Академический Документы
Профессиональный Документы
Культура Документы
The List of IT Security Auditing Orgnisations, as given below, is up-to-date valid list of CE
Empanelled Information Security Auditing Orgnisations. This list is updated by us as soon as there is
43. Madhya Pradesh Agency for Promotion of Information Technology(A Regt. Society of Department of S
State IT Center, 47-A Arera Hills, Bhopal 462021 (M.P.)Contact person : Mr. Vinay Pandey Mobile:
62. M/s Robert Bosch Engineering and Business Solutions Private Limited
Electronic City Phase 1, Bangalore - 560100
Contact Person: Rency Abrahan, Sr. Program Manager- Cyber Security Center Email -
Rency.Abraham[at]in.bosch.com
Telephone - +91(80)679-91235
63. M/s Sumeru Software Solutions Pvt Ltd
1st Floor, SAMVIT”,.Near Art of Living International Center Next to Udayapura Bus Stop,Behind S
i, Andheri (East),Mumbai – 400072.Website URL : http://www.aaatechnologies.co.in Ph : 022-28573815Fax: 022-40152501Contact Person : Mr. Anjay
53902
rvices.co.in Ph: 0120-4545911, 0120-2542253Fax : 0120-4243669Contact Person : Mr. Ashish Kumar Saxena, Managing Director Mobile : +91 7290058
nataka- 560078. Website URL : http://www.aujas.com/ Ph : 080-26087878Fax: 080-26087816Contact Person : Mr. Jaykishan Nirmal, Vice President Mo
rk), Off Bandra Kurla Complex, LBS Marg,
300
in
58027
253902
skinfosec.com
080-28383120 Fax:080-28380100
ail : itsecurityauditteam [at]bel.co.in
ka – 560100
berqindia.com Ph : 011-41077560Fax : 011-41077561Contact Person : Mr. Debopriyo Kar, Head-Information Security Mobile: +91 9810033205 / 99688
, (MAH) India.Contact Person: Mr. Sachin Singhai, Email: sachin[at]codedecodelabs.com Website: www.codedecodelabs.comMobile: +91 9545852578 /
homas[at]crossbowlabs.com
.in
rship*
Worli, Mumbai - 400018
hennai- 600113, Tamil NaduWebsite URL: www.ey.com/india Ph : +91 124 6121380Contact Person: Mr. Vidur Gupta, Director – Advisory Services Mo
unj, Udyog Vihar, Phase - V, Gurgaon -122016 (Opp. Cyber Hub)Tel: +91 124 4264666, +91 9871699555Contact Person: Mr. Kunal Bajaj, Chief Busin
0058
infotech.biz
560102
il.com
9820208515
46
Gujarat, India
riumsolution.com
NAGAR-KORAMANGALA, INTERMEDIATE RING
ya Daas Ph :+91-9902484206
0028.
8 / 9869402694
te URL: www.kpmg.comPh : 0124-3074134Fax: 0124-2549101Contact Person: Mr. Atul Gupta, Director Mobile : +91 09810081050E-mail : atulgupta[a
Delhi - 110020Contact person:Mr. Srivathsan Sridharan, Vice President- Sales Mobile: 9599057764Email: sri.s[at] lucideustech.com
1. Phone: +91-40-45004600
6599600
New Delhi-110017
: +91 9769693764
Mr. Vinay Pandey Mobile:+91-0755-2518710Email: security [dot] audit [at] mapit [dot] gov [dot] in Website: http://www.mapit.gov.in
lobal.com
ali, Andheri (East) Mumbai 400 072Website URL: www.netmagicsolutions.com Ph : 022-40099099 Fax: 022-40099101Contact Person: Mr. Yadavendra
heri East, Mumbai- 400069 Website URL: www.niiconsulting.com/Ph : 1800 2700 374 (Toll Free)Fax: 022-40052628Contact Person: Mr. K K Mookhey
tp://www.net-square.com Contact Person :1. Ms. Prerna Nikam Mobile : +91 79778 90081E-mail : prerna[at]net-squa re.com , Info[at]net-square.com2. M
ite URL: www.paladion.netPh : 080-42543444Fax: 080- 41208929Contact Person: Mr. Amit Tewari, Sales Manager Mobile: +91 09910301180E-mail : a
Website URL: www.pwc.com/in/en Ph : 0124-4620000Fax: 0124-4620620Contact Person: Mr. Rahul Aggarwal,Director Mobile : +91 09811299662E-m
075
r.com
est, 400615
+91 9004947776
New Delhi - 110019. Contact Person: Ankush Batra (Director)Email: cert[at]reconglobal.in / accounts[at]reconglobal.in Mob: 9205019013Web: www.re
e Limited
yapura Bus Stop,Behind Sri Anjeneya Temple / Anganawadi School, 21st KM Kanakapura Main Raod,Udayapura, Bangalore – 560082Website URL: htt
e URL: www.sysman.inPh : 022-24073814Contact Person: Dr. Rakesh M Goyal, Managing Director Mobile: 91-99672-48000 / 99672-47000E-mail : rake
infosec[at]sumasoft.net
rial Estate,
a 400013
e.com
- 600113
0710849
Mobile: 9560211616
:umap[at]secureyes.net
201301 Uttar PradeshPh: +91-120-4270305, +91-120-4216622Fax: 012-04235064Contact Person :Mr. Salil Kapoor Mobile : + 91 92 666 666 91E-mail :
0055
]tacsecurity.co.in
av Pulekar
ctor V, Salt Lake Electronics Complex, Kolkata – 700 091Contact Person: Mr. Joydeep Bhattacharya, Chief Operating Officer Email: joydeep.bhattachary
a Ph : +91 20 66018100
400104
a,Pune-Nagar Highway,Opp. Jain College, Wagholi, Pune-412207, Maharashtra, India. Ph: 2040222891Fax: 2040222891Contact Person : Shrushti Sarod
20223497
18600990
n, BTM 2nd Stage, Bangalore, Karnataka, INDIA 560076Ph : +91 80 50271700/01Contact Person : Reena Ramachandran, Director E-mail :info@wings2i
011-45510033
560016
ail: harhit[at]appknox.com
9987244769
rganization :
d,
ow, Chennai, Pune
: 2000
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes India Guidelines (Y/N)
: Yes
: Yes
: Yes
: Yes
: Yes
300+
100+
25+
425+
150+
300+
25+
50+
5+
30+
20+
5+
40+
80+
dits in Government and Critical sector
1) Anjay Agarwal 19 25 ISMS LA, CISA, ISA, CEH,
ECSA, LPT,
COBIT Certified Assessor
17) 3 5 ISMS LA
Mohit Sharma
19) 2 5 CEH
Priyanka Awari
20) 2 5 CEH
SuyogGhag
Consultancy for Implementing ISO 27001 for 17 Data Centers across India including V
and Penetration Testing for Rs. 54.57 Lakhs
9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):
Commercial
i. Acunetix
ii. Core Impact
iii. Nessus Pro
iv. Nipper
v. Burp Suite
vi. Idea
Freeware
i. Nmap
ii. DOMTOOLS - DNS-interrogation tools
iii. Nikto - This tool scans for web-application vulnerabilities
iv. Firewalk - Traceroute-like ACL & network inspection/mapping
v. Hping – TCP ping utilitiy
vi. Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files, et
interception of network traffic normally unavailable to an attacker
vii. HTTrack - Website Copier
viii. Tools from FoundStone - Variety of free security-tools
ix. SQL Tools - MS SQL related tools
x. John - John The Ripper, Password-cracking utility
xi. Paros - Web proxy for web application testing
xii. Wikto - Web server vulnerability assessment tool
xiii. Back Track
xiv. Meta Sploit
xv. Ethereal - GUI for packet sniffing. Can analysetcpdump-compatible logs
xvi. NetCat - Swiss Army-knife, very useful
xvii. Hping2 - TCP/IP packet analyzer/assembler, packet forgery, useful for ACL inspecti
xviii. Brutus – password cracking for web applications, telnet, etc.
xix. WebSleuth - web-app auditing tool
xx. HTTPrint – detect web server and version
xxi. OpenVas
xxii. W3af
xxiii. Owasp Mantra
xxiv. Wire Shark
xxv. Ettercap
xxvi. Social Engineering Tool Kit
xxvii. Exploit database
xxviii. Aircrack-Ng
xxix. Hydra
xxx. Directory Buster
xxxi. SQL Map
xxxii. SSL Strip
xxxiii. Hamster
xxxiv. Grimwepa
xxxv. CAIN & Able
xxxvi. Rips
Proprietary
i. AAA - Used for Finger Printing and identifying open ports, services and misconfig
ii. Own developed scripts for Operating System
iii. Own developed scripts for Database Audit
e/proprietary):
words, e-mail, files, etc.). facilitate the
atible logs
Experts : No
etc.))
ls : No
zation? : No If yes, give details
: No
2019>
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s AUDITime Information Systems (India) Limited
1. Name & location of the empanelled Information Security Auditing Organization :
AUDITime Information Systems (India) Limited Registered Address:
A-504, Kailash Esplanade, LBS Marg, Ghatkopar (W) Mumbai 400 086
Tel: 022 40508210
Fax: 022 40508230
Govt. : 6
PSU : 2
Private : 33
Total Nos. of Information Security Audits done : 41
Organization :
dress:
400 086
strial Complex,
9) Tel.: (022) 40508200
12 Years
Yes
Yes
Yes
Yes
Yes
Yes
6
2
33
41
Application Audit 2
Billing Audit 1
Total 41
6. Technical manpower deployed for information security audits : Refer Annexure ITotal Nos. of Technica
Bac
xure ITotal Nos. of Technical Personnel: 18 Nos.7. Details of technical manpower deployed for information security audits in Governm
00/
0/
00/-
10/-
0/-
0/-
0/-
00/-
Experts : No
Back
ANNEXURE –
S. No. Employee Name Designation
CISA
CISA, LA27001
CA, CISA
CISA
CEH
JNCIA-SEC, CCNA, MCSA
CEH,CCNA
Back
ANNEXURE – II
Details of technical manpower deployed for information security audits in Government and Critical sector organizations
MCA
Post Graduate Diploma in Computer Applications
(PGDCA)
ISO 27001 implementer and lead auditor
CEH
CISA
CISM
CISSP
ISO27001 Implementer
MCA
CISA
ITIL V3 Foundation Certification
CCSA
CCNA
CEISB
CSM
CS-MARS
CCNA
CEH
Post Graduate Diploma in
Networking & Telecommunications
Bachelor of Technology in
Electronics & Communications
GNIIT
B.Tech
CCNA
JNCIA
MCSA
B.E.,
CISA
LA 27001 Implementer
Certified Ethical Hacker
Star Web Application Security
Red Had Certified Engineer
Juniper Networks Certified Internet Specialist
Check Point Certified Security Administrator
B. Tech - IT
Back
ANNEXURE - III
Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.) Along with project value
Particulars of Projects
IS Audit of Branches
Finacle and related applications such as ATM and other payment
systems, interfaces to CBS etc.
Internet Banking
Mobile / Tele Banking
HR software (peoplesoft)
Email
Treasury - LaserTX
We covered all the key applications under IS Audit
Finacle and related applications such as ATM and other payment
systems, interfaces to CBS etc.
Internet Banking
Mobile / Tele Banking
HR software (peoplesoft)
Email
Treasury - LaserTX
Scope includes
1. IS Audit of Application Controls - Evaluating the adequacy
and effectiveness of controls in a particular application
2. IT Environment Review - Evaluation of controls
addressing the general risks associated with the operation of
information technology viz. change control, disaster recovery,
physical upkeep of the surroundings such as cleanliness,
physical access to the computers, fire-fighting readiness, etc.;
3. IT Technical Review - Evaluation of the network
architecture and the vulnerability of the IS environment
to the risks such as unethical hacking, etc.
a) Information System Security Policy (ISSP)
b) Implementation of ISSP
c) Physical Access Controls
Sr. Client Name Project Title
No.
Methodologies
Review Audit Report – covering the latest status at the time of
review, of all the observations made in the Final
Audit Report.
6 Andhra Bank IS Audit of Critical Sl.
Areas in CBS No
1
8
9
10
11
12
13
14
15
16
17
18
19
Sr. Client Name Project Title Particulars of Projects
No.
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Sr. Client Name Project Title Particulars of Projects
No.
41
42
43
44
45
46
47
48
49
50
Particulars of Projects
Methodologies
Review Audit Report – covering the latest status at the time of
review, of all the observations made in the Final
Audit Report.
Audit Points
Vulnerability scanning
Working of CSA (HIDS) in the servers
Maintenance and periodical updation of network design,
security
controls etc.,
Application of patches in accordance with the defined change
management process
Interest Application
Charges Application
Advances - verification on random sample basis
Monthy and Quarterly interest calculation on advances
SCOPE
Security & Control Audit of:
1) Equipments used of capturing of Bio-metric details, capturing
of Personal data of customer and also the process of linking them,
2) Equipments capable of reading & writing the data to smart
cards duly capturing the data on Samrat card & validating with the
central server data.
3) Mobile equipments for capturing the finger prints of
customers, data from smart cards, encapsulating them,
communicating with the central data (or) validating with off-line data
on smartcard, authenticating & recording the transaction etc.
4) Mobile communication with data encryption/ decryptions as
per standards etc.
5) Servers, access control, software’s controls security t\etc. at
the Data Centre of the service provides.
6) Network, Network equipments, interface between the mobile
equipments and servers at the data centre of the service provide.
7) Accounting, reconciliation, data verifications & integrity
checks.
8) Communication with the Bank’ DC and interface etc., at the
Bank DC.
Operational control Audit like.
1. Software controls & Interfaces Controls.
2. Reconciliation Process.
3. Data Synchronization, Integrity Check etc at DC of the
Bank/Service Provider
Back
ANNEXURE-
Details of the Audit Tools Freeware
3 CrypTool
4 cURL
5 Exploits
6 Fscan
7 Elza
8 Fragrouter
9 HPing
10 ISNprober
11 ICMPush
15 Netcat
16 NMAP
17 p0f
18 Pwdump
ANNEXURE- IV
Details of the Audit Tools Freeware
Description
A tool designed for testing the security of Web Applications.
A Windows GUI brute-force tool for FTP, Telnet, POP3, SMB,
HTTP, etc.
A Cyptanlaysis Utility
Curl is a tool for transferring files with URL syntax, supporting FTP,
FTPS, HTTP, HTTPS, GOPHER, TELNET,
DICT, FILE and LDAP
A password cracker
NTLM/Lanman password auditing and recovery application
A free, powerful, up-to-date and easy to use remote security scanner.
This tool could be used when scanning a large range of IP addresses, or
to verify the results of manual
work.
The swiss army knife of network tools. A simple utility which reads and
writes data across network connections, using
TCP or UDP protocol
Tools that grab the hashes out of the SAM database, to use
with a brute-forcer like L0phtcrack or John
S. No. Tool Name
19 SamSpade and Dnsstuff
20 ScanDNS
21 Sing
22 SSLProxy, STunnel
23 Strobe
24 Telesweep Secure
25 THC
26 TCPdump
27 TCPtraceroute
28 UCD-Snmp - (aka
NET-Snmp)
29 Webinspect
30 Webreaper, wget
31 Whisker
34 NetTools V 5.0
35 Rainbow Password
Cracker
A freeware wardialer
A packet sniffer
Traceroute over TCP
Various tools relating to the Simple Network Management
Protocol including snmpget, snmpwalk and snmpset.
Govt :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months, category-wise
Network security audit 100+
Web-application security audit 1000+
Mobile Application Audit 100+
Wireless security audit 10+
Compliance audits (ISO 27001, ISO 20000, ISO 25000, PCI, 10+ ISO 2770
mpetence of CERT-In empanelled Information Security
2006
uired)
YES
Y/N) YES
YES
YES
YES
25000, ISO 27701, YES GDPR, PCI etc.) (Y/N)
YES
YES
YES
YES
, CVC, RBI, SBI etc.) (Y/N) YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
er Forensics, YES Audio/Video Forensics,
Months:
1100
80
300
1330
e
100+
1000+
100+
10+
5000, PCI, 10+ ISO 27701, GDPR etc.)
Payment Gateway Audit 20+
Industrial Control Systems Audit 10+
Information Systems Audit 10+
IT Risk Assessment 10+
Formulation of IT policies & Procedures 20+
Migration Audit 2+
AUA/KUA Audit 50+
Telecom Audit 03
ERP Audit 5+
Compliance audit with Government Guidelines (UIDAI 30+ IT A
National Housing Bank (NHB) etc.):
Source Code Review 10+
Load Testing 10+
Functional Testing 10+
10+
10+
10+
urity audits:
02
12
06
00
50+
75+
mation security audits in Government and Critical sector
Qualifications related to
Information security
MS (Information
Security), CASP
CEH, CISA, ISO 27001 LA
CEH
CEH
CEH
CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Carrying out Cyber Security Audit for one of the National Level Power Sector
of SCADA system, Project value is approx. 1.3 Crore
Carried out Infrastructure, Process & Security Audit of one of the competitio
online. Total Number of Nodes were approx. 2,00,000. 31 different cities with 27
value was approx. 70 Lakh
Carried out IT Security Audit, ISO 25000 for one of the International Stock E
was approx. 43 Lakhs.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Freeware Tools
Nmap, Superscan and Fport - Port Scanners
Metasploit framework, Netcat, BeEF , Cain & able, Hydra, John the ripper - Penetr
cracking
Process explorer, Sigcheck, Kproccheck - Windows Kernel & malware detection
Netstumbler, Aircrack-ng suite & Kismet – WLAN Auditing
OpenVas, W3af, Nikto - Vulnerability scanner
Wireshark – Packet Analyser
Commercial Tools
Nessus– Vulnerability Scanner
Burp Suite, Acunetix - Web application auditing
Passware: Password Cracking
Mange Engine, Solarwind – Network Performance Testing
Arbutus Analyzer - Migration Audit & Log Analysis
Social Engineering ToolKit – Internet Evidence Finder
Forensics Imaging and Analysis: FTK and Tableau, Paraben E3:DS
Data Recovery Tool: E4SeUS Recovery Wizard
CDR Analysis Tool: ASI CDR & Tower Dump Analysis Tool
Video Forensics: Kinesense LE
Mobile Forensics: MobilEdit, UFED4PC
Proprietary Tools - ISA Log Analyzer, HaltDoS Web Application Firewall (WAF), Ha
CEH
CEH
CEH
CEH
CEH
CASP
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH
CEH, ISO 27001
CCNA, CEH
CEH
CEH
CEH
CEH
CASP
CASP
CASP
CASP
CHFI
CEH
CEH
CEH
CASP
ISO 27001 LA
CEH
CEH
CASP
CASP
CASP
CEH
CASP
CEH
CEH
CEH
CEH
CASP
CASP
CASP
CASP
t for one of the National Level Power Sector Project including audit
pprox. 1.3 Crore
ss & Security Audit of one of the competition exam conducted
approx. 2,00,000. 31 different cities with 276 locations. Project
ommercial/ freeware/proprietary):
nners
Cain & able, Hydra, John the ripper - Penetration Testing & Password
auditing
erformance Testing
og Analysis
vidence Finder
nd Tableau, Paraben E3:DS
y Wizard
Dump Analysis Tool
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months, category-wise (Organization can add categories b
handled by them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
6. Technical manpower deployed for informationsecurity audits:
CISSPs :
BS7799 / ISO27001 Las :
CISAs :
DISAs / ISAs :
Any other information security qualification :
CEH – 106, OSCP - 17
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Duration with Experience in Qualifications related to
No. Name of Employee <Aujas Networks Pvt Information Information security
Ltd> Security
1 Anup V 7 months 4.3 years CEH
2 Brahma R 2.3 years 6.3 years CEH
3 Poornima 3.2 years 7.3 years Qualys VM, CEH,ISO 2013 LA
4 K Manoharan 1.4 years 4.2 years CEH, Qualys VM &Appscan, BISE,
Certified Web security Analyst
– Yes
– Yes
– Yes
– Yes
:
02
00
147
149
anization can add categories based on project
90
110
12
16
dits:
07
14
06
00
418
security audits in Government and Critical sector
lifications related to
rmation security
CEH,ISO 2013 LA
VM &Appscan, BISE,
b security Analyst
hon 3
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
One of the Major Telecom giant in India (we cannot share the client details as we have signed NDA)
Complexity : Project involved Network Security assessment, VAPT of Web application, Mobile applic
review, Physical security, Risk Assessment, API Security assessment, Policy & Procedure review, Arc
code review.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Attache
10. Outsourcing of Project to External Information Security Auditors / Experts : No
( If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : N
12. Whether organization is a subsidiary of any foreign based organization? : No
If yes, give details
13. Locations of Overseas Headquarters/Offices, if any: - Yes (Branch Office)
India Bangalore – Head Office
#595, 4th Floor, 15th Cross, 24th Main, 1st Phase, JP
Nagar, Bangalore, India 560078.
Mumbai
1010, Meadows, Sahar Plaza, JB Nagar, Andheri - East
Mumbai, India 400059.
Gurgaon
Suite 4, U&I Corporate Center Plot 47, ECHELON,
Sector 32 Gurgaon, Haryana, India 122001.
Canada Ottawa
ume, complexity, locations etc.) along with
are/proprietary): Attached
Experts : No
ract etc.))
tails : No
tion? : No
anch Office)
400−1565 CARLING AVENUE, OTTAWA, ONTARIO
CANADA K1Z 8R1.
g Organization:
59/15, 1st Floor, Guru Ravi Dass Marg, Kalkaji Extension New Delhi – 110019 PH : 011-40548205 / 40544324Email : debopriyo.kar@cyberqindia.com
: 2002
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
sment
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
52
3
81
137
: 4
: 14
: 107
: 11
: 12
1
4
4
O
5
17
audits in Government and Critical sector organizations
S. Name of Employee Duration with Experience in Qualifications related to
No. <organization> Information Security Information security
*Information as provided by M/S CYBERQ CONSULTING PVT LTD. 19th Dec 2019, New Delhi
Ba
re/proprietary):
: NO
Govt.
PSU
Private
Total Nos. of Information Security Audits done
Auditing Organization :
al Pvt. Ltd.
rate Centre, JB Nagar, Andheri East, Mumbai –
: 2005
: Y
: Y
: Y
: Y
: Y
: Y
: Y
: Y
: Y
: Y
: Y
:
: 1
: 3
: 100+
ecurity Audits done : 500+
400+
250+
3+
600+
its :
8
25
8
0
11
17
20
4
4
4
2
5
1
ASV : 5
CISM : 6
CCNA : 4
ITIL : 8
ECSA : 2
OSCP : 3
Total Nos. of Technical Personnel : 150+
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Duration with Experience in Qualifications related to Information security
No. Employee ControlCase Information
Security
1 Satyashil Rane 11+ Years 17+ Years PCI QSA, PA QSA, P2PE, CISSP, CEH, ASV,
ISO 27001 LA, 3DS Assessor
2 Ashish Kirtikar 8+ Years 10+ Years CISA, CISM, CEH, PCI QSA, ISO LA 27001,
HiTRUST CSF
3 Rajkumar 4+ Years 5+ Years MS Cyber Law and Info Sec, CISSP
Yadav
4 Shashank 7+ Years 9+ Years CISSP, CEH, ASV
Vaidya
5 Vaibhav 9+ Years 9+ Years CEH, ECSA, ASV
Mahadik
6 Chaitany 9+ Years 9+ Years CEH, ECSA, ASV
Kamble
7 Varun Kaushik 7+ Years 10+ Years CISM, PCI QSA, ISO 27001 LA, PCI PIN
Assessor
8 Akash Chavan 5+ Years 5+ Years OSCP, CEH, CHFI
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Sr.No Client Description of services ( Relevant to Project Value
Scope of Work in this RFP, give
reference number
only)
1 One of the largest Financial PCI certification, Rs. 5000000
Service Provider in India Fire wall rule set review, Configuration
scanning of IT Assets, Application Security
scanning,
Log Monitoring 24 x 7, Internal vulnerability
scan, External vulnerability scan,
Internal and external penetration testing
2 One of the largest Bank in PCI DSS Certification Application Rs. 5500000
Vietnam Penetration Test Internal vulnerability scan,
External vulnerability scan,
Internal and external penetration testing
3 One of the largest Bank in PCI DSS Certification Application Rs. 4000000
Brunei Penetration Test
5
6
4
8
2
3
150+
audits in Government and Critical sector
Rs. 6000000
es but not limited to below):
ptcat, Hping, Sqlmap, JTR, OpenVAS, SET, MSF, Aircrack suite, Dirbuster,
Govt. : 15+
PSU : 15+
Private : 90+
Total Nos. of Information Security Audits done : >120
5. Number of audits in last 12 months , category-wise (Organization can add categories b
handled by them)
Network security audit : 50+
Web-application security audit : 50+
Wireless security audit : 6+
Compliance audits (ISO 27001, PCI, etc.) : 50+
6. Technical manpower deployed for informationsecurity audits :
CISSPs : 10+
BS7799 / ISO27001 LAs : 70+
CISAs : 70+
DISAs / ISAs : 2+
Any other information security qualification :
CISM : 10+
CEH : 15+
Total Nos. of Technical Personnel : 200+
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)*
S. Name of Employee Duration with EY Experience in Qualifications related to
No. LLP Information Security Information security
Organization:
: January 2001
+
+
+
120
n can add categories based on project
+
+
+
+
Somersoft -- Security configuration, registry entries and access control lists on syste
running the Windows operating system.
Commercial
App Detective -- Vulnerability assessment and review of security configuration of My
Oracle, Sybase, IBM DB2, MS SWQL Server, Lotus Notes/Domino, Oracle Application
Server, Web Applications.
Bv-Control Suite -- Security assessment -Microsoft Windows, Active Directory, Micros
Exchange, Microsoft SQL Server, UNIX (Sun Solaris, HP-UX, AIX, Red Hat and SUSe
Linux), Internet Security, Check Point Firewall I
HP WebInspect – Web application security assessment
IPLocks VA – Database configuration and vulnerability assessment
Immunity Canvas – Vulnerability exploitation framework for penetration tests
eTrust -- Online vulnerability management framework.
Bv-Control -- Security and segregation of duty review for SAP
Proprietary
iNTerrogator -- Review of security configuration of systems running the windows
operating system.
*nix scripts -- A collection of scripts to assess the security configuration including file
level ACLs on *nix systems (SCO OpenServer, Linux, HP-Ux, AIX, Solaris, *BSD).
Spider -- Web application security assessment
FakeOra -- Security assessment of 2-tier applications that use Oracle 8i (and above) as
the RDBMS).
S-SAT -- A traveling SAP Security tool.
Permit -- ERP risk assessment and control solution tool.
Assessor -- Configuration review of Oracle Financials system.
WebSmack – Web application inventory and vulnerability assessment
EY/Mercury – Web based technical work plan generator to perform security configuration
review of IT infrastructure
10. Outsourcing of Project to External Information Security Auditors / Experts : No
(If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
registered in India with Registrar of Companies under Ministry of Corporate Affairs. E
in 150 countries which provide services across Assurance and Advisory Business Ser
Transaction Advisory Services.
12. Whether organization is a subsidiary of any foreign based organization? : Yes
If yes, give details
Ernst & Young LLPis registered in India with Registrar of Companies under Ministry o
EY’s Global Headquarter is in London.
Address
25 Churchill Place Canary Wharf E14 5EY London
phone: +44 20 7951 2000
fax: +44 20 7951 1345
re/proprietary):
k packets
sment
penetration tests
g the windows
ent
security configuration
Experts : No
tion? : Yes
: Yes,
Companies under Ministry of Corporate
mber 2019
Back
napshot of skills and competence of CERT-In empanelled Information Security Auditing Or
M/s NETMAGIC IT SERVICES PVT. LTD.
