Holistic Auditing is a 360 degree approach to security, encompassing all factors rather than just the electronic security considerations.
This phase reviews all ICT and Information Assets, the applicable threats and vulnerabilities. It considers the security of a business as a complete entity rather than just a series of disconnected elements.
This operates on the Thales HELP doctrine:
Human, Environmental, Logical, Physical
- Do your employees understand their role in security?
- Are new starters subject to identity checks and vetting (i.e. Criminal Records or Credit checks, national security
- What training do they receive on induction and how regularly thereafter?
- What processes are in place to support the protection of the company's security interests?
- Do employees sign and understand a computer usage policy?
- Are passwords changed when a breach is detected?
- Are your systems fully patched?
- Do you segregate test and production systems?
- Does your ICT team have all the skills needed to help secure your environment?
- Are there door access control mechanisms for potentially business-sensitive areas?
- Are physical security measures circumvented for ease of use?
- Are personnel required to display company ID badges?
By identifying and considering the impact of vulnerabilities in these areas together, the overall impact on security can be determined. We understand that security is not limited to any one single element and all should be considered in a holistic approach to security.
Holistic Audits begin by engaging with you and your business to determine your requirements and from that, derive the best way forward. From this initial discussion we produce a proposal that is submitted for your approval before the assignment commences.
The proposal will outline your objectives, the methods/proposed, and actions to be undertaken by Thales to assist in meeting these objectives. At this point the deliverables and timescales are also defined for the assignment moving forward.
A variety of techniques are used to complete a Holistic Audit – depending on the area being assessed. A Holistic Audit assesses policies, physical security measures and interacts directly with key personnel of the organisation to determine how security is implemented and to understand their role in the security of the organisation.
The reports are tailored to meet your explicit needs and we will deliver high quality professional reports that outline clearly the vulnerabilities identified during the assessment, their potential to impact your business and more importantly, the report makes recommendations for risk mitigation.
The reports are designed to be relevant and readable at all levels from the CIO/Board-level to the ICT teams responsible for the Systems.
We further aim to reduce technical jargon to a minimum whilst maintaining a high-quality and usable report. In addition, we are able to provide technical briefings and security awareness training to support the improvement of systems following on from the report’s delivery.