Case Studies: IT Audits, IT Security Audits, and Network Security Audits

IT security audit company with certified auditors provides IT audit and compliance audit services.

Selected Case Studies and Industry Experience

Every engagement is unique. We are happy to customize our audit services to your specific needs

network-security
Case Study

Network Security Audit

A mid-size telephone company with many entities was concerned about network security risks.

user Client Situation

A mid-size telephone company with many entities was concerned about network security. Management wanted an internal and external network security audit of each entity.

solution Altius IT Solution

Altius IT provided a 50 point, 360 degree view of risks. Our services included an evaluation of:

  • Risk assessment, risk analysis, and risk treatment
  • Policies, procedures, plans, and related documents
  • Use of service providers
  • Security of servers, firewalls, and network infrastructure
  • Protection against malicious software (viruses, spyware, etc.)
  • Security mechanisms and practices
  • Controls over removable media and USB devices
  • Incident response and business continuity

Altius IT's analysis included a comparison of the organization with security best practices to identify gaps. Altius IT provided a report of findings as well as recommendations, costs, and a prioritized risk response executive summary Action Plan.

verified Client Benefit

Altius IT’s network security audit documented several areas that placed the organization at risk to both internal and external threats. The prioritized Action Plan helped the telephone company increase security and protect its information assets

cyber-security
Case Study

Cyber Security Audit

A large county needed assurance that its sensitive information was protected against hackers and other threats.

user Client Situation

A county needed assurance that its sensitive information was protected against hackers and other Internet threats. County management was concerned about compliance related issues and wanted assurance its systems were protected against external threats.

solution Altius IT Solution

Altius IT provided an External Network Security Audit. Our services included a variety of hacker type tools and techniques that identified and evaluated the county’s external risks:

  • Firewall – reviewed and analyzed configuration
  • External penetration – evaluated vulnerabilities
  • Social engineering – determined employee risks
  • Phishing – used fake e-mails and USB devices
  • False web sites – determined risks
  • Policies – evaluated security related policies

Altius IT compared the county with industry benchmarks and determined the type of security infrastructure in place. We tailored our attacks to take advantage of gaps.

Altius IT’s provided an External Network Security Audit Report, a Risk Assessment Report, and a prioritized Action Plan Report of security related recommendations.

verified Client Benefit

Altius IT’s external network security audit documented several areas that placed the organization at risk to external threats. The prioritized Action Plan helped the organization increase security while increasing protection of its information assets.

website-security
Case Study

Web Application Security

A software developer was notified it's application was not secure. A client of the software developer requested a web application security audit.

user Client Situation

A software developer provided on-line marketing solutions including web design, content management, and e-commerce solutions. The software developer was notified by a third party that it’s software was not secure. When negative publicity appeared in the media, clients and prospects became concerned and revenue declined. The software developer’s President wanted assurance that its code, with interfaces to internal database systems, was secure and protected from threats.

solution Altius IT Solution

Emulating the approach used by hackers, Altius IT used a variety of manual and automated tools to perform a controlled real-life attack on the organization's web application and web server for vulnerabilities. Altius IT evaluated the application for over 35,000 types of risks including SQL injection, cross site scripting, buffer overflow, authentication, encryption, JavaScript, and many others. Altius IT provided a Web Application Security Audit Report with our findings, an analysis of vulnerabilities, and solutions to enhance security.

verified Client Benefit

Altius IT’s web application security audit identified several areas that placed the organization at risk to hackers and other external threats. With Altius IT’s report, the organization eliminated software bugs and enhanced security by implementing changes to their code and procedures. As a Certified Information Systems Auditor, Altius IT provided a follow-up web application security audit and verified that the security issues identified in the first audit had been addressed. Altius IT provided the software developer with our Auditor Opinion Letter that the client distributed to their prospects and clients. The organization’s enhanced image and reputation helped it increase revenue both by retaining current customers and by converting new prospects into clients.

compliance-audit
Case Study

Compliance Audit

A large regional hospital needed assurance that health information was protected against unauthorized access. Meet HIPAA and HITECH compliance requirements.

user Client Situation

A large regional hospital needed assurance that health information was protected against unauthorized access. The hospital needed to meet HIPAA and HITECH compliance requirements.

solution Altius IT Solution

Altius IT provided a HIPAA / HITECH Compliance and Security Audit. Altius IT evaluated the hospital's security controls including:

