IT Audit Service is used to review organizations IT readiness and compliance. eWalker Consultants verify and conduct IT operation, development, design and compliance reviews on the client’s network systems using COBIT standard procedures. According to the standard provided by clients, Security Design would also be assessed. Penetration Test would also be conducted using non-intrusive penetration method .

Service include:

  • IT Security Assessment
    • Perform periodic review and assessment for clients
    • Provide pre-launch IT security risk assessment services before new systems implementation
    • Assist clients in identifying current vulnerabilities, threats and prioritizes remediation activities to mitigate technical risks according to business impacts and requirements
  • IT Security Audit and IT Audit Support Services
    • Provide periodic effectiveness and efficiency review of IT systems through IT Audit
    • Perform General IT Audit and Application IT Audit to support financial audit and due diligence review
    • Conduct IT security audit review of IT systems through industry best practices (e.g. ISO 27001, COBIT, PCI-DSS, HKSAR Government S17, G3)
  • Cloud Security Assessment Services
    • Perform Cloud Risk Security Assessment for Cloud User or Cloud Service Provider according to Cloud Security Alliance Cloud Control Matrix or other tailor-made Cloud Audit program
    • Launch Cloud Application Vulnerability using system or web application testing depending the Cloud Service Model
  • Compliance Audit Review
    • Perform IT Compliance Audit to IT systems (e.g. banking application, stock trading system)
    • Conduct Compliance Review on critical IT systems (e.g. HKMA Cyber-Resilience Assessment Framework, SFC Code of Conduct review, etc)
  • Penetration Test and Simulated Attack
    • Conduct system, network and application penetration test using Black/Gray Box hacking method
    • Launch Non-intrusive penetration methods to application based on industry best practices (e.g. OSSTMM, OWASP, etc)
    • Perform Simulated Attack / Red Teaming
  • Privacy Impact Assessment Review
    • Conduct Privacy Impact Assessment Review according to the Personal Data Privacy Ordinance review
    • Perform Privacy Compliance Review based on corporate privacy policy and sensitive data requirement
  • Mobile Application Review
    • Conduct Secure Design Review of Mobile Application
    • Perform Non-intrusive pre-launch mobile penetration to mobile application based on industry best practices (e.g. OSSTMM, OWASP, etc)
    • Conduct Secure Code Review of mobile application