Академический Документы
Профессиональный Документы
Культура Документы
The companies deal with lot of proprietary and customer sensitive data, it is
important from the data security and compliance point of view that the data
must be handled with utmost care. The assessment service is mainly aimed at
the reviewing the basic security controls and other arrangements already in
place to prevent data theft and/or attack from an external intruder into the data
and service critical systems. We understand that building security controls or
enhancing the existing security infrastructure can be a tricky process and will
require you to justify the investment on the security and the return on
investment on security. Thus, keeping in mind the need of the hour we have
divided our basic security assessment module into 3 stages. This not only will
give you a comfort level to work with us but also gives you confidence in our
methodology (inspired by industry wide accepted best practices) for carrying out
the security assessment in your
organization.
The assessment service has been designed especially covering all the major
domains of security at the centres dealing in outsourced activities involving data
and voice. However, there is more than that to what PANSYS has to offer to
increase the security of the operations and the environment in which the
business is operating. These can be discussed as per the requirement basis. At
the end of this assessment activity, relevant control measures and security
solutions are suggested to enhance the security of the existing infrastructure.
The scope of the assignment has been divided into three stages for carrying out
the
security assessment for the organizations Information Assets.
The activities carried out during this phase will determine Information Security
requirements and the threats associated with Information assets of the
organization.
2. Infrastructure Review:
V. Internet
Review security for access and usage of the Internet
VI. Backup
Review backup procedures,
Review of desktop
Review of desktops: Basic hygiene (including password
setting, OS version/patches, HD sharing , virus protection
etc)
Controls for local storage of data
Protection measures against use of unauthorized software
This stage will involve review the existing network design of your organization
from the
optimal security point of view. Based on the infrastructure review carried out in
the
previous stage and requirements understood for a secure network design in this
phase, the
security products/solutions and/or any necessary physical re-arrangements in the
design
of the network will also be recommended.
scan.
2. Perform Vulnerability Scanning for any internet and intranet application
using
state-of-the-art scripts and TOOLS with plugins enabled to discover the latest
known & potential Vulnerabilities as on the day of scan.
Deliverables
1. Infrastructure security assessment report detailing the status of reviewed
parameters of 8 domains.
2. Secure Network Design document.
3. Evaluation report of best security solutions accompanied with
recommendations for deploying appropriate solutions.
4. Highlighting Vulnerability in the Assessment report.
5. Recommendations to fix Vulnerabilities & put controls in place.
Time Frame
Varies from 6 working days to 25 working days depending upon the scale of
setup.
ISO:27001 Compliance
In other words, the complete deployment of an ISMS (of which the above
mention points
are an integral part) against IEC/ISO:27001 audit scenarios can be managed
by our firm.
For external audit for the purpose of certificate our consultants have the
competence and
experience to carry out compliance audits at large scales. To understand the
depth and
breadth of Security Controls and Security Policy that are developed and
reviewed during
the compliance preparation, kindly get in touch with us.
Time Frame
For a setup of a network with 125 workstations and 8 servers it takes around
intensive 3
months to get an organization ready for the ISO:27001 audit.
Other Services
Depending on the need of the business we also provide the following services:
Risk Assessment and Recommendations
Penetration Testing
Compliance Review and Audits for ISO: 27001, SOX, HIPAA, GBLA etc.
Policy Development
e-Security Awareness and Training
Risk Management
Computer Forensics
IT Disaster/Contingency Plan Development and Evaluation
Threat and Vulnerability Assessment
Procedures Development Review
Configuration Management/Change
Control Process Development and Assessment
Wireless Security
VoIP Security
Asset (Software and Hardware) Management
Security Product Evaluation and Vendor management