SlideShare a Scribd company logo

Agama Profile

Agama Consulting
Agama Consulting

Agama Consulting aims to provide holistic enterprise risk and security management through a collaborative approach. Their mission is to create a dependable, integrated and stable risk model for clients. Their vision is to become a leader in holistic risk management by implementing people-friendly solutions. They offer advisory, compliance, technology and learning services to help clients develop consolidated risk programs aligned with business goals. The founders have extensive experience in risk management, compliance, security and consulting.

1 of 9
rd th rd Regd. Address:2004, Oakwood Apartment, 3 Cross, 8 Main, 3 Block,Koramangala,Bangalore-560034. T:+919845166115, E:runa@agamaconsulting.in MISSION FOR AGAMA To have a collaborative effort from the management ,people, processes and technology to create a holistic and comprehensive enterprise risk and security model (ERSM) that would ensure the client’s dependability, integrity and stability for themselves and their customers thereof. VISION FOR AGAMA To carve a niche in the Enterprise Risk and Security consulting space, by pioneering in holistic RM, so as to implement people friendly solutions that unlock hidden opportunities. SOLUTION AGAMA IS PROVIDING We believe that it is important now more than ever, for companies to develop and maintain a consolidated and a holistic risk management program that coordinates the silos( operating within the risk management framework of an organisation), because they all have the same overall goal – to protect the company and its assets. Therefore, we understand that companies today do not necessarily, have the bandwidth to uproot their existing IS and RM structure, hence we have prepared a modular roster of services which can be executed as per the organisation’s readiness.
SERVICES BY AGAMA Based on the above pointers, we have drawn out a service portfolio that reflects our intentions. Through our solutions we hope to look at the future outlook of the IS and RM industry. Figure 1: Agama Services No. Service Portfolio Advisory Compliance Technology Learning 1 IT Risk Organisation • • • 1.a Risk and Security • • State Assessment 1.b Return on Security • • Investment 1.c Balanced Scorecard • • • Approach 1.d Unified Compliance Framework 2 Enterprise Risk • • • • Management 2.a Information Risk • • • Management 2.b ISO31000 framework • • • establishment 2.c Business Continuity • • • • Management and Disaster Recovery Planning 2.d Information • • • Sensitivity Policy 2.e Application • • • • Security/BSIMM 2.g Security in Cloud • • • Computing 3.a Data Security • • • • Framework For Internal Use only Page 2
3.b Data Privacy • • • • Framework 3.c Utilisation and Cost • • • Optimisation for IS&RM THE APPROACH The most important issue concerning Information Security is to manage all risks relevant to your organization. Managing all risks is virtually impossible, and is usually to the detriment of business operations. Therefore, in order to be in control, risk management is essential. This means that as an organization you are security aware: secure what, why and how. In this process you may even decide to leave a certain risk unchecked, as long as you are doing so consciously and based on a valid assessment. Agama believes in creating value out of IS &RM and that is the philosophy that we would like our prospective clients to adopt. In order to drive home this point, we would consider the client’s information needs vis-a-vis his information security needs. Implementable consulting is what Agama hopes to provide its clients, where in the client can be rest assured that the solution provided would be a tangible enough for its employees to execute. We have seen all this while that any technology initiative is based on the classic three-legged approach –People, Process and Technology, with the business or top management mostly playing a hawk-like role of monitoring and dictating terms. However, at Agama, our view is that this will hamper a company’s growth in the long term. It is important for business-side of the company to be intricately involved the organisation’s information security and risk management projects. For this reason we call our approach as the Enterprise Security Program (ESP). This is demonstrated in our approach model given below. To have a holistic and consolidated security policy, it is important to have considered the growth plans, the business strategies, human factors and the organisation culture. A policy that does not scale and support the organisation’s potential of expansion, is redundant and needs an immediate overhaul. We also demonstrate the fact that these factors work towards making a holistic ESP through our proprietary methodologies. While they are derived from the standard implementation frameworks, we have added our beliefs to enhance the level of execution, such that the ESP will be current and in line with the business objectives. For Internal Use only Page 3
Figure2: AGAMA Enterprise Security Management Approach Model For Internal Use only Page 4
WHY AGAMA It is an obvious question, considering the well-established players in the IS and RM consulting space. For starters, we address our initiative as an Enterprise Security Program. Hence, at the risk of sounding repetitive, we would like to emphasise the importance of a holistic and consolidated risk management program through our approach and methodologies. Secondly, we can proudly present an industry vertical based learning repository. This repository is our reference point for various issues like information needs of an industry vertical, versus its compliance-based information needs. It also gives us insight into the risk management initiatives of leading organisations each sector. At Agama, we have developed a unique consolidation model, which works on the basis of the organisation’s security maturity levels. While assisting in creating the ESP, this will also give the organisation’s current security state assessment. We believe the above factors put us in a niche, which separates us from the other players in the security and risk assessment segment. We also go by the adage-we let our work do the talking, therefore once we get an opportunity to work with you, we would like to build a long-standing relation that is just not limited to the scope of the project assigned to us. Our Value Proposition in a nutshell- UNIQUE SERVICES: 1. Creation of a consolidated Enterprise Security Model 2. Cost Optimisation of the existing Enterprise Security Program 3. Data Security and Data Privacy framework specific to industry sectors 4. Current State Maturity Assessment VALUE ADDED APPROACH: 1. Creation of Enterprise Security strategies and programs aligned to the business goals and strategies 2. Modular approach that is time-saving and easy to implement For Internal Use only Page 5
