2. Table of Content
Title Page No.
IDBI Intech Ltd 3
Information Security Consulting 6
Selective Experience & Clientele 13
Information Security Consulting -
16
Team Credentials
The Next Step 17
2|Page
3. IDBI INTECH LIMITED
IDBI Intech Limited is a professionally managed IDBI Group Company providing IT related services to
Banking, Financial Services, and Insurance Clients. Our mission is to deliver optimal IT services and
innovative solutions by leveraging technology with intellectual capital, to accomplish customer delight.
Our operating philosophies are as below -
We strive harder to create an environment of value and trust for our prospective and existing
clients.
Our clients’ success is our success. We do our best to ensure our clients triumph in all their
endeavors. Our service should and will have a direct, positive impact to our clients’ top line and
bottom line.
We see our future in servicing our clients over a long term.
IDBI Group of Companies is a resourceful business unit in India. IDBI Intech Limited is backed by the
IDBI Group. Our foundation of stability comes from the strategic support offered by the IDBI Group of
companies. This kind of support allows us to concentrate on new investments to scale up our capabilities,
and to remain focused on the long term relationship management and support for our clients.
3|Page
4. OUR CLIENTS
CERT-IN EMPANELMENT
IDBI Intech has successfully been empanelled as a Certified IT Security Auditing Organisation with the
Indian Computer Emergency Response Team (CERT-In), after passing through a rigorous selection
process. We are now among the handful of organisations currently empanelled with CERT-In.
The CERT-In operates under the auspices of, and with authority delegated by, the Department of
Information Technology, Ministry of Communications & Information Technology, and Government of
India. The complete list of Empanelled IT Security Auditing Organisations is available on CERT-In
website at: http://www.cert-in.org.in/panelofauditors.htm
HIGH QUALITY FOCUS
Stringent quality assurance and quality control processes are followed through a comprehensive system
of internal audits. Our participatory approach for process improvements requires cross-functional teams
to work on specific processes to enhance effectiveness. Intech is an ISO 9001:2008 Certified
organisation.
4|Page
5. SERVICES
We offer a spectrum of Solutions and Services to BFSI Sector. Our software solutions and IT services
delivery processes are designed and fine-tuned to meet the clients' diverse requirements. Knowledge
management tools support our quality processes.
Our service offerings are:
Comprehensive IT Consulting
o Consultancy in IT services like CBS integration, RTGS/NEFT/NDS etc.
o Core banking System integration, and customization
o Document management
o Independent testing services
o Website development and maintenance
o Data Centre establishment on the Build Operate & Transfer Model
Information Security Consulting
o IT Governance
Preparation of IT security policy
Implementation of IT security policy
o Information Security Awareness Training program
o IS Audits
o Application Assurance
o Network Audit
o Penetration testing
o Vulnerability Assessment
Corporate Learning & Development
o Banking related specialized training programs
o Core banking programs
o System and procedures related programs
Business Process Outsourcing
o Centralization of processes
o Process Standardization
o Call center
o Image based workflow solution implementation
5|Page
6. INFORMATION SECURITY CONSULTING
Information is at the heart of today’s business, and the all-pervasive impact of Information Technology in
harnessing, collating and processing huge volumes of information is definitive. In this scenario, the need
for ensuring that information is kept confidential, adhering to accepted norms of privacy and making it
available to authorized users at the appropriate time assumes greater significance. This is particularly
valid for the banking sector where day-to-day operations are centered on information and information
processing, which in turn is highly dependent on Technology.
Regulators across the world have asked Banking and Financial Services Industry (BFSI) for putting in
place the guidelines on Information Security and made compliance to it mandatory. Growing level of
computerization in BFSI, complexities of emerging technologies, networking, delivery channels such as
Internet Banking, Mobile banking, Call centers, ATMs, Phone banking, Kiosks etc necessitate proper IS
security and controls in place.
We offer the following services under Information Security practices:
Managed Security Services (MSS)
Information Systems Audit
o IS Security Audit
o Core Banking Solution Audit
o Data Center Audit
o Network Audit including Vulnerability Assessment and Penetration Testing
o Disaster Recovery Management & Business Continuity Planning
o ISO 27001:2005 Compliance Consulting
o Efficiency / Resource Utilization Review
o Database Audit
Implementation Reviews
o Review of ITIL Best Practices
o Review of ERP Implementation, Security Policy Implementation & Controls Review
o Data Migration Audits
o IT Risk Assessment
o Gap Analysis
o Documentation Guidance
o IT Integration
o Data Migration Tools
6|Page
7. o Product Selection Advice - Software or Hardware
o Network Design
o Security Policy Development & Guidance for Implementation
o Information Security Education
Following sections offer additional details on a selective list of the Information Security Consulting
services.
