The assignment involved conducting a Systems and Security Audit for a leading trading company in the Middle East with turnover of more than USD 1 million. Client had over 500 internal users accessing IT resources from its different offices & outlets. Client’s Management needed an audit of critical information flows & processes that affected operational and strategic decision making in respect of IT Governance & Compliance, IT General Controls, and IT Operations.
MaGC Approach and Methodology
Systems audit was undertaken employing generally accepted methods including structured interviews, walkthroughs, user surveys, test of samples, and use of vulnerability assessment and penetration testing (VAPT) tools. As part of Security audit, Penetration Testing tools focussing on network security were used. Client’s IS Governance was evaluated against a framework on different parameters.
A detailed audit report with observations along with their criticality and recommended corrective action was presented to Client’s Management. This enabled the Management to immediately initiate action to address the lapses identified in the Information System. In all, the audit helped the Client to strengthen its Information System and its security.