  • Administrative Safeguards - policies, procedures, plans, forms, security training, incident response, business continuity
  • Physical Safeguards - controls over access to data centers, cameras, EPHI
  • Technical Safeguards - firewalls, server configurations, network segmentation, anti-malware, logging, backups
  • Phishing – used fake e-mails and USB devices

Altius IT’s reports documented several areas that placed the organization at risk to compliance and network related threats. Altius IT's Action Plan Report provided a prioritized risk response plan for the hospital with ways to enhance security, ensure protection of its information assets, and meet compliance requirements.

verified Client Benefit

Altius IT's compliance audit enhanced the hospital's security controls. Management has assurance that systems and data are secure. EPHI is protected from unauthorized access and alteration.

risk-assessment
Case Study

Risk Assessment

A mid-size medical product manufacturer was concerned about the security of a new device. A risk assessment was needed to address concerns about patient confidentiality and the integrity of the product.

user Client Situation

A mid-size medical product manufacturer was concerned about the security of a new device. The organization was concerned about patient confidentiality and the integrity of the product.

solution Altius IT Solution

Altius IT's Risk Assessment inventoried relevant assets and organized the assets into asset categories. We identified specific threats and threat categories and documented vulnerabilities that existed as a result of the threats. Our Risk Analysis evaluated risks and the likelihood of various threat exploits. We identified security gaps that could be exploited by insider and outsider attacks. Altius IT’s Risk Treatment Plan analyzed and documented risk reduction and risk treatment safeguards and controls for each vulnerability. Altius IT's Risk Task List identified preventive, detective, and corrective controls that eliminated or reduced risks to acceptable levels. Residual risks, risks that existed after controls were implemented, were identified, and prioritized so they could be monitored.

verified Client Benefit

Altius IT’s risk assessment documented several product related threats that placed the organization at risk to both internal and external threats. The medical device manufacturer achieved the following benefits:

  • Security – security assurance knowing that the product had effective security safeguards and controls.
  • Continuity – ability to continue functioning even if the product had been compromised.
  • Alerts – remote notifications to appropriate personnel so they could take appropriate actions if the product was compromised.
  • Redundancy – ability of the product to continue operating in the event of normal failures.
  • Sociability – ability of the product to not interfere with existing systems and devices.
mobile-application
Case Study

Mobile application security audit

A marketing company needed assurance that a newly developed mobile application was secure. A mobile application security audit was needed to address concerns about the security of the software application.

user Client Situation

A marketing company developed a mobile software application for a large international client. Management at the marketing company was concerned about the security of the mobile application.

solution Altius IT Solution

Altius IT provided a "hand on" security audit of the mobile application. We evaluated security risks related to:

  • User use of the device
  • Mobile software coding issues
  • Interfaces to servers and databases
  • Configurations of servers, firewalls, and network segmentation
  • Authentication issues
  • Backups and recovery

Altius IT's Mobile Application Security Audit Report documented security risks and provided recommendations to enhance security.

verified Client Benefit

Altius IT's mobile application security audit documented recommended changes to enhance security of the mobile application and server environment. The marketing company and the large international client had the peace of mind knowing that the mobile application kept information secure from intruders.

social-engineering
Case Study

Social Engineering Audit

A mid-size bank was worried about social engineering attacks on its staff. Management was concerned about maintaining customer confidence and meeting compliance requirements.

user Client Situation

A mid-size bank was worried about social engineering attacks on its staff. Management was concerned about maintaining customer confidence and meeting compliance requirements.

solution Altius IT Solution

Altius IT provided a social engineering security assessment. Emulating the approach used by hackers, we manually perform a controlled real-life attack on the bank's staff and measured their response and actions to fake e-mail messages and false web sites. We benchmarked the bank against industry averages and provided the bank with ten recommendations to reduce their risks to social engineering attacks. Altius IT’s social engineering security assessment documented weaknesses in the bank's security education training and awareness programs.

verified Client Benefit

Altius IT's social engineering security assessment helped the bank formalized its security education and awareness training program and supplemented it with frequent reminders to employees, temporary staff, and contractors. Customer satisfaction was increased as a result of the increase in security awareness.