MANAGED SECURITY SERVICES
IDBI Intech Limited has its own Security Operation Center (SOC) in Pune, India based on Arc Sight SIEM
platform with following features:
24 hours, 365 days service support
Real time detection, alert & response
Attack correlation for logs from multiple sources
Multiple alert mechanisms
Multi-vendor and platform support
Support for large number of devices
Smart bandwidth utilization
Intelligent event capture
Incident Management
Risk based prioritization
Security Dashboard for online reports
250+ predefined report templates
Rich visualization
7|Page
8. We offer following range of services under the umbrella of Managed Security Services (MSS). Clients
can select the services based on their requirements.
Managed Security
Services
Onsite Anti- Security Anti-Virus & Security Device
Consulting Phishing Advisory Content Filtering Management
Secure Technical Risk Information Security
Configuration Assessment Security Risk Events & Log
Document Management Monitoring
Vulnerability Assessment
Asset Based Risk
Assessment
Penetration Testing
Application Security Physical &
Testing Environmental Review
Network Security
Architecture Review
8|Page
9. Anti-Phishing
The service can monitor your domain and can detect the phishing website anywhere in the world. We can
take down the phishing website with the help of our partner. We also provide support in implementing
preventive measures. The service is divided into five phases
Web Server & Mail Evaluation Location
Log Monitoring Statistical Analysis Identification
Digital Watermark Notification Co-ordination with
Spam Trap ISP’s
User Reporting Site Bringdown
Site Detection 1 Alerting 2 Site Takedown 3
Take down site User Awareness
monitoring Server Hardening
Phishing site
monitoring
Monitoring 4 Preventive Measures 5
9|Page
10. Security Device Management
We manage security components of the clients IT infrastructure from onsite/offsite location. The
components include firewall, IPS/IDS, Proxy, UTM, patch management, etc.
- Rule base management - Signature updates - Block/unblock URL’s
- User Management - Global threat signatures - Web Content Filtering
- Rule base Optimization - Rule management - Version Upgrades
- Version Upgrades - Rule Optimization
- Version Upgrades
Firewalls IDS/ISP URL Filter
Fault, Configuration, Performance, Policy, Change, Capacity,
Availability
Device Acquisition Device Device Upgrade
Commissioning
Security Events & log Monitoring
We perform log monitoring with the help of a leading SIEM product “Arcsight”. Arcsight has been
designed with the needs of highly complex, geographically dispersed, and heterogeneous business and
technology infrastructures in mind. The service will be provided in the onsite/offsite location based on
client requirement.
10 | P a g e
11. Technical Risk Assessment
We offer following technical risk assessment of IT infrastructure
Vulnerability Assessment
Penetration Testing:
o External PT
o Internal PT
Application Security Testing
Network Security Architecture Review
Anti-Virus & Content filtering
Our team will manage & monitor Anti-virus & content-filtering infrastructure. It will include desktop
antivirus servers, gateway level AV, content filtering devices.
IS Risk Assessment
Our team will perform the IS risk assessment which covers review of various processes/activities.
Asset based Risk Assessment: We will carry out the asset based risk assessment as per the ISO
27001 standard requirements.
Physical & Environmental Review: Our team will review the existing physical & environmental
controls in the secure areas like Datacenter.
Onsite Consulting
Based on the client’s requirements, our consultant visits the client location. The report will be submitted
along with the necessary guidance.
Secure Configuration Document
We prepare secure configuring documents for all the operating systems, databases, IT applications like
mail server, Web server, etc.
Security Advisory
We will be sending regular advisories & updates released by vendors as and when issued by them.
11 | P a g e
12. IT GOVERNANCE
Regulatory compliance requirements
Aligning IT strategy with Business strategy
Board participation in monitoring IT
Role and responsibilities of Management and Employees
Value derived from IT initiatives
Role of CIO and CISO
CONSULTANCY FOR IMPLEMENTATION OF GOVERNANCE AND COMPLIANCE
FRAMEWORKS:
ISO 2700I is an international framework for Information Security implementation by various
organizations. Our certified professionals shall guide the organization in implementation process
and also to get the certification.
