Nexxus IT provides security audit service to identify risks within the organizational systems. Nexxus IT’s security audit focuses on identifying existing risks in reference to security requirements (e.g. technology, regulators), and provides security strategy to maintain security level in the organisation. The security audit focuses on four key points, which are (1) rule, (2) tool, (3) implementation and (4) operation as follows:
No matter what type of solution is chosen, there has to be certain rules, only base on which, solution can be implemented. No rules, no tools. e.g.) Traffic Signal is useless without rules.
In some cases, rule can solve the problem and in some cases, not. Perhaps not in terms of efficiency. To achieve what is defined as a rule, adequate tools needs to be chosen. Tools will be made good use only when proper rule exists.e.g.) Traffic Rule cannot be realised without traffic signals or signs.
Even when rules and tools are ready, without implementation, solution becomes pointless. Tools and rules will be made good use only when proper implementation is conducted e.g. Traffic Rule and Traffic Signals, but not distributed or placed.
Tools cannot survive itself without proper operation and maintenance. Tools are tools and configurations of the tools must be reviewed in accordance with the change of the actual environment e.g. Traffic Signal needs maintenance.