you are invited to utilize our services! IT Infra Audit, Technology audit, penetration testing, Database security, We provides you to the best work finishing.

1. INSPACE TECHNOLOGIES
IT audit (information technology audit)
An IT audit is the examination and evaluation of an organization's information
technology infrastructure, policies and operations.
Information technology audits determine whether IT controls protect corporate
assets, ensure data integrity and are aligned with the business's overall goals.
IT auditors examine not only physical security controls, but also overall
business and financial controls that involve information technology systems.
Because operations at modern companies are increasingly computerized, IT
audits are used to
ensure information-
related controls and
processes are working
properly. The primary
objectives of an IT
audit include.
Evaluate
the systems and
processes in place that
secure company data.
Determine risks to a company's information assets, and help identify methods to
minimize those risks.
Ensure information management processes are in compliance with IT-specific
laws, policies and standards.
Determine inefficiencies in IT systems and associated management.

2. IT Infrastructure
IT infrastructure refers to the composite hardware, software, network resources
and services required for the existence, operation and management of an
enterprise IT environment. It allows an organization to deliver IT solutions and
services to its employees, partners and/or customers and is usually internal to an
organization and deployed within owned facilities.
Techopedia explains IT Infrastructure
IT infrastructure consists of all components that somehow play a role in overall
IT and IT-enabled operations. It can be used for internal business operations or
developing customer IT or
business solutions.
Typically, a standard IT
infrastructure consists of the
following components:
Hardware: Servers, computers,
data centers, switches, hubs and
routers, and other equipment
Software: Enterprise resource
planning (ERP), customer
relationship management (CRM),
productivity applications and
more
Network: Network enablement, internet connectivity, firewall and security
Meat ware: Human users, such as network administrators (NA), developers,
designers and end users with access to any IT appliance or service are also part
of an IT infrastructure, specifically with the advent of user-centric IT service
development.

3. Network Auditing
Network auditing is a must for any organization. Networks are dynamic
entities; they grow, shrink, change and divide themselves continuously.
Network administrators cannot even assume this process is entirely under their
control. Users add devices and sometimes even new hardware to the network
infrastructure. Even worse, it is not the first time a user would install software
they need without informing the administrator. These activities can have drastic
repercussions on network security. To solve this, an administrator needs to
perform regular network auditing and monitor any changes to the preset
baseline.
Network auditing is a process
in which your network is
mapped both in terms of
software and hardware. The
process can be daunting if
done manually, but luckily
some tools can help automate
a large part of the process.
The administrator needs to
know what machines and
devices are connected to the
network. He should also know what operating systems are running and to what
service pack/patch level. Another point on the checklist should be what user
accounts and groups are on each machine as well as what shares are available
and to whom. A good network audit will also include what hardware makes up
each machine, what policies affect that machine and whether it is a physical or a
virtual machine. The more detailed
the specification the better.
Once the machines running on our
network are mapped, the
administrator should then move to
audit what software is running on
each of the machines. This can be
done manually, through an
application, or simply asking each
machine owner to run a script that

4. would automatically catalogue applications and send the administrator an email
with a report of the software installed. After the software inventory is done, the
process can then catalogue the services which are installed, which are running
and which are stopped. The audit for the machines can be finalized by noting
which ports each machine listens on
and what software is actually running
at the time of the audit.
Once the administrator concludes
auditing the computers on the network,
s/he can move on to cataloguing the
devices. These can include printers,
fax machines, routers, access points,
network storage and any other device
that has connectivity with the network.
Once this is done, the network audit
would be complete, but the data will
now need to be analyzed. Is any machine running unauthorized software or
hardware? Is any machine lacking necessary patches? After these and other
relevant questions to each specific network are addressed and machines that
weren’t up to standard are brought in line, the administrator now has an
effective security/inventory baseline for all machines on the network.
ERP Software Consulting Implementation Project Management
Inspace ERP & software or IT consulting and IPM service is a full-fledged
hand holding program which encompasses the following:
Identifying the Product/vendor based on business need/budget
Creating a roadmap for implementation
Create a Project Management Office Team (PMO) to implement as per roadmap
Facilitate and train the users on the adoption of new technology through Change
Management process