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
rganization :
: 2006
: YES
: YES
: YES
: YES
: YES
: 0
: 0
: 37
: 37
56
34
1
22
: 2
: 4
: NA
: NA
: 32
: 38
Commercial
Nessus
Hacker Guardian
Netgear Wi-Fi Scanner
NTT Limited
13. Locations of Overseas Headquarters/Offices, if any : N
*Information as provided by Netmagic IT Services Pvt. Ltdon 23-12-2019
Ba
Snapshot of skills and competence of CERT-In empanelled Information Security Auditing O
M/s Network Intelligence India Pvt. Ltd.
d Unix) Servers
e/proprietary):
conditions
ls : No
zation? : Yes If yes, give details
: No
12-2019
Back
n Security Auditing Organisation
rganization:
Ltd. 5th Floor, Lotus Business Park,
West, Mumbai – 400053. India
: 2001
n / Thick-Client: Yes
g: Yes
evices): Yes Configuration Review (Security
dit: Yes
Yes
: Consulting:
tification: Yes
es
Yes
ity audits:
Count
119
15
131
10
2
5
45
30
149
450+
ation security audits in Government and Critical sector
ated to Information security
1 KKM 18 18
2 AG 6 12
3 AM 3 24
4 SA 9 9
5 SS 1 44
6 WH 11 11
7 MA 2 5
8 NRS 4 5
9 UP 7 7
10 SS 4 9
11 VV 2 20
12 MS 4 5
13 MS 4 7
14 SJ 5 5
15 AS 4 5
16 GS 2 7
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Project Category: Industrial Control System Cybersecurity Assessment
Client: One of India’s Largest Private sector Power Company
Location: 27 plants across India
Value: Rs.2.5 crore+
Requirement / Scope: In late 2018, the client asked us to help them dramatically impr
readiness by achieving a cybersecurity maturity model across the 5 business units using
frameworks, standards and regulatory compliance controls. These controls had never be
their 75 power plants and was thought to be too high a bar for application to these syste
wanted to maintain a consistent program across both IT and OT and, hence, established
of their assets.
During the 6-month project we worked hand in hand with the client to not only establish
convergence cybersecurity program in their OT environment, but to also build a sustaina
and security management road map with integrated cybersecurity blueprint of their digit
journey. Assessment and Risk Road map provided them visibility into their gaps, vulnera
design flaws. Our Security Assessment and Program ensured compliance but also captur
investment, speeds resolution of emerging events and provides unparalleled visibility int
practices.
Leveraged the tool to make changes to assets and networks – e.g., removal of decom
software across all sites, elimination of unnecessary services and ports, implementation
devices where feasible, etc.
Record technical feasibility exceptions for any devices where the control was not feas
compensating controls in their place
Creation/revision of procedures for areas such as patching, change management, etc
*Information as provided by Network Intelligence India Pvt. Ltd. on 23rd December 2019
Ba
PCI QSA, CISA, CISSP
CCNA, ITIL v3
CISA, ISMS & BCMS LA, Cloud
Security CSA Star Certified Auditor, ITIL4,
COBIT5, COBIT 2019
LA – ISMS, BCMS, PCIQSA, ISO 27001 LA
project we worked hand in hand with the client to not only establish a comprehensive IT/OT
curity program in their OT environment, but to also build a sustainable, dynamic compliance
ment road map with integrated cybersecurity blueprint of their digital transformation
and Risk Road map provided them visibility into their gaps, vulnerabilities, risk posture and
curity Assessment and Program ensured compliance but also captured value from their
esolution of emerging events and provides unparalleled visibility into otherwise disconnected
ication whitelisting
assessment tools installed in phase 1 to provide ongoing assessment in real time – e.g.,
w asset discovery, change management alerting, etc.
urity Audit Tools used (commercial/ freeware/proprietary):
te
arx
x Suite
Nessus
x
arx
as Headquarters/Offices, if any:
ven below
Coastal Highway,
of Sussex
d 803, Blue Bay Tower, Business Bay, Dubai, United Arab Emirates
Cecil Street
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes. Cannot provi
Disclosure agreements with our foreign partners.
12. Whether organization is a subsidiary of any foreign based organization? : N
13. Locations of Overseas Headquarters/Offices, if any : N
*Information as provided by Net Square Solutions Private Limited on February 24, 2019
Ba
nformation Security Auditing Organisation
Auditing Organization :
Solutions Private Limited.
augbaug, Near Parimal Crossing, Paldi, Ahmedabad -
ujarat.
: 2001
: Y
: Y
: Y
: Y
:
5
1
25+
50+
: 25+
: 25+
dits :
1
1
1
<number of>
sed organization? : No
: No
imited on February 24, 2019
Back
Snapshot of skills and competence of CERT-In empanelled Information Security Auditing O
M/s Paladion Networks Pvt Ltd
5. Number of audits in last 12 months , category-wise (Organization can add categories base
them)
Network security audit : 1000+ IP addresses
Web-application security audit : 500+ applications
Wireless security audit : 20+ locations Complian
PCI, etc.) : 25+
rganization :
2000
Yes
Yes
Yes
Yes
Yes
more than 5
more than 5
more than 50
more than 100
1000+ IP addresses
500+ applications
20+ locations Compliance audits (ISO 27001,
1 Global Bank with Delivery Centre a) Secure configuration review Rs. 5 crore+
in India b) Firewall rule base audit
c) Internal penetration test
d) External penetration test
e) Host discovery
f) Web application vulnerability scan
a few of them-
c) Internal penetration test
d) External penetration test
e) Policy and Procedures
f) Web application penetration
4 Large IT company in South India 25 Web Application Per quarter, 30IPs Per Rs. 1 crore+
Quarter-Network Penetration Testing, 10
Applications Per Year-Code Review, 10
Mobile Application Testing
1 Network Penetration Testing KALI Linux, Nslookup, Dnsrecin, Dnsmap, Metagoofil, fragroute,
whisker, Nmap, Firewalk, SNMPc, Hping, xprobe, Amap, Nessus,
Nikto, L0phtcrack, John the ripper, Brutus and Sqldict.
4 Application Security Assessment Burp Proxy and Scanner, Paros Proxy and Scanner, Wireshark,
Winhex, , CSRF Tester, Elixan, OpenSSL, tHCSSLCheck, Firefox
Extensions, NetSparker
agoofil, fragroute,
be, Amap, Nessus,
Sqldict.
Stumbler, Kismet,
tercap
nner, Wireshark,
SSLCheck, Firefox
Experts: No
n 10/09/2012
Back
Snapshot of skills and competence of CERT-In empanelled Information Security Auditing O
M/s PricewaterhouseCoopers Pvt. Ltd
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months , category-wise (Organization can add categories b
handled by them)
Network security audit : 200+
Web-application security audit : 500+
Wireless security audit : 50+
Compliance audits (ISO 27001, PCI, etc.) : 200+
: 1992
)
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
s:
50+
10+
250+
300+
e (Organization can add categories based on project
: 200+
: 500+
: 50+
: 200+
urity audits :
5+
10+
50 +
80+
12+
None
500+
600+
mation security audits in Government and Critical sector
We have over 600 + technical manpower involved in Government & Crit
organizations across organization. For a reference purpose we are sharing deta
resources here below. Additional resource details can be submitted if required.
S.no. Name of the Duration Experience in Information
employee with PwC Security
14 years 10
1 Rahul Aggarwal 19 years
months
5 years 7
2 Rajinder Singh 14 years
months
4 years 1
month
5 Ankit Goel 10 years
5 years 8
6 FaizHaque 7 years
months
technical manpower involved in Government & Critical Sector
nization. For a reference purpose we are sharing details of 10
tional resource details can be submitted if required.
Qualifications related to
Information Security
· CISSP
· BS7799 Lead Auditor
· ISO 20000 Lead Auditor
· ISO 22301 Lead Auditor
· ISO 27001 Lead Auditor
· CISSP
· CIPP/US CIPP/E
· DCPP
· CEH
· BCCS
· CISRA
· CCNA
· ISO31000
· ISO27001
· CEH
· Oracle certified Java Professional
· OSCP
· CEH
· OWASP Member
2 years 4
months
8 G Karthik 2 years 4 months
2 years 6
9 Swapnil Sharma 7 years
months
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
PwC PL has done more than 100 Cyber security project in India in last 1 year. Some o
in terms of scope (in terms of volume, complexity, locations etc.) along with
n 100 Cyber security project in India in last 1 year. Some of the projects are-
2 Open Source
3 Proprietary
1. Nmap
2. Metasploit
3. Backtrack
4. Nessus Home Feed
5. Wireshark
1. Phish Pro
2.PwC Windows Script
3. PwC Unix Script
4. PwC SQL/Oracle Script
5. PwC Server Script
10. Outsourcing of Project to External Information Security Auditors / Experts : No (If yes, kindly provide
oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
PricewaterhouseCoopers Pvt. Ltd. (“PwCPL” or “the Company” hereinafter), a distinct andseparate legal entity being
incorporated under the Companies Act, 1956, engaged in renderingadvisory and consulting services. PwCPL is an
Indian member company of this global network and provide advisory and consulting services.
12. Whether organization is a subsidiary of any foreign based organization? : Yes If yes, give details
PricewaterhouseCoopers Pvt. Ltd. (“PwCPL” or “the Company” hereinafter), a distinct andseparate legal entity being
incorporated under the Companies Act, 1956, engaged in renderingadvisory and consulting services. PwCPL is an
Indian member company of this global network and provide advisory and consulting services.
: Yes
er), a distinct andseparate legal entity being
sory and consulting services. PwCPL is an
ory and consulting services.
on? : Yes If yes, give details
er), a distinct andseparate legal entity being
sory and consulting services. PwCPL is an
ory and consulting services.
: NA
n 23rd Dec 2019.
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s STQC Directorate
1. Name & location of the empanelled Information Security Auditing Organization :
STQC Directorate,
6 CGO Complex and STQC IT Centers at Delhi, Kolkata, Mohali, Pune, Bangalore, Hyderabad, T
5. Number of audits in last 12 months , category-wise (Organization can add categories based
them)
Network security audit : 16
Web-application security audit : 90
Wireless security audit : Nil
Compliance audits (ISO 27001, PCI, etc.) : 12
Center Security,
1 Mr. Sanjeev Kumar 1993 Appl. Security 2
RT-In empanelled Information Security
ation :
: <2003>
Yes
Yes
No
Yes
57
36
27
119
16
90
Nil
12
NIL
17
NIL
NIL
10
6
: 27
Government and Critical sector organizations
Secure software
development, ISMS LA,
Master Trainer
2 Mr. Manoj Saxena 1985 2
3 B.K. Mondal Jan-90 ISMS LA, CEH 13
7 Tapas Bandyopadhyay
May-91 ISMS LA, CEH 9
CPSSE (Certified
Professional for Secure
Software Engineering)
12 Sanjay K. Prusty Dec-95 9
S.P.Tharesh Kumar
17 Mar-00 CNSM 4
22 Jun-93 13
26
App Sec Training, Network
Security, CC, ISEB
Dhawal Gupta May-08 5
Intermediate, CNSM
27
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
value. 28 number of Important Government website hosted at various locations.
prietary) :
, Burp, Webscraber, Proprietary scripts,
s : No
uary 2014
Back
Snapshot of skills and competence of CERT-In empanelled Information Security Auditing O
M/s SUMERU SOFTWARE SOLUTIONS PVT LTD
5. Number of audits in last 12 months , category-wise (Organization can add categories based
them)
Network security audit : 28
Web-application security audit : 40
Wireless security audit : 10
Compliance audits (ISO 27001, PCI, etc.) : 7
7. Details of technical manpower deployed for information security audits in Government and Critic
(attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
n Security Auditing Organisation
ation :
: 2005
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
42
23
20
85
28
40
10
7
1
17
1
NIL
15
5
3 Ajan Kancharla Dec 2015 2 Years, 5 months ISMS Lead Implementer CEH
v7
HP ArcSight ESM 6.5
Administration
9 Morsa Jagadeesh Babu July 2014 1 Year, 8 months EC Council- certified Ethical
Hacker v8 (CEHv8) - Cert
No: ECC56126713211,
eLearn security Junior
Penetration Tester (eJPT) -
Cert No: EJPT- 200245,
Udemy Basics of Web
Application Penetration
Testing - Cert No: UC-
WVFHUEM8
nd web applications, Across the globe.
prietary):
: No
etc.))
Back
Snapshot of skills and competence of CERT-In empanelled Information Security Auditing O
M/s. Sysman Computers Private Limited
:
:
:
:
5. Number of audits in last 12 months , category-wise
(Organization can add categories based on project handled by them)
Network security audit: <number of> :
Web-application security audit: <number of> :
Mobile-application security audit: <number of> :
Wireless security audit: <number of> :
Compliance audits (ISO 27001, PCI, RBI): <number of> :
Cyber Forensics :
IT GRC Consulting/Audit :
Audit of Certifying Authorities/e-sign/RA/ASP :
Audit of UIDAI AUA / KUA / ASA / KSA :
6. Technical manpower deployed for information security audits :
CISSPs : <number of> :
BS7799 / ISO27001 LAs : <number of> :
CISAs : <number of> :
DISAs / ISAs : <number of> :
Any other information security qualification: <number of> :
Total Nos. of Technical Personnel : :
nformation Security Auditing Organisation
Auditing Organization :
am, Rani Laxmi Chowk, Sion Circle, Mumbai 400022 Contact : Dr. Rakesh M Goyal, Managing DirectorPhone – 99672-48000 / 99672-47000Email – ra
: 1991
- YES
- YES
- YES
- YES
- YES
- YES
- YES
- YES
- YES
- YES
- YES
:
done organisations
04
04
56
64
dled by them)
14
24
06
01
03
14
02
08
12
dits :
01
05
04
01
04
08
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. Sysman Security Information security
1 Dr. Rakesh M Goyal Feb 1985 29 years PhD, CISA, CISM, CCNA,
CFE, CCCI
2 Vaibhav Banjan May 2007 17 years CISA, DISA
3 Anand Tanksali April 2010 13 years CCNA, CCSA
4 Winod P Karve Sep 1999 21 years CISA, ISO27001 LA
5 Mohammad Khalid March 2011 10 years CCNA, ISO27001 LA
6 Pallavi Goyal April 2010 9 years ISO27001 LA, CCNA,CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
1. IT Infrastructure with 150 servers, 2500+ nodes, 120 switches, 30 routers sprea
over India alongwith matching DR site.
2. Application audit with 32 modules used by 6000 people
3. e-governance Web-application with 23 modules exposed to world
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
world
e/proprietary):
: NA
zation? : NO
: NA
re Desi organisation. There is no overseas
19
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s SISA Information Security Pvt Ltd
1. Name & location of the empanelled Information Security Auditing Organization :
SISA Information Security Pvt Ltd
#3029, SISA House, 13th Main Road, HAL 2nd Stage, Indiranagar, Bangalore
:
:
:
:
:
:
:
:
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
mpetence of CERT-In empanelled Information Security
: <2001>
quired)
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
Months :
: <0>
: <1>
: <450+>
Audits done : 451+
<115+>
<185+>
<15+>
<255+>
<3>
<30+>
<3>
<1>
< 2>
<90+>
mation security audits in Government and Critical sector
S. Name of Duration with Experience in
No. Employee <organization> Information
Security
NM.B.A IT, MSc ISS and Trained in: CEH, ECSA, Sans
IDS, Sans CF, Sans IHHT, BSI 27001
Master of Technology
(M.Tech.)Info rmation Security & Management,
Bachelor of Engineering
(B.E.)Computer Technology
PCI QSA, GCFA, Core PFI
roject handled in terms of scope (in terms of volume, complexity, locations etc.) along with
Nikto
SQLMap
Kali OS
MobSF
Drozer
ApkTools
Mobisec
Fiddler
TCP Relay
Sysinternal Tools
(eg.ProcMon)
Wireshark
Nessus
Nmap
AngryIPscannner
Network Scan Kalilinux
Metasploit
Burpsuite
Ba
Annexure 1
ols mentioned below are the major tools used for testing. Additional tools can be used as per
Commercial
Open Source
Open Source
Open Source
Commercial
Open Source
Open Source
Open Source
Commercial
Open Source
Open Source
Open Source
Open Source
Open Source
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Torrid Networks Pvt. Ltd
1. Name & location of the empanelled Information Security Auditing Organization:
Torrid Networks Pvt. Ltd. , C-171, 2nd Floor, Sector 63, Noida, NCR
2. Carrying out Information Security Audits since : 2006
3. Capability to audit , category wise (add more if required)
Network security audit Yes
Web-application security audit Yes
Mobile application security audit Yes
Wireless security audit Yes
Compliance audits (ISO 27001, PCI, DOT Audit, etc.) Yes
DoT Audit Yes
5. Number of audits in last 12 months , category-wise (Organization can add categories base
them)
Network security audit : 25+
Web-application security audit : 100+
Mobile Application security Audit : 20+
Wireless security audit : 7+
Compliance audits (ISO 27001, PCI, etc.) : 5+
DoT Audits : 2
6. Technical manpower deployed for information security audits :
BS7799 / ISO27001 LAs : 4
CISAs : 2
CEH : 10
Total Nos. of Technical Personnel : 35
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
S. No. Name of Duration with Experience in Qualifications related to
Employee Torrid Networks Information Security Information security
uditing Organization:
r 63, Noida, NCR
2006
Yes
Yes
Yes
Yes
dit, etc.) Yes
Yes
: More than 75
: Around 5
: More than 100
done : Around 200
25+
100+
20+
7+
5+
2
its :
4
2
10
35
curity audits in Government and
27001 LA, ECSA, LPT
2 S.K February 2011 6 ISO 27001
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
etc.) along with project value.
No. of Computer Systems : 10000
No. of Servers : 500
No. of Switches : 250
No. of Routers : 25
No. of Firewalls : 18
No. of IDS' : 10
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Metasploit, Burp Suite SQLMAP, Dnsenum, Knockpy, whatweb, Nikto, Subbrute, Re
Fiddler, Tamper data, Live http header, Appscan, Accunetix, Wapplyzer, Dirbuster, wfuzz
Nessus, Hydra, fping, Wireshark, Tcpdump, testssl, sslscan, rpcclient, Ethercap, enum4
netcat, Nipper-ng, Microsoft Baseline Security Analyzer, Intrust, Intrufi
10. Outsourcing of Project to External Information Security Auditors / Experts : No (If yes, kin
arrangement (MoU, contract etc.))
* Information as provided by Torrid Networks Pvt. Ltd. on 25th November, 2016
Ba
s of volume, complexity, locations
/ freeware/proprietary):
whatweb, Nikto, Subbrute, Recon-ng, Owasp zap,
tix, Wapplyzer, Dirbuster, wfuzz, Weevely, Nmap,
an, rpcclient, Ethercap, enum4linux, snmpwalk,
er, Intrust, Intrufi
Organization :
– 680 308
<2013>
: 12
: 6
: 22
: 41
4 Angela Maria Paulson 7 Years 12+ Years PCI QSA, CISA, CISM, ISO
27001:2013 LA
5 David Joseph 2.5 Years 8+ Years CEH, CISA, ISO
27001:2013 LI, PCI QSA
re/proprietary):
Wireless security audit Mobile Application Audit
Fern Wifi Aircrack AirSnort Cain & Abel MobSF
Kali Linux tools Burp Professional Android Debug
Bridge Drozer
Exposed Fremework Cydia
SSLUnpinning APKTool QARK
Frida
Kali Linux tools
Thick/Thin client Audit
Burp Professional Echo Mirage
Wireshark WinHex
Proccess Monitor CFF Explorer IDA
Debugger
Kali Linux tools
tails : Yes/No
tion? : Yes/
: Yes/No
n <23-12-2019>
BacK
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Wipro Limited
1. Name & location of the empanelled Information Security Auditing Organization :
Wipro Limited, Doddakannelli,
Sarjapur Road, Bangalore - 560 035, Karnataka, India
2. Carrying out Information Security Audits since : 2005
3. Capability to audit , category wise (add more if required)
Network security audit (Y/N) : Yes
Web-application security audit (Y/N) : Yes
Wireless security audit (Y/N) : Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
5. Number of audits in last 12 months , category-wise (Organization can add categories base
them)
Network security audit : 150
Web-application security audit : 150 +
Wireless security audit : 5+
Compliance audits (ISO 27001, PCI, etc.) : 200+
6. Technical manpower deployed for information security audits :
CISSPs : 76
BS7799 / ISO27001 LAs : 131
CISAs : 75
DISAs / ISAs : NA
Any other information security qualification : 150
Total Nos. of Technical Personnel : 500+
out of 7500 Cyber Security Professionals
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
rganization :
a, India
2005
: Yes
: Yes
: Yes
: Yes
: 20+
: 25+
: 200+
: 250+
0
0+
0+
0
+
1 DIAL Delhi
2 NPCI Hyderabad
3 SBI Mumbai
4 NIC Delhi
e/proprietary):
23 Tenable Nessus Commercial Vulnerability Scanner
24 GFI Lanuard Commercial Vulnerability Scanner
25 Retina Commercial Vulnerability Scanner
26 OpenVas Open source Vulnerability Scanner
27 Angry IP Scanner Free Port/service scanner
28 Nmap Free Port/service scanner
29 Aircrack Free Wireless Pen testing tool
30 Kismet Free Wireless Pen testing tool
31 All Kali supported tools Open source All in Tools
5. Number of audits in last 12 months , category-wise (Organization can add categories base
them)
Network security audit : 8 number of audits to government organizatio
security audit : 78 number of web audits to government and private organiza
Mobile applications - 5 mobile apps certified ( 10 audits in progress)
: 3 number of organizations had wireless in network audit scope
Compliance audits (ISO 27001, PCI, etc.): All 78 web audits are compliance aud
56 - OWAS
20 - CCA Co
Audits
2 - AADHAR
1 - ISO 270
6. Technical manpower deployed for information security audits :
CISSPs : 2
BS7799 / ISO27001 LAs : 1
CISAs : Nil
DISAs / ISAs : Nil
Any other information security qualification:
rs / Experts : No (If yes, kindly provide
details : No
rganization? : No If yes, give details
: No
Back
of CERT-In empanelled Information Security
ing Organization :
: 2011
: Yes
: Yes
: Yes
: ISO 27001, Cloud, PCI, AADHAR UIDAI
rogress
-
-
3
56 - OWASP
20 - CCA Compliance ASP e-Sign
Audits
2 - AADHAR UIDAI compliance
1 - ISO 27001 - in progress
:
2
1
Nil
Nil
SANS Certified – 16
Cert-CC – 3
CEH – 17
ECSA – 4
Total Nos. of Technical – 36
7. Details ofPersonnel
technical manpower deployed for information security audits in Government and Critical sect
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value. : 16 major projects handled which include government network infrastructure au
websites".
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Freeware Commercial Inhouse
freeware/proprietary):
Back
Annexure –
7. List of technical manpower deployed for information security audits in Government and
organizations
S. Name of Duration with C- Experience in
No. Employee DAC since Information
Security
Ba
Annexure – A
er deployed for information security audits in Government and Critical sector
ISMS LA
SANS - GAWN
SANS - GXPN
CERT-CC Certified Incident Handling, Forensics
Analysis and Network Security in CMU, USA
GMOB
CISSP
CCNA
ECSA
CEH , EC-Council
ECSA
CEH , EC-Council
ECSA
EC Council Security Analyst
EC Council Security Analyst
CEH, EC-Council
EC Council Security Analyst
EC Council Security Analyst
EC Council Security Analyst
EC Council Security Analyst
EC Council Security Analyst
Back
Snapshot of skills and competence of CERT-In empanelled Information Security Auditing OrganisationM/s Xiarc
Govt. : 2+
PSU : 1+
Private : 7+
Total Nos. of Information Security Audits done : 20+
5. Number of audits in last 12 months , category-wise (Organization can add categories b
handled by them)
Network security audit : 5+
Web-application security audit : 7+
Wireless security audit : 1+
Compliance audits (ISO 27001, PCI, etc.) : 2+
Cyber forensics Investigations : 4+
PCI Consulting : 1+
6. Technical manpower deployed for information security audits :
CISSPs : 2
BS7799 / ISO27001 Las : 1
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : 2
Total Nos. of Technical Personnel : 7+
7. Updated details of technical manpower deployed for information security audits in Governm
organizations (attach Annexure if required)
S. No. Name of Employee Duration with Experience in Qualifications related to
Xiarch Solutions Information Information security
Pvt. Ltd Security
ing Organization :
: 2008
Yes
Yes
Yes
Yes
Yes
2+
1+
7+
20+
ation can add categories based on project
5+
7+
1+
2+
4+
1+
:
2
1
1
0
2
7+
on security audits in Government and Critical sector
2 Ashish Chandra 1 Years 1+ year CISE, BSC (IT) , GNIIT,
MCA (pursuing)
3 Vidushi 1.5 years 1.5+ years BTech, CISE
4 Kritika 2 years 1+ years Btech, CISE
5 Alekh Mittal 2 years 2+ years Btech, CISE
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Vulnerability Management for the Largest KPO firm in the world, scope included V
servers, 5000 desktops and over 200 network devices, 10+ web application. Location
Australia, India and UK
Managing complete IS and compliance service for one of the first and largest NBFC in
PCI audit, CMMI, ISO 27001, Vulnerability assessment, web app security, network and w
management, SIEM and DLP implementation
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Nmap , Superscan
Backtrack kali linux Live CD,
Encase, FTK, Pro discover etc.
Custom Scripts and tools.
Metasploit Framework, Netcat , BeEf
Wireshark – Packet Analyser
Cisco Netwitness.
Tenable Nessus
Rapid7 Nexpose community edition
Burpsuite
SQL Map
Tamper Data
Directory Buster
Nikto
Ettercap
Paros Proxy
Webscarab
Brutus
eware/proprietary):
tails : No
anization?
: No
: No
/6/2014
Back
of CERT-In empanelled Information Security
: 2011
: Yes
/N) : Yes
: Yes
CI, SOX, etc.) (Y/N) : Yes
: Yes
: Yes
ration test : Yes
: Yes
tation
) : Yes
: Yes
: Yes
: Yes
: 1
: 2
: 29
ity Audits done : 32
: 10
: 15
: 3
: 3
CI, etc.) : 5
: 13
ration Testing : 12
: 2
tation
: 6
:
: 1
: 18
: 6
: 8
: 5
CCNA
Total Nos. of Technical Personnel
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Designation Duration with Experience in Qualifications related to
No. RSM Astute Information Information security
Consulting Security
World’s leading ITES Company Information Security and Cyber Security Services for
their 3 delivery centers in Mumbai, Pune and UK. The
Project value was Rs. 2.63 Crores
India’s leading Scheduled Bank Review of application security, API security and mobile
application security assessment for one of the largest
Scheduled Banks. The assessment coverage was for
150 applications of the Bank: The scope involved:
Application Security Assessment
VAPT
Mobile Application Security Assessment
API Security Assessment
: 2
: 31
dits in Government and Critical sector
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Y
(RSM Astute Consulting Private Limited is a member firm of RSM International located in
London, EC4N 6JJ – United Kingdom)
12. Whether organization is a subsidiary of any foreign based organization? : N
13. Locations of Overseas Headquarters/Offices, if any : N
*Information as provided by RSM Astute Consulting Pvt. Ltd on 23th December 2019
Ba
The Project value was Rs.35,04,600/-
mation Security Audit Tools used ( commercial/ freeware/proprietary):
essional Burp Suite
acktrack
penSSL Winaudit NetCat
5. Number of audits in last 12 months , category-wise (Organization can add categories base
them)
Network security audit: : 10
Web-application security audit: : 64
Wireless security audit : 7
Compliance audits (ISO 27001, PCI, etc.): : 27
6. Technical manpower deployed for information security audits :
CISSPs : 1
BS7799 / ISO27001 LAs : 6
CISAs : 9
DISAs / ISAs : 4
Any other information security qualification : 6
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
S. Name of Employee Duration Experience in Information Qualifications related
No. with Qadit Security
Systems
1 V. Vijayakumar 18 years 18 years CISA, ISMS LA, ISA, CEH
2 Mahesh Balan 18 years 18 years CISA, ISMS LA, ISA, CEH
3 N. Swameshwar 15 years 15 years CISSP, ISA, CEH
RT-In empanelled Information Security
: 2002
Yes
Yes
Yes
Yes
: 63
: 0
: 116
: 179
8 Indira Rao < 1 year 2 years CISA, CRISC, LA, CPEGP, CPISI
9 Rajendra Kumar < 1 year 3 years CISA, LA, CPISI
10 Aishwarya K 3 years 3 years ECSA
11 Suman Raj 2 years 3 years ECSA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Client : A project for Government of Tamilnadu
Scope: Information System Security Audit, Developing Security Policy & Procedures, Applicatio
Coverage: all municipalities across Tamilnadu Project Value: Rs. 27 lakhs
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Proprietary
NsVulnAssessor
Ora DBSecAssessor
MSSQL DBSecAssessor
Router Config security assessor scripts
Commercial
Tenable Nessus Professional Edition
Titania Nipper Network Device Configuration Review Tool
Acunetix Web Application Vulnerability Assessment Tool
Codified Security Mobile Security Assessment Tool
6. Number of audits in last 12 months, category-wise (Organization can add categories based
them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
Source Code Review :
Managed Security Services :
Cloud Security Assessment :
Mobile Application Security (iOS, Android, Windows) :
Software Product Security Testing :
: No
tion? : No If yes, give details
: Nil
rd December 2019
Back
RT-In empanelled Information Security
Organization:
2012
- Yes
- Yes
- Yes
- Yes
: <3>
: <>
: <22>
: 25
: <10>
: <6>
: <2>
: <3>
: <5>
: <1>
: <4>
s) : <5>
: <1>
- Appeared
1 year 6 BE (Computer
5 Mr. Sachin Wagh months 2 years Science),Certified Ethical Hacker
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Network and Applications (Mobile + Web) Security Assessment consisting of more tha
network level vulnerability assessment and penetration testing, 20 web and mobile ap
(Ministry of Communications and Information Technology,
Kingdom of Saudi Arabia).
