Audit and GAP analysis

Security Lab Company (Security Lab LLC) provides information security and cybersecurity services in the Republic of Belarus in accordance with the national legislation, as well as taking into account and using the best international standards and practices in this field.

A qualified Security Lab team will conduct an audit of compliance with cybersecurity requirements for your infrastructure and information systems, as well as an analysis of cybersecurity and information security risks. Our methodology is based on world best practices, such as the NIST Cybersecurity Framework, OWASP, ISO / IEC 27001-2013 and others, and is adapted to your operating environment as much as possible. In addition, we conduct an audit of the compliance of your information systems and their information protection systems with a view to their compliance with national legislation. In addition, we can carry out work on the design and creation of information protection systems with their subsequent certification (for this type of activity, the company has a corresponding license from the Operational and Analytical Center under the President of the Republic of Belarus).

How can we help you:

1. Determine the actual level of compliance with standards (OWASP, SWIFT, ISO / IEC 27001-2013, PCI DSS) and, if necessary, readiness for an external audit and / or certification, indicating bottlenecks and improvement paths, as well as ways to improve existing cybersecurity mechanisms.

2. Conduct an external independent audit (comparative analysis) of the cybersecurity status of your organization or individual information systems or networks.

3. Conduct an external independent audit (comparative analysis) of cybersecurity or information security in accordance with the requirements of regulators or contractors (customers).

4. Provide expert advice on self-assessment in the field of cybersecurity or information security.

5. Provide expert advice on the implementation and use of controls or cybersecurity controls.

6. Determine the real level of compliance with the national legislation and readiness to pass certification of the information protection system, indicating nonconformities and ways to address them.

7. To help with the choice of information protection measures (legal, organizational, technical) and information protection tools that must be used to fulfill the relevant requirements.

8. Design an information security system in accordance with National law, in harmony with other requirements of the Customer (for example, SWIFT, ISO / IEC 27001-2013 and other standards and requirements).

9. Introduce and introduce into everyday operation information security measures and information security tools to create an information security system.

10. To certify the designed and created information security system.