• Home
• Solutions
  • Secure "One-Way" Communication
  • Privileged User Management & Access Control
  • Enterprise Log Management
  • Enterprise Intelligence
• Company
  • About Us
  • Careers
  • News & Events
• Partners
  • Fox-IT
  • Wallix
  • AMI Software
• Support
• Resources
• Contact

• Our 10 years of experience in the Critical Infrastructure, Governmental Security and International Financial sectors
• Common information security practices recommended by ISO/IEC 27001 and ISO/IEC 27002
• Safety standards set out by the German TUV Rheinland Group namely EnSEC for Enterprise Security Management.

Security Audit Objectives

GSN's auditing services aim to assess the effectiveness of the organization's information security policies, processes, procedures and other security controls. The auditing process obtains audit evidence which is evaluated objectively by GSN to determine the extent to which the security objectives of the organization have been fulfilled as set out in the audit criteria.
Information Security Auditing against ISO/IEC 27001 and ADSIC Information Security Program aims to determine conformities or non-conformities of the Information Security Management System (ISMS) implemented by the organization against the requirements of ISO/IEC 27001 or ADSIC and helps organizations to prepare for their ISO 27001 or ADSIC certification audits to be conducted by external certification auditors.

Security Rating Methodology

GSN's audit methodology is derived from NSA's network rating methodology. The audit methodology covers each of the following areas from a confidentiality, integrity, availability, authenticity and compliance perspective:

Physical Environment: Facilities, Communications medium and Utilities
Technology: Products, Configuration, Logical Architecture, Access Control
Personnel: Resources, Responsibilities, Training, Awareness, CERT, Backup Plans
Procedures: Security Policies, Procedures, Incident Management, Disaster Recovery