VŠPJ - Audit of IT security and cost optimization
Who is a client
College of Polytechnics Jihlava(VŠPJ) was founded in 2004 as the first Czech public college of non-university education. It is the only public high school in the Vysočina Region. VŠPJ is also a solid part of the tertiary education system.
The objective of the comprehensive security audit was to independently assess the level of security of the VŠPJ IT resources, to propose measures to reduce security risks and to set up an organization's security policy in the IT area. The client expected a comparison with standards, industry standards, and finally, the impetus to optimize costs and investments.
"I am pleased to have worked with Blue Partners to discuss IT issues with both school and IT management so that all parties understand what the audit is and how it will be."
Ing. Michal Šulc, Ph.D., bursar VŠPJ
How the audit took place
- At the initial interview, we informed the client about the course of the audit, the timing and the time requirements for the participating school staff.
- The client supplied the requested documentation samples.
- Several controlled interviews were conducted to verify the actual status.
- We processed and submitted draft audit reports.
- Based on the discussion, the report was modified and supplemented.
- We presented the final version of the audit report.
- The reports were broken down according to the required structure:
- The overall security policy setting for an IT organization,
- Human security in IT,
- Physical security in IT and asset management IT,
- Computer and network security management,
- Ensuring continuity of operation,
- System development and maintenance,
- Penetrating testing of the internal and external parts of the network.
- A security test of the information system (a fake e-mail referring to a forged logging page to steal a password) took place with a satisfactory result.
- The audit was conducted for two months (the duration of the holiday affected)
Claims on client
- Interview time (units per hour for each of the interviewees).
- Time to collect required documentation (hourly units).
- Time of technicians and specialists to provide access to the VŠPJ network (man hourly units).
Key Benefits through the Client's Eyes
- IT security risks have been identified and priority solutions identified.
- It has been found that standardized measures tend to be more efficient and cheaper.
- The quality of the documentation has been evaluated, a discussion has been held over her sense and strategy.
- Validated deployment of external suppliers as a flexible solution to overloading capacities.
IT auditing is a service especially suited to larger state and public organizations. For entities covered by the Cyber Security Act, regular audits are mandatory.
Auditing requires a number of parameters that are not mandatory, necessary and often not effective for commercial entities. We therefore offer SMEs a more flexible IT review focused on their practical problems and opportunities.