Basis for conducting an audit of compliance with the requirements of the National Cybersecurity System
The audit results directly from the Act of 5 July 2018 on the National Cybersecurity System (hereinafter the Act) and is based on a set of recommendations standardizing security solutions in networks and information systems.
Benefits of a KSC audit
- reduces the likelihood of data leakage and GDPR violation,
- even in the event of a security breach, it is evidence of lower penalties,
- is evidence of top management's commitment to information security, and the report confirms this,
- guarantees the recognition and the possibility of removing ICT vulnerabilities that pose a threat to information security,
- guarantees the verification of the applied protection measures together with an indication of recommendations for their further development,
- guarantees an increase in information security standards in the area of employees' knowledge.
What is the KSC audit?
KSC audit consists in verifying and assessing the readiness of a public entity to meet the requirements of the Act. It is performed by thorough verification of the list of elements together with the determination of the degree of their fulfillment.
Części składowe audytu
The analyzed areas relate to security:
- ICT infrastructure, including servers, operating systems, network switches, UTM (NG Firewall),
- key ICT systems,
- access, authorization and authentication processes,
- managing relationships with suppliers / customers,
- physical (SSWiN, SKD, environmental monitoring systems).
The processes of risk management and assessment, incident management, security management updates and documentation, employee awareness and the unit's ability to respond to threats are also assessed.
As part of the audit, we identify vulnerabilities (known errors) in ICT systems and suggest ways to remove them. We measure threats resulting from vulnerability in accordance with CVSS (Common Vulnerability Scoring System).
Please note that the use of OpenVAS (Greenbone) or Nessus tools is the identification of a vulnerability and should not be identified with penetration testing.
Testy prowadzą doświadczeni testerzy bezpieczeństwa (pentesterzy) posiadający certyfikaty OCSP i OSWE. Zapoznaj się z pełną ofertę prowadzonych przez nas testów penetracyjnych.
In the context of the KSC audit, we most recommend testing infrastructure and web applications.
As part of the audit, we very often conduct training, the main purpose of which is to increase the knowledge of employees. The higher the awareness, the lower the likelihood of a security breach. We often conduct technical training for IT specialists, network administrators, programmers and devops.