
Homepage " Cyber Security " Audit (review) of cryptographic devices (HSM/PKI) [HSM/PKI Healthcheck].
Audit of the configuration of cryptographic devices (HSM/PKI Healthcheck)
Reviewing cryptographic devices, such as HSM and PKI, requires a specialized approach that differs from standard audits of servers or network devices. The difference is due to the key role these devices play in maintaining an organization's security and their specific features. The HSM (Hardware Security Module) operates at the hardware level and uses advanced cryptographic technologies to generate, store and manage digital cryptographic keys.
It is, in the simplest terms, a key repository for data and credentials (mainly cryptographic keys) critical to any organization. The average HSM stores and protects the so-called Crown Jewels - that is, encryption keys and various credentials of critical importance. Their loss, or loss of access or access to unauthorized persons, can be critical to a company's security and existence.
Why is an HSM audit necessary?
Is the original configuration still compliant?
Verification of access to critical data and permissions, even in the event of failure of the device storing access keys
Certainty of secure configuration and if reconfiguration is needed
What areas does the ISCG's HSM/PKI audit address?
- The original assumptions that drove the investment in HSM
- Verification of the original project assumptions - including in the context of the goal. Were the goal and required functionalities successfully realized? If not, what was the reason for this?
- Whether the access conditions meet the organization's security requirements and policies, current standards and the requirements of regulatory and control authorities
- Does the project foresee long service life and technological and legal changes
- Will the HSM currently in operation meet technological and regulatory requirements in the years to come? Will it be configurable and integrate with other devices in the IT infrastructure?
- Do policies provide clear procedures for employee turnover, transfer of duties and credentials?
- Is there a policy for taking and storing backups? Does the organization have procedures for testing restoration from backups?
- Are there separate policies in the organization for the event of an emergency?
What is the effect of the service?
- Support and development of Microsoft and Nintex based applications
- Application design and development including digital processes
- Invoice management
- Requisition management
- Contract management
- Modern Intranet
ISCG Ltd.
Al. Jerozolimskie 178, 02-486 Warsaw
NIP: 5262798378
KRS: 0000220621
Phone