SERVICE NEED AND APPLICABILITY Based on a preliminary research and study of the Information Security Market, we have made a few observations on the potential issues that few popular sectors can face. Figure 3: Industry Sector and Issue Mapping Sector Potential Information Risk and Enterprise Security Issues E&U Stock Pilferage Breakdown of Data Privacy machinery/Pla nt shutdown BFSI Fraud Data Physical Security System Compliance Security/Data and Logical Shutdown Privacy Security breach Tech. Fraud Data Physical security Facility Compliance &ITES Loss/Data and Logical Shutdown Privacy security breach Telecom Billing Fraud Physical and Marketing Data loss/Data Compliance Logical information security Security pilferage Breach Media and Data Loss/Data Facility Comm. Privacy Shutdown Retail Stock Pilferage Facility Data Privacy Physical and Governance Shutdown and Data Logical Security Security Breach Mfg. Stock Pilferage Facility Data Privacy Physical and Governance Shutdown and Data Logical Security Security Breach Govt. Data Security Facility Physical and and Data Shutdown Logical Security Privacy Breach Hospitality Data Security Facility Governance Compliance and Data Shutdown Privacy For Internal Use only Page 6
Based on the observations in figure 3, we have mapped our services with the sectors mentioned in the above research. Figure 4: Applicability of our services across various sectors* No. Service Portfolio E&U BFSI Tech. Telecom Media Retail Mfg. Govt. Hospital &ITES and ity Comm. 1 ITRO • • • • • • • • • 1.a Risk and • • • • • • • • • security state assessment 1.b ROSI • • • • • • • • • 1.c BSC 1.d UCF • • • • • • 2 ERM • • • • • • • • • 2.a IRM/GRC • • • • • • • • • 2.b ISO31000 • • • • • • • • • 2.c BC/DR • • • • • • • • • 2.d Information • • • • • Sensitivity Policy 2.e Application • • • Security/BISMM 2.g Cloud Security • • • • • • • • • 3.a Data Security • • • • • • • • • Framework 3.b Data Privacy • • • • • • • • • Framework 3.c Utilisation and • • • • • • • • • Cost Optimisation for IS and RM *-The sectors covered here are indicative and the popular ones in general. For Internal Use only Page 7
PROFILES OF THE FOUNDERS RUNA DESAI DALAL I have been a risk advisory consultant at Ernst and Young Pvt.Ltd within their banking and technology practices. I have done various projects in Risk advisory practice that range from Core Banking implementation, Project Risk Management, Internal Audit, SOX process implementation review and Business Continuity Management implementation. I have been part of the core team that developed the Business Continuity management practice which has grown from a team of 4 to 50 and stands as an independent service line across all industry specialisations. The main projects executed during my career span include: • I have led a team that implemented the business continuity management processes and reviewed the existing Disaster Recovery Plans, at the largest private sector bank. • I have led a team that conducted Internal Audit for the operations of another private sector bank. • I have been part of implementation team of core banking solutions at two of the largest public sector banks in the country. • I have been part of a team that has done the implementation and review of SOX processes at the largest private sector bank. I have been the subject matter expert in Business Continuity Management and Operational Risk Management. Prior to this assignment, I have worked in HDFC Bank as a Business Analyst and with Ways India Ltd. (a start-up organisation in the Dotcom era) as a Senior Tester. My educational qualifications include M.M.S (Systems) and B.E (Electronics and Telecommunications). Additionally I have a professional certification in BS25999. For Internal Use only Page 8
SUDARSHAN RAJAGOPAL I am a Principal Consultant executing the role of Senior Manager for Governance, Risk and Compliance at Wipro Consulting Services heading the delivery organization of 200 plus people. I also handle Wipro’s Center of Excellence for Technical Risk Assessment which includes Penetration Testing / Vulnerability Assessment, Forensics etc. Governance, Risk and Compliance, addresses not only the areas of ICT but the entire lifecycle of information security which is important to ensure effective proactive Identification, Management & Monitoring of Risks so as to ensure and maintain an effective Security Posture. The practices offer comprehensive assurance and advisory services to its clients to enable core changes within their organizations. I drove the competency development, technology roadmap and innovation for the organization to establish the technology leadership that GRC has retained in last few years. I manage P/L, sales and delivery of consulting services, solution development, and ensuring execution of multiple programs globally. I have directly led and managed diverse, multi-cultural global teams, set up strategic consulting hubs and offshore delivery centers. I have depth of Business Strategy & Technology for Information Security. My areas of specialization are IT Security Strategy, IT Risk Management and Governance, and Infrastructure/Application Security Design & Reengineering, Attack Synthesis and Countermeasure Tactics, Reverse Engineering and Enterprise Audits. I have strong expertise in Hacking Counter measures, Enterprise Defense Strategies and Social Engineering. Prior to Wipro I have worked in companies like Vitage, HP in various leadership positions. I have professional certification of CISSP, ITIL / ITSM (F), ISO 27001 LI, BS25999 LI, CEH, COBIT foundation and Managing Successful Programs I have been an invited speaker for various national conferences by CII, ISACA, CIO and CSO meets etc. For Further details please contact: runa@agamaconsulting.in Ph.no:+919845166115 For Internal Use only Page 9