Case Studies

IT Audits, IT Security Audits, and Network Security Audits

A mid-size telephone company with many entities was concerned about network security risks.

user Client Situation

A mid-size telephone company with many entities was concerned about network security. Management wanted an internal and external network security audit of each entity.

solution Altius IT Solution

Altius IT provided a 50 point, 360 degree view of risks. Our services included an evaluation of:

  • Risk assessment, risk analysis, and risk treatment
  • Policies, procedures, plans, and related documents
  • Use of service providers
  • Security of servers, firewalls, and network infrastructure
  • Protection against malicious software (viruses, spyware, etc.)
  • Security mechanisms and practices
  • Controls over removable media and USB devices
  • Incident response and business continuity

Altius IT's analysis included a comparison of the organization with security best practices to identify gaps. Altius IT provided a report of findings as well as recommendations, costs, and a prioritized risk response executive summary Action Plan.

verified Client Benefit

Altius IT’s network security audit documented several areas that placed the organization at risk to both internal and external threats. The prioritized Action Plan helped the telephone company increase security and protect its information assets

A large county needed assurance that its sensitive information was protected against hackers and other threats.

user Client Situation

A county needed assurance that its sensitive information was protected against hackers and other Internet threats. County management was concerned about compliance related issues and wanted assurance its systems were protected against external threats.

solution Altius IT Solution

Altius IT provided an External Network Security Audit. Our services included a variety of hacker type tools and techniques that identified and evaluated the county’s external risks:

  • Firewall – reviewed and analyzed configuration
  • External penetration – evaluated vulnerabilities
  • Social engineering – determined employee risks
  • Phishing – used fake e-mails and USB devices
  • False web sites – determined risks
  • Policies – evaluated security related policies

Altius IT compared the county with industry benchmarks and determined the type of security infrastructure in place. We tailored our attacks to take advantage of gaps.

Altius IT’s provided an External Network Security Audit Report, a Risk Assessment Report, and a prioritized Action Plan Report of security related recommendations.

verified Client Benefit

Altius IT’s external network security audit documented several areas that placed the organization at risk to external threats. The prioritized Action Plan helped the organization increase security while increasing protection of its information assets.

A software developer was notified it's application was not secure. A client of the software developer requested a web application security audit.

user Client Situation

A software developer provided on-line marketing solutions including web design, content management, and e-commerce solutions. The software developer was notified by a third party that it’s software was not secure. When negative publicity appeared in the media, clients and prospects became concerned and revenue declined. The software developer’s President wanted assurance that its code, with interfaces to internal database systems, was secure and protected from threats.

solution Altius IT Solution

Emulating the approach used by hackers, Altius IT used a variety of manual and automated tools to perform a controlled real-life attack on the organization's web application and web server for vulnerabilities. Altius IT evaluated the application for over 35,000 types of risks including SQL injection, cross site scripting, buffer overflow, authentication, encryption, JavaScript, and many others. Altius IT provided a Web Application Security Audit Report with our findings, an analysis of vulnerabilities, and solutions to enhance security.

verified Client Benefit

Altius IT’s web application security audit identified several areas that placed the organization at risk to hackers and other external threats. With Altius IT’s report, the organization eliminated software bugs and enhanced security by implementing changes to their code and procedures. As a Certified Information Systems Auditor, Altius IT provided a follow-up web application security audit and verified that the security issues identified in the first audit had been addressed. Altius IT provided the software developer with our Auditor Opinion Letter that the client distributed to their prospects and clients. The organization’s enhanced image and reputation helped it increase revenue both by retaining current customers and by converting new prospects into clients.

A large regional hospital needed assurance that health information was protected against unauthorized access. Meet HIPAA and HITECH compliance requirements.

user Client Situation

A large regional hospital needed assurance that health information was protected against unauthorized access. The hospital needed to meet HIPAA and HITECH compliance requirements.

solution Altius IT Solution

Altius IT provided a HIPAA / HITECH Compliance and Security Audit. Altius IT evaluated the hospital's security controls including:

  • Administrative Safeguards - policies, procedures, plans, forms, security training, incident response, business continuity
  • Physical Safeguards - controls over access to data centers, cameras, EPHI
  • Technical Safeguards - firewalls, server configurations, network segmentation, anti-malware, logging, backups
  • Phishing – used fake e-mails and USB devices

Altius IT’s reports documented several areas that placed the organization at risk to compliance and network related threats. Altius IT's Action Plan Report provided a prioritized risk response plan for the hospital with ways to enhance security, ensure protection of its information assets, and meet compliance requirements.

verified Client Benefit

Altius IT's compliance audit enhanced the hospital's security controls. Management has assurance that systems and data are secure. EPHI is protected from unauthorized access and alteration.

