Agama Profile


Published on

Our Brief Company profile

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Agama Profile

  1. 1. rd th rd Regd. Address:2004, Oakwood Apartment, 3 Cross, 8 Main, 3 Block,Koramangala,Bangalore-560034. T:+919845166115, MISSION FOR AGAMATo have a collaborative effort from the management ,people, processes and technology to create aholistic and comprehensive enterprise risk and security model (ERSM) that would ensure the client’sdependability, integrity and stability for themselves and their customers thereof. VISION FOR AGAMATo carve a niche in the Enterprise Risk and Security consulting space, by pioneering in holistic RM, soas to implement people friendly solutions that unlock hidden opportunities. SOLUTION AGAMA IS PROVIDINGWe believe that it is important now more than ever, for companies to develop and maintain aconsolidated and a holistic risk management program that coordinates the silos( operating withinthe risk management framework of an organisation), because they all have the same overall goal –to protect the company and its assets. Therefore, we understand that companies today do notnecessarily, have the bandwidth to uproot their existing IS and RM structure, hence we haveprepared a modular roster of services which can be executed as per the organisation’s readiness.
  2. 2. SERVICES BY AGAMABased on the above pointers, we have drawn out a service portfolio that reflects our intentions.Through our solutions we hope to look at the future outlook of the IS and RM industry. Figure 1: Agama Services No. Service Portfolio Advisory Compliance Technology Learning 1 IT Risk Organisation • • • 1.a Risk and Security • • State Assessment 1.b Return on Security • • Investment 1.c Balanced Scorecard • • • Approach 1.d Unified Compliance Framework 2 Enterprise Risk • • • • Management 2.a Information Risk • • • Management 2.b ISO31000 framework • • • establishment 2.c Business Continuity • • • • Management and Disaster Recovery Planning 2.d Information • • • Sensitivity Policy 2.e Application • • • • Security/BSIMM 2.g Security in Cloud • • • Computing 3.a Data Security • • • • FrameworkFor Internal Use only Page 2
  3. 3. 3.b Data Privacy • • • • Framework 3.c Utilisation and Cost • • • Optimisation for IS&RM THE APPROACHThe most important issue concerning Information Security is to manage all risks relevant to yourorganization. Managing all risks is virtually impossible, and is usually to the detriment of businessoperations. Therefore, in order to be in control, risk management is essential. This means that as anorganization you are security aware: secure what, why and how. In this process you may even decideto leave a certain risk unchecked, as long as you are doing so consciously and based on a validassessment.Agama believes in creating value out of IS &RM and that is the philosophy that we would like ourprospective clients to adopt. In order to drive home this point, we would consider the client’sinformation needs vis-a-vis his information security needs. Implementable consulting is what Agamahopes to provide its clients, where in the client can be rest assured that the solution provided wouldbe a tangible enough for its employees to execute.We have seen all this while that any technology initiative is based on the classic three-leggedapproach –People, Process and Technology, with the business or top management mostly playing ahawk-like role of monitoring and dictating terms. However, at Agama, our view is that this willhamper a company’s growth in the long term. It is important for business-side of the company to beintricately involved the organisation’s information security and risk management projects. For thisreason we call our approach as the Enterprise Security Program (ESP). This is demonstrated in ourapproach model given below. To have a holistic and consolidated security policy, it is important tohave considered the growth plans, the business strategies, human factors and the organisationculture. A policy that does not scale and support the organisation’s potential of expansion, isredundant and needs an immediate overhaul.We also demonstrate the fact that these factors work towards making a holistic ESP through ourproprietary methodologies. While they are derived from the standard implementation frameworks,we have added our beliefs to enhance the level of execution, such that the ESP will be current and inline with the business objectives.For Internal Use only Page 3
  4. 4. Figure2: AGAMA Enterprise Security Management Approach ModelFor Internal Use only Page 4
  5. 5. WHY AGAMAIt is an obvious question, considering the well-established players in the IS and RM consulting space.For starters, we address our initiative as an Enterprise Security Program. Hence, at the risk ofsounding repetitive, we would like to emphasise the importance of a holistic and consolidated riskmanagement program through our approach and methodologies.Secondly, we can proudly present an industry vertical based learning repository. This repository isour reference point for various issues like information needs of an industry vertical, versus itscompliance-based information needs. It also gives us insight into the risk management initiatives ofleading organisations each sector.At Agama, we have developed a unique consolidation model, which works on the basis of theorganisation’s security maturity levels. While assisting in creating the ESP, this will also give theorganisation’s current security state assessment.We believe the above factors put us in a niche, which separates us from the other players in thesecurity and risk assessment segment. We also go by the adage-we let our work do the talking,therefore once we get an opportunity to work with you, we would like to build a long-standingrelation that is just not limited to the scope of the project assigned to us.Our Value Proposition in a nutshell-UNIQUE SERVICES:1. Creation of a consolidated Enterprise Security Model2. Cost Optimisation of the existing Enterprise Security Program3. Data Security and Data Privacy framework specific to industry sectors4. Current State Maturity AssessmentVALUE ADDED APPROACH:1. Creation of Enterprise Security strategies and programs aligned to the business goals and strategies2. Modular approach that is time-saving and easy to implementFor Internal Use only Page 5