COBIT will provide the management and business process owners with an information
technology (IT) governance model that helps in delivering value from IT and understanding and
managing the risks associated with IT. COBIT helps to bridge the gaps amongst business
requirements, control needs and technical issues. It is a control model to meet the needs of IT
governance and ensure the integrity of information and information systems.
DSCI Security & Privacy Framework: It is developed by data security council of India & floated
by NASSCOM. Our certified professionals shall guide the organization in implementation process.
INFORMATION SECURITY AUDIT:
Review of Information Security policy and procedures which covers; reviewing policies &
procedures, access control, data migration, data base maintenance, Archiving & backups,
Disaster recovery, Network security, Data security, risk assessment in new products/process and
activities, email security, application security, Operating system & Website security, Antivirus &
piracy, incident/problem management, change management, digital signature implementation etc.
IT general controls: Version control, access control, backups, change management etc.
Network audit: Network topology, network availability, net work security, inventory of all routers
and switches, security of physical location, configuration, memory utilization, CPU utilization,
Traffic volume, special redundancy measures, number of dropped packets, identification and
location of all firewalls and respective topologies etc
Vulnerability Assessment and Penetration testing:
12 | P a g e
13. o External penetration testing and vulnerability assessment
o Internal penetration testing and vulnerability assessment
o Physical access controls to Data center and other work sites
o Social engineering testing
o Wireless technology background
o Web application
Application assurance
o Provide stakeholders with an assessment of the effectiveness of the application’s internal
controls and security.
o Identify internal control deficiencies within the customer organization and its interface with
the service provider.
o Provide audit stakeholders with an assessment of the quality of and their ability to rely
upon the service provider’s attestations regarding internal controls.
Compliance management- Regulatory compliances, internal compliance to policies, incident
management, Business continuity Plan, quarterly escalation and reporting of critical failures etc.
SELECTIVE EXPERIENCE AND CLIENTELE
DATA MIGRATION A UDIT FOR CENTRAL BANK OF INDIA
IDBI Intech recently conducted the Data Migration Audit for Central Bank of India for various Branches
when Central Bank of India initiated a massive process of Migration to B@ncs24 CBS. We performed
100% verification of Data using the ACL tool.
MIGRATION AUDIT OF THE UNION BANK OF INDIA
IDBI Intech has recently conducted the Migration audit for various branches of Union Bank of India for
migration from ALPM system to Finacle. We made use of ACL tool for conducting the Migration audit and
we also checked the migration from manual systems to Finacle.
DATA MIGRATION A UDIT OF PUNJAB AND MAHARASHTRA CO-OPERATIVE BANK LTD.
IDBI Intech conducted two Data Migration Audit Assignments for Punjab and Maharashtra Co-operative
Bank Ltd.
The Audit assignment was conducted in April 2010 for the erstwhile Jai Shivrai Nagari Sahakari Bank
Ltd., which was acquired by the Punjab and Maharashtra Co-operative Bank Ltd.
The similar Audit assignment was also conducted in May 2009 for the erstwhile Kolhapur Janata
Sahakari Bank Ltd, which was acquired by the Punjab and Maharashtra Co-operative Bank Ltd.
13 | P a g e
14. The Migration Audit exercise was conducted electronically using the ACL tool covering 100% verification
of Data.
DATA MIGRATION AUDIT FOR DENA BANK
To conduct data migration validations for 253 numbers of branches this will be converted to the
new CBS platform. Data Migration validation is done to ensure and validate that data as extracted
from the legacy system in the format as required by the new core banking solution has been
accurately and completely migrated / uploaded to the new core banking solution environment
Review the data migration strategy document; perform a walkthrough of the data migration
process at the data centre and branches.
WEBSITE SECURITY REVIEW FOR SBI GENERAL INSURANCE
IDBI Intech has recently conducted Security Audit of the website of SBI General Insurance as per the
Cert-In guidelines. The Audit Assignment covered broadly the following areas:
Penetration Testing
Vulnerability Assessment of web server
Application Testing
NETWORK & SECURITY REVIEW OF THE CMS CONNECTIVITY FOR IDBI FEDERAL
We conducted a Network & security review of the CMS connectivity for IDBI Federal. We have mapped
industry best practices with IDBI Federal current processes.