Complexity: High. This was the complex project as the assessment included security test
various types and platforms of servers such as Windows, Linux, Unix, MSSQL Databases,
Oracle Databases, DB2 Databases, VOIP, Network Sniffing, Wireless Network Pentest, VL
, Application Security Testing for Web Applications and Mobile Application of Android, iOS
platforms, Web Services ,
Social Engineering etc.
At present conducting source code review, threat modeling, SDLC review for 10 web and
the same client.
10. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Commer
6. Number of audits in last 12 months, category-wise (Organization can add categories based
them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
Source Code Review :
Managed Security Services :
Cloud Security Assessment :
Mobile Application Security (iOS, Android, Windows) :
Software Product Security Testing :
e/proprietary): Commercial Tools
: No
tion?
: No
: No
on 3rd Nov 2015
BacK
RT-In empanelled Information Security
Organization:
2012
- Yes
- Yes
- Yes
- Yes
: <3>
: <>
: <22>
: 25
: <10>
: <6>
: <2>
: <3>
: <5>
: <1>
: <4>
s) : <5>
: <1>
- Appeared
1 year 6 BE (Computer
5 Mr. Sachin Wagh months 2 years Science),Certified Ethical Hacker
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Network and Applications (Mobile + Web) Security Assessment consisting of more tha
network level vulnerability assessment and penetration testing, 20 web and mobile ap
(Ministry of Communications and Information Technology,
Kingdom of Saudi Arabia).
Complexity: High. This was the complex project as the assessment included security test
various types and platforms of servers such as Windows, Linux, Unix, MSSQL Databases,
Oracle Databases, DB2 Databases, VOIP, Network Sniffing, Wireless Network Pentest, VL
, Application Security Testing for Web Applications and Mobile Application of Android, iOS
platforms, Web Services ,
Social Engineering etc.
At present conducting source code review, threat modeling, SDLC review for 10 web a
for the same client.
10. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Commer
Corporate Office:
Cyber Security Works Pvt. Ltd
No.6, 3rdFloor, A- Block, IITM Research Park Taraman
Chennai – 600 113
e/proprietary): Commercial Tools
: No
tion?
: No
: No
on 3rd Nov 2015
BacK
RT-In empanelled Information Security
Organization:
: 2008
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
e Networks Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
: 26
: 1
: 21
: 292
: 27
: 239
Mobile-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
6. Technical manpower deployed for information security audits:
CISSPs :
BS7799 / ISO27001 Las :
CISAs :
DISAs / ISAs :
Any other information security qualification :
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Qualifications related to
No. CSW Information Information security
Security
8.4Years 9.5Years ISO LA, PCI-ASV
1 Ravi Pandey Certified
2 Sridhar Krishnamurthi 10.7Years 20.7 Years CISA, CISSP, ISO LA
7.6Years ISO LA, PCI-ASV
3 Gunnam Ramesh 7.6 Years Certified
4 Arjun Basnet 5.11 Years 5.11Years CEH, PCI-ASV Certified
Ravichandran R 1.2 Years 16.2 Years CISA, CFE, CEH, CCISO,
5 CPISI, ECSA, ISO LA
6 Sathish Kumar 5.10 Years 5.10 Years CEH
7 Vengatesh Nagarajan 5.5 Years 5.5 Years CCNA Security
8 Bonthala Satya Suvarna 4.4 Years 4.4 Years CompTIA Pentest+
9 DereddyMaheswari 4.4 Years 4.4 Years
10 Surabhi Kumari 4.3 Years 4.3 Years
11 Bhaskar.G.K 3.1Years 3.1Years
12 Swaraj Rai 2.9Years 2.9Years CEH
13 Rakesh Kumar M 2.5Years 2.5Years CEH
14 Dilip Raja Peddu 2.3 Years 2.3 Years
15 Raj Kumar Shah 1.4 Years 3.1 Years
16 Neha Agarwal 1.2 Years 1.2 Years
17 Balamurugan P 1.10 Years 1.10 Years
18 Vijayakumar M 1.10 Years 1.10 Years
19 Lourdhu Raj 1.6 Years 1.6 Years
Periyanayagam
20 Saran B 2.1 Years 2.1 Years
21 Raj Kumar T M 1.6 Years 1.6 Years
22 Sushil Bhojwani 1.6 Years 1.6 Years CEH
23 Vasantha Kumar T 0.10 Year 1.5 Years CEH, CHFI, CIE, ECSA
Richard Paul Dharmaraj S 0.6 Year
24 2.6 Years ECSA
Freeware Tools:
Nmap
Netcat
Snmp Walk
Metasploit
Kali Linux
Paros
Burp Suite
Brutus
Nikto
Firewalk
Dsniff
SQL Map
John the ripper
Paros
Wikto
Ethereal
Netcat
Openvas
W3af
OWASP Mantra
Wireshark
Ettercap
Aircrack – Ng
Cain & Abel
Ironwasp
OWASP Xenotix
Fiddler
Tamperdata
Social Engineering Toolkit
10. Outsourcing of Project to External Information Security Auditors / Experts : No
provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Y
Yes, we have partners for providing information security services in the respect
I. Partner with ICE Information Technology to provide Information Security Service
ICE Information Technology
P.O. Box: 120661, Dubai, UAE
P.O Box: 31078, Abu Dhabi, UAE
II. Partner with RiskSense Inc. to provide Information Security Services in USA RiskSen
4200 Osuna Road NE, Suite 3-300
Albuquerque, NM 87109, USA
ations related to
ation security
CEH
CEH
CEH
H, CHFI, CIE, ECSA
ECSA
/ freeware/proprietary):
platform.
ucture security assessment.
ure security assessment.
uditors / Experts : No ( If yes, kindly
ovide Information Security Services in UAE
organization? : No
: No
Ltd on 23-Dec-2019
Back
Snapshot of skills and competence of CERT-In empanelled Information Security Auditing O
M/s Deccan Infotech Pvt. Ltd.
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
1 Mr. Dilip Hariharan 06/05/1996 23 yr C|CISO, CRISC, CISM,
CISA, CEH, CHFI, CFE,
CCNA, ISO 27001
Lead Auditor &
Implementer, ISO
9001:2008 LEAD
AUDITOR, BS 15000
IMPLEMENTER, SANS
certified in hacker
techniques, exploits &
n Security Auditing Organisation
rganization:
< YES>
< YES>
< YES>
< YES>
03
00
45
48
15
20
08
er of> 05
01
06
02
00
ber of> 03
12
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Web applications Security audit for more than 100 sites of A government organisation with
web development technologies amounting to approximately 30 Lakhs.
9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):
1. Burp Suite
2. NMAP
3. Hping3
4. John The Ripper
5. NetCat
6. PW DUMP
7. Wireshark
8. OWASP ZAP
9. KALI Linux
10. Rapid7
11. Acunetix
12. TCP Dump
13. Nexpose – Commercial tool
14. Brutus
15. Metasploit - Commercial
16. Mozilla Tools for web app audits
17. Fiddler
18. Dir buster
19. Nipper
20. Nikto
21. W3AF
22. Android tamer
23. Immuniweb Mobile scanner
/proprietary):
ls : No
zation? : No If yes, give details
: No
Dec-2019>
Back
RT-In empanelled Information Security
anization :
state,
: 2006
0+
0+
00+
04+
5. Number of audits in last 12 months, category-wise (Organization can add categories base
by them)
Network security audit : 100+
Web-application security audit : 300+
Wireless security audit : 10+
Compliance audits (ISO 27001, PCI, etc.) : 10+
6. Technical manpower deployed for information security audits :
CISSPs : -
BS7799 / ISO27001 LAs : 1
CISAs : -
DISAs / ISAs : -
Any other information security qualification : 8
Total Nos. of Technical Personnel : 14
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
value: 200+ Audits, Combination of Network Security,
Application Security, Mobile Application Security, Risk Assessments, Pan-India + 5 Glob
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Information Gathering
- Bile-Suite
- Cisco torch
- SpiderFoot
- W3af
- Maltego
- SEAT
- In-House sdFinder
Exploitation
- Saint
- SQL Ninja
- SQL Map
- Inguma
- Metasploit
- … and 40 others
Commercial Tools
- Nessus Commercial - Burp Suite
11. Whether organization has any Foreign Tie-Ups? If yes, give details : N
12. Whether organization is a subsidiary of any foreign based organization? : No
If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : N
*Information as provided by <Security Brigade InfoSec Private Limited> on <December
Ba
nization can add categories based on project handled
100+
300+
10+
10+
dits :
-
1
-
-
8
14
ecurity audits in Government and
Qualifications
related to
Information
security
ECPPT
ECPPT
CEH
ECPPT
CEH
CISEH
CISEH
CISEH
ECPPT
ECPPT
ECPPT
CISEH
give details : No
d organization? : No
: No
Private Limited> on <December 19, 2019>
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Payatu Technologies Pvt Ltd.
1. Name & location of the empanelled Information Security Auditing Organization :
Payatu Technologies Pvt Ltd,
502 Tej House, 5 MG Road, Camp, Pune - 411001
2. Carrying out Information Security Audits since : 2011
3. Capability to audit , category wise (add more if required)
Network security audit : (Y/N)
Web-application security audit : (Y/N)
Wireless security audit : (Y/N)
Mobile Application Audit
IoT (Internet of Things) product security audit :
ICS/SCADA security audit :
Cloud Infrastructure security audit :
Crypto Implementation security audit :
Code Review :
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Web Application and Network security audit one for the USA based Analytics Product C
achieved PCI certification for their product and clod based Infrastructure.
1. Volume: 50+ URLS, 1500+ Internal IPs, 500+ external IPS
2. Complexity: High
3. Project Value USD 117000
Exploitation
1. Custom python script
2. W3af
3. Metasploit
4. Sqlmap
5. Sqlninja
6. BeEF Framework
7. Hydra
rganization :
, Pune - 411001
: 2011
(Y/N)
(Y/N)
(Y/N)
: 0
: 1
: 25+
udits done : 25+
cation:<number of>
: 15
dits in Government and Critical sector
e/proprietary):
xperts : No (If yes, kindly provide
: No
on? : No If yes, give details
: Yes
h-2018
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Suma Soft Pvt. Ltd.
1. Name & location of the empanelled Information Security Auditing Organization :
Suma Soft Pvt. Ltd. "Suma Center", 2nd Floor,
Opp. Himali Society, Erandawane, Pune, Maharashtra – 411 004.
Tel: +91- 20 - 40130700, +91- 20 - 40130400
Fax: +91- 20 - 25438108
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
:
:
:
:
:
:
:
:
:
:
:
6. Technical manpower deployed for information security audits :
CISSPs
BS7799 / ISO27001 LAs CISAs
CEH
CEH, ECSA OSCP OSWP
DISAs / ISAs
nce of CERT-In empanelled Information Security
Auditing Organization :
Floor,
Maharashtra – 411 004.
30400
: 2008
: Yes
: Yes
: Yes
: Yes
ucture : Yes
: Yes
: Yes
: Yes
: Yes
nges) : Yes
: Yes
: Yes
: Yes
: Yes
: 0
: 0
: 35
done : 35
8
28
1
5
3
4
7
3
3
1
1
dits :
Any other information security qualification:
CCSE, CCI, ACE, ITIL, RHCE, CCNP, CCNA,
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration Experience in Information
No. with Suma Soft Security
01 Surendra Brahme 19 20
02 C.Manivannan 19 20
03 Milind Dharmadhikari 7 17
04 Anil Waychal 19 15
05 Sumit Ingole 5 6
06 Narendra Bhati 5 6
07 Praveen Gauttam 4 4
08 Suraj Waghmare 2.9 3.8
09 AmeyNaniwadekar 2.10 3.5
10 Rajinikanth Bhandare 2.10 3
IT Environment: 5 Web Applications, 3 Mobile Apps, 150+ APIs, 100+ virtual hosts in AWS
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Commercial
Burp Suite Pro
Nessus
Netsparker
Freeware
Kali Linux
Metasploit
Sqlmap
For this purpose, we use Confidentiality and Non-Disclosure Agreements before engaging
assignments with defined scope of work and with clear knowledge of the client. Also the
adhere to IT Security and other Policies of Suma Soft and also of the client during the co
12. Whether organization has any Foreign Tie-Ups? If yes, give details : Y
partnered with some niche cyber security companies from the USA and Israel to become th
FCA,CISA,DISA
CISA
CISA, ISO27001LA,ACE,
CCNA,CSQP
CISA,ISO27001LA,ITIL,RHCE,Sun
Solaris
OSCP, CEH, ECSA, IBM Certified
Specialist - Rational AppScan
OSCP, OSWP,CEH
CEH, ECSA
CEH, ECSA,CCNA, ISO27001LA
CEH, CCNA
CEH
CEH
-
in terms of scope (in terms of volume, complexity, locations etc.) Along with
ddress
erative Bank
Type of Audit: Security Audit of Network, Web application, Mobile Application and
NPCI Agent Audit
Scope of Work: The scope of our audit included review of following areas –
DC Infrastructure & Network Audit
DR Site Audit
Intranet Applications Audit
Banking Agent Audit
Vulnerability Assessment / Penetration Test and Desktop Security
Scanning
Android Mobile Application Security Audit
Client Location Site Security Audit (LAN)
e Organization in end to end Logistic Solution
urity Audit of Web& Mobile Applications, APIs and AWS hosted IT Infrastructure
he scope of our audit included review of following areas –
rability Assessment and Penetration Testing on Web Application
rability Assessment and Penetration Testing on Android Mobile Application
rability Assessment and Penetration Testing on Network Infrastructure.
bilities in web sites and applications to ensure that all the false positives and
emoved.
xecute advanced testing techniques against all verified vulnerabilities in order to
the web-based application.
ting after receiving confirmation from the developers on fixing of issues
report and submission of the same to the client
uarters/Offices, if any : No
ma Soft Pvt. Ltd. on 24-November-2016
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s AGC Network
1. Name & location of the empanelled Information Security Auditing Organization :
AGC Network,
2nd Floor, Equinox Business Park, Tower 1, (Peninsula Techno Park) Off Bandra Kurla Complex, LBS
Mumbai – 400070.
2. Carrying out Information Security Audits since : 2017
: 10
: 15
: 2
: 5
: NA
: 3
: 3
: NA
S. Name of Employee Duration with Experience in Information Security
No. <organizatio n>
ng Organization :
: 2017
: Yes
: Yes
: Yes
(Y/N) : Yes
4
NA
15
8
ion can add categories based on project handled by
CISSPs
I(1),CISM(2)
14
y audits in Government and Critical sector organizations
10
15
2
5
NA
3
3
NA
Qualifications related to
Information security
CISA,CISM,CEH V10,IBM
QRADAR SIEM
CISA,ISO Lead Auditor
CISA,CISM,ISO Lead
Auditor
CEH
5 TejasPharande 1.1 3.5 years (Total Exp 5.5 years)
6 Satya Narayan Yadav 4.4 years 9.5 years
H. SINGAPORE: - (AGC Networks Pte Limited 50 Raffles Place, # 32-01 Singapore Land Tower Sing
*Information as provided by <AGC Networks Limited> on <20.12.2019>
Ba
CEH,ECIH,CHFI
CEH,ECIH,COMPTIA
SECURITY+,MCAFEE
SIEM,QRADAR SIEM
CEH,ECIH
ISO Lead Auditor
CEH
volume, complexity, locations etc.) along with project
eware/proprietary):
N,KALI LINUX,OWASP ZAP,SANTOKU OS,ACUNETIX
etails : No
anization? : No
: Yes
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s iSec Services Pvt. Ltd
1. Name & location of the empanelled Information Security Auditing Organization :
iSec Services Pvt. Ltd.607-608, Reliable Business Center, Anand Nagar Jogeshwari (W),Mumbai 40
: 2001
:
quired)
: (Yes)
: (Yes)
: (Yes)
: (Yes)
Months :
: <15>
: <2>
: <19>
: 36
e (Organization can add categories based on project handled by them)
: <3>
udit : <15>
: <7>
001, PCI, etc.) : <11>
urity audits :
: <3 >
: <3>
: 6
ation security audits in Government and Critical sector organizations
Qualifications related to
Information security
ISO LA 27001:2013
ISO LA 27001:2013
CEH v8.0
CEH v7.0
Jyoti Shankar Singh
5 >5 years >5 years
Fre Nmap
ewa Nikto
re: Metasploit
OpenVas
Wireshark
Crowbar
Nessus
Webscarab
Paros
Wapiti
Nemesis
NetCat
Brutus
GrendeIscan
Havij
Hydra
Httprint
Hydra
W3af
. on 23/3/2017
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s KPMG
1. Name & location of the empaneled Information Security Auditing Organization :
KPMG
DLF Building No. 10, 4th Floor, Tower B DLF Cyber City, Phase 2 Gur
ce : 1996
if required)
- Yes
dit - Yes
- Yes
001, PCI, etc.) – Yes
Analysis - Yes
st 12 Months :
: 3 -4
: 15 – 20
: 20 -30
: 100
30+
80+
20+
40+
n security audits:
: 6+
Las : 25+
: 15+
: 60+
: 12+
: 15+
CFE : 5+
al Personnel : 350+
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, lo
project value.
Security Assessment across multiple telecom clients in India:
KPMG has been providing a variety of security advisory and assessment
operators/ service providers to help them strengthen the overall security pos
technology eco-system, which comprises of critical IT/ Telecom assets, technolo
4G/LTE, Cloud, SDN, VNF and other domains. KPMG has been performing continuo
development of minimum baseline security standards (MBSS) for various netw
devices, circle wise security reviews based on MBSS and international security sta
ITU-T, 3gpp etc., secure design and architecture reviews of various emergin
solutions – such as M2M, eSIM, NFV, IoT etc. We also assisted clients
in security testing of web based and mobile based applications, vulne
penetration testing of internal and external facing infrastructure components,
testing, security testing of telecom radio devices like Femtocell and Pico cells
KPMG has been running cyber threat intelligence and online reputation managemen
keep the clients updated on latest security threats and help them safeguard agains
Value of the engagement is more than INR 8 CR
Security Testing for Oil and Gas Corporation
KPMG performed technical security audit of Network Devices, Servers, Applicat
deployed at primary data center and disaster recovery data center which inc
procedure review, vulnerability assessment and penetration testing, network a
security configuration review at the major Indian multi-national oil and gas corp
Value of the engagement was more 50 lakhs.
Security Audit for Nationalized Bank:
KPMG was engaged with a leading bank to conduct comprehensive information
audit every quarter of its application assessment, vulnerability assessment of netw
external penetration testing, IT DR review, Wide Area Network review and review
process. KPMG conducts periodic security assessment for the bank’s IT systems
covering Data Centre including NOC and SOC, Data Recovery Site, IT Head office in
office at any place having installed critical application/IT infrastructure or likely to b
Data Warehouse, Call Centres, sample ATM machines and other sample offic
the country.
The value of engagement was more than INR 50 Lakhs.
Security Assessment of Power Utility Organization
KPMG worked with a power and utility company in India to perform co
assessment of its OT and IT Infrastructure at Kolkata. In its assessment, KPMG ana
controls in IT and operational technology (OT) systems which were deployed
Transmission and Distribution etc. The security assessment included review of D
plant automation systems like PADO, BVMS; review of Transmission and Dis
system, HT Outage Management System, Meter Data Acquisition System, dev
configuration, vulnerability assessment, technical security testing of web and mobi
of OT security policy and procedures.
The value of engagement is more than INR 35 Lakhs.
Security Audit of a multiple BFSI Client
KPMG is currently working with leading banks on the application security
includes manual security testing of organization’s business critical application
applications, payment applications, privacy applications, thick client applications
As part of the security testing service KPMG is responsible to manage the overall se
of the client from project initiation to delivery phase. KPMG is also responsible to c
and documentation of the issues identified and track them to completion with the h
developers.
The overall value of these projects is approximately INR 1 Cr.
Cyber Incident Response (Data Breach) support
KPMG team performed root cause analysis and cyber incident support fo
brokerage in Mumbai. The assessment included a root cause analysis into t
leaked sensitive information of the client on the dark web. KPMG conducted
containment, remediation and support in recovery of IT operations
Post incident management support KPMG also provided support in implementatio
measures for the client across the infrastructure and number of training sessions
to attenuate the impact of the incident.
KPMG further conducted number of security assessments for its network architecture
and application to identify vulnerabilities and provided recommendations to
The overall value of the project was spread for more than 2 years and the value was
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Commercial
Acunetix,
Burp,
Nessus
AppScan
WebInspect
Proprietary
KRaptor,
KPMG Digital Signals Insights Platform,
KPMG SABA,
K-Risk-Intel Tool
KPMG Vulnerability Management Platform
Open source tools
BackTrack,
Kali Linux,
Fiddler,
Paros,
SQLMap,
nmap,
Wireshark
s in India:
dvisory and assessment services to telecom
the overall security postures across their
/ Telecom assets, technology solutions across 3G,
been performing continuous security assessments,
MBSS) for various network elements and
international security standards/ guidelines like
iews of various emerging technology-based
sisted clients
ased applications, vulnerability assessment and
nfrastructure components, SIM card security
Femtocell and Pico cells etc. In addition to this,
ne reputation management advisory programs to
lp them safeguard against the same.
hs.
NR 1 Cr.
Experts : No
tract etc.))
details : No
ation? : No
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Mahindra Special Services Group
1. Name & location of the empaneled Information Security Auditing Organization :
Mahindra Special Services Group
(A Division Of Mahindra Defence Systems Limited) Mahindra Towers, 1st Floor 2- A , Bhikaji Cama Pl
110066, India
2. Carrying out Information Security Audits since : 2002
3. Capability to audit , category wise (add more if required)
Network security audit (Y/N) : Yes
Web-application security audit (Y/N) : Yes
Wireless security audit (Y/N) : Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
Compliance audits(ISO 22301) : Yes
zation :
: 2002
Yes
Yes
Yes
Yes
Yes
: 20
: 10
: 69
: 99
Organization can add categories based on project
40
100
30
40
:
0
17
3
0
15
32
security audits in Government and
Total experience
in information
security related
activities
(years)
16.7
CISM
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : No
13. Locations of Overseas Headquarters/Offices, if any : No
*Information as provided by Mahindra Special Services Group (A Division of Mahindra Defen
26th December 2019
Ba
10.8
17.0
11.0
21.0
41.0
18.9
12.5
6.5
8.0
4.5
15.0
5.9
9.10
8.6
3.10
6.0
2.0
4.7
2.0
2.7
1.0
9.11
1.0
1.7
3.10
3.0
5.9
7.5
6.5
2.10
3.8
erms of volume, complexity, locations etc.) along with
1, IS Audit, VA PT( Network and application)
22301
uditors/Experts : No
tc.))
ve details : No
d organization? : No
: No
oup (A Division of Mahindra Defence Systems Limited) on
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Cigtial Asia Pvt Ltd
1. Name & location of the empanelled Information Security Auditing Organization:
Cigtial Asia Pvt Ltd,
Bangalore 560029
2. Carrying out Information Security Audits since : 20
Govt : 6
PSU : 0
Private : 2110
Total Nos. of Information Security Audits done : Around 2000
5. Number of audits in last 12 months, category-wise (Organization can add categories b
handled by them)
Network security audit : 35
Web-application security audit : About 2081
Wireless security audit : 0
Compliance audits (ISO 27001, PCI, etc.) : 0
6. Technical manpower deployed for informationsecurity audits:
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:OSCP, CEH, Internal Certific
Total Nos. of Technical Personnel : 60
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. Cigital Security Information security
1 Somnath Neogi Guha > 10 Years >12 Years CEH, OSCP
Organization:
: 2004
: (Y)
: (Y)
: (Y)
: (N)
10
ound 2000
can add categories based on project
ut 2081
: 0
: 0
: 0
: 0
CEH, Internal Certifications
: 60
One of the largest Mobile applications Critical business Onsite Mumbai, INR 4.5Mn
Private bank in India Applications Bangalore and
Remote (from
Bangalore)
One of the Instructor led trainings On selected New Delhi INR 600K
Government technologies
Autonomous
organizations India
One of the Insurance Red Teaming, Complex business Onsite and remote INR 2.5MN
companies in India consulting, mobile and applications and red locations in
web application teaming assignments Bangalore
assessments
One of the Software Web Applications, High complex business Onsite at client INR 6.5MN
products company Architecture risk applications location in Bangalore
based in Bangalore analysis and Advanced
Pen testing
One of the Global IT Network Testing Internal and external Remote location in INR 1.5MN
Services and Support Bangalore
company focused on
Financial Services
market
11. Hooper
12. APK Debug
13. SQLI Browser
14. Protecode SC
15. Protecode ES
16. Coverity
17. SQL Map
10. Outsourcing of Project to External Information Security Auditors / Experts: No
(If yes, kindly indicate mode of arrangement (MoU, contr
*Information as provided by Cigital Asia Pvt Ltd on 24/03/2017
Bac
me, complexity, locations etc.) along with
e/proprietary):
Experts: No
rrangement (MoU, contract etc.))
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s HCL Comnet Ltd.
1. Name & location of the empaneled Information Security Auditing Organization:
HCL Comnet Ltd.
2. Carrying out Information Security Audits since : 20
3. Capability to audit, category wise (add more if required)
Network security audit (Y/N) : Y
Web-application security audit (Y/N) : Y
Wireless security audit (Y/N) : Y
Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Y
Mobile Application Security: 3 UPI and BFSI
Forensic Audit: in BFSI sector
4. Information Security Audits carried out in last 12 Months :
in last 12 Months :
mationsecurity audits :
5
25 LAs
10
5
10+
2
ecurity qualification:5 CEH, 10 ISO 22301 LAs, OEM Certifications (Skybox,
t, CISCO, Juniper Certified) Total Nos. of Technical Personnel
Qualifications
related to
Information
1 Sandeep 10+ years 9+ years
Kumar Pasi
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
1. SBI Security Operations Center – 40000 + infrastructure for V
websites (quarterly), approx. 50 firewalls monthly, ISO 27001:20
Archer GRC Secops integration with SIEM and Nessus – all SBI Br
DC/DR – Approx. 46 Cr.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Qualysg
Appscan, HP Fortify, Skybox, Nipper, Nessus, Nexpose, Metasploit, Kali Linux, Open Source To
CCNA,
QGCS,BCMS
CEH,ISO 22301,
QGCS, PCI-
DSS from SISA
CEH, QGCS
ISO 27001-2013
ISO 27001:2013,
CEH, ITIL
ISO 27001-2013 LA
ISO 27001-2013 LA
ISMS, BCMS,
ITIL, COBIT, PCI-
DSS
from SISA
ISO 22301, QGCS
CISSP, CISA,
CISM, ISO
27001:2013,
ISO 22301
s of scope (in terms of volume, complexity, locations etc.) along with
Ltd. on 23-03-2017.