Recommended

Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security Program
Seccuris Inc.
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture Framework
Mohamed Ridha CHEBBI, CISSP
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
DFLABS SRL
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Profession
amiable_indian
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Brief
mageeb
 

Recommended

Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security Program
Seccuris Inc.
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture Framework
Mohamed Ridha CHEBBI, CISSP
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
DFLABS SRL
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Profession
amiable_indian
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Brief
mageeb
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trends
wardell henley
 
18 Tips of IRM - Making IRM Work for You
18 Tips of IRM - Making IRM Work for You18 Tips of IRM - Making IRM Work for You
18 Tips of IRM - Making IRM Work for You
Secure Islands - Data Security Policy
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
DFLABS SRL
 
Pdf7
Pdf7Pdf7
Pdf7Editor IJARCET
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
Andris Soroka
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
Raleigh ISSA
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
 
Information Security - I.T Project Management
Information Security - I.T Project ManagementInformation Security - I.T Project Management
Information Security - I.T Project Management
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
IBM Danmark
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1
pk4
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0
TRUSTe
 
Information Security Brochure
Information Security BrochureInformation Security Brochure
Information Security BrochureLiliana50
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
Network Intelligence India
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013Rahul Bhan (CA, CIA, MBA)
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
 
Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02
Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02
Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02
tanergokalp
 
Agam Profile
Agam ProfileAgam Profile
Agam Profile
Agama Consulting
 
Operationsmanagement 919slidespresentation 090928145353 Phpapp01
Operationsmanagement 919slidespresentation 090928145353 Phpapp01Operationsmanagement 919slidespresentation 090928145353 Phpapp01
Operationsmanagement 919slidespresentation 090928145353 Phpapp01
tanergokalp
 
