IT Security

IT audit is a process of collecting and evaluating evidence in order to assess if the IT system and its resources adequately protect the assets, keep data integrity, provide appropriate and reliable information, effectively meet company’s aims, economically use all the resources and apply internal control mechanisms. All that with a sole purpose to provide a sufficient assurance that the company’s control and operational goals are met, sufficient control mechanisms against possible threats are in place, potential incidents are timely detected and once occurred, their consequences are countered on time.

Bezpieczeństwo IT

Audit is performed to assess the compliance of the system that is being evaluated with a given standard or norm chosen as a point of reference. In the IT audit these are the IT process management (ISO/IEC 20000, COBIT), quality management (ISO 9001) and IT security standards (ISO/IEC 27001, PCI DSS, FIPS). 

These norms are usually structured as check lists which makes it easier to systematically verify all the points. Sometimes other, complex procedures, might also be implemented during the audit and they include risk assessment or penetration tests.

IT security audit that we provide include:

  • physical security of the IT infrastructure (security policy, physical access control, power supply systems) 
  • computer network security (firewalls – hardware and software, tests, DoS / DDoS solutions)
  • computer network monitoring
  • network access control
  • application access control
  • server and workstation anti-virus protection 
  • data protection (backup copies, physical data carriers encryption, DLP systems, anti-phishing) 
  • electronic mail security
  • web access security

The audit comprises a number of actions depending on the system and the situation. They include:

  • potential threat analysis in all the company’s activities areas – risk analysis
  • penetration tests
  • backup recovery verification test
  • hardware configuration analysis
  • defining security measures and actions
  • defining security policy directions and the strategy for its implementation
  • IT security documents analysis. 

Expert witness (after formal appointment) / IT Expert can provide the following for the private sector:

  • software and hardware  audit – expert opinions
  • design and assessment of IT infrastructure
  • software and IT hardware examination – error and damage – expert opinions
  • ICT, GSM and telemetry – Expert opinions
  • company’s data and software security audit
  • company’s software licensing / compliance audit
  • audit / assistance during software and hardware reviewing and assessment in public tenders
  • valuation of services, internet domains and applications
  • project implementation compliance under EU financing – audit / assessment 
  • infobrokering and corporate information gathering / analysis
  • industrial security audit
  • IT security coaching for companies and institutions
  • forensic IT expert opinion for: Courts, Police, Prosecutor’s Office, Border Guard, Revenue Service etc.
  • all the necessary assistance in the a wide variety of IT and the latest technologies situations 

Forensic Computer Forensics Opinions.
For Institutions: Court, Police, Prosecution, Border Guard, Revenue Offices, etc.

Badanie nośników danych

Assessment and Expert opinions:

  • embezzlement
  • labour law breaches
  • data theft
  • industrial espionage
  • copywrite infringement
  • trade secret disclosure
  • identity theft and unauthorized use of personal data
  • criminal cases – full scope
  • patent theft and false endorsement 

IMPORTANT: securing electronic evidence is not only limited to computer crime, it also stretches to all situations when electronic hardware was used in the process of committing a crime or any abuse. 

Opinions for physical persons:

We offer opinions for physical persons in a wide variety of IT technologies areas. Data is collected and safely stored in a form of professional reports that can be used in court or during administrative proceedings.

Electronic evidence is often crucial during many cases:

  • hacking
  • identity theft
  • internet frauds 
  • infidelity 
  • spying software
  • computer wiretapping
  • money theft from internet accounts

Data protection and recovery:

Our experts can help you protect and recover data stored on data carriers, mobile devices, computers and disk arrays. They will make a binary copy of discs and memories, examine them to identify crucial data, recover deleted data and secure it according to generally approved standards of forensic IT. The data that has been recovered and secured in this way can later be used as complete evidence in criminal courts and civil litigation.