Conducting a Security Audit for a Global Investment Company
A large sovereign wealth fund. It was established in 1974, and it manages a diverse portfolio of investments in finance, real estate, transportation, and technology. With a portfolio worth over S$306 billion as of 2021, the client is one of the largest investment companies in the world. Its mission is to generate sustainable long-term returns for its shareholders, including the government of Singapore, while also making a positive impact on society.
Due to limited manpower and technical expertise, the client requested Pragma to support its internal team in conducting audits for various IT functional and technology areas, including collaboration platform and email solutions, network systems, corporate websites, endpoints, and mobile devices.
Pragma worked with their team to review these systems on three different schedules within one year. Pragma performed an IT audit for the collaboration platform, email solutions, network systems, corporate websites, endpoints, and mobile devices. We comprehensively evaluated these systems and technologies to assess their effectiveness, efficiency, and security.
- For collaboration platforms and email solutions, the audit would evaluate the features and functionality offered, such as file sharing, collaboration tools, email storage and archiving, and email security.
- For network systems, the audit would examine the infrastructure, topology, security measures, and performance of the network to ensure that it operates effectively and securely.
- For corporate websites, the audit would assess the design, functionality, and security of the website to ensure that it is accessible and secure for users.
- For endpoints, the audit would evaluate the security of computers, laptops, and other devices used by employees to access company data and ensure that they are properly secured and updated.
- For mobile devices, the audit would focus on evaluating the security of the devices, including implementing mobile device management (MDM) solutions and using mobile security software.
Pragma made inquiries with IT management and staff to determine their current security management processes, policies, and procedures and identified issues that needed to be addressed. The objective of the IT audit is to identify potential risks and vulnerabilities in these systems and technologies and provide recommendations to improve their security, efficiency, and overall performance.
Pragma's team performed a thorough audit of the client's IT controls and provided a detailed report with recommendations around specific areas of concern. Pragma provided the client with insights into how they could bridge gaps in controls and improve existing processes. This led to repeat audit engagements.