NIS2 Audit Preparation – Vulnerability Assessment at Growww Digital – In Partnership with Gill & Murry

IT security is no longer a luxury – it’s a fundamental requirement. More and more companies are proactively preparing to manage information security risks, with in-depth vulnerability assessments and NIS2-related activities (such as aligning with NIS2 directives and preparing for the NIS2 audit) playing a key role in this process. In a recent joint project, Athalie Consulting and Gill & Murry partnered to carry out such an initiative for Growww Digital.

About Growww Digital

Growww Digital is a rapidly growing digital agency with an international client base, playing a key role in the online marketing sector in the CEE region. Due to their innovative approach and openness to technology, IT security is a strategic priority for them. The company already holds a certified ISO/IEC 27001 Information Security Management System.

Purpose of the NIS2 Vulnerability Assessment

The primary goal of our engagement was to support Growww Digital in preparing for the NIS2 audit and to ensure compliance with the ISO 27001 standard – with particular focus on Annex A, Section 8.8, which mandates secure configuration of assets and regular vulnerability assessments.

Vulnerability Assessment Methodology and Tools

During the project, we assessed the IT environment on multiple levels:

• Linux Servers: Using a whitebox approach with administrator privileges, we performed a deep, comprehensive analysis of the entire system.

• Source Code: We conducted static code analysis, particularly for custom-developed software, to identify potential security flaws (e.g., input validation issues, encryption weaknesses).

• Windows Clients: Through a combination of automated and manual testing, we identified vulnerabilities and assessed configuration compliance based on CIS Benchmarks.

Findings and Next Steps

The assessment revealed several issues for which we proposed corrective measures. These recommendations will be incorporated into Growww Digital’s ISO 27001 readiness plan, contributing to the successful maintenance of their certification.

This collaboration once again highlighted the importance of a structured, standards-based security approach – especially for fast-growing, data-driven digital companies.

Preparing for an ISO 27001 or NIS2 Audit?

Let us handle the preliminary security assessments!
Our experienced team will help uncover hidden vulnerabilities and ensure your systems meet all standard requirements.
📩 Get in touch with us today – let’s make your company’s future safer together!