2. Challenges
Many organizations assume that Information security can be achieved by a good
firewall.
Information security threats come from various directions , not just from internet.
Information security needs holistic approach that covers,
Computer Security : Computer access control, Antivirus and Anti malware, backup,
data encryption.
Operation Security: Software security, Database security, File shares and access control,
Business applications
Protection against Burglary: Physical security and guards
Protection against fire: Fire suppression systems, Alarms
External and Internal threats: Espionage, Abuse, eves dropping, shoulder surfing
Communication: Telephone lines, internet, email
Continuity planning: Emergency response, recovery
Personal Security : Recruiting, access control, human mistakes, piggybacking, incident
reporting
3. TA Solution
TA designed five services that effectively address organization’s security
concerns.
Our security services are,
Enterprise Security Program Design and Implementation
IT RISK assessment
Disaster Recover Planning and Business Continuity
Vulnerability Assessment and Penetration Testing
Security Operations Center
4. Enterprise Security Program Design and Implementation
Information
Project Information Current State
Gap Analysis Security Program
Planning Gathering Assessment Roadmap
Identify the business
Identify Ensure that risk
processes that involve Obtain current policies
mitigation strategies
Stakeholders Information Security and procedures covering
Identify risk that arise are aligned with
Project Kickoff Systems and facilities information systems.
from the gaps information security
Scope Identify key stake Prioe risk assessment program objectives
Prioritize the risks by
reconfirmation holders for each results
business process (HIGH, Develop/Revisit
Understand business process and Intermnal Audit reports MEDIUM,LOW) information Security
client underlying IT
Other relevent reports charter
components Present findings to the
requirements in from Information security stakeholders Prepare a roadmap
detail by phases Conduct walk team if any
Determine the risk to information security
Develop a throughs with each
Benchmark the existing program
project plan stake holders mitigation strategies
controls against Security
best practices framework
Deliverable Deliverables Deliverables
Risk prioritization Deliverables
Project plan Process Narratives Deliverables
that define boundaries Matrix Information Security
Weekly Status Controls benchmarking Charter
for information systems spreadsheet Executive dashboard
Reports Inforsec program
roadmap
5. IR Risk Assessment
Identify risk During this step, TA analyses the business process and comes up with a list of components
assessts that fall under the scope of Risk Assessment Process
Identify Threat Once the list is prepared, TA indentifies the possible threats on the assets
Identify In this step, TA consultants identify the vulnerabilities that exist with the assets and
Vulnerabilities processes
Control After the previous step of vulnerability identification, TA analyses the existing controls and
Analysis processes
Impact
This step involves TA consultants calculating the impact of the risks
Analysis
Recommend
Risk mitigation controls that need to be applied on assets to protect the assets
Controls
Risk Mitigation Implementation the identified controls to the assets
6. Disaster Recovery Planning
And Implementation
Analyse The TA consultants work with customers management to identify the key processes that need
Need to be included in the DR/BCP
Design The technology solution and processes will be designed
Solution
Implement
Solution Implementation
Solution
Test Solution Testing plans and test to make sure the solution is effective
7. Vulnerability Assessment and Pen Testing
Features:
• Scan the target network for open ports and services
• Scan the open ports and services for known
vulnerabilities
• Prioritize the vulnerabilities based on the impact
• Report the vulnerabilities in a comprehensive report
• Perform penetration test to confirm the vulnerability
• Recommend resolutions to security vulnerabilities
Deliverables
• Vulnerability report
• Pen test report with recommendations
8. Security Operation Center
A dedicated facility from where customer’s security operations are carried out.
Features:
• 24X7 Operations
• Network Device log monitoring
• OS and Application log monitoring
• Antivirus Console
• Event Correlation and Alerting
• Reports
• Firewalls, IDS/IPS, Antivirus, Internet Proxy
• Vulnerability Management