Methodology

When performing audits, BlueKrypt abides by a well-proven methodology, organised in three steps and adapted according to the various subjects to be dealt with and the security services (intrusion tests, audits of the technical aspects but also the organization, functioning, compliance … ).

STEP 1: DISCUSSION WITH THE CONCERNED PEOPLE AND VISITE OF THE SITES

In general BlueKrypt starts an audit with a survey of the existing situation through discussions and technical tests.

a) Kick-off meeting

A kick-off meeting allows precising the following points:

• The scope of the audit and among other things the systems and process to be analyzed,
• The general planning and various steps,
• The definition of the information documents to take into account,
• The necessary contacts and interviews.

b) Interviews and site visit

The analysis of the existing security level is mainly based on interviews with the persons in charge of the security as well as the tests and the technical checks carried out during the visit of the sites under observation.

BlueKrypt will formalize a discussion guide that will be submitted to the approval of the Project Manager.

The method is based on:

• MEHARI’s method published by the CLUSIF (French Club on the Security of Information Systems).
• ISO 27000 that supplies a full set of managing tools including the best information security practices.