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Lucideus Tech Pvt. Ltd.
1. Name & location of the empanelled Information Security Auditing Organization :
Lucideus Tech Pvt. Ltd.
2. Carrying out Information Security Audits since : 2012
3. Capability to audit , category wise (add more if required)
● Network security audit (Y/N) : Yes
● Web-application security audit (Y/N) : Yes
● Wireless security audit (Y/N) : Yes
● Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
4. Information Security Audits carried out in last 12 Months :
Govt. : 5
PSU : 3
Private : 30
Total Nos. of Information Security Audits done : 45
: 5
: 3
: 300+
Security Audits done : 45+
egory-wise
: 5000+ IP Addresses
: 1000+ Web Applications
: 150+
: 40
Qualifications related to
Information security
LCEH
LCEH
LCEH
LCEH
LCEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
● One of India’s biggest retail payment system
Activities - Secure Code review, Application security assessment, Network
Configuration Review, DDoS Testing.
● One of India’s Leading e-commerce platform
Activities - Continuous Web Application security
Penetration Testing, Online Reputation Managemen
etc.
● One of India’s Leading FMCG Companies
Activities - Application security assessment, Network Architecture review,
Risk Assessment
● One of India’s Leading Aviation Companies
Activities - Continuous Web Application security
Penetration Testing
● One of India’s Leading Defence Organisation
Activities - Application security assessment, Network Architecture review,
Risk Assessment
● One of India’s Leading Private Banks
Activities - Continuous Web Application security
Penetration Testing
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Web Application Source Code
Review Network VAPT Web Application VAPT
stem
rity assessment, Network Architecture review,
form
Web Application security assessment, Network
e Reputation Management, Secure Code review
ies
Web Application security assessment, Network
ation
work Architecture review, Configuration Review,
are/proprietary):
Experts : Yes/No :
U, contract etc.))
arch, 2017.
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Sandrock eSecurities Private Limited
1. Name & location of the empanelled Information Security Auditing Organization :
Sandrock eSecurities Private Limited
E-46, Rani Garden Extension, Shashtri Nagar, Delhi - 110031
2. Carrying out Information Security Audits since : 20
3. Capability to audit, category wise (add more if required)
Network security audit : Y
Webapplication security audit : Y
Wireless security audit : Y
Compliance audits (ISO 27001, PCI, etc.) : N
4. Information Security Audits carried out in last 12 Months:
Govt.
PSU
Private
Total Nos. of Information Security Audits done
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
1 Rachna Agarwal April 2014 5 Years
2 Ankush Garg June 2015 4 Year Diploma in Cyber Law
rganization :
Delhi - 110031
: 2011
: Y
: Y
: Y
: N
: 50+
: 5+
: 2
udits done : 50+
5+
50+
0
0
: 0
: 0
: 0
: 0
cation : 2
: 3
e/proprietary):
Burp Suite Commercial
Nmap Freeware
Nikto Freeware
Sqlmap Freeware
W3af Freeware
HTTrack Freeware
Nessus Commercial
Metasploit Freeware
Nexpose Freeware
Brutus Freeware
MBSA Freeware
: No
23-Dec-19
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s VISTA InfoSec
1. Name & location of the empanelled Information Security Auditing Organization :
VISTA InfoSec,
001, North Wing, 2nd Floor, Neoshine House,
Opp. Monginis Factory, Link Road, Andheri (West), Mu
India.
2. Carrying out Information Security Audits since : 20
3. Capability to audit , category wise (add more if required)
Network security audit : (Y)
Web-application security audit : (Y)
Wireless security audit : (Y)
Compliance audits (ISO 27001, PCI, etc.) : (Y)
1 Pvt. K-Raheja
2 Pvt. KJSB
3 Pvt. SAASANT
5 Pvt. Xander
8 Pvt. USEReady
10 Pvt. Answer iQ
months
Project
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
ance Audit
92+
105+
30+
80+
dits :
4
8
3
1
urity qualification:PCI QSA, CRISC, CEH, OSCP
rsonnel : 61
ecurity audits in Government and Critical sector
ualifications related to
nformation security
CEH,
ISMS LA
PRISM
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Projects Volume Complexity Locations
A, ISMS LA
CISC
SA, CISSP
CEH
CEH
NA, CCNP
CEH
7001 LA,ITIL
oundation
O 27001 LA
O 27001 LA
O 27001 LA
s in Cyber Law
O 27001 LA
O 27001 LA
O 27001 LA
CEH
Parkar Consulting End to End Regulatory A prominent data analytics Pune, India & USA
compliance company
10. Outsourcing of Project to External Information Security Auditors / Experts: No (If yes,
arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : N
12. Whether organization is a subsidiary of any foreign based organization? : N
xploitdb” etc.
tails : No
nization? : No If yes, give details
: Yes
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Sify Technologies Limited
1. Name & location of the empaneled Information Security Auditing Organization:
Sify Technologies Limited.
2nd Floor, TIDEL Park, #4, Rajiv Gandhi Salai, Taramani, Chennai-600113
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. No. Name of Employee Duration with Experience in Qualifications related to
Sify Information Information security
Security
Organization:
nai-600113
: 2004
: (Y)
: (Y)
: (Y)
: (Y)
: (Y)
: (Y)
: 1
: 1
: 11
: 13
: 7
: 4
: 0
: 0
: 1
: 1
: 1
: 2
: 0
: 0
: 4
: 5
11. Whether organization has any Foreign Tie-Ups? If yes, give details : N
12. Whether organization is a subsidiary of any foreign based organization? : No
If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : Y
A Sify technology is headquartered in Chennai with sales offices Pan India, USA
Singapore.
*Information as provided by Sify Technologies Limited on2nd January 2020
Ba
lume, complexity, locations etc.) along with
Project Value
al
are/proprietary):
Linux, OWASP Zap
/ Experts : No
tails : No
ation? : No
: Yes
offices Pan India, USA, UK, Dubai and
anuary 2020
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Locuz Enterprise Solutions Ltd.
1. Name & location of the empaneled Information Security Auditing Organization:
Locuz Enterprise Solutions Ltd.401, Krishe Sapphire, Main Road, Madhapur, Hyderabad – 500081. P
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Qualifications related to
No. <organization> Information Security Information security
: August 2001
quired)
: Y
: Y
: Y
: Y
Months :
: 40
: 02
: 12
mation Security Audits done :
9
37
5
1
2
urity audits :
: 1
1 LAs : 2
: NIL
: NIL
ion security qualification : 12
nical Personnel : 15
Qualifications related to
Information security
re/proprietary):
ting
dows Kernel & malware detection
- Web server vulnerability scanner
Experts : No
tc.))
March 2017
Back
RT-In empanelled Information Security
Organization :
ddy Layout, Hulimavu
s
s
0
1
10 +
70+
6+
70+
+
0+
0+
0+
0+
Business Continuity Planning / Disaster Recovery Audit : 80+
CBS / Core / ERP Application Audits : 40+
Application & Data Migration Audits : 20+
Application Source Code Review : 160+
6. Technical manpower deployed for information security audits :
CISSPs : 03
BS7799 / ISO27001 LAs : 26
CISAs : 16
DISAs / ISAs : 01
Any other information security qualification :
CEH / CHFI : 38
BCMS/Las : 05
CISM : 05
CRISC : 03
OSCP : 01
OSCE : 01
OSWP : 01
Total Nos. of Technical Personnel : 57
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
As per the Annexure – A Manpower List Enclosed
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
1. Andhra Bank – Rs. 43,90,000/-
IS Audit of all IT Areas including VA & PT.
2. Dena Bank – Rs. 42 Lakhs Approx.
Continuous IS Audit, IS Audit of all IT areas & VA PT
3. LIC of India – Rs. 30 Lakhs Approx.
Online Scanning of Web Application, Web Application firewall
4. Allahabad Bank – Rs. 40 Lakhs Approx.
Online Scanning, Monitoring of, Anti phishing Attack
5. GNCTD - Delhi e-Governance – Rs. 45 Lakhs Approx.
Continues VA & PT of IT Assets and Applications.
6. Reserve Bank of India, HO Mumbai
I. Commercial Tools
1. Nessus Pro
2. FTK
3. N Case
4. Burp Suite Professional
PT
on firewall
ck
ox.
e/proprietary):
Experts : No
: No
on? : No
: NIL
2-2019
Back
Annexure
Details of technical manpower deployed for information security audits in Government and Critical sector organ
March, 2004
DISA, ACA.
DCS, CISA.
CISA, CISSP.
M. Tech, CEH
MA, PGDB – HR, ISO 27001 LA, ISO 9001 LA, ISO
14001 LA.
BE, CEH, ISO 27001 LA
BE, CEH
BE, CEH
BE, CEH
BE, CEH
BE, CEH
BE, CEH
M. Tech, CEH
BE, CEH
M.Tech, CEH
M.Tech, CEH
M.Tech, CEH
B.Tech, CEH
BE , CEH
B.Tech, CEH
B. Tech, CEH
BE, CEH
BE, CEH
BE, CEH
BE, CEH
BE, CEH
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s MAVERICK QUALITY ADVISORY SERVICES PRIVATE LIMITED
1. Name & location of the Empanelled Information Security Auditing Organization:
Maverick Quality Advisory Services Private Limited 123, Radhey Shyam Park, Sahibab
2. Carrying out Information Security Audits since : 20
3. Capability to audit, category wise (add more if required)
Network security audit (Y) : Yes
Web-application security audit (Y) : Yes
Wireless security audit (Y) : Yes
Compliance audits (ISO 27001, PCI, etc.) (Y) : Yes
Information security policy review and assessment against
best security practices (Y) : Yes
Information Security Testing (Y) : Yes
Process Security Testing (Y) : Yes
Internet Technology Security Testing (Y) : Yes
Communications Security Testing (Y) : Yes
Physical Access Controls & Security Testing (Y) : Yes
Software Vulnerability Assessment (Y) : Yes
Penetration Testing (Y) : Yes
Business Continuity Planning/Disaster Recovery Audit (Y) : Yes
4. Information Security Audits carried out in last 12 Months:
Govt. : 39
PSU : 11
Private : 55
Total Nos. of Information Security Audits done : 105
5. Number of audits in last 12 months, category-wise (Organization can add categories b
handled by them)
Network security audit : 3
Web-application security audit : 97
Software Vulnerability Assessment : 1
Mobile apps security audit : 4
Compliance audits (ISO 27001) : 23
6. Technical manpower deployed for information security audits:
CISSPs : 1
BS7799 / ISO27001 Las : 8
CISAs : 2
DISAs / ISAs : NA
Any other information security qualification :
CEH : 2
CISM : 1
Total Nos. of Technical Personnel : 13
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. MQAS Security Information security
CERT-In empanelled Information Security
g Organization:
ey Shyam Park, Sahibabad – 201005, UP
: 2005
: Yes
: Yes
: Yes
: Yes
Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
39
11
55
105
on can add categories based on project
3
97
1
4
23
1
8
2
NA
2
1
13
audits in Government and Critical sector
1 Ashok Vardhan Aug 2005 13 years ISMS LA
2 Vinit Maheshwari Aug 2005 15 years ISMS LA
3 Anand Sarup Jan 2012 21 years CISA, CISM
Bhatnagar
4 Raj Maheshwari Aug 2005 08 years ISMS LA
5 Sanjeev Gupta Oct 2015 06 years ISMS LA
6 G. Meenakshi Apr 2013 09 years ISMS LA
7 Alok Kumar Pandey Sep 2015 02 years CEH
Commercial Tools
Nessus Pro A free, powerful, up-to-date and easy to use remote security scanner.
Bac
lume, complexity, locations etc.) along with
hs Ten Thousand)
are/proprietary):
Experts : No
ract etc.))
tails : No
ation? : No
: No
es Private Limited on 24th December 2019
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s SecurEyes Techno Services Pvt. Ltd
1. Name & location of the empanelled Information Security Auditing Organization :
Organization Name:SecurEyes Techno Services Pvt Ltd., Registered Address:
3rd Floor, 3s, Swamy Towers, 51/27, outer Ring Road, Chinapanahalli, Marathahalli,
Urban, PIN 560037
Corporate Office:
4th Floor, Delta Block, Sigma Soft Tech Park , Whitefield Main Road, Varathur , Banga
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months , category-wise (Organization can add categories b
handled by them)
nce of CERT-In empanelled Information Security
Auditing Organization :
, Registered Address:
Chinapanahalli, Marathahalli, Bengaluru (Bangalore)
: 2006
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
- Yes
w - Yes
- Yes
- Yes
:
457
561
531
1549
anization can add categories based on project
Network security audit :
Application security audit :
Wireless security audit :
Governance, Risk & Compliance (ISO 27001, PCI, etc.) :
Business Continuity Review :
Incident Management Review :
Applications Control Reviews :
ATM Security audit :
Note: Some of the above audits may have been conducted for the same c
times/duration during the year.
10 SS 4M 6.10 CCNA
: 152
: 1487
: 2
ISO 27001, PCI, etc.) : 83
: 5
: 5
: 180
: 5
ve been conducted for the same client through different
dits : 30
01
26
06
52
10
02
01
07
101
ecurity audits in Government and Critical sector
s related to Information
O 27001, GCIH,
001
EH V8,
ISA, SANS
12 KPT 3Y 8M 5.70
13 SKK 5M 5.00
14 SD 3M 4.80
15 AAN 7M 4.60
16 AS 4Y 3M 4.40
17 NM 4Y 3M 4.40
19 TM 8M 4.10
20 SK 4M 4.00
21 SJ 2M 4.00
23 KKO 8M 3.80
24 APS 3Y 10 M 3.10
25 VS 7M 2.80
26 PSK 2 Y 10 M 2.10
27 VS 11 M 2.10
28 AP 2 Y 10 M 2.10
29 VK 1Y8M 1.90
30 DP 9M 1.70
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
The largest project handled in last year, was an end-to-end Information security and
management review for one of our large financial sectorcustomer. The details of the p
below:
Project Scope:
1. Assessment of Information Security & Business continuity Implementation from peo
perspective
2. Conduct a detailed review on effectiveness of the business continuity processes
3. Application security assessment for 25 large applications along with infrastructure review f
(including financial, & non-financial applications)
4. External/Internal vulnerability assessment
5. Social Engineering test to determine the IS awareness level among the employees.
6. Advanced Persistent Treat (APT) resilience test to determine the adequacy of the APT solu
7. Network Penetration testing of Internal and External Internet facing infrastructure
8. Vulnerability assessment covering production infrastructure including multiple Operating S
Databases, Mail Servers
9. Conducting user access control review for all platforms for critical production infrastructure
10. Assessment of Security Operation Centre (SOC) including review of coverage scope for SO
of rules defined for monitoring, implementation review of the SIEM solution and review
and standards pertaining to the SOC operation.
11. Assessment of Incident Management (IM) including review of policies, procedures a
to the IM operation; determining the adequacy of incident detection controls by conduct
controlled environment; evaluating the incident response under various scenarios; evaluating
incident response team.
12. Assessment of the network architecture, topology, network communication with third parti
13. Assessment of remote connectivity including VPN access.
14. Assessment of security appliances & solutions
15. Secure configuration review of firewalls, routers, switches, operating systems and databas
Organization.
16. Assessment of the Data Center and Disaster Recovery Sites.
17. Review of the process and monitoring adequacy of the Organization to comply with all loca
requirements.
Project Complexity:
This was a project for a financial sector client having large IT setup. The projec
assessment of technology, processes and people components for this critical sector orga
applications, infrastructure systems and networks were in the scope of the security ass
assessment included review of third-party interfaces which were implemented to en
multiple interested parties. The project required the assessment team to perform
and international best practices, compliance requirements and regulatory standards. T
33- man month project with the team carrying out assessments across locations.
Locations:
Middle-East
Project Value:
Rs. ~1.75 Crores
CEH V.10,CISC,CPH,CPFA
CEH V10
CEH V10
CEH
ISO 27001
ISO 27001
CEH V10
CEH
ECSA
ECSA
CEH V.10
IS027001, CEH,CCC-NIELIT
NO CERTIFICATIONS
IS027001, CEH
CEH V.10
CEH
in terms of scope (in terms of volume, complexity, locations etc.) along with
nancial sector client having large IT setup. The project covers a detailed
ocesses and people components for this critical sector organization. Large number of
stems and networks were in the scope of the security assessment. The
of third-party interfaces which were implemented to enable business across
The project required the assessment team to perform its review against local
ices, compliance requirements and regulatory standards. This was an approximately
he team carrying out assessments across locations.
Professional Version)
nal
ecurity reconnaissance)
03)
08)
ux)
QL, MySQL, Oracle, PostGRE SQL)
u Dhabi Airports Free Zone, PO Box: 2313, Abu Dhabi, United Arab Emirates
h, 12221-2713, KSA
: Approximately 35
: Approximately 40
: Approximately 5 Compliance audits (ISO 27001, PCI, etc.)
or informationsecurity audits:
: Approximately 15
: Approximately 25
: Approximately 70
mately 10 Any other information security qualification : Approximately 70
Freeware Tools:
a. Xprobe
b. Dnssecwalker
c. Tcpdump/tcpshow
d. Dsniff
e. Ettercap
f. Ethereal
g. Fping/ Hping
h. Queso
i. Nmap
j. SuperScan
k. Netwag
l. Firewalk
m. Q-Tip
n. SQLMap
o. Jack the Ripper
p. Crack 5.0a
q. NGS SQLCrack
r. HydraCain and Abel
s. Metasploit
The above list of tools is indicative.
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (If yes,
arrangement (MoU, contract etc.))
Not Applicable
*Information as provided by Deloitte Touche Tohmatsu India Limited Liability Partnership on
Ba
ed in terms of scope (in terms of volume, complexity, locations etc.) Along with
> 70000
500
100
50
25
10
udit Tools used ( commercial/ freeware/proprietary):
is indicative.
how
Abel
tools is indicative.
ernal Information Security Auditors / Experts: Yes/No (If yes, kindly indicate mode of
))
Back
Annexure
Details of technical manpower deployed for information security audits in Government and C
organizations:
S. Duration with Experience in
No. Name of Employee Deloitte Information
(Years) Security (Years)
1 Achal Gangwani 5.9 13.86
Qualifications related to
Information security
Bac
Professional
ISO 9001:2000 ; BS7799 LI ; ISO 27001
LA ; CISA ; CISM ; CISSP, PMP, CEH,
BS7799 LA, Info.
Security/ BS7799 LA, Info. Security/
BS7799 LI, BS7799 to ISO27001
Transition Certified, BCP/ DR Certified, BS
15000 RCB Auditor Examination (itSMF
Certified), ITSM/ BS15000 Certified LA,
ITSM/ BS15000 Certified LI, QMS/ ISO
9001:2000 Certified Lead Auditor, DSCI -
lead
assessor for privacy
Govt.
PSU
Private
Total Nos. of Information Security Audits done
5. Number of audits in last 12 months , category-wise (Organization can add categories base
them)
Network security audit : 50+
Web-application security audit : 1000+
Wireless security audit : 20+
Compliance audits (ISO 27001, PCI, etc.) : 10+
Mobile Application Security Audit : 1000+
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
1 TA 7+ 9+ -
2 AJ 3+ 4+ MSC Cyber Security,
CEH
3 AS 6+ 6+ B-Tech (Information
RT-In empanelled Information Security
rganization :
: 2013
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
: 5+>
: 5+
: 200+
udits done : 200+
50+
1000+
20+
10+
1000+
: 0
: 0
: 0
: 0
: 2+
: 25+
cation :
l
Network VAPT:
1.) Nessus Vulnerability Scanner 2.) Wireshark
3.) Cain &Abel
4.) Metasploit
5.) smbclient
6.) snmpenum
7.) enum4linux
8.) netcat
9.) nslookup
10.) Exploit codes from exploit.db
11.) Other Kali OS tools as per the vulnerability
Red-Team:
1.) Malicious USB
2.) TAC PhishInfielder (TAC’s tool) 3.) Payloads (Self-Created)
4.) Other tools in kali OS.
e/proprietary):
o (Commercial)
ls : No
zation? : No If yes, give details
: No
12/2019
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s TATA Communications Ltd
1. Name & location of the empanelled Information Security Auditing Organization :
TATA Communications Ltd,
C-21 and C-36, G Block, Bandra Kurla Complex Mumbai 400
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
1 Mohan Dass 9 years 14 years CHFI,CEH,CISSP
2 Rajaguru GS 8 years 11 years ITIL,QCS
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Network security Audit for of one of the largest Airline logistics company covering dat
and UK. The total deal value is INR 1,65,00,000 for Network and Security audit.
Auditing Organization :
,
andra Kurla Complex Mumbai 400098
: 2008
: Y
: Y
: Y
: Y
:
: 3
: 8
: 175
done : 186
186
7
0
0
dits :
: 6
: 9
: 4
on:CEH,GCIA, GCIH,CISM,CHFI
: 150+
ations related to
ation security
EH,CISSP
CS
ms of volume, complexity, locations etc.) along with
al/ freeware/proprietary):
uditors / Experts : No
on 27-Mar-2017
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s CyberRoot Risk Advisory Private Limited
1. Name & location of the empanelled Information Security Auditing Organization :
CyberRootRisk Advisory Pvt. Ltd.
023, 5th Floor, Tower A, Emaar Digital Greens, Sector 61, G
Haryana
2. Carrying out Information Security Audits since : 20
3. Capability to audit , category wise
Network Security Audit : Yes
Web Application Security Audit : Yes
Wireless Security Audit : Yes
Physical Access Control & Security Testing : Yes
Web Application Source Code Review : Yes
Mobile Application Audit : Yes
Configuration Audit : Yes
Cyber Forensics Investigation : Yes
Penetration Testing : Yes
4. Information Security Audits carried out in last 12 Months:
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
7. Details of technical manpower deployed for information security audits in Government and
organizations
S. Name of Employee Duration with Experience in Qualifications related to
No. CyberRoot Risk Information Security Information security
Advisory Pvt. Ltd.
1 Vibhor Sharma 5 years 9 years ISMS LA
2 Chiranshu Ahuja 5 years 9 years ISMS LA, CCCSP,
CCNA, CCNA Security
CERT-In empanelled Information Security
g Organization :
td.
igital Greens, Sector 61, Gurugram - 122102,
: 2013
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: 5
: 2
: 47
: 54
: 3
: 57
: 2
: 1
: 1
: 50+
: 0
: 2
: 0
: 0
: 17
: 31
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Web Applications, Network Audit and Software Audit including Configuration & Database
clothing and retail chain in Asia-Pacific Region with scope of 50 servers, 15 switches, 1 F
Routers, 180 Laptops, 406 Workstations, 419 POS Devices, 460 iPhone/iPad and 6 Web A
CMS and Intranet
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Commercial:
Burp Suite
Acunetix
Freeware:
Wireshak
RIPS
NexPose
Nmap
Metasploit scanner
Sparta
OWASP ZAP
Cookie Manager
W3AF
Netstumbler
Kismet
Hydra
Cain & Abel
Tamper Data
Net Sparker
Nikto
DirSearch
Hamster
Sqlmap
SET
Ettercap
.Net Reflector
NetStumbler
Brutus
BackTrack OS
Kali Linux OS
Proprietary:
Script to test for Administrative privileges granted to web application
Script to test for CSRF
Other scripts for verification of vulnerabilities
10. Outsourcing of Project to External Information Security Auditors / Experts : N
11. Whether organization has any Foreign Tie-Ups? If yes, give details : N
12. Whether organization is a subsidiary of any foreign based organization? : N
13. Locations of Overseas Headquarters/Offices, if any : N
*Information as provided by CyberRoot Risk Advisory Pvt. Ltd. on 21-Dec-2019
Bac
olume, complexity, locations etc.) along with
ware/proprietary):
to web application
rs / Experts : No
etails : No
anization? : No
: No
. on 21-Dec-2019
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Robert Bosch Engineering and Business Solutions Private Limited
1. Name & location of the empanelled Information Security Auditing Organization :
Robert Bosch Engineering and Business Solutions Priv
Industrial Layout, Hosur Road
Koramangala, Bangalore-560095
2. Carrying out Information Security Audits since : 20
3. Capability to audit , category wise (add more if required)
Network security audit (Y)
Web-application security audit (Y)
Wireless security audit (Y)
Compliance audits (ISO 27001, PCI, etc.) (Y)
Internet of Things- IoT (Y)
Embedded System (Y)
Mobile Security Assessment (Y)
Security Risk Assessment (Y)
4. Information Security Audits carried out in last 12 Months :
Govt. : None
PSU : None
Private : 65
Total Nos. of Information Security Audits done : 0
: 0
: 1
: 0
: 0
:
: 50
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Duration with Experience in Qualifications related
RT-In empanelled Information Security
d
rganization :
usiness Solutions Private Limited No: 123,
: 2014
(Y)
(Y)
(Y)
(Y)
(Y)
(Y)
(Y)
(Y)
: None
: None
: 65
: 0
3
40
12
3
0
4
4
10
0
1
0
0
50
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value
Largest Project Volume Complexity Project Value
Global Customer External and High Confidential
Enterprise network and Internal Network
application security Wireless NAC
assessment (Grey Box 15+ web application
model)
Bac
me, complexity, locations etc.) along with
e/proprietary):
perts : No
ct etc.))
ls : No
zation? : Yes
owned subsidiary of Robert Bosch GmbH.
: Yes
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Qseap InfoTech Pv.t Ltd.
1. Name & location of the empanelled Information Security Auditing Organisation :
Snapshot of skills and competence of CERT-In empanelled Information Security Auditin
: NOV 2011
uired)
: YES
: YES
: YES
: YES
: YES
: YES
10+
50+
1
2
10+
40+
urity audits :
1
6
1
1
40
17
46
112
mation security audits in Government and Critical sector
S. Duration Experience in Qualifications related to
No with Qseap Information Information security
Name of Employees
Security
ISO 27001 LA
PCIDSS Implementer MSc in
8 Ajita Haridas Gawai 2+ 6
Network Systems Engineering
19 GibinReji 2 2 BE EXTC
ISO 27001 LA
Professional Software Testing
20 Onkar Ghadge 2 2+
Specialist
BE in IT
21 Vishnu s. Chandran 2 2 CISEH
BE in IT
CCNA ECSA.v10 BE in EXTC
22 Tanveer Shaikh 2 2+
ISO 27001 LA
CISEH CPTE
26 Karan Sawant 2 2+
BE in EXTC
CCNA CCNP
31 Shahnawaz Shaikh 2 2 BE EXTC
CEH
Certified Professional Jaya
44 Ajay Jayram Doke 1.5 2
Specialist
BE (computer)
45 Aniket Ashok Doke 1.5 1.5 CEH
BE in EXTC
CISEH CPTE
PHP with MySQL BSc in IT
46 Jayshree PappuAhirrao 1.5 1.5
CEH
MSc. in IT BSc. In IT
55 Apoorva Satish Phatak 1.3 1.2
CISEH CPTE
96 Suraj Kalamkar 4 Months 1.5 BSc in IT
Engineering
CISC CEH
111 Ryan Nisar Pathan 4 Months 2+ BE in EXTC
CEH CISC
112 UzaifKotmire 3 Months 2+ BE in EXTC
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
value.
S.No Activity Scope Complexity Location
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Burbsuit, Nessu
itors / Experts : NO
c.))
details : YES
rganization? : No
: NO
d on 23rd December 2019
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Yoganandh & Ram LLP
1. Name & location of the empanelled Information Security Auditing Organization
Yoganandh & Ram LLP
G-1, SHREE VISHNU APARTMENTS, #12, 12TH CROSS STREET, DHANDEESWARAM N
CHENNAI – 600 042
: September-2009
d)
: YES
: YES
: YES
: YES
ment Security Audit : YES
: YES
sessment : YES
ulation & Assessment : YES
: YES
Analysis : YES
CI, CCA, IRDA, CRA, etc.) : YES
ent : YES
n : YES
ths
31
17
47
95
rganization can add categories based
25
56
0
27
3
1
13
3
2
2
4
4
BCP Policy Formation & Assessment :
BCP DR Testing & Implementation :
CISSPs :
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, loca
project value.
