The I.T. Audit is a field very substantial, our service have these kinds of variants:
Evaluation of I.T. projects, design of remedial measures and management techniques.
We apply all of our training in international standards and norms in the conduct of I.T. projects, we have experience in process models for software projects such as ISO/IEC 12207, CMMI and ISO/IEC 29110, we can cover the complete life cycle of a software or project or specific points such as processes purchase of services, software or infrastructure.
Analysis of hazard and gaps about information security.
The safety assessment of I.T. infrastructure is becoming increasingly complex and requires greater specialization, currently "checklist" auditors has been forgotten and now requires a highly qualified technical level to assess whether a informatics architecture is secure. We have extensive knowledge in management controls for information security proposed by ISO / IEC 27002, and we are applying controls frameworks such as COBIT and ISO 30000.
Software requirements analysis.Please, See this classic example: This service is executed in final stages of a project or completed stages, the aimed is to analyze requirements agreed between customer and supplier, the aim is to verify that the supplier has complied with the agreed upon signing the contract and verify that the client has provided detailed information required for the provider has fulfilled its duties. This service is usually demanded when there is a conflict between two parties and both parties need an unbiased opinion, we try to generate an atmosphere of conciliation searching of re-establishing trust between both parties.
Internal analysis of software.
This service covers auditing of source code, defect detection and security breaches when product is completed or built. We are working with software of static analysis and testing robots to simulate load and stress environments. Currently we are offering this service for code written in PHP, C, C + +, Visual Basic and Visual Fox, soon will expand this services to Python, Perl and Java.
Suffering an attack is a problem and an opportunity to see what has happened , learn about ways used to violate safety, design how to increase the level of impenetrability of it, analyze the impact caused to the infrastructure, to determinate who accessed and deduce the reasons, all this begins with an analysis of high stringency that help us to improve.