Creatingaleanbusinesssystem 12747094244253 Phpapp01
Creatingaleanbusinesssystem 12747094244253 Phpapp01Creatingaleanbusinesssystem 12747094244253 Phpapp01
Creatingaleanbusinesssystem 12747094244253 Phpapp01
tanergokalp
 

More Related Content

What's hot

Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trends
wardell henley
 
18 Tips of IRM - Making IRM Work for You
18 Tips of IRM - Making IRM Work for You18 Tips of IRM - Making IRM Work for You
18 Tips of IRM - Making IRM Work for You
Secure Islands - Data Security Policy
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
DFLABS SRL
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
Andris Soroka
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
Raleigh ISSA
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
 
Information Security - I.T Project Management
Information Security - I.T Project ManagementInformation Security - I.T Project Management
Information Security - I.T Project Management
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
IBM Danmark
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1
pk4
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0
TRUSTe
 
Information Security Brochure
Information Security BrochureInformation Security Brochure
Information Security BrochureLiliana50
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
Network Intelligence India
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
 

What's hot (18)

Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trends
 
18 Tips of IRM - Making IRM Work for You
18 Tips of IRM - Making IRM Work for You18 Tips of IRM - Making IRM Work for You
18 Tips of IRM - Making IRM Work for You
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
 
Pdf7
Pdf7Pdf7
Pdf7
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Information Security - I.T Project Management
Information Security - I.T Project ManagementInformation Security - I.T Project Management
Information Security - I.T Project Management
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0
 
Information Security Brochure
Information Security BrochureInformation Security Brochure
Information Security Brochure
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
 

Viewers also liked

Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02
Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02
Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02
tanergokalp
 
Agam Profile
Agam ProfileAgam Profile
Agam Profile
Agama Consulting
 
Operationsmanagement 919slidespresentation 090928145353 Phpapp01
Operationsmanagement 919slidespresentation 090928145353 Phpapp01Operationsmanagement 919slidespresentation 090928145353 Phpapp01
Operationsmanagement 919slidespresentation 090928145353 Phpapp01
tanergokalp
 
Creatingaleanbusinesssystem 12747094244253 Phpapp01
Creatingaleanbusinesssystem 12747094244253 Phpapp01Creatingaleanbusinesssystem 12747094244253 Phpapp01
Creatingaleanbusinesssystem 12747094244253 Phpapp01
tanergokalp
 
Proper pooltesting2012
Proper pooltesting2012Proper pooltesting2012
Proper pooltesting2012
ITS (Sensafe)
 
A quick look at Religion from a Psychological point of view
A quick look at Religion from a Psychological point of viewA quick look at Religion from a Psychological point of view
A quick look at Religion from a Psychological point of view
HalaDes
 
Pool side testing
Pool side testingPool side testing
Pool side testing
ITS (Sensafe)
 
Lead soil field test presentation
Lead soil field test presentation Lead soil field test presentation
Lead soil field test presentation
ITS (Sensafe)
 

Viewers also liked (8)

Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02
Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02
Theprinciplesoftheleanbusinesssystem 12747095036327 Phpapp02
 
Agam Profile
Agam ProfileAgam Profile
Agam Profile
 
Operationsmanagement 919slidespresentation 090928145353 Phpapp01
Operationsmanagement 919slidespresentation 090928145353 Phpapp01Operationsmanagement 919slidespresentation 090928145353 Phpapp01
Operationsmanagement 919slidespresentation 090928145353 Phpapp01
 
Creatingaleanbusinesssystem 12747094244253 Phpapp01
Creatingaleanbusinesssystem 12747094244253 Phpapp01Creatingaleanbusinesssystem 12747094244253 Phpapp01
Creatingaleanbusinesssystem 12747094244253 Phpapp01
 
Proper pooltesting2012
Proper pooltesting2012Proper pooltesting2012
Proper pooltesting2012
 
A quick look at Religion from a Psychological point of view
A quick look at Religion from a Psychological point of viewA quick look at Religion from a Psychological point of view
A quick look at Religion from a Psychological point of view
 
Pool side testing
Pool side testingPool side testing
Pool side testing
 
Lead soil field test presentation
Lead soil field test presentation Lead soil field test presentation
Lead soil field test presentation
 