IT Security Audit for one of the leading Banks in India
1. Scope inclusive of
a. Vulnerability Assessment for over 200 Servers,
b. Web Application Penetration Testing of Internet & Mobile Banking Applications,
c. CBS Application Review,
d. Policy Assessment,
e. Application security Assessments,
f. ATM Switch Review,
g. Physical and Environmental Audit.
10. Outsourcing of Project to External Information Security Auditors / Experts(If yes, kindly
arrangement (MoU, contract etc.) : No
11. Whether organisation has foreign Tie – Ups? If yes, given details : N
12. Whether organization is a subsidiary of any foreign based organization?: N
If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : N
*Information as provided by Yoganandh & Ram LLP on 23 rd December 2019
Ba
1
1
6
9
1
1
1
1
14
2
3
1
1
1
1
1
19
ity audits in Government and Critical sector organizations (attach Annexure if required) : As per Annexure-1
,
& Mobile Banking Applications,
rcial/ freeware/proprietary):
y Auditors / Experts(If yes, kindly indicate mode of
No
en details : No
ed organization?: No
: No
n 23 rd December 2019
Back
Annexure
Sl.No Name of Employee Duration with Experience in
organization Information
Security
1 T Manoj Kumar Jain 13 Years 9 Years 2 Months
CISA
CISA
CISA
CISA,LA-QMS-ISO 9001:2015
LA-BCMS-ISO 22301:2012
LA-ITSM-ISO/IEC 20000-
1:2011
LA-ISMS-ISO/IEC
27001:2013,
Investigation Basics
CISA, CISM
CISA
CISA
CISA
CISA
Sl.No Name of Employee Duration with Experience in
organization Information
Security
Vignesh 6 Months 6 Months
19
Ba
Qualifications related to
Information security
Govt.
PSU
Private
Total Nos. of Information Security Audits done
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. No. Name of Employee Duration with Experience in Qualifications related to
Indusface Pvt Information Security Information security
Ltd.
Organization :
ujarat, India.
: 2012
Y
Y
N
N
: 100+
: 300
: 500+
Audits done : 1000+
1000
+
1000
+
500+
500
50
NA
NA
: 0
: 0
: 0
: 0
ification : 2
3 CHFI, 2 CCNA
: 33
12
Rahul Kshirsagar 5 Years 5 Years CEH
13
Rahul PK 4.6 Years 6 Years ECSA
Rajdeep Murde 1.6 Years 3.9 Years CEH, OSCP
14
26
Suresh Kumar 0.2 Years 3 Years
27
Sneha Nair 0.2 Years 0.2 Years
Akansh Jathan 0.3 Years 0.9 Years CISP, CPFA
28
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
1. Indusind Bank - 500 Man days PO, which contain Web App, Mo
audits. Location is Mumbai
2. NSDL – 2 full time resource PO, which contain WebApp and Mobile A
Vadodara and Mumbai
9. List of Information Security Audit Tools used( commercial/ freeware/proprietary):
1. Burp Suite – Commercial
2. AppTrana – Proprietary
10. Outsourcing of Project to External Information Security Auditors / Experts : No
( If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : N
12. Whether organization is a subsidiary of any foreign based organization? : No
If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : Y
611, Gateway Blvd Suite 120,
South San Francisco,
CA- 94080
United States of America.
*Information as provided by Indusface Pvt Ltd on 23rd December 2019
Ba
ume, complexity, locations etc.) along with
re/proprietary):
xperts : No
act etc.))
ails : No
ion? : No
: Yes
r 2019
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Haribhakti & Company LLP, Chartered Accountants
1. Name & location of the empanelled Information Security Auditing Organization :
Haribhakti & Co. LLP
2. Carrying out Information Security Audits since : 20
3. Capability to audit , category wise (add more if required)
Network security audit (Y/N) : Yes
Web-application security audit (Y/N) : Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
IT General Controls Review : Yes
Vulnerability Assessment/Penetration Testing : Yes
Cyber Security Awareness Workshop for Board Member
and Senior Members of Management : Yes
Application/ERP Post implementation Review : Yes
SAP – configuration controls review for various modules like Finance and Costing, Material M
Distribution, Production planning and Quality Management, Human Resource,
Use access entitlement review, SAP Basis : Yes
Cloud Security Review : Yes
Data Privacy Review : Yes
Data Migration Audit : Yes
Digital Forensic Review : Yes
Data Analytics : Yes
Data Privacy Review : Yes
:
:
:
:
:
6. Technical manpower deployed for informationsecurity audits :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
nce of CERT-In empanelled Information Security
Auditing Organization :
: 2000
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
Finance and Costing, Material Management, Sales and
uman Resource,
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
:
: 0
: 0
: 16
: 16
11
3
0
0
14
its :
0
3
5
2
Any other information security qualification
Total Nos. of KeyTechnical Personnel
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Comme
ls : No
zation? : No If yes, give details
: No
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Madhya Pradesh Agency for Promotion of Information Technology (MAP_IT)
1. Name & location of the empanelled Information Security Auditing Organization :
Madhya Pradesh Agency for Promotion of Informa
(MAP_IT)
47/A State IT Center, Arera Hills Bhopal, Madhya Prad
Govt. :
Security Audits Completed , 38 Security Audits in Progress
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months , category-wise (Organization can add categories b
handled by them)
Network security audit : 0
Web-application security audit : 81
(43 Security Audits Completed, 38 Security Audits in progress)
Wireless security audit : 0
Compliance audits (ISO 27001, PCI, etc.) : 0
Technology (MAP_IT)
Auditing Organization :
cy for Promotion of Information Technology
: January 2013
: Y
: Y
: N
: N
: Y
: Y
: Y
: Y
:
43
0
0
81
ganization can add categories based on project
: 0
: 81
rogress)
: 0
: 0
dits :
0
5
0
0
3
7
ecurity audits in Government and Critical sector
ons related to
No. Employee MAP_IT Information Security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
MP Power Transmission Company Limited
Project consists of 7 different modules which were audited in different phases Comple
Location: Jabalpur Volume:7 Modules
No. of Static Pages in the application: 745 No. of Dynamic Pages in the application:68
Available
ISMS LA
ISMS LA
ISMS LA, CEHv10, CISA(Exam)
CIISA, CEHv10
CCIE-Security
ISMS LA, CCNA-Security IINS,
Fortinet Network Security
Expert
Nessus VM,ISMA LA, CEHv8
erms of scope (in terms of volume, complexity, locations etc.) along with
ny Limited
modules which were audited in different phases Complexity: Medium
odules
cation: 745 No. of Dynamic Pages in the application:680 Project Value: Not
ZAP
,Nessus
Back
skills and competence of CERT-In empanelled Information Security
ganisation
: 7
Web-application security audit :
Compliance audits (ISO 27001, PCI, etc.) :
VAPT :
IT security audit :
Application Security Audit :
Regulatory audits :
Cyber Security :
Vendor Risk Assessment :
6. Technical manpower deployed for informationsecurity audits :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
CISM :
CRISC :
IS22301 :
CEH :
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with ANB Experience in Information Qualifications related to
No. Security Information security
1 NirmaVarma 18 Years and 20 years and 02 months • CISA
11 Months • BS7799LA
• ISO 22301 IA
fications related to
mation security
A
7799LA
22301 IA
A
27001:2013 LA
A
SC
27001:2013
22301:2012
27001:2013 LA
A
27001:2013
22301:2012
H
SP
22301:2012
27001:2013 LA
27001:2013
22301:2012
27001:2013
H
A
27001:2013
22301:2012
A
A
27001:2013
S. Name of Employee Duration with ANB Experience in Information
No. Security
• CISA
• ISO 27001:2013
• ISO 22301:2012 IA
• CISA
• ISO 27001:2013
• ISO 22301:2012
• CISA
• ISO 27001 LA
• CISA
• ITIL
• ISO 27001:2013
• ISO 22301:2012
• CISA
• CISSP
• ISO 27001:2013 LA
• ISO 22301:2012 IA
• ISO 22301:2012 IA
• CEH
• CISA
• ISO 27001:2013 LA
• CISA
• CISM
• ISO 27001:2013
• ISO 22301:2012
• ISO 27001:2013 LA
• CEH
• ECSA
• ISO 27001:2013
• ISO 22301:2012
• CISA (Associate)
• CEH
• DISA
• CEH
• ISO 27001:2013
• ISO 22301:2012
• CISA
• ISO 27001:2013
• ISO 22301:2012
• CISA
• ISO 27001 LA
• CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
1. For one of leading mutual fund in India conducted:
Vulnerability assessments for more than 100 system (oper
databases, network devices)
Application Audit of more than 10 applications
Vendors audits at associated registrar and transfer, fund accounting
providers
Information and Cyber Security Audit
2. For one of the leading clearing corporation in India conducted:
IT General Control and Datacenter operations Audit
Vulnerability assessment of more than 300 systems & penetration testing on
components
Reviewing configuration of network components such as router, firewall
Physical and Environmental verification.
Operations and Management Process and Control Audit
Application Audit of more than 20 applications
1 Freeware Nmap
Snmp Walk
Metasploit
Cookie Editor
Echo Mirage
Winhex
Kali Linux Framework
Wireshark
APK Analyser
SQLMAP
Dirbuster
OWASPZAP
VAMT
a conducted:
or more than 100 system (operating systems,
10 applications
egistrar and transfer, fund accounting and custodial service
y Audit
ation in India conducted:
rations Audit
300 systems & penetration testing on the identified external
rovider performed
ations
ercial/ freeware/proprietary):
y : No
mited> on <23 rd
December 2019>
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s BDO India LLP
1. Name & location of the empaneled Information Security Auditing Organization:
Name - BDO India LLP
Location – Corporate Office - The Ruby- Level 9, NW Wing, Senapati Bapat Marg, Dadar West, Mum
BDO India has office across 10 cities – Ahmedabad, Bengaluru, Chennai, Hyderabad, Goa, Kochi, Ko
Delhi-Gurugram and Pune
2. Carrying out Information Security Audits since : 2013
Govt. : 5 Approximately
PSU : 10 Approximately
Private : 20 Approximately
Total Nos. of Information Security Audits done : 40 Approximately
5. Number of audits in last 12 months, category-wise (Organization can add categories based o
them)
Network security audit : 5 Approximately
Web-application security audit : 15 Approximately
Wireless security audit : 5 Approximately
Compliance audits (ISO 27001, PCI, etc.) : 10 Approximately
: 2013
equired)
: Yes
: Yes
: Yes
) : Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
ng : Yes
2 Months:
5 Approximately
10 Approximately
20 Approximately
40 Approximately
se (Organization can add categories based on project handled by
5 Approximately
15 Approximately
5 Approximately
10 Approximately
ecurity audits:
0
7+
5
5+
10
50+
mation security audits in Government and Critical sector organizations
S. Name of Employee Duration with BDO Experience in
No. India LLP Information Security
LA ISO 27001:2013(BSI),
LA ISO 9001:2015(BSI),
CISA, CEH, CHFI, MCTS
CEH
LA ISO 27001:2013
Offensive Security Certified
Professional (OSCP), CEH,
CISEH
ISO 27001 LA
CEH, ACE
CEH
NASSCOM analyst
application security
CISA, CEH, ISO27001
ACE, CEH, CHFI
ISO 27001 LA
pe (in terms of volume, complexity, locations etc.) along with project
eview
B logs in the Systems
g
ation Security Infrastructure review
Configuration review of operating system & critical devices
Information security governance & process review
Audit of data centre & offices
3 CrypTool
4 cURL
5 Exploits
6 Fscan
7 Elza
8 Fragrouter
9 HPing
10 ISNprober
11 ICMPush
ite
Audit Tools-Freeware
Description
A tool designed for testing the security of Web Applications.
A Windows GUI brute-force tool for FTP, Telnet, POP3, SMB,
HTTP, etc.
A Cryptanalysis Utility
Curl is a tool for transferring files with URL syntax, supporting FTP, FTPS,
HTTP, HTTPS, GOPHER, TELNET,
DICT, FILE and LDAP
A password cracker
NTLM/Lanman password auditing and recovery application
14 Tenable Nessus
15 Netcat
16 NMAP
17 p0f
18 Pwdump
20 HELIX3
21 FTK
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No : No If yes,
E-mail: globaloffice@bdo.globalOffice phone number +32 2 778 01 30*Information as provided by - BDO India L
Ba
A free, powerful, up-to-date and easy to use remote security scanner. This
tool could be used when scanning a large range of IP addresses, or to verify
the results of manual work.
The swiss army knife of network tools. A simple utility which reads and
writes data across network connections, using
TCP or UDP protocol
Tools that grab the hashes out of the SAM database, to use
with a brute-forcer like L0phtcrack or John
er organization is a subsidiary of any foreign based organization? : Yes/ No : No If yes, give details
aloffice@bdo.globalOffice phone number +32 2 778 01 30*Information as provided by - BDO India LLP on 23rd December 2019
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s CMS IT Services Pvt Ltd
1. Name & location of the empaneled Information Security Auditing Organization :
CMS IT Services Pvt. Ltd. (236,92/1A, Konappa Agrahara, Benkataadri Tech Park, E
Bengaluru, Karnataka 560100)
2. Carrying out Information Security Audits since :
<2015>
3. Capability to audit, category wise (add more if required)
Network security audit : (YES)
Web-application security audit : (YES)
Wireless security audit : (YES)
Compliance audits (ISO 27001, PCI, etc.) : (YES)
Security Operation Audit : (YES)
IT Services (ITIL) Processes Audit : (YES)
Asset Management processes Audit : (YES)
Infrastructure Security Audit : (YES)
4. Information Security Audits carried out in last 12 Months :
Govt.
PSU
Private
Total Nos. of Information Security Audits done
Organization :
Benkataadri Tech Park, Electronic City, Phase I,
: (YES)
: (YES)
: (YES)
: (YES)
: (YES)
: (YES)
: (YES)
: (YES)
: 1
: 3
: 8
udits done : 12
2
2
0
8
0
3
2
<0>
15+
20+
udits in Government and Critical sector
CompTIA Security+ , CEH- V11
: No
tion? : No If yes, give details
: No
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Esec Forte Technologies Pvt Ltd
1. Name & location of the empaneled Information Security Auditing Organization :
M/S ESEC FORTE® TECHNOLOGIES PRIVATE LIMITED
Registered Address:
DELHI: A-2/10, A-2 Block, Rohini Sector- 5, New Delhi – 110085
:
:
:
:
:
:
:
:
:
Govt. : 5+
PSU : 5+
Private : 50
Total Nos. of Information Security Audits done : 50
quired)
Months :
<2011>
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
(Yes)
: 5+
: 5+
: 50+
Audits done : 50 +
<20+>
<20+>
<5+>
<5+>
<5+>
<10+>
rity audits :
: <1>
: <3>
: <1>
: <2>
: <>
alification:
CEH : <20+>
PCI QSA : <1>
CHFI : <1>
CDFE : <1>
CTIA : <1>
ECIH : <1>
Others : <20+>
Total Nos. of Technical Personnel : 60+
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Duration with Experience in Qualifications related to Information security
No. Employee <eSec Forte Information
Technologies> Security
1 Sachin Kumar 2011 14 Years CISSP, PCI QSA, CEH, CDFE, ISO
27001,Nexpose Certified Administrator,
Metasploit Certified Administrator,B.Tech
Bac
20+>
1>
1>
1>
1>
1>
20+>
0+
udits in Government and Critical sector
are/proprietary):
Experts : No (If yes, kindly provide
ails : Yes
es such as Tenable, AccessData, Cato Networks,
ucts.
involved in Pre-Sales, Implementation and Post-
ion? : No
: Yes
94 P: +65 31650903
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Finest Minds Infotech Private Ltd
1. Name & location of the empanelled Information Security Auditing Organization :
Finest Minds Infotech Private Ltd. #90, 2nd Floor, 17th c
Layout, Bangalore-560102
g Organization :
Ltd. #90, 2nd Floor, 17th cross, 14th Main, HSR
: 2016
: Y
: Y
: N
: Y
: 01
: 01
: 13
: 15
06
20
00
05
00
02
00
00
05
15
audits in Government and Critical sector
4 Mridul Mundhra 1 Years 2 Years M.TECH
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No ( If yes
oversight arrangement (MoU, contract etc.))No
*Information as provided by Finest Minds Infotech Pvt Ltd on 03rd December 2017
Bac
olume, complexity, locations etc.) along with
ware/proprietary):
Govt.:<number of> - 7
PSU:<number of> - 8
Private:<number of> - 23
Total Nos. of Information Security Audits done : 38
CISSPs:<number of> -
BS7799 / ISO27001 LAs:<number of> -
CISAs:<number of> -
DISAs / ISAs:<number of> -
Any other information security qualification:<number of> -
(Masters in InfoSec, BSc (IT) & Diploma InfoSec)
Total Nos. of Technical Personnel : 5
7. Details of technical manpower deployed for information security audits in Governme
organizations (attach Annexure if required)
S. Name of Duration with Experience in Qualifications related to
No. Employee <organization> Information Information security
Security
1 Ms. Tasneam P 11+yrs. 15+yrs. CISA, ISO27001 LA, Dip in
Cyber Law
2 Mr. Kirankumar Patel 2.5yrs. 2.5yrs. Masters in Information Security
- 7
- 8
- 23
Audits done : 38
11
22
4
6
delines: <number of> - 2
urity audits:
0
3
2
0
2
ploma InfoSec)
: 5
nformation security audits in Government and Critical sector
tions related to
ion security
s of Science
tion Technology),
InformationSecurity
nt
in Information Security
S. Name of Duration with Experience in
No. Employee <organization> Information
Security
Fernandes
6 Mr. Prakash D’Silva 7+yrs. 7+yrs.
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Universal Sompo General Insurance–
o Vulnerability Assessment and Penetration Testing of
Security devices – 9
Network Devices – 13
Wireless Network Devices – 11
Databases – 19
Servers – 39
Internal Web Applications – 8
External Web Applications – 18
Penetration Testing of External IP addresses – 10
o Assess the IT Infrastructure from information security perspective
o Document the hardening guidelines as per IRDAI requirements.
ISO27001 LA
ed in terms of scope (in terms of volume, complexity, locations etc.) along with
po General Insurance–
ssessment and Penetration Testing of
es – 9
es – 13
ork Devices – 11
9
pplications – 8
Applications – 18
sting of External IP addresses – 10
nfrastructure from information security perspective
hardening guidelines as per IRDAI requirements.
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Qualifications related to
No. Kochar Consultants Information Information security
Security
rganization :
ed - Mumbai
: 2005
Yes
Yes
Yes
Yes
Yes
Yes
: Nil
: Nil
: 30+
udits done : 30+
1
2
5
40+
1
25+
2
4
: Nil
: 5
: 9
: 2
cation : Nil
: 12
Sr. Activities
1 Reviewing and carry out necessary changes of Standard Operating Procedure (SOP) for all the departments of
the organization as per latest ISO 27001:2013 standards for its improvement.
2 Review and carry out necessary changes of Information Security Policies / procedures / Plans / Risk Management
report / Guidelines etc. and its implementation.
3 Carry out Internal audit for each department and effectiveness of controls implemented based on scope defined
on ISO 27001:2013 standards
4 Review implementation of Cyber security policy and implementation of SEBI guidelines
5 Vulnerability Assessment and Penetration Testing (VA & PT).
6 Reviewing and updating BCP, DRP for new changes, if any and Provide BCM training to all employees.
7 Meeting each department for review of BIA and carry out changes in BIA as per the requirement.
Carry out Internal audit for each department and effectiveness of controls implemented as per TOR of SEBI
8 circular CIR/CDMRD/DEICE/01/2015 dated November 16, 2015, excluding VA & PT.
9 Review of observations reported during audit reports (ISO 27001:2013 and Annual System Audit), and actions
taken for the recommendation, if any and submit closure report.
10 Presentation of audit findings with recommendations to the Management along with its compliance status.
departments of
/ Risk Management
on scope defined
loyees.
nt.
TOR of SEBI
ance status.
e/proprietary):
ction
xperts : No ( If yes, kindly provide
ls : No
zation? : No If yes, give details
: No
Limited - Mumbai> on
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Larsen & Toubro Infotech Ltd
1. Name & location of the empanelled Information Security Auditing Organization :
LTI (A Larsen & Toubro Group Company)
L&T House,
Ballard Estate, Mumbai 400 001, India
Govt.
PSU
Private
Total Nos. of Information Security Audits done
: 6
: 50+
: 10+
: 4
: 0
: 2
: 2
: 7
: 2
: 0
: 1
: 24
: 2
: 11
: 1
: 1
: 13+
: 170+
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
S. Name of Employee Duration Experience in Qualifications related to Information security
No. with LTI
CERT-In empanelled Information Security
Organization :
Company)
ndia
: 2012
Yes
Yes
Yes
Yes
Yes
Yes
: 10+
: 0
: 62+
Audits done : 72+
ISSPs
6
50+
10+
4
0
2
2
7
2
0
1
24
2
11
1
1
13+
170+
audits in Government and Critical sector
Information
Security
Pavankumar 3 years CISA, ISO 27001 LA, CEH, Certified
1 Shukla 12 years Qualys Guard Specialist, IBM QRadar SIEM
Certified
Nath Dibya Ranjan 3 years COBIT5, ISO 27001 LA, CEH v8, ECIH,
ITIL, Prince2, Privacy and Data Protection
(PDPF), PCI DSS v3.2 Implementation,
2 8 years
Certified Sarbanes
Oxley Expert (CSOE), IBM QRadar, Qualys
Guard Certified Specialist
3 Pradeep 3 years 11+ years OSCP, ISO 27001 LA, CEH, CCNA
Mahangare
4 Hartley John Dow 1 year 25 years MCSE, CCNP, CISSP
5 Rajesh Sharma 11 months 8 years ISO 27001 LA, CEH, CHFI, MCP
24 Deshpande Amar 11 months 4 years CEH, Splunk Power User, Cyber Law
Shishir
25 Bhandari Shahbaz 7 months 2.2 years CEH
A
26 Avugadda 1+ years 3.5 years CCNA R&S
Venkatesh
27 Chanda Chiradip 1 year 4.5 years MCSA
28 Rahul Rane 4 months 9.10 years Palo Alto CNSE, CCSA, CCSE, CCNA
Sec
29 1 month 13+ years ArcSight Certified Security Analyst (ACSA),
Check Point Certified Security Expert (CCSE),
Jitendra Chaudhari Qualys Vulnerability
Management, Cisco Certified Security
Professional (CCSP)
30 Mahaldar Salman 1+ years 9+ years CCIE Security, PALO ALTO ACE
Qasim
31 Rakesh Shirsat 1+ years 11 years CCNA, CCNP, Cisco ASA, Palo Alto ACE, ITIL V3
Leading Insurance Web and Mobile Apps Business critical Remotely (Mumbai) USD 65K
company in Europe Insurance
applications used by
end users
One of the leading Banking application Test in-line with PCI Onsite from client USD 16k
bank in middle east standard location (Middle East)
Leading Financial Web applications and Business critical Remotely (Mumbai) USD 35K
Services Technologies Infrastructure Security products, Internal
in Canada and External assets
Multi-industry company Web applications and Penetration testing Remotely (Mumbai) USD 15K
supporting as per OWASP and
infrastructure pen test PCI
Standards
Leading Insurance Dynamic application Focus on protecting Remotely (Client USD 84K
company in US security test in SDLC the insurance ODC)
information for
Business critical
application
Government body of Application security Business critical Remotely (Client INR 2.7 MN
India assessment application for Govt. ODC)
of India
Freeware: WireShark, Nmap, Kali Linux, Metasloit, OpenVas, THC Hydra, John The Rippe
Nikto, Fiddler, Dirbuster, SQLMap, CSRFtester, SSLscan, Fiddler, Eco Mirage etc.
e/proprietary):
p Suite Pro, Checkmarx, QualyGuard, HP Fortify
Experts : No
n 4th Dec 2017
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Mirox Cyber Security & Technology Pvt Ltd.
