Protection of Information assets of the organization from unauthorized disclosure, modification and destruction is recognized by organizations as one of the cornerstones in providing secure and continual services.
Sone services to mitigate information security risk focuses on assessment and treatment of information security risks in accordance with industry best practices and international standards.
IT Risk Management Service Offerings
IS Policies, Procedures and Standards
These include design development and review of organizational information security policy framework, procedures and minimum baseline standards.
This service focuses on assessment and treatment of information security risks in accordance with industry best practices such as ISO 277005, ISO31000 and OCTAVES. It includes Business impact Analysis, Threat Profiling, Vulnerability Assessment, Risk determination, Risk Treatment, Selection of controls and Residual Risk Estimation.
Risk Management Framework Development
This includes the design/redesign and development of an effective framework for treatment of information Security risks.
Network Security Assessment
It focuses on a detailed assessment of the Information and Communication Infrastructure via Penetration Testing and Vulnerability Assessment exercise.
Application Security Assessment
These include audit of business and domain specific applications including ERPs, Core Banking solutions, HRIS, FMS, Treasury, Billing and Operations, Cargo management and tracking system, etc.
GSM Security Assessment
This includes the security assessment of the mobile infrastructure which includes the BTS, BSC, MSC, HLR & VLR
Wireless Security Assessment
These include comprehensive assessment of security risks for wireless technologies including802.11, GPRS & CDMA
VOIP Security Assessment
It focuses on the security assessment of the company’s Voice over IP(VoIP) infrastructure
Security Posture Assessment
This service provides a strategic view for the organization in prioritizing security vulnerabilities.Equipped with tools to assess the key security zones within and out of enterprise,this visualized representation enables organizations to quickly priotise and act on their security weaknesses.
Application Code Review Assessment
It focuses on the review of application code from the perspective of identifying any vulnerabilities that might exist within the code.
Database Security Audit
This includes the audit of different relational database systems employed by organizations with the objective of identifying any material weakness within these systems.
Data Loss Prevention
This exercise focuses on the classifications of vital organizational data as per client recommendations for DLP applications.
• Effective policies and procedures would enable the management to guide IT operations without constant intervention, eliminates costly mistakes / misunderstandings by providing the necessary clarity and helps define boundaries within which IT users operate.
• Understand and effectively manage risks to the Information Security infrastructure thereby minimizing business impacts.
• Effective strategic alignment and information security risk management.
• A better understanding and visibility on different vulnerabilities that exist in the security infrastructure from a hacker's perspective along with methodologies to mitigate the same.
• Systematic and comprehensive security analysis of the different applications as well as the relational database which the company makes use of as per industry best practices thereby minimizing threats and vulnerabilities.
• A thorough analysis of the security posture of a company's wireless network infrastructure as per industry best practices.
• Detailed assessment of the security infrastructure which is present within the GSM network elements along with risk mitigation strategies.
• An exhaustive look at the current overall security posture of the Information Security infrastructure of the company with long term risk mitigation strategies for areas of vulnerability.
• Detailed and thorough analysis of the application code to mitigate any inherent security weakness within the programming which could be misused by hackers to gain unwanted access to system information.
• The Data Loss Prevention exercise would enable clients to get a clear view of the different types of data to be protected within the infrastructure and detail what level of protection would be required when successfully installing a DLP application.