Similar to Agama Profile

10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 
Information Security
Information SecurityInformation Security
Information Security
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
InfinIT - Innovationsnetværket for it
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
Elkanouni Mohamed
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
TrustArc
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
Robert 'Bob' Reyes
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
EC-Council
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_services
G. Subramanian
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
EMC
 
How to Address GDPR, Phishing and Shadow IT with a Robust IAM Strategy
How to Address GDPR, Phishing and Shadow IT with a Robust IAM Strategy How to Address GDPR, Phishing and Shadow IT with a Robust IAM Strategy
How to Address GDPR, Phishing and Shadow IT with a Robust IAM Strategy
Digital Transformation EXPO Event Series
 
Sw keynote
Sw keynoteSw keynote
Sw keynote
gueste69f645
 
Top 8 Cloud Computing Security Challenges.pptx
Top 8 Cloud Computing Security Challenges.pptxTop 8 Cloud Computing Security Challenges.pptx
Top 8 Cloud Computing Security Challenges.pptx
BluechipComputerSyst
 
Gartner Information Security Summit Brochure
Gartner Information Security Summit BrochureGartner Information Security Summit Brochure
Gartner Information Security Summit Brochuretrunko
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Sirius
 

Similar to Agama Profile (20)

10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnual
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Information Security
Information SecurityInformation Security
Information Security
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_services
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
 
How to Address GDPR, Phishing and Shadow IT with a Robust IAM Strategy
How to Address GDPR, Phishing and Shadow IT with a Robust IAM Strategy How to Address GDPR, Phishing and Shadow IT with a Robust IAM Strategy
How to Address GDPR, Phishing and Shadow IT with a Robust IAM Strategy
 
Sw keynote
Sw keynoteSw keynote
Sw keynote
 
Top 8 Cloud Computing Security Challenges.pptx
Top 8 Cloud Computing Security Challenges.pptxTop 8 Cloud Computing Security Challenges.pptx
Top 8 Cloud Computing Security Challenges.pptx
 
Gartner Information Security Summit Brochure
Gartner Information Security Summit BrochureGartner Information Security Summit Brochure
Gartner Information Security Summit Brochure
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
Term assignment
Term assignmentTerm assignment
Term assignment
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 

