stratsec

strategy. security. solutions.

ICT Audit & Compliance

HomeServices

stratsec performs compliance audits of ICT environments using a variety of tools and approaches depending upon the type of audit required by our clients.  The stratsec methodology for the conduct of operational security assessments and audits has been developed to be consistent with the Information Systems Audit and Control Association (ISACA) requirements and customised for Australian Government security standards.  stratsec has adopted ISACA standards, guidelines and procedures to ensure:

  • consistency of audit activities (benchmarking);
  • repeatability; and
  • reproducibility of audit results.

The stratsec methodology comprises three phases each with three steps as follows:

  • Phase One: Review - The phase in which the scope and boundary for the target of the audit activity are defined and evidence is gathered and analysed in accordance with the audit plan.
  • Phase Two: Findings - The phase in which the interim findings are published for stakeholder comment, the report is finalised and any actions agreed to address audit findings.
  • Phase Three: Follow-up - The phase in which the audit team reviews the actions taken for resolution of audit findings and the audit activity is closed.

Good communication with stakeholders, line managers and operational personnel is critical to gathering audit evidence and meaningful audit outcomes.  Hence, the stratsec methodology has a critical focus on effective communication and consultation with stakeholders and operational personnel.

The stratsec ICT security compliance audit methodology can be tailored to deliver audit reports consistent with client requirements, incorporating any content and structure requirements published by internal audit teams.

Qualifications and Experience

stratsec maintains highly skilled, qualified and technically competent senior consultants that specialise in auditing and performing vulnerability analysis and penetration testing engagements.  All stratsec consultants possess university degrees (or higher) and maintain a range of relevant formal security and technical qualifications, including:

  • 4xCertified Information Systems Auditors (CISA)
  • 1xCertified Practicing Risk Manager (CPRM)
  • 8xDSD Endorsed Infosec Registered Assessors (I-RAP)
  • 15xDSD-Authorised Security Evaluators
  • 2 x NATA Technical Assessors.

stratsec consultants have successfully completed IT security audits for numerous commercial and government clients.  Contact us if you would like more information on our ICT Audit and Compliance expertise.