1. Name & location of the empanelled Information Security Auditing Organization :
Mirox Cyber Security & Technology Pvt Ltd4th Floor Nila Technopark Trivandrum
Auditing Organization :
th Floor Nila Technopark Trivandrum 695581 Kerala India Phone +91 471 4016888 , 4000545 Mobile 9995199499Email - rb@miroxindia.com Email-
: Since 2010
: Yes
: Yes
: Yes
: YES
on Testing) : YES
Testing) : YES
enetration Testing) : YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: YES
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
:
18
3
60
81
anization can add categories based on project
: 10
Application security audit & assessment :
Penetration Testing :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
Mobile Applications :
IOT & Device Audit :
ERP Audit :
Database Security Audit :
Security Architecture Review :
Threat Assessment :
Social Engineering Test :
Cyber forensic Analysis :
Risk Assessment :
Infrastructure Security Audit :
Electronic Security Audit :
1
1
1
10
6
15
dits in Government and Critical sector
10 Vishnu 1 1 CEH, Security Certified
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Done the largest Infrastructure Security Audit and Assessment more than 50
Enterprise UTM/IDS/IPS/SIEM/ Routers and other related IP based devices etc.
company and Kerala State Government SECWAN
Done The Security Testing for World's 3rd largest image and video content p
Enterprise. Its owned and stock more than 100 millions video and image conten
1 Acunetix Licensed
2 Nessus Licensed
3 SE-SMSer Opensource
4 acccheck opensource
5 ace-voip opensource
6 Amap opensource
7 arp-scan opensource
8 Automater opensource
9 bing-ip2hosts opensource
10 braa opensource
11 CaseFile opensource
12 CDPSnarf opensource
13 cisco-torch opensource
14 Cookie Cadger opensource
15 copy-router-config opensource
16 DMitry opensource
17 dnmap opensource
18 dnsenum opensource
19 dnsmap opensource
20 DNSRecon opensource
21 dnstracer opensource
22 dnswalk opensource
23 DotDotPwn opensource
24 enum4linux opensource
25 enumIAX opensource
26 EyeWitness opensource
27 Faraday opensource
28 Fierce opensource
me, complexity, locations etc.) along with
e/proprietary):
ensed
29 Firewalk
30 fragroute
31 fragrouter
32 Ghost Phisher
33 GoLismero
34 goofile
35 hping3
36 ident-user-enum
37 InSpy
38 InTrace
39 iSMTP
40 lbd
41 Maltego Teeth
42 masscan
43 Metagoofil
44 Miranda
45 nbtscan-unixwiz
46 Nmap
47 ntop
48 OSRFramework
49 p0f
50 Parsero
51 Recon-ng
52 SET
53 SMBMap
54 smtp-user-enum
55 snmp-check
56 SPARTA
57 sslcaudit
58 SSLsplit
59 sslstrip
60 SSLyze
61 Sublist3r
62 THC-IPV6
63 theHarvester
64 TLSSLed
65 twofi
66 URLCrazy
67 Wireshark
68 WOL-E
69 Xplico
70 BBQSQL
71 BED
72 cisco-auditing-tool
73 cisco-global-exploiter
74 cisco-ocs
75 cisco-torch
76 copy-router-config
77 DBPwAudit
78 Doona
79 DotDotPwn
80 HexorBase
81 Inguma
82 jSQL
83 Lynis
84 Nmap
85 ohrwurm
86 openvas
87 Oscanner
88 Powerfuzzer
89 sfuzz
90 SidGuesser
91 SIPArmyKnife
92 sqlmap
93 Sqlninja
94 sqlsus
95 tnscmd10g
96 unix-privesc-check
97 Yersinia
98 Armitage
99 Backdoor Factory
100 BeEF
101 Commix
102 crackle
103 exploitdb
104 jboss-autopwn
105 Linux Exploit Suggester
106 Maltego Teeth
107 Metasploit Framework
108 MSFPC
109 RouterSploit
110 Airbase-ng
111 Aircrack-ng
112 Airdecap-ng and Airdecloak-ng
113 Aireplay-ng
114 Airmon-ng
115 Airodump-ng
116 airodump-ng-oui-update
117 Airolib-ng
118 Airserv-ng
119 Airtun-ng
120 Asleap
121 Besside-ng
122 Bluelog
123 BlueMaho
124 Bluepot
125 BlueRanger
126 Bluesnarfer
127 Bully
128 coWPAtty
129 crackle
130 eapmd5pass
131 Easside-ng
132 Fern Wifi Cracker
133 FreeRADIUS-WPE
134 Ghost Phisher
135 GISKismet
136 Gqrx
137 gr-scan
138 hostapd-wpe
139 ivstools
140 kalibrate-rtl
141 KillerBee
142 Kismet
143 makeivs-ng
144 mdk3
145 mfcuk
146 mfoc
147 mfterm
148 Multimon-NG
149 Packetforge-ng
150 PixieWPS
151 Pyrit
152 Reaver
153 redfang
154 RTLSDR Scanner
155 Spooftooph
156 Tkiptun-ng
157 Wesside-ng
158 Wifi Honey
159 wifiphisher
160 Wifitap
161 Wifite
162 wpaclean
163 apache-users
164 Arachni
165 BBQSQL
166 BlindElephant
167 CutyCapt
168 DAVTest
169 deblaze
170 DIRB
171 DirBuster
172 fimap
173 FunkLoad
174 Gobuster
175 Grabber
176 hURL
177 jboss-autopwn
178 joomscan
179 jSQL
180 Maltego Teeth
181 PadBuster
182 Paros
183 Parsero
184 plecost
185 Powerfuzzer
186 ProxyStrike
187 Recon-ng
188 Skipfish
189 sqlmap
190 Sqlninja
191 sqlsus
192 ua-tester
193 Uniscan
194 Vega
195 w3af
196 WebScarab
197 Webshag
198 WebSlayer
199 WebSploit
200 Wfuzz
201 WPScan
202 XSSer
203 zaproxy
10. Outsourcing of Project to External Information Security Auditors / Experts : No
oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : No
rters/Offices, if any : No
ox Cyber Security & Technology on 22-12-2019
Back
Snapshot of skills and competence of CERT-In empanelled Inf
Auditing Organisation
M/s Panacea Infosec Pvt Ltd
1. Name & location of the empanelled Information Security Auditing Organization:
Panacea InfoSec Pvt. Ltd.,
226, Pocket A2, Pocket B, Sector 17 Dwarka, Delhi, 110075
2. Carrying out Information Security Audits since : 20
Auditing Organization:
075
: 2012
: 5
: 5
: 250+
: 260+
dits:
1
8
3
0
CEH/OSCP/ECSA/CCNA :
Any other information security qualification :
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
SL. Duration Experience in
NO. LIST OF EMPLOYEES with Information
Panacea Security
1 A Kaushik 7 years 13+ years
2 Y Shivde 4 years 15+ years
3 V Arya 1 year 8+ years
4 J Khanna 5.2 years months 12 + years
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
1. One of overseas Leading Public/Private-Sector Banks - PCIDSS Comp
Services (Quarterly, Annual), Secure Code Review, Application Security Assessm
2. One of Largest BPO (Global) - PCIDSS Compliance, Managed Services (Q
3. One of India’s Leading Aviation Companies – PCIDSS Compliance, Appl
Assessment, Infrastructure Security Assessment
4. One of India’s Leading FMCG Companies – PCIDSS Compliance, Applica
Assessment, Infrastructure Security Assessment, Consulting for ISO 27001 Imp
5. One of Leading Telecom Service Provider – PCIDSS Compliance, Applica
Assessment, Infrastructure Security Assessment, Consulting for ISO 27001 Imp
6. One of India’s Leading Payment-Switch Companies – PCIDSS Complia
Application Security Assessment, Infrastructure Security Assessment
7. One of India’s Leading Public/Private-Sector Banks - PCIDSS Complia
Managed Services (Quarterly, Annual), SIEM Service, Secure Code Review, App
Assessment, Consulting for ISO 27001 Implementation
: 8
rity qualification : 15
sonnel : 35+
Qualifications related to
Information security
ISO 9K LA 3
udit
t solution review
audit
on architecture review audit
r:
: ~10
audit : ~17
7001, PCI, etc.) : ~85
its : ~10
e audit : ~5
nt solution review : ~1
s : ~2
y audit : ~ 16
cture review : ~7
CEH 12
OSCP 4
CISA 8
ITIL 9
Prince2 Practitioner 1
CCNA 5
Blockchain Essential 1
Blockchain Developer 1
Strategic Management 1
PCI DSS 1
DCPP 1
OPSEC 2
COBIT 5 Implementer 1
CISM 2
CCNP 1
BS7799 1
CRISC 1
CPISI 1
CVA 2
SANS GCFA 1
EnCE 1
CHFI 2
ECSA 3
Python 1
InsightVM(Rapid7) 2
CCSA 2
CIA 1
Total 125
7. Any other information security qualification:The details of all the qualifications are provide
embedded for point 8 and the summary provided in point 6
Total Nos. of Technical Personnel : 120
8. Details of technical manpower deployed for information security audits in Government and
organizations (attach Annexure if required)
Technology
The certification details are attached: Consulting Team_30
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locatio
project value.
Client The client is one of the largest multinational conglomerate corporation headqu
diversified business includes consumer and professional electronics, gaming, entertain
services.
Work performed: Have been assisting the client in performing IT audits covering va
last 5 years. The work has been performed in India, US and multiple other countries/c
testing covering test of design and effectiveness have been performed for client’s vari
23. EnCase
24. FTK
11. Outsourcing of Project to External Information Security Auditors / Experts : No
( If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
We have alliance partners for tools and technologies that help us deliver the information / cybe
and projects. Some of our alliance partners are :Flexera, Kaspersky etc. Further, we have a ne
our global offices assist in providing support from a global technology alliance perspective
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No If yes, g
The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is Indepe
Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the Protiviti Inc.
wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a membe
500 index.
13. Locations of Overseas Headquarters/Offices, if any : Yes
The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is Indepe
Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the Protiviti Inc.
a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a mem
500 index. Offices of Protiviti Inc and the member firms are spread across 75+ offices across 2
andled in terms of scope (in terms of volume, complexity, locations etc.) along with
Have been assisting the client in performing IT audits covering various domains over the
k has been performed in India, US and multiple other countries/cities. Detailed IT control
of design and effectiveness have been performed for client’s various functions.
Govt :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12months, category-wise (Organization can add categories based o
handled by them)
Network security audit : 4
Web-application security audit : 22
Wireless security audit : 3
Compliance audits (ISO 27001, PCI, etc.) : 1
6. Technical manpower deployed for information security audits:
CISSPs: Appeared for the Certification process
BS7799 / ISO27001 Las:
CISAs: Appeared for the Certification process
DISAs / ISAs: <number of>
Any other information security qualification:OSCP- 4, CEH -8,
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. SecureLayer7 Security Information security
Technologies
Private Limited
1 Sandeep Kamble 5 Years 9 Years OSCP Certified
2 Rajsekara A 2 Years 5 Years OSCP Certified
3 Hriydesh 2 Years 4 Years ISO 27001
3 Tohuid Shaikh 3 Years 4 Years OSCP Certified
4 Akshay Darekar 4 Years 6 Years CEH, MCA Computer
5 Nakul Rathi 2 years 4 Years OSCP
6 Sagar Sharma 2 Years 3 Years OSCP
7 Akaash katare 1.5 Years 2 Years Computer Engineering
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
project value.
IT Security Audiof Application Penetration Testing, Network devices and Source Code Analysis. Value
is
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Burp Suite
Nmap
10. Outsourcing ofProject to External Information Security Auditors / Experts : No ( If ye
provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : No If yes,
ation:
mited registered office At Plot No.
Hospital, Jalna Road, Aurangabad
: 2016
Yes
Yes
Yes
Yes
: 15
:
: 12
one : 27
4
22
3
1
process
rocess
: No ( If yes, kindly
: No
: No If yes, give details
: No
9- December 2019
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s TUV SUD South
1. Name & location of the empanelled Information Security Auditing Organization:
TÜV SÜD South Asia Pvt. Ltd.
2. Carrying out Information Security Audits since : 2017
3. Capability to audit, category wise (add more if required)
Network security audit (Y/N) : Yes
Web-application security audit (Y/N) : Yes
Wireless security audit (Y/N) : Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) : Yes
5. Number of audits in last 12 months, category-wise (Organization can add categories based
handled by them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. Name of Duration with Experience in Qualifications related to
No. Employee <organization> Information Security Information security
Certified Professional
Penetration Tester (eCPPTv2),
6 Abhijeet Karve 9 months 1.5 years Certified Information Security
Expert (CISE)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
project value.
TATA AIA – Security Audit – INR 8,00,000.
9. List of Information Security Audit Tools used(commercial/ freeware/proprietary):
Nessus
ISO 27001 control checklist
CSA control Checklist
India Cybersecurity team only has foreign tie-ups with TÜV SÜD global entities where Ind
supports on delivery.
12. Whether organization is a subsidiary of any foreign based organization? : Yes
If yes, give details
TÜV SÜD South Asia is a wholly owned subsidiary of TÜV SÜD Group.
13. Locations of Overseas Headquarters/Offices, if any : Yes
TÜV SÜD AG
Westendstr. 199
80686 Munich Germany
*Information as provided by TÜV SÜD South Asia Pvt. Ltd on 23 Dec 2019
Ba
empanelled Information Security
zation:
: 2017
es
es
es
es
: Nil
: 1 (one)
: 5 (Five)
done : 6 (six)
: Nil
: 1
: Nil
: 5
rietary):
s : Yes
: Yes
cross the globe at a Group level.
: Yes
: Yes
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Code Decode Labs Pvt. Ltd.
1. Name & location of the empanelled Information Security Auditing Organization :
Code Decode Labs Pvt. Ltd. LOCATION - PUNE
2. Carrying out Information Security Audits since : 2010
3. Capability to audit , category wise (add more if required)
Network Security Audit : Yes
Web-Application Security Audit : Yes
Wireless Security Audit : Yes
Compliance Audits (ISO 27001, PCI, etc.) : Yes
Secure Coding & Secure Development : Yes
Secure Data Transfer & Release : Yes
SDADA Security : Yes
Telecom Security : Yes
Cyber & Mobile forensics : Yes
Secure Cloud Server Security : Yes
1. Information Security Audits carried out in last 12 Months:
Govt. : 30
PSU : -
Private : 14
Total Nos. of Information Security Audits done : 44
2. Number of audits in last 12 months , category-wise (Organization can add categories based on proj
them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
3. Technical manpower deployed for information security audits :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification :
Total Nos. of Technical Personnel :
4. Details of technical manpower deployed for information security audits in Government and Critical sector
(attach Annexure if required)
Sr. Name of Employee Duration with Experience in Qualifications
No. <CDL> Information related to
Security Information
security
1 Amlesh Mendhekar 6 21 YES
2 Raghavendra Kulkarni 8 18 YES
3 Sachin Singhai 9 13 YES
4 Sandeep Walvekar, 6 16 YES
Shilpa Shreevijay Nayak
5 6 5 YES
on :
: 2010
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
: 30
: -
: 14
: 44
12
30
NA
2
02
03
02
03
10
20
overnment and Critical sector organizations
5. Below are details of specified Largest Project handled in terms of scope (in terms of volume, complexity,
along with project value.
6. List of Information Security Audit Tools used ( commercial/ freeware/proprietary) :
Sr.
No. Tool Name License
BURP PROFESSIONAL
1 2.1.4 Commercial
Open Source
2 Kali Linux
Open Source
3 THC-IPV6
Open Source
4 Cisco - Torch
Open Source
5 Power Sploit
Open Source
6 CryptCat
7 OpenVas Freeware
Open Source
8 Fierce
Open Source
9 Shodan
Open Source
10 Scapy
11 Nmap Freeware
12 OpenVas Freeware
Open Source
13 Fierce
Details
Shodan is a search engine that lets the user find specific types
of computers connected to theinternet using a variety of filters.
Shodan collects data mostly on web servers (HTTP/HTTPS-
port 80, 8080, 443, 8443), as well as FTP (port 21), SSH
(port 22), Telnet (port 23) etc.
Headquarters/Offices, if any : NO
y - Code Decode Labs Pvt. Ltd. on 19/12/2019.
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s TCG Digital Solutions Private Limited
1. Name & location of the empanelled Information Security Auditing Organization :
TCG Digital Solutions Private Limited,
BIPPL Building, 16th Floor, Omega, Block EP & GP, Sector V, Salt Lake Electronic Complex, Kolkata 700091
2. Carrying out Information Security Audits since : 2016
: Yes
: Yes
: Yes
: Yes
34
9
13
56
ories based on project handled by them)
21
32
1
4
3
1
7
2
0
3
12
nment and Critical sector organizations
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.) along w
ClientName ProjectValue
UnitedBank ofIndia INR 62,00,000/-
CapitalSmallFinanceBank INR 7,45,000/-
NHPCLtd. INR 5,23,920/-
DGQA(9Departments) INR- 3,36,000/-
ERLDC INR 17,35,000/-
SREI INR 24,80,000/-
Labvantage SolutionsPvt.Ltd. INR 2,25,000/-
BBMB INR 2,30,100/-
BSESRajdhaniPowerLtd. INR 2,76,080/-
BSESYamunaPowerLtd. INR 1,88,800/-
IBPS INR 3,72,880/-
Chhattisgarh State INR 62,540/-
BangiyaGraminVikashBank INR 60,000/-
EDCON INR 2,50,000/-
Globsyn3 LifePvt.Ltd.
rd
INR 2,36,000/-
IndiaPower INR 4,54,300/-
CoresonantSystemsPvt.Ltd. INR 3,54,000/-
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Recon-NG
###
Metasploit
###
Exploit-Pack
### Commercial
Nessus
###
InsightVM
###
Sparta
###
Namp###
Nikto###
BurpSuit
###
Zap Proxy
###
Acunetix
###
Netsparker
###
Mobsf###
10. Outsourcing of Project to External Information Security Auditors / Experts : No
(If yes, kindly provide oversight arrangement (MoU, contract etc.)
):
: No
: No
: Yes
: No
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s ALLIED BOSTON CONSULTANTS INDIA PVT. LTD.
1. Name & location of the empanelled Information Security Auditing Organization:
ALLIED BOSTON CONSULTANTS INDIA PVT. LTD.
2. Carrying out Information Security Audits since : 2006
3. Capability to audit, category wise (add more if required)
Network security audit (Y/N) :
Web-application security audit (Y/N) :
Wireless security audit (Y/N) :
Compliance audits (ISO 27001, PCI, etc.) (Y/N) :
System Security audit : Y
5. Number of audits in last 12 months , category-wise (Organization can add categories based on proje
them)
Network security audit : 3
Web-application security audit : 2
Wireless security audit : 0
Compliance audits (ISO 27001, PCI, etc.) : 6
System Security audit : 1
:
:
:
:
:
:
:
7. Details of technical manpower deployed for information security audits in Government and Critical sector o
(attach Annexure if required)
S. No. Name of Duration with Experience in Qualifications related to
Employee <organization Information Information security
> Security
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No
If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : Yes/No
*Information as provided by Allied Boston Consultants India Pvt. Ltd. on 20-07-18
Bac
RT-In empanelled Information Security
on:
: 2006
: YES
: YES
: YES
) : YES
: YES
: 0
: 1
: 5
: 6
3
2
0
6
1
el
0
5
2
0
1
1
2
vernment and Critical sector organizations
ations related to
tion security
CISP,
A/COBIT
master’s Degree in
Management
CISA, CRISK
s tasks included:
– including verification of intrusion /
y aspects
nd suggest areas for improvement
ary):
Cloud version)
MAP, Zenmap, Vega, Nikto, Wire shark
: Yes/No
: Yes/ No
: Yes/No
0-07-18
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s e.com Infotech I Ltd
1. Name & location of the empanelled Information Security Auditing Organization:
e.com Infotech I Ltd
Level 3, Neo Vikram New Link Road Andheri West
Mumbai 400058
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months, category-wise (Organization can add categories based on proje
them)
Network security audit : Part of our Comprehensive Audit Web-application secu
: Part of our Comprehensive Audit Wireless security audit : Part o
Comprehensive Audit Compliance audits (SSAE 18, SOC& Cloud) : 11
SCADA/ICS : 2
GDPR & Privacy : 2
7. Details of technical manpower deployed for information security audits in Government and Critical sector
(attach Annexure if required)
S. No. Name of Duration with Experience in Qualifications related to
Employee <e.com Infotech > Information Information security
Security
1 Ashwin Chaudhary 1 year 15 years CISSP, CCSK, CISA, CISM,
CRISC, CGEIT, ISO27001LA,
ITIL, PMP
2 Shaji Kurian 1 year 10+Years CISSP, CISM, CEH, CCSK
11. Whether organization has any Foreign Tie-Ups? If yes, give details Yes/No : Yes
Association with Accedere Inc USA for SSAE 18, SOC Attest Reports
12. Whether organization is a subsidiary of any foreign based organization? Yes/ No : No
If yes, give details
13. Locations of Overseas Headquarters/Offices, if any Yes/No : No
*Information as provided by e.com Infotech I Ltd on July 14, 2018
Ba
n empanelled Information Security
eri West
: 2017
: NIL
: NIL
: 15
done : 15
: 4
: 4
: 4
: NIL
n : CEH, CISM etc. 4
: 6
o : No
: Yes
: No
: No
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Grant Thornton India LLP
1. Name & location of the empanelled Information Security Auditing Organization :
Grant Thornton India LLP,
L 41, Connaught Circus,
Outer Circle, New Delhi. PIN - 110 001
5. Number of audits in last 12 months, category-wise (Organization can add categories based on proje
them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
6. Technical manpower deployed for informationsecurity audits :
CISSPs : 0
BS7799 / ISO27001 LAs : 13
CISAs : 9
DISAs / ISAs : 0
Any other information security qualification : 2 CCNA,
1 CHFI,
1 CCSA,
2 ISO 22301,
1 CISM,
2 SAP,
2 OSCP,
1 RHCE,
3 ITI
Total Nos. of Technical Personnel : 52
7. Details of technical manpower deployed for information security audits in Government and Critical sector
RT-In empanelled Information Security
ion :
01
: 2008
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
: 0
: 0
: 48
: 48
12
7
4
3
0
13
9
0
2 CCNA,
52
overnment and Critical sector organizations (attach Annexure if required) Please refer to Annexure - 1
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.) along w
value.
Leading IT / ITES GT have examined client’s Facility Level
Service Provider Controls and Client services controls
related system as of date and throughout the
period and the suitability of the design and
operating effectiveness of client’s controls to
achieve the related control objectives. Control
areas covered are-
Physical Security - Entity;
Physical Security - Restricted Area;
Human Resource;
Master Service Agreement Monitoring;
Data Security and Confidentiality;
Environmental Controls, Capacity & Continuity;
Logical Access;
Anti-virus;
Global Telecom Operations;
Back-up;
Security Incident Management; and
Other client specific control areas
Freeware Tools:
Metasploit
Wireshark
NMAP
SQLMap
Nikto
MobiSF
Metasploit
Hydra
Cain and Abel
John The Ripper
Regions: 18
Facilities
covered: 56
/ freeware/proprietary):
uditors / Experts : No
etc.))
e details : Yes Yes, Grant Thornton India
the globe in 130+ countries.
organization? : No
management methodology.
No
19th July 2018.
Back
Annexure – I
S. Name of Employee Duration with Grant Qualifications related to Information
No. Thornton India LLP security
7 Shweta Pawar November 2015 ISO 27001: 2013 Lead Auditor (ISMS)
ITIL V3 Foundation
37 Amit Bedwa December 2017 ISO 27001 LA, ISO 22301 LA, ITSM
38 Praveen Sharma March 2018 NA
43 Arvind Kumar April 2018 ISO 27001 LA, ISO 27001 LI, ERM
Ba
Experience in Information Security
17+years
17+ years
15+ years
20 years
10+ years
4.5
9 years
11+ Years
12+ Years
13+ Years
20+ Years
5 years
5+ years
11+ years
10+ years
6+ years
3+ years
2+ years
6+ months
6+ Years
2.7 years
3 years
7 Months
1.5 Years
6+ years
4+ years
8 years
1.8 years
4 months
7+ years
3 years
4 Years
6+ Years
3+ Years
6+ Years
4+ Years
2 years
12+ Years
5+ Years
3 Years
2 Years
1.5 Years
4+ years
3Years
2 years
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Sonata Software Limited
1. Name & location of the empanelled Information Security Auditing Organization:
Sonata Software Limited ,
Bangalore
2. Carrying out Information Security Audits since : 2011
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months , category-wise (Organization can add categories based on p
by them)
Network security audit : 3
Web-application security audit : 10
Wireless security audit : 2
Compliance audits (ISO 27001, PCI, etc.) : 5
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. No. Name of Employee Duration with Experience in Information
<organization> Security
1 NarasimhaRao Akundi 20 10 years
3 Vinit Bharadwaj 10 5
4 Chandra Sekhar P 4 4
5 Guru prasad 10 6
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
project value.
IT management project (renewed annually) for a client based in India.Project includes secure
Web application testing, network security management, continuous vulnerability and patch m
data center security and Disaster recovery management. The annual revenue is over INR
: 2011
required)
: Y
: Y
: Y
: Y
12 Months:
: None
: None
: 20
ormation Security Audits done : 20
: 3
: 10
: 2
: 5
ecurity audits:
: None
001 LAs : 4
: 2
: 5
mation security qualification : CEH- 5
chnical Personnel : 12
Qualifications related to
Information security
CEH
ISO 27001 lead auditor
PMP
GDPR lead Implementer
CEH
CEH
CEH
ommercial/ freeware/proprietary):
any : Yes
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months , category-wise (Organization can add categories based on proj
them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
Third Party Security Maturity Audit :
6. Technical manpower deployed for informationsecurity audits :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
CEH :
CISM :
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and Critical sector
(attach Annexure if required)
S Name of Duration Experience in Qualifications
. Employee with Tech Information related to
N Mahindra Security Information
o. security
1 Peeyush 13 Years Security Audit CISSP, CCSP,
Srivastava and assessment. CBCP
Cybersecurity
and Cloud
security
Program and
Project
management
2 Rahul Vaidya 14 Years Enterprise CCNA, CEH, ISO-
Security 27001 LA, ITIL
Consulting, V3.0
Security
Operations,
Delivery
Management,
Pre-sales Tech
Support, IS
audits Program
management
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.) along w
value.
1. Australian Retail company
a) Scope & Volume : 250+ Third party security Audits
b) Locations : Australia & Mumbai
c) Project value : 2.59 mn $(Total contract value)
2. Leading US telecom company
a) Scope & Volume : 198+ web application security testing
b) Locations : USA , Mumbai
c) Project value : 7mn $(Total contract value)
3. Large Oil sector company
a) Scope & Volume : 2000 + Web application security testing
b) Locations : USA , Mumbai
c) Project value : 1 mn $(Total contract value)
tion :
Phone:+91 20 66018100
: 2001
Y
Y
Y
Y
Y
: 20
: 1
: 2407
udits done : 2428
50
2320
0
2
250
11
20
10
0
85
02
128
overnment and Critical sector organizations
Qualifications
related to
Information
security
CISSP, CCSP,
CBCP
CCNA, CEH, ISO-
27001 LA, ITIL
V3.0
CEH,CCNA
CEH, OSCP,
Qualys Guard
Certified
CEH
CEH, ISO-27001
CEH, SPLUNK
testing
y testing
etary):
China
Nanjing
Tech Mahindra Ltd.
Floor 4, Animation Building, No.11 Xinghuo Road Pukou Hi-Tech Zone Nanjing city
Peoples Republic of China Phone:+86 25 83506016
Shanghai
Tech Mahindra Ltd.
Room No. 23102, No. 498, Guoshoujing Road, Zhangjiang Hitech Park, Shanghai
Peoples Republic of China Phone:+86 21 50807600
Shenzhen
Tech Mahindra Ltd.
TianAn Yun Gu, Romm Nos.2201-2203, Phase I-3C No.133, Xugang North road, Bantian, Sub District
Longgang dist. Shenzen, China PRC
Hong Kong
Tech Mahindra Ltd.
Level 7, Nan Fung Tower, 88 Connaught Road Central, Central, Hong Kong.
Phone:+852 3796 7230
Fax:+852- 3796 7000
Japan
Kanagawa
: Yes
: NO
: NO
: Yes
av X-2, No. 5
, Sub District
Tech Mahindra Ltd.
Fujitsu Atsugi Technical Center, 3065, 3rd floor Okada, Kanagawa, Tokyo, Japan
Phone:+ 81 5038040928
Tokyo
Tech Mahindra Ltd.
Tokyo Office, Toranomon 40 MT Bldg 6th Floor 5 - 13 - 1 Toranomon Mitato-ku, Tokyo, 105-0001
Japan
Phone:+81 036402 5921
Malaysia
Cyberjaya
Tech Mahindra ICT Services ( Malaysia ) SDN. BHD. Global Solution Center, Lot 12122,
PersiaranApec, 63000 Cyberjaya, Selangor, Malaysia.
Phone:+60 3 88828001
Philippines
Cebu
Tech Mahindra Limited Tech Mahindra Limited
7/F Ebloc 3, Geonzon Road, Phase 2, 2 and 4/F JESA ITC Building, 90 General Cebu IT Park,
LahugApas, Maxilom Avenue,
Cebu City, Philippines 6000. Cebu City, Philippines 6000.
Phone:+63 32 4106491 Phone:+63 32 5126275
Manila
Tech Mahindra Limited Tech Mahindra Limited
5/F Felina Corporate Plaza, Eastwood 3/F eCommerce Plaza Building, Garden Avenue,
Eastwood City, Bagumbayan, Road, Eastwood City, Bagumbayan, Quezon City, Metro Manila,
Philippines Quezon City, Metro Manila, Philippines 1110.
1110.
Phone:+632 7360893 Phone:+632 6662821
Phone:+632 6619623 Phone:+632 7091673
Singapore
Tech Mahindra Ltd.
#06-01, Honeywell Building,
17 Changi Business Park Central 1,
Singapore - 486073
Phone:+65 6417 7201
South Korea
Seoul
Tech Mahindra Ltd.
16th Floor, Posco P&S Tower,
Teheran-ro 134, Gangnam-gu, Seoul, 135-923, South Korea.
Phone:0082-2-20157652
Taiwan
Taipei
Tech Mahindra Ltd.
Room No. 8, Level 37, Taipei 101 Tower, No.7 Section 5, Xinyi Road
Taipei City 11049, Taiwan Republic Of China
105-0001
122,
l Cebu IT Park,
Avenue,
y, Metro Manila,
Phone:+886 2 87582984
Thailand
Bangkok
Tech Mahindra Ltd. Tech Mahindra Ltd.
Suvarnabhumi Airport, AOT Building, 4th floor, 54 BB Building, 13th floor, Unit No 1304
Room no. Z4-008, 999 Moo1 TambonNongprue, SukhumvitSoi 21 (Asoke Road) KlongtoeyNua
Amphoe Bang Plee Samutprakarn 10540 Bangkok Wattana, Bangkok 10110 , Thailand Phone:+66
Phone:+66 2 1346253 2 640 8170
Vietnam
Hanoi
Tech Mahindra Ltd. Suite 2136, 21st Floor Capital Towers
109 Tran Hung Dao HoanKiem District Hanoi, Vietnam
Americas
Argentina
Buenos Aires
Tech Mahindra Argentina SA
Esteban ECHEVERRIA 1960
Código Postal B1604ABV
Florida Oeste -Pcia de Buenos Aires Argentina
Phone:+54 11 52909252
Fax:+54 11 52909249
Bolivia Santa Cruz
Tech Mahindra Bolivia S.R.L.
3er AnilloInterno – Barrio MarabolCalle Ricardo Chávez #570 Santa Cruz – Bolivia
Phone:+591-3-3450078 Fax:+591-3-3450079
Brazil Alphaville
Tech Mahindra Brazil
Alameda Araguaia, 2044 - Tamboré Barueri – SP, Brazil
Tour 1 – 8º. Floor - Rooms 808/809 06455-000
Rio de Janeiro
Tech Mahindra Brazil
PraçaPio X
98 - 11º andar - Centro - RJ - CEP. 20.091-040 Phone:(21) 3550-3100
Sao Paulo
Tech Mahindra Ltd.