Agama Profile

  • 1. rd th rd Regd. Address:2004, Oakwood Apartment, 3 Cross, 8 Main, 3 Block,Koramangala,Bangalore-560034. T:+919845166115, E:runa@agamaconsulting.in MISSION FOR AGAMA To have a collaborative effort from the management ,people, processes and technology to create a holistic and comprehensive enterprise risk and security model (ERSM) that would ensure the client’s dependability, integrity and stability for themselves and their customers thereof. VISION FOR AGAMA To carve a niche in the Enterprise Risk and Security consulting space, by pioneering in holistic RM, so as to implement people friendly solutions that unlock hidden opportunities. SOLUTION AGAMA IS PROVIDING We believe that it is important now more than ever, for companies to develop and maintain a consolidated and a holistic risk management program that coordinates the silos( operating within the risk management framework of an organisation), because they all have the same overall goal – to protect the company and its assets. Therefore, we understand that companies today do not necessarily, have the bandwidth to uproot their existing IS and RM structure, hence we have prepared a modular roster of services which can be executed as per the organisation’s readiness.
  • 2. SERVICES BY AGAMA Based on the above pointers, we have drawn out a service portfolio that reflects our intentions. Through our solutions we hope to look at the future outlook of the IS and RM industry. Figure 1: Agama Services No. Service Portfolio Advisory Compliance Technology Learning 1 IT Risk Organisation • • • 1.a Risk and Security • • State Assessment 1.b Return on Security • • Investment 1.c Balanced Scorecard • • • Approach 1.d Unified Compliance Framework 2 Enterprise Risk • • • • Management 2.a Information Risk • • • Management 2.b ISO31000 framework • • • establishment 2.c Business Continuity • • • • Management and Disaster Recovery Planning 2.d Information • • • Sensitivity Policy 2.e Application • • • • Security/BSIMM 2.g Security in Cloud • • • Computing 3.a Data Security • • • • Framework For Internal Use only Page 2
  • 3. 3.b Data Privacy • • • • Framework 3.c Utilisation and Cost • • • Optimisation for IS&RM THE APPROACH The most important issue concerning Information Security is to manage all risks relevant to your organization. Managing all risks is virtually impossible, and is usually to the detriment of business operations. Therefore, in order to be in control, risk management is essential. This means that as an organization you are security aware: secure what, why and how. In this process you may even decide to leave a certain risk unchecked, as long as you are doing so consciously and based on a valid assessment. Agama believes in creating value out of IS &RM and that is the philosophy that we would like our prospective clients to adopt. In order to drive home this point, we would consider the client’s information needs vis-a-vis his information security needs. Implementable consulting is what Agama hopes to provide its clients, where in the client can be rest assured that the solution provided would be a tangible enough for its employees to execute. We have seen all this while that any technology initiative is based on the classic three-legged approach –People, Process and Technology, with the business or top management mostly playing a hawk-like role of monitoring and dictating terms. However, at Agama, our view is that this will hamper a company’s growth in the long term. It is important for business-side of the company to be intricately involved the organisation’s information security and risk management projects. For this reason we call our approach as the Enterprise Security Program (ESP). This is demonstrated in our approach model given below. To have a holistic and consolidated security policy, it is important to have considered the growth plans, the business strategies, human factors and the organisation culture. A policy that does not scale and support the organisation’s potential of expansion, is redundant and needs an immediate overhaul. We also demonstrate the fact that these factors work towards making a holistic ESP through our proprietary methodologies. While they are derived from the standard implementation frameworks, we have added our beliefs to enhance the level of execution, such that the ESP will be current and in line with the business objectives. For Internal Use only Page 3
  • 4. Figure2: AGAMA Enterprise Security Management Approach Model For Internal Use only Page 4
  • 5. WHY AGAMA It is an obvious question, considering the well-established players in the IS and RM consulting space. For starters, we address our initiative as an Enterprise Security Program. Hence, at the risk of sounding repetitive, we would like to emphasise the importance of a holistic and consolidated risk management program through our approach and methodologies. Secondly, we can proudly present an industry vertical based learning repository. This repository is our reference point for various issues like information needs of an industry vertical, versus its compliance-based information needs. It also gives us insight into the risk management initiatives of leading organisations each sector. At Agama, we have developed a unique consolidation model, which works on the basis of the organisation’s security maturity levels. While assisting in creating the ESP, this will also give the organisation’s current security state assessment. We believe the above factors put us in a niche, which separates us from the other players in the security and risk assessment segment. We also go by the adage-we let our work do the talking, therefore once we get an opportunity to work with you, we would like to build a long-standing relation that is just not limited to the scope of the project assigned to us. Our Value Proposition in a nutshell- UNIQUE SERVICES: 1. Creation of a consolidated Enterprise Security Model 2. Cost Optimisation of the existing Enterprise Security Program 3. Data Security and Data Privacy framework specific to industry sectors 4. Current State Maturity Assessment VALUE ADDED APPROACH: 1. Creation of Enterprise Security strategies and programs aligned to the business goals and strategies 2. Modular approach that is time-saving and easy to implement For Internal Use only Page 5
