"Having the security of our customers' IT landscape checked by Protektis audits represents considerable added value for our customers and us: uncovering any security gaps puts us in an advantageous position compared to attackers, being able to close them before any damage occurs. This gives us additional service potential and our customers receive a higher level of security. A win-win situation for everyone involved.\dlashMatthias Peter, Managing Director of Peter Communication Systems GmbH
"The audit reports from Protektis not only help to make our customers more secure, but also help us in sales. The deficiencies identified sensitize customers to the need for measures and give us the opportunity to talk directly about solutions and create offers.\dlashKristof Felsö, Managing Director of Mainsystems GmbH Every organization has processes, IT infrastructures and networks that are exposed to risks to internal information security. Insecure systems and processes provide an ideal attack surface for hackers and cyber criminals who can exploit your data for their own purposes.
To prevent vulnerabilities like these, an IT security audit is recommended. This involves testing IT systems according to BSI standards in order to be able to identify existing vulnerabilities, misconfigurations and security gaps based on an analysis. Based on the data and information from an IT system audit, you will receive structural recommendations for organizing your IT systems for more IT security. Since
the standard for IT security in Germany is very difficult to summarize, it is recommended, especially for medium-sized organizations, to leave extensive IT system audits to the professionals. At Protektis, we have years of experience in implementing IT security audits according to our own standards and guidelines, such as the BSI IT Baseline Protection and ISO 27001. On this basis, we work with our own questionnaire in the form of an IT audit, which covers all basic topics of IT Baseline Protection and checks according to standards. This includes topics such as information security, network security, user and rights management, the protection of rooms and physical systems, as well as administrative processes and routine tasks.
An IT audit is often understood as a time-consuming system check that can potentially limit your work. But we approach the process differently: Instead of checking and examining all devices, software, networks and cables individually, we use our questionnaire for IT audits and conduct detailed interviews. The results of the investigation are compared with our questionnaire. We aim to find practical solutions that are suitable for small and medium-sized businesses.
You can view your results in a detailed defect report, including graphical presentations and percentage information. We will inform you about all the defects identified and possible risks. On the basis of these, you will receive recommendations such as measures, corrections and preventive processes in order to ensure maximum security. WHY PROTEKTIS? Comprehensive: We offer you a review of your entire systems according to common standards and catalogs, such as the BSI basic protection. This way you can be sure that your IT security can be fully guaranteed.
Timely: Fast results - We carry out IT audits directly and without much preparation. To do this, we base our audit catalog on BSI, which contains 7 test categories. These are handled manually using interviews with senior IT contacts, so that you can receive your results after just 5 - 6 hours.
Documented: You receive all the results of the audit of your IT security with an audit report. This contains all the deficiencies that were identified during the IT system audit and recommended measures that define how to deal with threats of this kind in the future.
Independent: We are a consulting company and not a system house. The measures we recommend as part of our consulting do not aim to implement a specific solution, but are manufacturer-independent. When customers commission us to help them find suitable solutions, we explore the market for offers and show several alternatives. We are happy to work with existing contacts, systems or partners in matters of IT security, information security or data protection - whether internally or externally. SERVICE DESCRIPTION Review of the company's IT security derived from BSI IT-Grundschutz and ISO 27001 Detailed review of the subject areas of information security management, employee awareness, IT security management, user and rights management, documentation, emergency planning, infrastructure, power supply, network, WLAN, firewall, virus protection, data backup, patch management, monitoring including a remote inspection of the server rooms Assessment of the existing environment based on an understandable percentage-based concept Preparation of a test report including a list of all deficiencies found Preparation of a summary for management including the most important deficiencies, risks and recommended measures Handover and presentation of the results report Price valid for companies with up to 300 employees Price for larger companies on request. FREQUENTLY ASKED QUESTIONS ABOUT THE IT SECURITY AUDIT 1. WHAT IS AN IT SECURITY AUDIT? An IT security audit is the analysis of IT structures and the associated identification of security gaps. An audit report provides you with the results of the audit and thus an initial indication for planning further measures to improve IT security within your structures. These are based on the requirements of IT Baseline Protection BSI and ISO27001.2. WHO CARRIES OUT THE AUDIT? Our auditors usually carry out an IT security audit for you. They have a deep understanding of data processing and information transfer within organizations, companies and authorities. Our specialists carry out an inspection of your systems and can use the results to derive possible weaknesses and potential for improvement. The audit can be carried out using different testing methods, such as question or observation criteria or documentation and checklists. At Protektis, we use a questionnaire based on laws and standards, such as the BSI IT Baseline Protection and ISO 27001, as a standard and guideline. Appropriate recommendations are made based on the results.3. HOW LONG DOES IT TAKE TO CARRY OUT AN IT SECURITY AUDIT? How much time it takes to carry out an audit for your IT security depends on the scope of the review.We usually need one to a few working days for this. For larger environments, we will work with you to estimate the effort involved and also record other requirements, such as specifications from industry associations, which can also affect the duration of the audit. 4. CAN AN IT SECURITY AUDIT IMPACT YOUR INTERNAL OPERATIONS? No, your IT systems will not be affected by our audit. Your IT systems are audited using a visual inspection. Unlike a penetration test, no systems are attacked in an IT security audit. 5. WHICH SYSTEMS AND APPLICATIONS CAN BE CHECKED AS PART OF AN AUDIT? As part of an audit to increase your IT security, all devices that are accessible in the network are considered for inspection. This includes servers, clients, firewalls, switches, routers, UPS systems, video surveillance, OT systems and cloud systems. 6. HOW IS A SECURITY AUDIT FOLLOWED UP? After the IT security audit has been carried out, you will receive clear analysis results and recommendations for action in the form of a detailed defect report. The defects and recommendations described in it provide you with pragmatic and practical measures to improve the IT security of your infrastructure.7. HOW OFTEN SHOULD A SECURITY AUDIT BE CARRIED OUT? Your IT security can be checked at regular intervals using an audit. It is particularly suitable to have a test carried out every time changes are made to your IT.8. CAN AN IT AUDIT ALSO BE USEFUL IN THE CASE OF AN EXTERNAL IT PARTNER/EXTERNAL DEPARTMENT? Yes, an audit according to our specifications, based on IT basic protection, is suitable regardless of the location or the person responsible for the IT system. In any case, we work with those responsible in a trusting and targeted manner and ensure that your IT infrastructure becomes more secure. An IT security audit can be an opportunity for management to have the IT infrastructure checked by a qualified third party and to identify potential weak points. At the same time, IT managers have the opportunity to confirm to management that information security is in place within their organization based on the principles of the BSI and IT-Grundschutz.9. CAN ADDITIONAL MEASURES TO INCREASE SECURITY FOLLOW THE IT SECURITY AUDIT TO GUARANTEE EVEN MORE SECURITY? Yes, an IT system check based on an IT audit is a perfect way to get a basic understanding of your current situation in terms of your information security. Using a test catalogue based on BSI IT-Grundschutz and ISO 27001 standards, your existing IT infrastructure will be checked using seven test categories and over 400 questions. We place emphasis on the following key points:Information security, compliance, infrastructure, systems, networks, security services and administration. You will receive the results of the audit in the form of an audit report, which forms the basis for many of our other services. We therefore refer to a security audit as an entry point on which to build further measures, such as risk analyses, phishing simulations or penetration tests.