Identification of OS, application versions wherever applicable
Test for presence of default ports and services on the devices
Identification of security risks/threats associated with the open port and the service running on it
Identification of vulnerabilities related to the devices that could be due to incorrect configuration
Identification of known threats associated with those versions.
Penetration Testing
Vulnerability Assessment
Network Architecture Review
COMPREHENSIVE IS AUDIT FOR LIC MUTUAL FUND
IDBI Intech has conducted comprehensive audit of systems and processes inter alia related to
examination of integration of front office system with the back office system, fund accounting system for
calculation of net asset values, financial accounting and reporting system for the AMC, Unit-holder
administration and servicing systems for customer service, funds flow process, system processes for
meeting regulatory requirements, prudential investment limits and access rights to systems interface. The
Audit also included
14 | P a g e
15. Vulnerability Assessment
Penetration Testing
Application security review
Network Architecture Review
IT General Controls Review
The Audit has been conducted as a part of Statutory Compliance with SEBI Regulations.
IT GOVERNANCE CONSULTANCY AND COMPREHENSIVE IS AUDIT FOR THE STOCK
HOLDING CORPORATION OF INDIA LTD (SHCIL)
SHCIL is the largest Depository Participant in the country. We provided consultancy service to SHCIL in
respect of IT Governance Consultancy and we are also in the process of developing the IS & IT policy
and procedures and conducting a comprehensive Information System Audit.
IT Governance Consultancy: We assisted SHCIL in implementing general IT Governance. We
also designed reforms in the present IT organisation structure, designed roles and responsibilities
of key IT personnel, devised growth plans, promotion policies, Talent retention measures,
Performance incentives, Salary restructuring, Training and development for the IT resources . We
also gave valuable suggestions in the areas of Security policies, Business continuity planning, IT
Risk management, Incident management system etc.
Designing and Implementing IS &IT Policy and Procedures comprehensive IS Audit: We
conducted a Consultancy Assignment of designing and Implementing policies and procedures for
SHCIL. We have mapped industry best practices with SHCIL’s current processes for the same
and have designed and implemented the Policies.
Consultancy in IS & IT Policy Implementation including designing of IS & IT Procedures.
Comprehensive IS Audit being conducted at SHCIL include IT General Controls review audit, IT
Infrastructure review and Application Assurance. Application Assurance Audit performed by us
included review of business processes like Stock broking, Depository Participant service,
Custodial Services. The applications we reviewed also included Human Resource, Payroll
application and Provident Fund and Pension software used for NTPC etc.
15 | P a g e
16. INFORMATION SECURITY CONSULTING - TEAM CREDENTIALS
IDBI Intech Limited handpicks experts from the industry. Our selection process ensures only the best in
the class Knowledge Associates join the organization. Our associates support our clients at various roles
including Auditors, Information Security Consultants, CISOs, and CTOs.
Certification No.
Certified Information Security Auditor (CISA) 16
Certified in Risk and Information Systems Control (CRISC) 2
Certified in the Governance of Enterprise IT (CGEIT) 2
Certified Ethical Hacker (CEH) 5
Certified Vulnerability Assessor (CVA) 1
EC-Council Certified Security Analyst (EC-CSA) 1
ISO 27001Lead Implementer/ Auditor 7
16 | P a g e
17. BS25999 Lead Auditor 1
Managed Security Services Professional 11
IT Professional 900+
We have a team of talented young professionals possessing expertise in technical, functional & banking
domains. The team members come from various educational backgrounds like Chartered Accountants,
software Computer Engineers, MBA’s and senior bankers. Our team consists of certified ISO/IEC
27001:2005 Information Security Management system Lead Auditors, BS25999 LA, CISA, CGEIT,
CRISC, EC-CSA, CVA, CEH, CCNA, MSCE etc.
The team members possess a wide experience including Vulnerability Assessment, Penetration Testing,
Application Security testing, Network Architecture reviews. The team is led by experienced senior
bankers. Our techno functional expertise along with IS audit knowledge & experience would ensure
quality and effective services.
THE NEXT STEP
IDBI Intech Limited has incredible experience in the Information Security Consulting space. We have the
required capabilities to assess your compliance levels and offer value-added consulting services to
address the gaps.
We take it as our core mandate to offer you a true, world-class service at a highly competitive price. We
strive to deploy the best resources, who’re highly qualified in their business, and who can make a positive
impact in the engagement.
We assure you of our best services at all times. W e are looking forward for a long-lasting and mutually
beneficial relationship.
17 | P a g e