  • 6. SERVICE NEED AND APPLICABILITY Based on a preliminary research and study of the Information Security Market, we have made a few observations on the potential issues that few popular sectors can face. Figure 3: Industry Sector and Issue Mapping Sector Potential Information Risk and Enterprise Security Issues E&U Stock Pilferage Breakdown of Data Privacy machinery/Pla nt shutdown BFSI Fraud Data Physical Security System Compliance Security/Data and Logical Shutdown Privacy Security breach Tech. Fraud Data Physical security Facility Compliance &ITES Loss/Data and Logical Shutdown Privacy security breach Telecom Billing Fraud Physical and Marketing Data loss/Data Compliance Logical information security Security pilferage Breach Media and Data Loss/Data Facility Comm. Privacy Shutdown Retail Stock Pilferage Facility Data Privacy Physical and Governance Shutdown and Data Logical Security Security Breach Mfg. Stock Pilferage Facility Data Privacy Physical and Governance Shutdown and Data Logical Security Security Breach Govt. Data Security Facility Physical and and Data Shutdown Logical Security Privacy Breach Hospitality Data Security Facility Governance Compliance and Data Shutdown Privacy For Internal Use only Page 6
  • 7. Based on the observations in figure 3, we have mapped our services with the sectors mentioned in the above research. Figure 4: Applicability of our services across various sectors* No. Service Portfolio E&U BFSI Tech. Telecom Media Retail Mfg. Govt. Hospital &ITES and ity Comm. 1 ITRO • • • • • • • • • 1.a Risk and • • • • • • • • • security state assessment 1.b ROSI • • • • • • • • • 1.c BSC 1.d UCF • • • • • • 2 ERM • • • • • • • • • 2.a IRM/GRC • • • • • • • • • 2.b ISO31000 • • • • • • • • • 2.c BC/DR • • • • • • • • • 2.d Information • • • • • Sensitivity Policy 2.e Application • • • Security/BISMM 2.g Cloud Security • • • • • • • • • 3.a Data Security • • • • • • • • • Framework 3.b Data Privacy • • • • • • • • • Framework 3.c Utilisation and • • • • • • • • • Cost Optimisation for IS and RM *-The sectors covered here are indicative and the popular ones in general. For Internal Use only Page 7
  • 8. PROFILES OF THE FOUNDERS RUNA DESAI DALAL I have been a risk advisory consultant at Ernst and Young Pvt.Ltd within their banking and technology practices. I have done various projects in Risk advisory practice that range from Core Banking implementation, Project Risk Management, Internal Audit, SOX process implementation review and Business Continuity Management implementation. I have been part of the core team that developed the Business Continuity management practice which has grown from a team of 4 to 50 and stands as an independent service line across all industry specialisations. The main projects executed during my career span include: • I have led a team that implemented the business continuity management processes and reviewed the existing Disaster Recovery Plans, at the largest private sector bank. • I have led a team that conducted Internal Audit for the operations of another private sector bank. • I have been part of implementation team of core banking solutions at two of the largest public sector banks in the country. • I have been part of a team that has done the implementation and review of SOX processes at the largest private sector bank. I have been the subject matter expert in Business Continuity Management and Operational Risk Management. Prior to this assignment, I have worked in HDFC Bank as a Business Analyst and with Ways India Ltd. (a start-up organisation in the Dotcom era) as a Senior Tester. My educational qualifications include M.M.S (Systems) and B.E (Electronics and Telecommunications). Additionally I have a professional certification in BS25999. For Internal Use only Page 8
  • 9. SUDARSHAN RAJAGOPAL I am a Principal Consultant executing the role of Senior Manager for Governance, Risk and Compliance at Wipro Consulting Services heading the delivery organization of 200 plus people. I also handle Wipro’s Center of Excellence for Technical Risk Assessment which includes Penetration Testing / Vulnerability Assessment, Forensics etc. Governance, Risk and Compliance, addresses not only the areas of ICT but the entire lifecycle of information security which is important to ensure effective proactive Identification, Management & Monitoring of Risks so as to ensure and maintain an effective Security Posture. The practices offer comprehensive assurance and advisory services to its clients to enable core changes within their organizations. I drove the competency development, technology roadmap and innovation for the organization to establish the technology leadership that GRC has retained in last few years. I manage P/L, sales and delivery of consulting services, solution development, and ensuring execution of multiple programs globally. I have directly led and managed diverse, multi-cultural global teams, set up strategic consulting hubs and offshore delivery centers. I have depth of Business Strategy & Technology for Information Security. My areas of specialization are IT Security Strategy, IT Risk Management and Governance, and Infrastructure/Application Security Design & Reengineering, Attack Synthesis and Countermeasure Tactics, Reverse Engineering and Enterprise Audits. I have strong expertise in Hacking Counter measures, Enterprise Defense Strategies and Social Engineering. Prior to Wipro I have worked in companies like Vitage, HP in various leadership positions. I have professional certification of CISSP, ITIL / ITSM (F), ISO 27001 LI, BS25999 LI, CEH, COBIT foundation and Managing Successful Programs I have been an invited speaker for various national conferences by CII, ISACA, CIO and CSO meets etc. For Further details please contact: runa@agamaconsulting.in Ph.no:+919845166115 For Internal Use only Page 9