BlueKrypt

Security Audit - Page 3
Page 3 of 3

STEP 2: RISK ANALYSIS

For each component, service or function, BlueKrypt identifies the risks resulting from the observed threats and vulnerabilities. The analysis provides for each risk:

  • A description.
  • The targeted security criteria (availability, integrity, confidentiality, traceability).
  • The likelihood of the risk and its impact with an evaluation in reference with the security issues that were identified during the first step.

These elements are summarized in a table like the one presented here below:

audit_tableau_en


STEP 3: RECOMMENDATIONS AND ACTION PLAN

This step aims at explaining the security recommendations and formalizes the associated action plan with a distinction between short term (actions to be performed urgently to cover the main risks or that easily enforced) and short/medium term (less urgent actions or that require a more substantial investment).

For each recommendation, the action plan will detail:

  • A description of the measure.
  • Priority level of its enforcement specifying the actions to enforce urgently on the short term or the ones that easily and quickly improve the security levels.
  • Its scope (in terms of perimeter and risk covered).
  • Its technical or organisation prerequisites.
  • Its possible impacts on the production.
  • An appraisal of its enforcement cost.
  • The remaining risks.
 
You are here: Home Case Studies Security Audit

Association

cllogoLe Cercle du Lac is a permanent forum which aims at initiating networks to stimulate contacts and promote business.

Authorization for consultancy in security

BlueKrypt guarantees the integrity of our collaborators involved in carrying out your project.

2009 Election of UCL Rector

BlueKrypt was a member of the electoral Commission for the election of UCL rector to supervise in their capacity as security experts the security of the internet poll system, a world first for an election.

Press Reviews