  6. 6. SERVICE NEED AND APPLICABILITYBased on a preliminary research and study of the Information Security Market, we have made a fewobservations on the potential issues that few popular sectors can face. Figure 3: Industry Sector and Issue MappingSector Potential Information Risk and Enterprise Security IssuesE&U Stock Pilferage Breakdown of Data Privacy machinery/Pla nt shutdownBFSI Fraud Data Physical Security System Compliance Security/Data and Logical Shutdown Privacy Security breachTech. Fraud Data Physical security Facility Compliance&ITES Loss/Data and Logical Shutdown Privacy security breachTelecom Billing Fraud Physical and Marketing Data loss/Data Compliance Logical information security Security pilferage BreachMedia and Data Loss/Data FacilityComm. Privacy ShutdownRetail Stock Pilferage Facility Data Privacy Physical and Governance Shutdown and Data Logical Security Security BreachMfg. Stock Pilferage Facility Data Privacy Physical and Governance Shutdown and Data Logical Security Security BreachGovt. Data Security Facility Physical and and Data Shutdown Logical Security Privacy BreachHospitality Data Security Facility Governance Compliance and Data Shutdown PrivacyFor Internal Use only Page 6
  7. 7. Based on the observations in figure 3, we have mapped our services with the sectors mentioned inthe above research. Figure 4: Applicability of our services across various sectors*No. Service Portfolio E&U BFSI Tech. Telecom Media Retail Mfg. Govt. Hospital &ITES and ity Comm.1 ITRO • • • • • • • • •1.a Risk and • • • • • • • • • security state assessment1.b ROSI • • • • • • • • •1.c BSC1.d UCF • • • • • •2 ERM • • • • • • • • •2.a IRM/GRC • • • • • • • • •2.b ISO31000 • • • • • • • • •2.c BC/DR • • • • • • • • •2.d Information • • • • • Sensitivity Policy2.e Application • • • Security/BISMM2.g Cloud Security • • • • • • • • •3.a Data Security • • • • • • • • • Framework3.b Data Privacy • • • • • • • • • Framework3.c Utilisation and • • • • • • • • • Cost Optimisation for IS and RM*-The sectors covered here are indicative and the popular ones in general.For Internal Use only Page 7
  8. 8. PROFILES OF THE FOUNDERSRUNA DESAI DALALI have been a risk advisory consultant at Ernst and Young Pvt.Ltd within their banking and technologypractices.I have done various projects in Risk advisory practice that range from Core Banking implementation,Project Risk Management, Internal Audit, SOX process implementation review and BusinessContinuity Management implementation.I have been part of the core team that developed the Business Continuity management practicewhich has grown from a team of 4 to 50 and stands as an independent service line across all industryspecialisations.The main projects executed during my career span include: • I have led a team that implemented the business continuity management processes and reviewed the existing Disaster Recovery Plans, at the largest private sector bank. • I have led a team that conducted Internal Audit for the operations of another private sector bank. • I have been part of implementation team of core banking solutions at two of the largest public sector banks in the country. • I have been part of a team that has done the implementation and review of SOX processes at the largest private sector bank.I have been the subject matter expert in Business Continuity Management and Operational RiskManagement.Prior to this assignment, I have worked in HDFC Bank as a Business Analyst and with Ways India Ltd.(a start-up organisation in the Dotcom era) as a Senior Tester.My educational qualifications include M.M.S (Systems) and B.E (Electronics andTelecommunications). Additionally I have a professional certification in BS25999.For Internal Use only Page 8
  9. 9. SUDARSHAN RAJAGOPALI am a Principal Consultant executing the role of Senior Manager for Governance, Risk andCompliance at Wipro Consulting Services heading the delivery organization of 200 plus people. I alsohandle Wipro’s Center of Excellence for Technical Risk Assessment which includes PenetrationTesting / Vulnerability Assessment, Forensics etc.Governance, Risk and Compliance, addresses not only the areas of ICT but the entire lifecycle ofinformation security which is important to ensure effective proactive Identification, Management &Monitoring of Risks so as to ensure and maintain an effective Security Posture. The practices offercomprehensive assurance and advisory services to its clients to enable core changes within theirorganizations.I drove the competency development, technology roadmap and innovation for the organization toestablish the technology leadership that GRC has retained in last few years. I manage P/L, sales anddelivery of consulting services, solution development, and ensuring execution of multiple programsglobally. I have directly led and managed diverse, multi-cultural global teams, set up strategicconsulting hubs and offshore delivery centers.I have depth of Business Strategy & Technology for Information Security. My areas of specializationare IT Security Strategy, IT Risk Management and Governance, and Infrastructure/ApplicationSecurity Design & Reengineering, Attack Synthesis and Countermeasure Tactics, Reverse Engineeringand Enterprise Audits. I have strong expertise in Hacking Counter measures, Enterprise DefenseStrategies and Social Engineering.Prior to Wipro I have worked in companies like Vitage, HP in various leadership positions.I have professional certification of CISSP, ITIL / ITSM (F), ISO 27001 LI, BS25999 LI, CEH, COBITfoundation and Managing Successful ProgramsI have been an invited speaker for various national conferences by CII, ISACA, CIO and CSO meetsetc.For Further details please Internal Use only Page 9