A mid-size medical product manufacturer was concerned about the security of a new device. A risk assessment was needed to address concerns about patient confidentiality and the integrity of the product.

user Client Situation

A mid-size medical product manufacturer was concerned about the security of a new device. The organization was concerned about patient confidentiality and the integrity of the product.

solution Altius IT Solution

Altius IT's Risk Assessment inventoried relevant assets and organized the assets into asset categories. We identified specific threats and threat categories and documented vulnerabilities that existed as a result of the threats. Our Risk Analysis evaluated risks and the likelihood of various threat exploits. We identified security gaps that could be exploited by insider and outsider attacks. Altius IT’s Risk Treatment Plan analyzed and documented risk reduction and risk treatment safeguards and controls for each vulnerability. Altius IT's Risk Task List identified preventive, detective, and corrective controls that eliminated or reduced risks to acceptable levels. Residual risks, risks that existed after controls were implemented, were identified, and prioritized so they could be monitored.

verified Client Benefit

Altius IT’s risk assessment documented several product related threats that placed the organization at risk to both internal and external threats. The medical device manufacturer achieved the following benefits:

  • Security – security assurance knowing that the product had effective security safeguards and controls.
  • Continuity – ability to continue functioning even if the product had been compromised.
  • Alerts – remote notifications to appropriate personnel so they could take appropriate actions if the product was compromised.
  • Redundancy – ability of the product to continue operating in the event of normal failures.
  • Sociability – ability of the product to not interfere with existing systems and devices.

A marketing company needed assurance that a newly developed mobile application was secure. A mobile application security audit was needed to address concerns about the security of the software application.

user Client Situation

A marketing company developed a mobile software application for a large international client. Management at the marketing company was concerned about the security of the mobile application.

solution Altius IT Solution

Altius IT provided a "hand on" security audit of the mobile application. We evaluated security risks related to:

  • User use of the device
  • Mobile software coding issues
  • Interfaces to servers and databases
  • Configurations of servers, firewalls, and network segmentation
  • Authentication issues
  • Backups and recovery

Altius IT's Mobile Application Security Audit Report documented security risks and provided recommendations to enhance security.

verified Client Benefit

Altius IT's mobile application security audit documented recommended changes to enhance security of the mobile application and server environment. The marketing company and the large international client had the peace of mind knowing that the mobile application kept information secure from intruders.

A mid-size bank was worried about social engineering attacks on its staff. Management was concerned about maintaining customer confidence and meeting compliance requirements.

user Client Situation

A mid-size bank was worried about social engineering attacks on its staff. Management was concerned about maintaining customer confidence and meeting compliance requirements.

solution Altius IT Solution

Altius IT provided a social engineering security assessment. Emulating the approach used by hackers, we manually perform a controlled real-life attack on the bank's staff and measured their response and actions to fake e-mail messages and false web sites. We benchmarked the bank against industry averages and provided the bank with ten recommendations to reduce their risks to social engineering attacks. Altius IT’s social engineering security assessment documented weaknesses in the bank's security education training and awareness programs.

verified Client Benefit

Altius IT's social engineering security assessment helped the bank formalized its security education and awareness training program and supplemented it with frequent reminders to employees, temporary staff, and contractors. Customer satisfaction was increased as a result of the increase in security awareness.

verified If You Want a "Security Audit"
You Need a Certified Auditor.
Certified Information Systems Auditors

Unlike a security consultant, Altius IT is certified as a Certified Information Systems Auditor to perform a security audit of your environment and issue reports and recommendations to secure your systems. After your audit, Altius IT's Auditor Opinion Letter and Secure Seal let your clients and prospects know you meet security best practice/compliance requirements.

See our In the News page for video clips of our experts on national television as well as over 40 publications featuring Altius IT. In addition to our auditor certifications we hold many security, technical, and project management credentials. More information is available on our About Us page.

Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

  • Fortify your information systems, applications, and network infrastructure
  • Comply with regulatory requirements
  • Protect your valuable assets