Auditing services for IT systems’ safety
Company Aitsa is offering independent and authentic auditing of IT systems’ safety and monitoring the performance of IT processes.
Information system safety
About the new service
depends on organisational and technical controls. The efficiency of technical controls largely depends on system settings. System settings are a result of implementing processes from the IT field. Compliance of settings
with the information protection policy
is a reflection of consistency in the implementation of processes.
Company Aitsa specialises in efficient
and authentic evaluation of safety settings
of systems, which enables their clients to constantly and objectively monitor
the success of IT processes with help of objective metrics.
Evaluating security settings is mostly done on the following systems: Windows, MSSQL, Oracle, CISCO IOS and CISCO ASA. At the client’s request, they can also develop and carry out procedures and tools for evaluating the compliance of systems’ settings for other systems. This is how they have already developed procedures for AIX and Linux for clients.
The problem, use value and competitive advantage
Organisations and supervisory institutions are aware of the risks that come from inadequate system settings, which is why they regularly check them. When doing this, they face some challenges: they don’t have evaluation criteria for the suitability of settings, they don’t have the knowledge for implementing the evaluation, and they don’t have the resources and trained personnel for implementing the evaluation.
The company’s service of evaluating the compliance of system settings
ensures efficient answers to the above mentioned challenges. The implementation of their service is based on three principles: simplicity for the customer, a safe, professional and thorough
evaluation and efficiency
of the performance evaluation.
As a criterion for safety of system setting, they use, in agreement with the client:
- Policies and standards of the client
- Established good practice (CIS, PCI DSS, ISACA, suppliers)
- Good practice of company Aitsa
The information protection policy of the company AITSA follows the recommendations of the ISO 27001 standard.
Service implementation procedure
The service implementation is shown on the picture below. Implementation is simple for clients, while the use of purpose tools for capturing configuration data and their analysis ensures the quality of implementation, as well as enables an efficient overview of configurations of a large number of systems, and competitive prices.
The competitive advantage of the company are rich experiences that both founders, Peter Grasselli and Jožica Kržič, combine with added specialist knowledge of individual technologies and collaboration with a wide network co-workers and companies.
Certified reviewer of information systems, CISA, CISP. He has more than twenty years of experience in the field of IT. He started his work in the field of informatics as a developer and system engineer. He also worked as an administrator of databases and network controller. He had been responsible for planning, implementation and functioning of an information system of a large company for fifteen years. He has been working in safety and review of information system for more than ten years.
Jožica Kržič, CISA
She has more than twenty years of experience in the field of IT. She started her work in the field of informatics as a developer and designer. She later worked as a project leader, development leader, assistant IT director, and led the area of IT services and operations as a director. She has been working in safety and review of information systems for ten years.
Target customers of their service are companies from different industries. All their clients use big and complex information systems for business, which requires constant and professional management with emphasis on ensuring safety and reliability of the entire system’s functioning.
The company has references for implementing projects in the following industries:
- Pharmaceutical industry
- Financial industry
- Gaming industry
- Public administration