Av. Maria Coelho Aguiar
215, Bloco C, Floor 5 - Jardim São Luís São Paulo, SP 05804900
No 1304
KlongtoeyNua
and Phone:+66
Phone:+55 11 2123-8100
Canada
New Brunswick
Tech Mahindra Ltd.
720 Coverdale Road, Unit A010. Riverview Place, Riverview,
Moncton, New Brunswick, Canada. E1B3L8
Ontario
Tech Mahindra Ltd. Tech Mahindra Ltd.
1960 Eglinton Avenue East, 2nd Floor, 100 Consilium Place, Suite 200.
Scarborough Toronto Ontario M1L2M5 Scarborough, Ontario
Phone:+1 647 494 3374 M1H 3E3.
Phone:+1 877 725 8579
Vancouver
Tech Mahindra Ltd.
999 Canada Place,
Suite 404, Vancouver, British Columbia V6C 3E2
Phone:604-641-1363 Fax:604-641-1214
Colombia
Bogotá
Tech Mahindra Colombia S.A.S.
Cra.45 #97-50, Of.1102-03
Bogota, Colombia 110221
Phone:+571 6910056/ 6185594
Costa Rica
San Jose
Tech Mahindra Costa Rica S.A
Sabana Sur,
CalleMorenos 150 mt Sur del Supermecado AMPM, Edificio color papaya, San Jose, Co
+506-403-025-87
Ecuador
Guayaquil
Techmahindra Del EcuadorKenedy Norte Manzana 1010 Solares 7,8 y 9 Guayaquil , Ecuador Pho
Quito
Techmahindra Del EcuadorJose Herboso OE3-256entre Benitez y Av. La Prensa Phone:+593-2- 6
Guatemala
Tech Mahindra Ltd. AvenidaReforma, 7-63 Zona 9, Edificio Aristos Reforma, 4to Niv
Mexico
Mexico City
Tech Mahindra de Mexico S .de TecnoParqueEje 5 Norte990, Azcapotzalco,
Tech Mahindra
Santa Barbara,
de Mexico02230Ciudad
S .deTechnoparque,
de México,
Ground
D.F.E-mail:
Floor FCS.M
Block
Tech Mahindra de Mexico S .de PROL Bernardo Quitana sur No.302 Col Centro sur, Queretaro QueretaroE-mail: CS.Mexico@techmahi
Panama
Tech Mahindra Panamá, S.A
Via Simon Bolivar,
(Transistmica) Edif H. Herburgeroficina 5 y 10, Panama Phone:+507 26 14 764
Peru
Lima
Tech Mahindra De Peru S.A.C Amador Tech Mahindra De Peru S.A.C
Merino Reyna #465, Edificio Trillium, Av. Jose Guillermo Salvador Lara 489- 493
5th Floor, San Isidro, Lima - 15046 Primero PisoUrbanización Las Quintanas
Trujillo
California
Tech Mahindra (Americas) Inc. Tech Mahindra (Americas) Inc.
1735 Technology Drive, Suite No. 575, San 100 Pacifica, Suite 310, Irvine,
Jose, California 95110 California
Phone:+1 408 707 1831
Connecticut
Tech Mahindra (Americas) Inc.
334 Ella Grasso, Air Exchange Building, Windsor Locks, Connecticut, 06096.
Florida
Phone:+507 26 14 764
Connecticut, 06096.
Tech Mahindra
501 Brickell Key Drive, Suite 200, Miami,
Florida, 33131
Georgia
Tech Mahindra Americas Inc.
3655 North Point Parkway, Suite 675,
Alpharetta, Georgia 30005.
Illinois
Tech Mahindra (Americas) Inc.
10 N Martingale Road,
Suite No. 400, Schaumburg, Illinois, 60173.
Kansas
Tech Mahindra
12980 Foster South Creek Building 1, Suite 190, Overland Park,
Kansas 66213
Kentucky
Tech Mahindra (Americas) Inc.
9401 Williamsburg Plaza,
Suite 102, Louisville,
Kentucky 40222
Michigan
Tech Mahindra Americas Inc.
20700 Civic Center Drive Suite 115 Southfield, 48076
Nebraska
Tech Mahindra (Americas) Inc.
Central Park Plaza, 222, South 15th street, 8th floor, Omaha, Nebraska 68102.
Nevada
Tech Mahindra (Americas) Inc.
Office 1 - 808,
College Parkway - Suite 102, 103 & 104, Carson City,
Nevada 89703
New Jersey
Tech Mahindra (Americas) Inc. Tech Mahindra (Americas) Inc.
1001 Durham Avenue, Suite 101, South Secaucus vXchnge 200B Meadowlands
Plainfield, New Jersey, 07080. Pkwy,
Secaucus New Jersey 07094
New York
Tech Mahindra
Equinix NY9, 111 8th Avenue, New York 10011
North Dakota
Tech Mahindra (Americas) Inc.
No.3320 WestracDr, Fargo
and Park,
Ohio
Tech Mahindra (Americas) Inc. Tech Mahindra (Americas) Inc.
6000 Freedom Square, 200 West Prospect Avenue, Suite 701,
Suite 250, Independence, Ohio 44131. Cleveland, Ohio 44113.
Pennsylvania
Texas
Tech Mahindra (Americas) Inc. 4965 Tech Mahindra (Americas) Inc.
Preston Park Boulevard, Suite 500, Plano, 2500 City West Blvd. Suite 300,
Texas, 75093 Houston, Texas, 77042.
Phone:+1 214-974-9907
Washington
Tech Mahindra (Americas) Inc Tech Mahindra (Americas) Inc
6801 185th Avenue NE, Suite 100. Redmond, 15809 Bear Creek Parkway, Suite
Washington 98052 310 & 400, Redmond,
Washington 98052
Tech Mahindra Ltd. Level 8, South Tower, 459 - Collins Street, Melbourne CBD - 3000, Victoria,
Australia.
Phone:+61 3 99342700
Brisbane, Queensland
Tech Mahindra Ltd.
Level 16, Office Suite No.1605, 200, Mary Street,
Brisbane – 4000, Queensland, Australia Phone:+61 7 30313612
Canberra, ACT
Tech Mahindra Ltd.
Office Suite No.551,
Regus Canberra City West – Tower-A, Level 5, 7 - London Circuit,
Canberra - 2600, Australian Capital Territory. Phone:+61 2 6169 4150
Chatswood, NSW
Tech Mahindra Ltd.
Level 7, 465 - Victoria Avenue,
Chatswood - 2067,
New South Wales, Australia. Phone:+61 2 84848469
Melbourne, Victoria
Tech Mahindra Ltd. Level 8, South Tower, 459 - Collins Street, Melbourne CBD - 3000, Victoria,
Australia.
Phone:+61 3 99342700
New Zealand
Auckland
Tech Mahindra Ltd.
Level-6, Southern Cross Building, 59-67 High Street,
Auckland Central - 1010, New Zealand. Phone:+64 9 2814742
Europe
Austria
Vienna
Tech Mahindra IT-Services GmbH
Albertgasse 35
1080 Vienna
Belgium
Brussels
Tech Mahindra Ltd. Tech Mahindra Ltd.
Twin House B, 3rd Floor, Neerveld 107, Raketstraat 40, 1st Floor
1200 Brussels, Belgium. Evere - 1130 Brussels
Phone:+32 27732400 Belgium
Phone:+32 28919310
Charleroi
Tech Mahindra Ltd.
Zone Industrielle
4ieme Rue nr.33,6040 Jumet Belgium
Bulgaria
Sofia
Tech Mahindra Limited
3 Nikola Tesla Str., 8th floor, Sofia One, 1574, Sofia.
Czech Republic
MladaBoleslav
Tech Mahindra Ltd. StaromestskeNamesti No.84 MladaBoleslav, Czech Republic
Ostrava(Virtual Office)
Tech Mahindra Ltd.
28, rijna 3346/91, Moravska Ostrava 702 00, Czech Republic
Denmark
Copenhagen
Tech Mahindra Ltd. Lautrupvang 2, 1st floor 2750 Ballerup, Copenhagen Denmark
Phone:+45 44 78 30 37
Finland
Helsinki
Tech Mahindra Ltd, branch in Finland,
Lindström – House,
or
Lautatarhankatu 6 B 2 floor,
00550 Helsinki.
France
Paris
Tech Mahindra Ltd. 17 Avenue George V, 75008 Paris, France.
Phone:+33 01 44 43 47 20
Toulouse
Tech Mahindra Ltd.
Bâtiment Omega,
22 boulevard Déodat de Séverac, 31170 Colomiers.
Phone:+33 05 61 15 25 10
Germany
Berlin
Tech Mahindra GmbH NL Berlin
Grossbeerenstr. 2
12107 Berlin
Phone:+49 30 700 700 69
Dresden
Tech Mahindra GmbH WashintonStr, 16/16A dresden, Germany
Düsseldorf
Tech Mahindra GmbH
Fritz-Vomfelde-Strasse 8
40547 Duesseldorf
Phone:+49 211 205 408 18
Hamburg
Tech Mahindra GmbH Tech Mahindra GmbH
Channel 2, EG West Christoph-Probst-Weg 1
HarburgerSchlossstrasse 24 20251 Hamburg
21079 Hamburg Phone:+49 40 370251101
Phone:+49 40 743 60652
Phone:+49 40 743 60291
Muenchen
Tech Mahindra GmbH
88 North, Riesstrasse 20
80992 Muenchen
Phone:+49 89 5422540 06
Wiesbaden
Tech Mahindra GmbH
Borsigstr. 20
65205 Wiesbaden
Phone:+49 6122 50731-0
Wolfsburg
Tech Mahindra GmbH
Alessandro-Volta-Straße 20-26
1
38440 Wolfsburg
Phone:+49 536 189 8606 28
Hungary
Budapest
Tech Mahindra Ltd. Tech Mahindra Ltd.
Capital Square Office Building, Capital Square Office Building
2nd Floor, Tower – V, 7th Floor, Tower – 6
76, Váci street, 76, VáciUt
HU-1133 Budapest (Hungary) HU-1133 Budapest (Hungary)
Tech Mahindra Ltd.
5th Floor, Cityzen Building – VáciUt 37 District 13 Budapest
Hungary
Ireland
Dublin
Tech Mahindra Limited
1st floor, Riverside two, 43/49 sir john rogerson's Quay Dublin 2
Northern Ireland
Tech Mahindra Limited
7th Floor, BT Riverside Tower, 5 Lanyon Place, BT1 3B (Belfast) Ireland
Phone +44-02890 446530 | Avaya: 450000
Waterford
Tech Mahindra Business Services Limited
Ground & 1st Floor, Block A
IDA Business & Technology Park Waterford, Ireland Phone:0035351599047
Italy
Milano
Tech Mahindra Ltd. Italian Branch Via A. Brocchi - LocalitàCastelletto, 20019 Settimo Milanese (MI).
Phone:+39 0284292002
Latvia
Riga
Tech Mahindra Ltd.
RIGA, Esplanade, 2nd and 7th floor Dzirnavuiela 57a, Riga, LV-1010
Luxembourg
Senningberg
Tech Mahindra Ltd
5, Rue Heienhaff, (2nd Floor, Wing E), L-1736 Senningerberg, Luxembourg.
Netherlands
ing
ry)
Norway
Oslo
Tech Mahindra Norway AS
Campus TS
Martin Lingesvei 25,
1364, Fornebu
Phone:+47 67 82 72 72
Romania
Bucharest
Tech Mahindra Ltd.
Sector 1, str general c, Budisteanunr c, 2nd district, etaj,- 3 camera 10, 010775 Bucharesti
17, C.A Rosetti,
C I F RO 23555450 Bucharest SECTOR 2, Romania
,Romania
Phone:+44 07918714701
Phone:+ 91 9866129769
Spain
Madrid
Tech Mahindra- LCC Wireless Communication Services
Espana Juan de Mariana, No. 178 Plant 3rd 28045 Madrid
Spain
Sweden
Gothenburg
Tech Mahindra Ltd.
Sörredsbacken 20,
Göteborg – 41878. Phone:+463159687
Stockholm
Tech Mahindra Ltd. Waterfront Building Klarabergsviadukten 63
SE-111 64 Stockholm, Sweden Phone:+46 708304334
Switzerland
Basel
Tech Mahindra Ltd.
Aeschenvorstadt 71,
4051 Basel
Phone:+41 (0)612254246
Fax:+41 61 225 42 49
Geneva
Tech Mahindra Ltd.
Chemin Chateau-Bloch 11, 1219 Le Lignon
Geneva, Switzerland
aag, Netherlands Phone:+ 31
nia
Phone:+41 (0) 022 879 9570
Fax:+41 (0)22 879 9579
Tech Mahindra Ltd. 1st Floor Laser House Waterfront Quay Salford, M50 3XW Manchester, UK
Phone:+44 (0)161873 8001, +44(0)161873 7029
Zurich
Tech Mahindra Ltd. World Trade Centre, Leutschenbachstrasse 95
8050 Zurich.
Phone:+44 (0)44 308 37 20/21/35
Fax:+41 44 308 3500
Bristol
Tech Mahindra Ltd.
Aztec West 2430/2440 The Quadrant Aztec west Almondsbury Bristol-BS32 4AQ
Crewe
Tech Mahindra Ltd.
Metasi House, DSP House
west street Crewe Cheshire CW1 3PA
Ipswich
Tech Mahindra Ltd.
LAB, BT PLC, Room W1-06
Columba house, Adastral Park Ipswich, IP5 3 RE
London
Tech Mahindra Ltd.
63, Queen Victoria Street, EC4N 4UA (London) United Kingdom
Phone:+44 (0)1908 553400
Manchester
Tech Mahindra Ltd. 1st Floor Laser House Waterfront Quay Salford, M50 3XW Manchester, UK
Phone:+44 (0)161873 8001, +44(0)161873 7029
Milton Keynes
Tech Mahindra Ltd.
401 Grafton Gate East, Milton Keynes MK9 1AT United Kingdom
Phone:+44 (0)1908 553400
Norfolk
Tech Mahindra Ltd.
Office 8, HethelEngeneering Centre ChapmanwayHethel
Norfolk-NR14 8FB
Middle East
Bahrain
Manama
Tech Mahindra Ltd.
Al Salaam Tower, 11th Floor, Diplomatic Area, Manama Bahrain
Phone:+973 17534057
Qatar
Doha
Tech Mahindra Ltd.
Palm Tower – B
Level 43, Suite No.4306 Majlis Al Taawon Street, West Bay, Doha, Qatar. PO Box. No:13279.
Saudi Arabia
Al-Khobar
Tech Mahindra Ltd. Tech Mahindra Arabia Limited,
Al Bandareyah Trading Centre, Al Hugayet Skyline Tower, Office No. 501
12th Floor, Al Khobar 31952, Prince Faisal Bin Fahad Street, Al- Po Box No.31671,
Khobar 31952 Kingdom Of Saudi Arabia.
Kingdom of Saudi Arabia Phone:+966 505894866 Phone:+966138824076
Abu Dhabi
Tech Mahindra Limited Office No.1001, 10th Floor, Al Faraá Corporate Tower, 13 Delma Street,
Behind trans ad & commercial court, Abu Dhabi, UAE
Phone:+971 2 4414420
Fax:+971 2 4414421
Dubai
Tech Mahindra Ltd. Tech Mahindra Limited
Dubai Airport Free Zone - 6 B, Office No-1401-1408-1409, 14th Floor,
West Wing, Office No.832 Shatha Tower, Dubai Media City
Dubai P.O.Box-30810, Dubai, UAE
Phone:+971 4 3911700 Phone:+97143911700 (Reception)
Fax:+971 4 3911713 Fax:+97143911713
Africa
Chad Ndjamena
Congo(B)
Pointe-Noire
Tech Mahindra Limited
Marcel Vincent Gomes, BP 542,
Building Ex-Bata Pointe-Noire, Republic of Congo.
Kinshasa
Tech Mahindra Ltd.
Avenue Tombalbay, Immeuble, “Le Prestige” 1er Niveau Kinshasa Congo (DRC)
Phone:+243999967394
Ethiopia
Tech Mahindra Ltd. Millinium building, Bole Addis Ababa, Ethiopia Phone:+260 9766
Gabon
Libreville
Tech Mahindra Ltd.
1st Floor CFAO Building, Libreville Gabon
Phone:+241 04064697
Ghana
Accra
Tech Mahindra Ltd. 83, Spintex Road Accra
Phone:+ 233 561166161
Kenya
Nairobi
Tech Mahindra Ltd
Block B, 6th Floor, Reliable Towers, Mogotia Road, Westlands,
Nairobi, Kenya
Malawi
Lilongwe
Tech Mahindra Ltd.
City Mall Shops 1 – 7
Michinji Round about, P.O. Box - 1666 Lilongwe
Phone:+265 994205222
Nigeria
Abeokuta
3279.
o.31671,
076
ma Street,
nshasa Congo (DRC)
Lagos
Tech Mahindra Nigeria Ltd.
Coscharis Plaza
3rd Floor, 68A, AdeolaOdeku Victoria Island, Lagos.
Phone:+234 8066792757
Rwanda
Kigali
Tech Mahindra Ltd
Boulevard de l’Umuganda - Aurore Building – Kacyiru,
P.O. Box 1902 - Kigali – Rwanda Phone:+250726635298
South Africa
Cape Town
Tech Mahindra Ltd.
Unit 3, 2nd Floor, Rostra House, The forum North Bank Lane Century City 7441, Cape
South Africa Phone:+27 764006133
Johannesburg
Tech Mahindra Ltd. Tech Mahindra Ltd.
10th Floor, Office Towers, 5th Street, 676 on Gallagher Cnr Old Pretoria Road and
Cnr&Rivonia James Cresent
Sandton - 2196, Johannesburg South Africa Midrand, Johannesburg-2196
Phone:+27 11 6762800
Uganda
Kampala
Tech Mahindra Ltd.
1st Floor, NIC Building 3, Pilkington Road, Kampala, Uganda.
Phone:+256(0)782111318
Zambia
Lusaka
Tech Mahindra Ltd. Tech Mahindra Ltd.
Petroda House, Great North Road, P.O. Box – 2nd floor, (Middle block) Petroda Towers North
30770 Great Drive Road, Lusaka Zambia
Lusaka, Zambia Phone:+260 976620894
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Talakunchi Networks Pvt. Ltd.
1. Name & location of the empanelled Information Security Auditing Organization :
Talakunchi Networks Pvt. Ltd. ,
Mumbai
2. Carrying out Information Security Audits since : 2016
5. Number of audits in last 12 months , category-wise (Organization can add categories based on proj
them)
Network security audit :
Web-application security audit :
Wireless security audit :
Mobile Security audit :
Compliance audits (ISO 27001, PCI, etc.) :
6. Technical manpower deployed for informationsecurity audits :
CISSPs : NA
BS7799 / ISO27001 LAs : 1
CISAs : 2
DISAs / ISAs : NA
Any other information security qualification : 4 CEH,
2 OSCP,
5 ECIH,
3 ECSA,
1 ECSP .net
Total Nos. of Technical Personnel : 20
7. Details of technical manpower deployed for information security audits in Government and Critical sector
(attach Annexure if required)
S Name of Duration with Experience in Qualifications
. Employee <organization> Information related to
N Security Information
o. security
1 Rahul Gala 2.2 Years 10.0 Years BE, OSCP, CISA,
CEH, ECSA,
ECSP,GCIH, CEI
FireEye
3 Pranjali Shah 2.2 Years 5.0 Years BE
4 Sujal Shah 2.2 Years 5.0 Years BE
5 Jay Shah 2.2 Years 4.0 Years BSc IT, ECIH
6 VidulaTendolkar 2.2 Years 2.2 Years BSc, ECSA
7 Harshil Shah 2.0 Years 2.0 Years BE, CEH
8. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Burp Suite Professional SQLMAP
Wireshark ZAP
Netsparker Nikto
Web Inspect CSRF Tester Wapiti Fiddler
SQL Ninja W3af WinHex WebScarab IDAPro Drozer MobSF Nessus Kali Linux Metasploit Nmap Aircra
Cain & Able JohnTheRipper IronWasp Nagios
Social Engineer Toolkit
ion :
: 2016
: Yes
: Yes
: Yes
: Yes
: Yes
(Y/N) : Yes
: NA
: NA
: 25+
udits done : 25+
20+
20+
3
10+
2
NA
1
2
NA
4 CEH,
20
Qualifications
related to
Information
security
BE, OSCP, CISA,
CEH, ECSA,
ECSP,GCIH, CEI
FireEye
BE
BE
BSc IT, ECIH
BSc, ECSA
BE, CEH
etary):
: No
: No If yes, give details
: No
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Trusted Info Systems Private Ltd.
1. Name & location of the empanelled Information Security Auditing Organization :
Trusted Info Systems Private Ltd.
2. Carrying out Information Security Audits since : 2002
3. Capability to audit , category wise (add more if required)
Network security / Data Centre audit (Y/N) - incl VA-PT : Yes
Web-application security audit / Mobile App - incl VA-PT : Yes
Wireless security audit (Y/N) - incl VA-PT : Yes
Compliance audits (ISO 27001, PCI, etc.) (Y/N) - incl VA-PT : Yes
SAP - GRC Implementation, Post implementation
review & support / Audit : Yes
ERP / SAP security audit : Yes
Telecom Security audit : Yes
ICS / SCADA Audit : Yes
Security Operations Centre Review / Audit / optimisation : Yes
Payment Gateway security audit : Yes
Incident Life cycle management / review : Yes
PCI / DSS review / compliance / audit : Yes
Source Code Review / SDLC Review : Yes
Cyber Security / Information Security - related trainings : Yes
4. Information Security Audits carried out in last 12 Months :
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months , category-wise (Organization can add categories based on proj
them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
6. Technical manpower deployed for information security audits :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification :
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and Critical sector
(attach Annexure if required)
S. No. Name of Duration with Experience in Information Qualifications related to
Employee <organization> Security Information security
1 Piyush Jain May 2002 15+ yrs CISA, ISMS-LA
2 SP Shah Singh May 2002 20+ yrs CISA, M Tech
3 Vijender Kaushik Dec 2016 15+ yrs CISA, ISMS-LA, MS
4 Virender Maini Jan 2004 14+ yrs CISA, CEH
5 Sanjay Gupta Feb 2005 11+ yrs ISA
6 Naveen Dham Dec 2016 10+ yrs ISMS-LA, PCI-DSS
7 Shiv Kumar Dec 2016 4+ yrs CCNA, B Tech
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.) along w
value.
- NW Security audit / Web App Security audit / ERP - SAP security audit - One of the top Indian MN
manufacturing plants in India and abroad - worldwide spread computer network with data centre an
India - Multiple user domains - about 15000 employees.
- SAP - GRC Access Controls Review / Audit - top Indian MNC - Pharmaceutical mfg. industry - N/W
complexity - 100+ servers, 600+ nodes
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Commercial :
- Nessus
- Burp
- Acunetix
- AppScan
- Core Impact
- Net Sparker
- Web Inspect
- Nipper
- EnCase Forensics from Guidance Software
- IDEA data analytics
- Check Marx
- Immunity Canvas
Proprietary :
- SAP-GRC SoD conflict resolution tool
10. Outsourcing of Project to External Information Security Auditors / Experts : No ( If yes, kin
oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : No If yes, giv
ion :
: 2002
: 1
: 2
: 42
udits done : 45
9
31
5
2
-
3
4
1
3
7
overnment and Critical sector organizations
lifications related to
rmation security
A, ISMS-LA
A, M Tech
A, ISMS-LA, MS
A, CEH
S-LA, PCI-DSS
NA, B Tech
plexity, locations etc.) along with project
etary):
: No
: No If yes, give details
: No
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Briskinfosec Technology and Consulting Pvt Ltd
1. Name & location of the empanelled Information Security Auditing Organization:
Briskinfosec Technology and Consulting Pvt Ltd
No.21,2nd Floor, Krishnamachari Rd, Tirumurthy Nagar, Nungambakkam, Chennai, Tami
1 CISSP 1
2 CISA 2
3 DISA/ISA'S 1
7 Total No Employees 15
7. Details of technical manpower deployed for information security audits in Government and Critical sector
(attach Annexure if required)
RT-In empanelled Information Security
ion:
: 2015
es
es
es
s
5
1
12
23
d categories based on project handled by
3 Alex Daniel Raj 1 Year & 7 Months 1 Year & 7 Months CEH
11. Whether organization has any Foreign Tie-Ups? If yes, give details : NO
12. Whether organization is a subsidiary of any foreign based organization? : NO
If yes, give details
Ba
ity, locations etc.) along with project
tronics
Assessment
y):
: NIL
: NO
: NO
: NO
te Limited as on Dec 20, 2019
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Crossbow Labs LLP
1. Name & location of the empanelled Information Security Auditing Organization:
Crossbow Labs LLP
146, 5th Floor, Gopal Towers, Ramaiah Street,
H.A.L II Stage, Bangalore – 560008
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months , category-wise (Organization can add categories based
handled by them)
Network security audit : 30
Web-application security audit : 15
Wireless security audit : 15
Compliance audits (ISO 27001, PCI, etc.) : 40
6. Technical manpower deployed for informationsecurity audits :
CISSPs : 2
BS7799 / ISO27001 LAs : 5
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification :
C.E.H -
PCI 4–
PA 5-
1
ECSA -
Total Nos. of Technical Personnel : 1 15
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. Crossbow Labs LLP Security Information security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
project value.
Lulu International Group, U.A.E
13 Server Locations, 300 + IP addresses that includes DC, Network devices and POS locations
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Nessus, Meta
Exploitpack, Burpsuite, Bolt (Data finder tool), Compliance management tool.
10. Outsourcing of Project to External Information Security Auditors / Experts : No ( If ye
provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : No If yes,
anization:
aiah Street,
: Nov 2014
: 0
: 0
: 100
ts done : 100
30
15
15
40
2
5
2
0
15
s in Government and Critical sector
: No
? : No If yes, give details
: No
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s CyRAAC Services Private Limited
1. Name & location of the empanelled Information Security Auditing Organization:
CYRAAC SERVICES PRIVATE LIMITED BANGALORE
2. Carrying out Information Security Audits since : 2017
Govt. :
PSU :
Private :
(Etyacol, Fincare, Samasta, ITC Infotech, Zeotap, Firstsour
Mphasis, Marlabs, Market Xpander, Axis Cades, Rang De, B
Nos. of Information Security Audits done:
5. Number of audits in last 12 months , category-wise (Organization can add categories based
handled by them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
6. Technical manpower deployed for informationsecurity audits:
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification :
CEH
CISM
CBCP
PCI DSS QSA
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
project value.
Allcargo Logistics – Rs 13 Lakhs ECU Worldwide - Rs 13 Lakhs Ernst & Young – Rs 18 Lakhs
Organization:
: 2017
Y
Y
Y
Y
: 0
: 1
:
Infotech, Zeotap, Firstsource, DTDC,
er, Axis Cades, Rang De, BeMore) Total
done:
n can add categories based on project
3
30
2
9
1
1
(2),
(1),
(1),
(1)
14
udits in Government and Critical sector
ons related to
on security
e/proprietary):
Network Security, Web Application Security, Wireless Security Audit
Tool Detail
Nessus Professional Infrastructure Scanning
Qualys Web Application Scanning
Fortify Web Inspect Web Application Scanning
Burp Suite Penetration Testing
Metasploit Penetration Testing
NMAP Infrastructure Scanning
Wireshark Infrastructure Scanning
Charles Infrastructure Scanning
Nikto Penetration Testing
SQLmap Penetration Testing
Compliance Audits
LogicGate
10. Outsourcing of Project to External Information Security Auditors / Experts : No
(If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization : No If yes,
arters/Offices, if any : No
AAC SERVICES PRIVATE LIMITED on 7th Feb 2019
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Netrika Consulting India Pvt. Ltd.
