Following services would be delivered primarily as a consultancy, relying on resources from client or vendors to perform project tasks & activities.
- We can conduct Risk assessment and identify IT Security Risks and their impact on Organization’s business
Organizations are not adequately prepared to respond to incidents that threaten their business’s continuity or availability of data & critical systems.
We will identify and document potential threats which could exploit vulnerabilities within applications, systems and functions.
Business Impact Analysis:
Based on qualitative and quantitative Risk Assessment (RA) we will conduct Business Impact Analysis (BIA) and identify the extent of impact to their applications that will help determine how to mitigate risks. The BIA will identify recovery objectives (Time to recover and recovery point).
- We can help an Organization to set up comprehensive strategies for Business Continuity and Disaster Recovery
We can help your organization with developing business continuity and IT disaster recovery plan, strategies and assist with implementation of ISO.
Business Continuity Plan and Strategy:
We can help design appropriate recovery strategies to reduces business continuity risks, develop recovery processes and procedures, emergency response and develop BCP Governance and develop BC Plan.
IT Disaster Recovery:
We can create specific IT Disaster Recovery plan and based on Recovery Point Objective (RPO) and Recovery Time Objective (RTO). In addition to that we can conduct DR testing, audit annual testing.
Crisis Management & Emergency Response:
We will develop work area recovery plans, governance and emergency response procedures for your organization, and will help with table top exercise, drills, and training and awareness program.
Implementation of ISO 22301
We will assist with implementation of Business Continuity Management System (BCMS) and ensure that the organization’s readiness towards ISO 22301.
- Implementation of Security Solutions and IT Tools
We can help a customer choose appropriate IT and Security solutions for managing complex IT operations. Organizations require complex solutions to manage their IT assets, their security configuration, tracking audit and compliance requirements, and managing security incidents (SIEM). These solutions require a lot of customization so that return on investment is achieved.
After understanding business and IT challenges we can conduct evaluations of vendor solutions, and design technical architectures based on operational and security requirements. Carry out POC, vendor management, assist with proposals, and installation and transition, documentation and designing and updating IT management processes and procedures.
- ITIL, IT Service Management Implementation
We can help a customer develop a unique IT operations model based on its business and IT requirements and its own unique challenges as per ITIL standards. Create service catalogue, SLA, OLA, IT Governance, various ITIL processes to deliver and support IT Services. We can document processes and procedures, do process improvement based on gap analysis.
- Security Incident, Forensic Analysis, Fraud Risk Assessment
We can help an organization with fraud risk assessment by mapping the vulnerability assessment and penetration testing results with functional review of the clients applications, systems and network and identify likely fraud scenarios. Based on logs review and forensic reports will carry out detailed investigation for a cyber security incident.
- Chief Information Security Officer Service
Small and medium sized organizations can’t afford to hire dedicated Information Security head, and usually depend on abilities of Security and System administrators. Our service will be provided on part time basis where we will ensure small/medium sized organizations have the same high standards when it comes to security policies, procedures, security management, compliance with standards and handling of incidents.
- We can help an organization achieve security compliance
Organizations in the increasingly complex environment have to comply with various regulatory and industry standards in order to protect their sensitive and propriety information.
We will compare your organization’s current level of security and identify gaps against the best practice, security audit, industry standards or regulations. Based on the gaps identified we will make recommendations and roadmap for your organization to pass the security audit.
ISO 27001: check to ensure that your organization has adequate controls related to IS Management System.
ISO 27002: detect if your organization follows the best practices and if security controls are effective and comprehensive
COBIT: help map your organization’s IT processes to ISACA best practice standards and identify gaps
ISO20000: ensure the organization’s IT processes are ITIL compliant
Regulatory compliance: HIPAA, SOX, GLBA, UK DPA, Indian IT act
Industry standards: PCI-DSS, HITECH etc.
CVC, IT Act 2000, SBI, RBI, IRDA, CCA etc
Business Continuity Standards: ISO 22301, ISO 22313
- Application Security Review
We will conduct detailed assessment of client’s critical applications and identify vulnerabilities and threats to organization. We will use industry standard methodology to conduct detailed assessment which will identify that critical and business sensitive data, and underlying infrastructure components are not exposed to malicious attacker or allow any unauthorized users to gain access and modify or delete critical information. Our team would conduct Vulnerability Assessment and Penetration Testing (VA/PT) along with functionality testing and business logic review methodologies.
- Performance Review and Tuning
We will conduct detailed assessment of your system and network’s performance issues and identify strategies and solutions that would reduce bottlenecks and help you realize your best value out of your current investment. Your computing and network infrastructure often is designed to support a lot of unnecessary services and protocols. At times due to incorrect configuration or due to virus or malware attacks or attacker may be running unwanted denial type of services against your infrastructure. We will help identify and eradicate these causes in your networks & systems and protect your IT investments.
- Security Configuration Assessment and Security Hardening
We will review the configuration of your network topology, networking equipments, your servers and computing infrastructures, the operating systems, middleware, databases and applications. Based on the configuration review will document gaps, incorrect configurations, vulnerabilities, and potential issues and document recommendations. Ensuring that systems are configured properly is critical to compliance and security point of view. We would recommend, and assist with automated solution for configuration mgt.
- System and Security Automation
We will assist customer with developing custom scripts to automate and configure various system and security configurations. Our expertise include scripting in languages such as Perl, Expect, and UNIX Shell. Many enterprise applications that do not work out of the box and these require custom scripts ex. SIEM solution are only as effective as a good script.
- Datacenter Services: Install, Move, Change, Audit
We will assist customer with Migration, Relocation, DC Audit of Power, Cooling, Physical Security, Access Control etc. We will assist in architecture, plan and design of datacenter, physical implementation, infrastructure installation, consolidation, virtualization, backup and archival management, migrations and moves of datacenter and its components and auditing datacenter.
- Solution Architecture
We will assist you in identifying, planning, and configuring IT solutions. We will plan, benchmark, analyze and recommend best of the breed IT solutions for your needs. We will understand your business objectives and map to the industry best practices, and develop strategies that will ensure higher returns on your IT investment.
Design of Storage/ Server and Network architecture, 3 tier web architecture. We will develop detailed plans, flowchart, Visio diagrams of your network, storage and server infrastructures with application, midddleware and database components. We will create processes and procedures, and governance to manage your IT solution and assist with evaluation, testing and POC
Section 2: Security Services that require extensive set up (People, Tools & Facilities)
Following services would require qualified resources, tools, dedicated office/ monitoring center and IT resources such as servers, desktops, networks and leased lines etc.
- Vulnerability Assessment & Penetration Testing
We will conduct vulnerability assessment and penetration testing either externally or both internally and externally to identify vulnerabilities in your application and systems from an attacker’s perspective. This helps you to review the strengths and weakness of your systems. We can simulate attacks on your network and server infrastructure and your business critical applications in order to test your systems security against external attacks.
- Security Operations Center
We will provide companies with managing security operations 24×7. Using localized support personnel managing security operations onsite at client data center we will monitor clients application and network infrastructure for uptime, availability, security incidents and compliance events and identification of threats and attacks round the clock.
Security Incident Management:
In case of any incident we will help client with expert level analysis and identification of the threat/attack and help block the source of attack and prevent any further damage to client.
Building Security Operations Center:
We will assist customer in building the security and network operations center. We will set up monitoring solutions, servers for collecting centralized logs, its required physical, network and server infrastructure etc.