Your browser version is outdated. We recommend that you update your browser to the latest version.

 

 

 Client:

Canadian telecommunications provider 

Duration:

3 months 

Key Roles/ Services Performed:

Senior IT auditor

Details:

Key member in a four person audit team assessing cyber security controls across the company

Developed baseline audit programs for all areas including secure systems design, vulnerability management, security operations and event management, cyber threat intelligence (CTI), website operations, incident management, change management, asset management and patch management.

Audited the CTI, asset management and patch management areas in depth including detailed management interviews, evaluation of documented processes and practices, inspection of system designs, configurations and other relevant documentation and preparation of executive level reporting.

Within CTI, evaluated the extent and effectiveness of the external threat feeds in use, range of internal data sources ingested into the platform, models and algorithms used to develop unique indicators of compromise (IOC's), techniques used to research and analyze model outputs, and distribution of threat indicators to other parties in the company for action and response.  

Within asset management, evaluated the inventories and controls in place to maintain an up to date and effective inventory of internet presences and their supporting architectural elements, as well as processes to assess and approve the implementation of new internet accessible access points whether internal or externally hosted.

Within patch management, assessed the company wide practices used to identify software vulnerabilities within the software inventory, processes to test and evaluate the implementation of the required patches and reviewed the exception and mitigation measures for areas not able to be updated.  

Benefits to client:

With a baseline audit program, team members were able to hit the ground running with their respective areas.

Client received a comprehensive report on areas of improvement and an objective, independent assessment of the true state of control practices for the in-scope areas.