1. Name & location of the empanelled Information Security Auditing Organization :
Netrika Consulting India Pvt. Ltd.
2. Carrying out Information Security Audits since : 2015
3. Capability to audit , category wise (add more if required)
Network security audit : (Y)
Web-application security audit : (Y)
Wireless security audit : (Y)
Compliance audits (ISO 27001, PCI, etc.) : (Y)
4. Information Security Audits carried out in last 12 Months :
Govt. : None
PSU : None
Private :
Delhivery Pvt Ltd , Audio Magick, Fairfax , Risq Group
Total Nos. of Information Security Audits done : 5
5. Number of audits in last 12 months , category-wise (Organization can add categories based
handled by them)
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification :
EC Council Certified Ethical Hacker( CEH), ISO20000 , ISO
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. No. Name of Employee Duration with Experience in Information
<organization> Security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
project value – Delhivery Private Ltd (Implemented ISO 27001 : 2013 for their organization, Carried
audit) , Annual Review of ISMS & Implementation of controls for ISO 27017 (Security controls for cl
Project Scope was their corporate office in Gurgaon. Total Project value Approx – 5.5 L
Singapore
Regus Vision Exchange 2 Venture Drive
Level #24-01 - #24-32
Singapore 608526
+65 87308006
Sri Lanka
32 Uswatte Road, EtulKotte,Kotte, Sri Lanka
: None
: None
:
Group
: 5
wise (Organization can add categories based on project
: 7
: 6
: 6
: 3
: 1
: 3
ecurity audits :
: none
01 LAs : 3
: none
: none
ation security qualification :
fied Ethical Hacker( CEH), ISO20000 , ISO 9001 2000 LA
hnical Personnel : 7
Qualifications related to
Information security
CEH
CEH
ommercial/ freeware/proprietary):
arker
SQLMap Burpsuite OWASP SQLi
ecurity Auditors / Experts : No
, contract etc.))
If yes, give details : No
gn based organization? : No
ny : Yes
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months , category-wise (Organization can add categories based
handled by them)
Network security audit : 10 plus
Web-application security audit : 40 plus
Wireless security audit : 2
Compliance audits (ISO 27001, PCI, etc.) : 5
Information security policy review : 4 plus
6.
Technical manpower deployed for informationsecurity audits :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
CEH :
ECSA :
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
Giriraj Jadhav 0.9 yrs 12 yrs Cambridge Certified Linux
Associate Cambridge Certified
Security Associate Cambridge
Certified Internet Associate
Microsoft Certified
Professional (MCP)
Organization :
400059.
: 2016
Y
Y
Y
Y
Y
: 3
: 3
: 8
udits done : 100 plus
10 plus
40 plus
2
5
4 plus
4
1
8
udits in Government and Critical sector
ons related to
on security
e Certified Linux
Cambridge Certified
Associate Cambridge
Internet Associate
Certified
nal (MCP)
e Certified Security
e Certified Internet
International
tion Of Certified
aminers
rtified Ethical
rity Analyst
nal Associate
tion Of Certified
s.
27001 LA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
project value. Cyber Security Architecture and Configuration review for a payment gateway in India.
/proprietary):
: No
on? : No If yes, give details
: No
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Pyramid Cyber Security & Forensic Pvt. Ltd.
1. Name & location of the empanelled Information Security Auditing Organization:
Pyramid Cyber Security & Forensic Pvt Ltd,
FB-05, NSIC Software Technology Park Extension, Okhla In
Estate,
New Delhi-110020, India
2. Carrying out Information Security Audits since : 5+ Years
3. Capability to audit, category wise (add more if required)
Network security audit–(Y/N) : Yes
Web-application security audit–(Y/N) : Yes
Wireless security audit–(Y/N) : Yes
Compliance audits (ISO 27001, GDPR, ISNP, HIPAA) : Yes
IT Risk Assessment – (Y/N) : Yes
Mobile Application Security Testing – (Y/N) : Yes
Compliance audit as per Government of India
Guidelines (RBI, SEBI etc.) (Y/N) : Yes
Incident Response (Y/N) : Yes
Forensics Analysis (Y/N) : Yes
Source Code Review (Y/N) : Yes
Red Team Assessment (Y/N) : Yes
Threat Hunting and Analysis (Y/N) : Yes
4. Information Security Audits carried out in last 12 Months:
Govt. : 1
PSU : 0
Private : 2
Total Nos. of Information Security Audits done : 21
5. Number of audits in last 12 months , category-wise (Organization can add categories based
handled by them)
Network security audit :
Web-application security audit :
Wireless security audit :
Mobile Application Testing :
Compliance audits (ISO 27001, ISNP :
Source Code Review :
RBI Security Compliance Audits :
Forensic Analysis :
Incident Response :
6. Technical manpower deployed for informationsecurity audits:
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security
qualification: OSCP
OSWP:
CISM :
ITIL :
:
CEH
Total Nos. of Technical Personnel ::
ence of CERT-In empanelled Information Security
y Auditing Organization:
y & Forensic Pvt Ltd,
Technology Park Extension, Okhla Industrial
dia
: 5+ Years
)
: Yes
: Yes
: Yes
: Yes
: Yes
: Yes
Yes
: Yes
: Yes
: Yes
: Yes
: Yes
s:
: 1
: 0
: 20+
Security Audits done : 21+
5
10
2
3
5
1
3
15
2
udits:
0
2
2
1
2
1
1
2
2
20
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information
No. <organization> Security
1 Dinesh Bareja 8 Years 18+ Year
2 Sunil Yadav 10 Years 20+ Years
3 Harpreet Singh 6 Months 6+ Years
4 Deepankar Arora 1.5+ Years 3 Years
5 Praveen Sahu 4+ Years
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
project value.
1. Conducted Network Security & Web Security Audit for complete internet facing infras
Oil and Energy Company in Africa.
2. Conducted Malware Incident Response along with Network Security Audit and Netwo
for M/s MFI, Kenya
9. List of Information Security Audit Tools used( commercial/ freeware/proprietary): Freeware
1. Nmap - Port Scanner
2. Maltego - Recon
3. OWASP ZAP - Proxy
4. Nikto – Vulnerability Scanner
5. Xsser – Vulnerability Scanner
6. Dirb/Dirbuster – File/Directory Enumeration tool
7. Empire – Post Exploitation Framework
8. Koadic – Command & Control (C2)
9. DNSscan – DNS Recon
10. Metasploit Framework – Exploitation
11. OpenVAS – Vulnerability Scanner
12. BurpSuite Community Edition – Vulnerability Scanner
13. Dirsearch
14. Veil-Evasion
15. Shellter
16. Immunity Debugger
17. WinDBG
18. MobSF Mobile Security Framework
19. Hping – TCP ping utility
20. Wireshark – Network Packet Capture
21. SQLMAP – SQL Injection Exploitation tool
22. John (Johnny) – Password cracking tool
23. Hashcat – Password cracking tool
24. NetCat – Network Swiss Army Knife
25. WafW00f – WAF Evasion tool
26. SET – Social Engineering Toolkit
27. CredSniper – Phishing Exploitation tool
28. Aircrack-ng – Wireless Exploitation Toolkit
29. Fiddler – Man-In-The-Middle Proxy
30. Sys-Internal Toolkit – Windows System Analysis & Malware Detection
Commercial
31. Metasploit Pro
32. Nessus Professional
33. BurpSuite
Qualifications related to
Information security
CISA,CISM, ITIL
BE, ACE
B.Tech, OSCP, OSWP
OSCP
MS- Cyber Law & Information
Security, ISO27001 & HIPAA
ool
Scanner
Govt. :
PSU :
Private :
Total Nos. of Information Security Audits done :
5. Number of audits in last 12 months , category-wise (Organization can add categories based
handled by them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, SOC2, HIPAA,etc.) :
Cloud Platform configuration Audit :
Medical device Security audit :
Mobile Application Testing :
PII / Data Privacy Audits (GDPR/Canada/US/Australia) :
6. Technical manpower deployed for informationsecurity audits:
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification:
(CEH , DSCI LA , CPISI etc.) :
Total Nos. of Technical Personnel :
RT-In empanelled Information Security
rganization:
ited, No 80, 3rd Floor, BOSS SQUARE,
Bangalore, Karnataka, INDIA 560076
: 2010
Y
Y
Y
Y
Y
Y
Y
Y
: 0
: 0
: 180+
udits done : 180+
50+
47
11
50+
3
1
9
8
1
12
2
0
17
17
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. Wings2i Security Information security
16. Wikto
17. Ethereal
18. Brutus
19. Rips
20. IronWasp
21. Fiddler
22. Tamper Data
23. OpenVas
24. W3af
25. Exploit Database
26. SQL Map
27. Hydra
28. Android Debug Bridge
29. AndroBugs Framework
30. Apktool
31. ByteCode Viewer
32. Drozer
33. Dex2Jar
34. Jd-Gui
35. SQLite Database Monitor
36. Pidcat
3. Proprietary
1. Own developed Scripts for XSS, OS, AWS, and Database Security Audits
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes Outs
compliance audits to certified compliance auditing organizations.
Control Mechanisms:Contracts, NDA with the organization and auditing personalReview of the audit
submission.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes Accre
like PECB, PeopleCERT, Gaming Works and
partnership with multiple organization in Middle East
12. Whether organization is a subsidiary of any foreign based organization? : No If yes
e/proprietary):
ts
se Security Audits
: No
019
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Zulon Consulting
1. Name & location of the empanelled Information Security Auditing Organization:
Zulon Consulting, 2/203,Vahatuk Nagar, Amboli, Andheri(W) Mum
5. Number of audits in last 12 months , category-wise (Organization can add categories based
handled by them)
Brief Description of Work Details of Contact Person at Auditee
Organization (Name, email, website URL,
Mobile, telephone)
Sr. Category
Email ID: PritiShah@pmcbank.com
Organisation: PMCB
Audit as per RBI
1 Pvt.
requirements
Website: www.pmcbank.com
iting Organization:
tuk Nagar, Amboli, Andheri(W) Mumbai- 400058.
: 2016
: 10+
it : 15+
: 5+
01, PCI, etc.) : 4
: 2+
: 2+
: 30+
urity Audits done : 40+
Additional Info
PMCB
GPPJSB
Website:www.gpparsikbank.com
Name: DK Gosavi
Email ID:
dkgosavi@kalyanjanata.in
Phone Number: 9322705900
Email ID: pankajk@insolutionsglobal.com
Website: www.insolutionsglobal.com
Website: www.tata.com/company/profile/Trent
Email ID: sgomadam@tatatrusts.org
Audit as per ISO27001
### Pvt.
requirements
ISG
Tata – Trent
TATA TRUST
Website: www.tatatrusts.org
Phone Number:9962589935
Phone: 7045958873
:
:
:
:
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. Duration with Experience in Qualifications related to
No. Zulon Consulting Information Information security
Name of Employee
Security
fication
2
6
2
1
15
related to
ecurity
IL.
TIL
A, CHFI
Diploma in Computer
b Technology
TIL, MCSE,
oundation
IL.
MS LA, CRISC
duate Diploma in IT
Sys-tem and Security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
project value.
Projects Volume Complexity
InSolutions Global – Into card printing, card processing, Payment processor to some
Compliance Management payment application development of the largest banks and
– We support end to end merchants in India
compliance
Locations
Mumbai, Pune, Delhi and
Bangalore
).
ve details : No
d organization? : No If yes, give details
: No
ruary 2019.
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s AQM Technologies Pvt Ltd
1. Name & location of the empanelled Information Security Auditing Organization:
AQM Technologies Pvt Ltd.
Mumbai, India
2. Carrying out Information Security Audits since: 2001
(erstwhile AUDITime Information Systems Ltd.)
3. Capability to audit, category wise (add more if required)
Network security audit (Y/N): Y
Web-application security audit (Y/N): Y
Wireless security audit (Y/N): Y
Compliance audits (ISO 27001, PCI, etc.) (Y/N): Y
Cyber Security & CSOC Audits Y
Cloud & DC, DR, BCM (ISO 22301) Audits Y
Source Code Reviews Y
IT Application / ERP Audits Y
IT Security & Infrastructure Audits Y
Vulnerability Assessments & Pen Testing (Mobile/WebApps) Y
Third Party / Outsourcing / Vendor Audits Y
Functional Audits (BFSI/CBS/ Treasury / GL/ Recon) Audits Y
SWIFT / ATMs/ Switch/ API/ Payment Gateway Audits Y
Data Migration & Pre / Post Implementation Audits Y
IT M&A / Due Diligence Audits Y
Concurrent / Continuous Audits – DC, Application, Privileged Access Audits Y
Assurance of IT Audits Y
4. Information Security Audits carried out in last 12 Months:
Govt.:<number of>: 33
PSU:<number of>: 23
Private:<number of>: 48
Total Nos. of Information Security Audits done: 104
5. Number of audits in last 12 months, category-wise (Organization can add categories based
handled by them)
Network security audit: 14
Web-application security audit: 57
Wireless security audit: 01
Compliance audits (ISO 27001, PCI, etc.): 16
Mobile/API PT: 06
Data Migration Audit: 03
Cloud Security Audit 01
AUA KUA Audit 02
ITCR AUDIT 09
Software Licensing 01
Source Code Reviews 02
Special / other Audits 07
Concurrent Audit 18
TOTAL 137
ence of CERT-In empanelled Information Security
y Auditing Organization:
2001
hs:
Sanjay Jitendra Parikh 2.5Years 18 Years CISA, PG DCM, ITIL, ISO 27001
5 LA
Pravin Kumar Singh 2 Years 4.5Years CISE, CCNA, CEH, CYVECTOR
6
ations related to
mation security
SM
000
, ISO 27001 LA
, CEH, CYVECTOR
CND CISC
A, CEH
DITISS)
LA
c science, ISO
CCNA, CEH, LINUX
on
)
), CEH v10
et Crime
n
),
Win Ad & Linux
c science
e, complexity, locations etc.) along with
1. Application Audits (HO level)
2. Application Audits (Branches)
3. IT Control Review Audits
4. Network & Security Audits
5. Data Migration Audits
6. Risk Assessments
7. Details of technical manpower deployed for information security audits in Government and Critical sector
(attach Annexure if required)
prietary):
No
No If yes, give details
No
Back
In empanelled Information Security
nization :
achlipatnam, Chennai, Panchkula,
tories at Bangalore and Ghaziabad.
August 2015
Yes
Yes
No
Yes Gap analysis w.r.t ISO
Yes
Yes
7 Swathi M D 9 4 CEH
8 Antony Benedict Raja G 9 5 CEH
9 Tarun Jain 9 5 Trained on CISSP
10 Deepak D 7 3 NPT, CEH
11 AnushreePriyadarshini 4 1 M.Tech (Software Engineering),
CEH
12 Akshatha S 0.7 0.7 -
13 SandeepGadhvi 0.7 1 M.Tech (Cyber Security), ISMS
LA
14 Viplav 0.7 0.5 M.Tech (Cyber Law &
Information Security)
15 Vaman A Naik 33 5 ISMS LA
16 Praveen Kumar H T 18 13 ISMS LA, CCNSP
17 Madhavi M 15 2 PMP, ISMS LA
18 Mrityunjaya P Hegde 9 3 PMP, ISMS LA
19 Srinivas T 26 8 ISMS LA
20 DeeprajShukla 10 4 ISMS LA
21 Padmapriya T 8 1 PMP, ISMS LA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.) along w
value.
Information Systems Infrastructure Audit of BEL-IS Ghaziabad comprising of Antivirus Server, DC, ADC, R
Nagios, BEL_Sampark-Intranet Mail server,Web applications, Switches/Routers and Firewall for both In
Internetwork.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Freeware Commercial
EH
EH
ained on CISSP
PT, CEH
Tech (Software Engineering),
EH
ware/proprietary):
Proprietary
NSAT
Scripts
10. Outsourcing of Project to External Information Security Auditors / Experts :
Yes/No ( If yes, kindly provide oversight arrangement (MoU, contract etc.)
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No
If yes, give details
13. Locations of Overseas Headquarters/Offices, if any : Yes/No
Oman Myanmar
Bharat Electronics Limited No. Bharat Electronics Limited No. 53,
0402Z214, 2nd Floor Building No.4 The Strand Square Level 2, Unit #.
Knowledge Oasis Muscat (KOM) PO 209, Strand Road
Box 200, Postal Code 123, AI Rusayl, PabedanTsp, Yangaon, Myanmar
Sultanate of Oman
Srilanka
Bharat Electronics Limited No. 385,
1st Floor Landmark Building, Galle
Road
Colombo – 03, Srilanka
Vietnam
Bharat Electronics Limited 10th Floor,
TNR Power Hanoi
Vietnam
5. Number of audits in last 12 months, category-wise (Organization can add categories based
handled by them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
6. Technical manpower deployed for informationsecurity audits :
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
Any other information security qualification :
PhD (info Sec), GDPR, CSA-STAR, Certified Forensic Detect
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organization> Security Information security
1 Dr. Harsha HKIT Security 12 Years PhD (Info Sec), GDPR, LA,
Solutions CSA-STAR, PIMS,
2 Ms. Gayathri HKIT Security 8 Years ISO LA, Certified Cyber
Solutions Security Expert, Certified
Forensic Detective
Organization :
: 2012
(Y)
(Y)
(Y)
(Y)
: 5
: 25
: 20
udits done : 50
20
<25
5
5
4
10
5
5
ons related to
on security
Sec), GDPR, LA,
R, PIMS,
ertified Cyber
Expert, Certified
Detective
2, T3)
oits
es, OCTAVE.
Experts : No
: No
tion? : No
: No
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s IBM India Private Limited
1. Name & location of the empanelled Information Security Auditing Organization:
IBM India Pvt. Ltd
No.12, Subramanya Arcade, Bannerghatta Road, Bangalore, Karnataka - 560029, India
g Organization:
: 2000
)
Yes
Yes
Yes
Yes
hs:
: 0
: 0
: 3*
rojects, as we are under NDA, we cannot furnish at this
udits:
6
6
0
0
350+
India 500+
and Global 8000+
security audits in Government and Critical sector
Qualifications related to
Information security
CEH
CISSP
CEH
CISSP
1. CEH
2. ISO 27001-2013
3. ECSA
CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc
project value.
Vulnerability Management for one of the largest Telco Network Operator in India
Project:
Vulnerability management for one of the largest Telco network operator (Client) in India with a
160 million customers.IBM as an IT security service provider manages the security Asse
Vulnerability management lifecycle for Client Applications and Network infrastructure compone
Service Offerings:
1. External Penetration Testing: 150 IP's, Frequency: Half Yearly
2. Internal Penetration Testing: 1500 IP's, Frequency: Half Yearly
3. Application Penetration Testing : 48 URL's, Frequency: Half Yearly
4. Internal Vulnerability Assessment: 11000 IP's, Frequency: Half Yearly
Key Activities:
1. Perform bi-annual Application Security Assessment on all client applications
2. Perform application security assessment of new applications before pro
deployment
3. Perform Network Penetration testing and Vulnerability assessment of d
assets
4. Track and govern the closure of issues within defined timeframe. Gui
development and network team for closure
Highlights:
1. Project team performed review of current set-up and validated the sc
Security Assessment activities. It included Applications and network infrast
2. Defined the periodicity or recurring activities and scope of non-period
activities
3. Performed security assessment of applications and network assets in scope.
4. Delivered the report to relevant recipients including development team
security team
5. Document and track the status of issues. Govern the application team for cl
in defined timeframe. Conducted meetings and knowledge transfer sessions with
team to guide them for issue closure
6. Re-test the closure of issues and certify them for go ahead
Free
ware
:
1. Metasploit: Penetration Testing Framework
2. NMAP : Port scanner
3. RAT : Router and firewall benchmarking
4. Wireshark - Protocol analyzer
5. MBSA : Windows security assessment
6. Nikto : Web Applications security
7. SNMPWalk : Router and network management
8. CAIN &Able : Traffic sniffing and Password cracking
9. Brutus : Password cracking
10. JohntheRipper : Password cracking
11. W3AF: Application auditing framework
12. Maltego: Intelligence and forensics application.
13. Unicornscan: Port Scanner and Information gathering.
14. Aircrack
Commercial:
1. Nessus : Network Vulnerability Assessment
2. IBM Appscan : Web Systems & Applications security
3. BurpsuiteProfessional : Web Systems & Applications security
4. Nipper Studio : Network Device Configuration Review
Proprietary Tools:
1. Windows server Security assessment scripts
2. Unix/Linux/AIX server security assessment scripts
3. Oracle security assessment scripts
4. MSSQL security assessment scripts
5. ASP and Java Scripts : Web application assessment
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York 1050
States
13. Locations of Overseas Headquarters/Offices, if any : Yes
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York 1050
States
*Information as provided by IBM India Pvt. Ltd on 2-August-2019
Ba
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.) along with
project value.
Vulnerability Management for one of the largest Telco Network Operator in India
Project:
Vulnerability management for one of the largest Telco network operator (Client) in India with approximately
160 million customers.IBM as an IT security service provider manages the security Assessment and
Vulnerability management lifecycle for Client Applications and Network infrastructure components.
Service Offerings:
1. External Penetration Testing: 150 IP's, Frequency: Half Yearly
2. Internal Penetration Testing: 1500 IP's, Frequency: Half Yearly
3. Application Penetration Testing : 48 URL's, Frequency: Half Yearly
4. Internal Vulnerability Assessment: 11000 IP's, Frequency: Half Yearly
Key Activities:
1. Perform bi-annual Application Security Assessment on all client applications
2. Perform application security assessment of new applications before production
deployment
3. Perform Network Penetration testing and Vulnerability assessment of defined network
assets
4. Track and govern the closure of issues within defined timeframe. Guide the
development and network team for closure
Highlights:
1. Project team performed review of current set-up and validated the scope for
Security Assessment activities. It included Applications and network infrastructure assets
2. Defined the periodicity or recurring activities and scope of non-periodic ad-hoc
activities
3. Performed security assessment of applications and network assets in scope.
4. Delivered the report to relevant recipients including development team and client
security team
5. Document and track the status of issues. Govern the application team for closure of issues
in defined timeframe. Conducted meetings and knowledge transfer sessions with development
team to guide them for issue closure
6. Re-test the closure of issues and certify them for go ahead
Commercial:
1. Nessus : Network Vulnerability Assessment
2. IBM Appscan : Web Systems & Applications security
3. BurpsuiteProfessional : Web Systems & Applications security
4. Nipper Studio : Network Device Configuration Review
Proprietary Tools:
1. Windows server Security assessment scripts
2. Unix/Linux/AIX server security assessment scripts
3. Oracle security assessment scripts
4. MSSQL security assessment scripts
5. ASP and Java Scripts : Web application assessment
10. Outsourcing of Project to External Information Security Auditors / Experts : No ( If yes, kindly provide
oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : Yes If yes, give details
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York 10504-1722, United
States
13. Locations of Overseas Headquarters/Offices, if any : Yes
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York 10504-1722, United
States
*Information as provided by IBM India Pvt. Ltd on 2-August-2019
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s ProgIST Solutions LLP
1. Name & location of the empanelled Information Security Auditing Organization :
M/s ProgIST Solutions LLP,
102, B3 Wing, Rosa Gardenia, Kasarvadavli, Ghodbunder Road, B
Thane – West, 400615
2. Carrying out Information Security Audits since : May 2017
3. Capability to audit , category wise (add more if required)
Network security audit
Web-application security audit
Wireless security audit
Compliance audits (ISO 27001, PCI, etc.)
Information security policy revi=ew and assessment against best security practices
Information Security Testing
Process Security Testing
Internet Technology Security Testing
Communications Security Testing
Application security testing
Wireless Security Testing
Physical Access Controls & Security Testing
Network Security Testing
Software Vulnerability Assessment
Penetration Testing
5. Number of audits in last 12 months , category-wise (Organization can add categories based
handled by them)
Network security audit :
Web-application security audit :
Wireless security audit :
Compliance audits (ISO 27001, PCI, etc.) :
6. Technical manpower deployed for informationsecurity audits :
CISSPs : 1
BS7799 / ISO27001 LAs : 3
CISAs : 1
Any other information security qualification:
CEH : 8
CISE :
CHFI : 1
CIPR : 1
C-CTIA : 2
C-ATPA : 2
ECSA : 1
Total Nos. of Technical Personnel : 20+
mpetence of CERT-In empanelled Information Security
Months :
: 0
: 0
: 20+
ation Security Audits done : 20+
4+
50+
1
3
ity audits :
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Qualifications related to
No. <organization> Information Security Information security
Banking Application Core Channel Banking Critical internet facing Mumbai XX,XX,XXX
application
ns related to
security
fied Cyber
ligence Analyst,
T Analyst
– Lead
r Professional
CEH
PCI DSS
tion Training
ber Threat
Analyst,
T Analyst.
CPFA
Auditor
, complexity, locations etc.) along with
proprietary):
AP, KALI LINUX, SIFT WORKSTATTION,
BOW TABLES, AIRCRACK-NG, NETCAT,
IN & ABLE, ZAP, TCPDUMP, CANVAS, SET
AP, MALTEGO.
: No
n? : No If yes, give details
: No
19
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s XYSec Labs Private Limited
1. Name & location of the empanelled Information Security Auditing Organization :
Xysec Labs Private Limited (Appknox), Location - Bangalor
5. Number of audits in the last 12 months, category-wise (Organization can add categories bas
handled by them)
Network security audit : NA
Web-application security audit : 80
Wireless security audit : NA
Compliance audits (ISO 27001, PCI, etc.) : NA
CISAs : 2
0
DISAs / ISAs :
Any other information security qualification : -
Total Nos. of Technical Personnel :
9
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required) - NOT APPLICABLE FOR US.
S. Name of Employee Duration with Experience in Information Qualifications related to
No. <organizatio n> Security Information security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations, etc
project value.
Unilever Mobile Application Security Testing 550 Mobile Applications VAPT.
Project Value - 1.5 Crore INR.
Location - Unilever Industries. Tower A. The Business Precinct. Prestige Shantiniketan, Bangalore, I
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary): Appknox (pro
Suite(commercial), Open-source Tools: nmap, radamsa, metasploit, ILspy, Dnspy, Frida
ation :
, Location - Bangalore, India
: 2014
Y)
)
)
)
: 10
: 45
: 320
one : 260
2
0
2
0
-
9
s : No ( If yes, kindly
: Yes
: Yes If yes, give details
Management Team sits and works out
: Yes, Singapore is
Back
Snapshot of skills and competence of CERT-In empanelled Informa
Auditing Organisation
M/s Recon Business Advisory Pvt. Ltd.
1. Name & location of the empanelled Information Security Auditing Organization :
Recon Business Advisory Pvt. Ltd.
2. Carrying out Information Security Audits since : 2011
3. Capability to audit, category wise (add more if required)
Network security audit : (Y)
Web-application security audit : (Y)
Wireless security audit : (Y)
Compliance audits (ISO 27001, PCI, etc.) : (Y)
5. Number of audits in the last 12 months, category-wise (Organization can add categories bas
handled by them)
Network security audit : 3
Web-application security audit : 85
Wireless security audit : 1
Compliance audits (ISO 27001, PCI, etc.) : 2
6. Technical manpower deployed for information security audits :
CISSPs : 2
BS7799 / ISO27001 LAs : 3
CISAs : 2
DISAs / ISAs : 0
Any other information security CEH -
qualification
Total Nos. of Technical Personnel :
: 16
7. Details of technical manpower deployed for information security audits in Government and Critic
organizations (attach Annexure if required)
S. No. Name of Duration with Experience in Qualifications related
Employee <organization> Information Security toInformation security
Ankush Batra
1 6 years 6 years CEH
Navdeep Singh
2 2 years 2 years CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations, etc
project value.
SHARECHAT – VAPT, N/W Audit, ISO Certification, Bangalore – 36 Lakh.
anization :
: 2011
(Y)
(Y)
(Y)
(Y)
: 85
: 34
ts done : 199
3
85
1
2
2
3
2
0
-
16
s in Government and Critical sector
Lakh.
proprietary):
, M/S Office etc.,
erts : No
: No
n? : No
: No
<23/12/2019>
Back