROVE data protection.
http://www.axoss.com
The audit measures the organization's security policy and provides an analysis of the
EFFECTIVENESS of that policy within the context of the organization's structure, objectives and
activities.
All contents are Copyright © 2008 Axoss Information Security. All rights reserved.
Axoss Public Information.

3. WHERE ?
AXOSS SECURITY AUDIT service includes an assessment of CRITICAL assets and HIGH‐RISK
information, POLICY AND PROCEDURES, security standards and training, hardware and
ABOUT AXOSS
software, and security roles and responsibilities.
Axoss is a vendor independent
Axoss Security Audit service is IDEAL for organizations wanting an INDEPENDENT AUDIT of their Information Security Consulting firm
that delivers Security Assessment
information security posture.
Services across the public and private
sectors.
In a security audit we are your DEFENDER, not your attacker. You show us your system ‐ what it
does, how it works ‐ and we take it under an IN‐DEPTH SECURITY ANALYSIS. The more insight Axoss was founded by information
into the system you can provide, the more exhaustive our analysis can be. security experts, to provide top of line
Security Consulting Services that
tailored to meet our clients' needs.
HOW? Axoss core services can be broken
Axoss Security Audit PROCESS involves down into four categories:
• Penetration Testing
• INTERVIEW with customers’ staff
• Vulnerability Assessment
• review NETWORK architecture • Security Consulting
• ANALYZE access controls • Security Training
• study security POLICY
Axoss has in‐depth knowledge of the
Axoss Security Audit ATTEMPTS to answer at the following key questions: challenges faced by many
• Are passwords DIFFICULT TO CRACK? organizations in protecting users,
• Are there ACCESS CONTROL LISTS in place on network devices to control who has networks and critical business
access to shared data? information from malicious attack or
theft.
• Are there AUDIT LOGS to record who accesses data?
• Are the audit logs REVIEWED? We always aim to deliver scalable
• Have all UNNECESSARY applications and computer services been ELIMINATED for solutions so that every company,
each system? whatever their security budget, can
• Are these operating systems and applications PATCHED to current levels? continue to enjoy access to our
• How is BACKUP media stored? Who has access to it? Is it up‐to‐date? expertise.
• Is there a DISASTER RECOVERY PLAN?
• Have custom‐built applications been WRITTEN WITH SECURITY in mind? http://www.axoss.com
WHO ?
AXOSS has been delivering Information Security CONSULTING services to help clients
MITIGATE risk, secure their infrastructure and PROTECT their assets.
We are FOCUSED on providing the best possible customer EXPERIENCE and are committed to
delivering the HIGHEST LEVEL of service and support. We welcome any questions or requests
you may have about our SECURITY AUDIT service. Please don't hesitate to CONTACT US and
one of our consultants will get back to you as soon as possible.
All contents are Copyright © 2008 Axoss Information Security. All rights reserved.
Axoss Public Information.