5. What is ERP Consulting ?
Inspace selects a few ERP products and
solutions that are available in the market,
suitable for the clients business needs and
evaluate them to be used by the client,
based on the technological environment.
Process
The IT infrastructure is studied and the
business process of the client is
understood before implementation.
Requirements are analysed and documented. The project scope is defined. Then
different products and solutions are analysed meticulously and the process for
the chosen products goes through several steps before implementation. The
basic functionality of the product and the technology on which the product is
based are considered.
The vendor who supplies the product/solution is minutely scanned and checked
for efficiency and reliability of product delivery. The prices of different products
and solutions are also examined in great detail and the best deal is obtained for
the clients for implementation.
Technology Audit
What is Technology Audit?
Technology Audit which is an auditing service
done to understand the present technology
utilization level of an organization. This is very
similar to an Accounting Audit that is conducted
in almost every company. It provides a
benchmark for, where the business is now, in
terms of technology. The audit can help identify
strengths and weaknesses. It's really a snapshot of the organization's technology
infrastructure. The evaluation of the collected evidence determines if the

6. information technology is operating effectively and efficiently to achieve the
organization's business goals or objectives.
Why we need to do Technology Audit?
The Technology Audit for
organizations from any domain is
a MUST to ensure optimum
performance in the day to day
operations and decision making. It
helps the organization to
understand and utilize technology
MORE EFFECTIVELY. The
success of this Audit is that it does
not recommend investing more;
rather it helps to get more out of
existing technology investments.
Our Technology Audit includes various components and addresses the critical
and major pain points of different IT areas as detailed below:
Power Infrastructure Audit
 Sudden power failure of UPS
 Over-utilisation and under-
utilisation of UPS capacity
 UPS power cabling issues
 Battery backup for the load
applied
 Climate control measures taken
up for the UPS and Battery placement
 Fire Hazards that pose a potential threat to the environment.

7. Audit Recommendations
 Safe and Climate
controlled placement of
UPS & Batteries
 Overloading or Under
loading of UPS
 Possible resolution of
UPS issues
Network Infrastructure Audit
 Network speed drops
 Sudden connectivity failure with
devices
 Wireless signal strength issues
 Network architecture and design
 Cable routing and type of cables
being utilised
 Active and passive network
components
Audit Recommendations:
 Network architecture &design as per best practices
 Cabling standards and routing
 Network equipment safe placement & environment
 Active & Passive (wired & wireless) components maintenance
 High-availability setup for minimal downtime

8.  Possible resolution of network performance issues
Internet/Intranet Connectivity Audit
 Internet connectivity speed drops
 Failover and load-balancing setup
 Bandwidth utilisation
 Unauthorised usage of internet services
 Content filtering to avoid certain
categories of websites
 Firewall setup (policies for
allowing/disallowing the users access to
websites)
 Email services (unauthorised sending of
emails, blocking of attachments,
controlling size or type of attachments).
Audit Recommendations:
 Internet bandwidth usage &
requirements
 Restriction of Unauthorised bandwidth usage
 Load balancing& failover configuration
 Email filtering for data monitoring
 Firewall policies for optimal security
Server, Storage & Backup
Infrastructure Audit
equipment for optimum
 Increased downtime of servers,
 Recovery from crash (both physical and
virtual),
 Storage space management,
 Operating system compatibility issues,
 Automated backup and restoration of the
backed-up data
 Performance of server, storage and backup
operations
Audit Recommendations:

9.  Optimal configuration for servers based on the user load
 Storage technology and space based on usage and forecast
 Best practices Backup and Restoration process
 Maintenance of Server equipment for minimal downtime
 Possible resolution of server, storage and backup issues
Desktop, Laptop & Thin Clients Audit
 Recovery from crashes and minimising the downtime
 Repair / replacement and upgrade
spares availability
 Standard hardware configuration
across the organisation
 End-to-end audit or sampling audit
can be scoped as required.
Audit Recommendations:
 Optimal configuration for
desktops/laptops based on the usage parameters
 Maintenance of desktop/laptop including spares as per best practices
 Asset tagging & maintenance
 Possible resolution of desktop/laptop issues.
Core Application (ERP /
SW) Audit
 Using MS Excel to take reports after
investing in ERP,
 Utilisation levels of the Application by
users (module-wise)
 Scope for improvement areas
 Functional audit on the mapping the
business requirement with the
functionality
 Technical audit on the coding (coding

10. standards and best practices).
Audit Recommendations:
 Fitment of the existing application vis-à-vis the business process
 Utilisation levels of existing application department/module-wise
 Module-wise recommendations for optimal usage
 Technical architecture & design as per best practices
 Coding methodology as per best practices
SW License Compliance Audit
 Unauthorised usage of software by staff
 Legal compliance issue due to pirated
applications
 Find actual gaps in the license
 Identify open source alternatives to reduce
investments
Audit Recommendations:
 Identification of unlicensed software and gap in available licenses
 Recommendation on open source / freeware alternatives
IT Data Security Audit
 Vulnerable network
 USB / Email data leakage
 Physical security (entry/exit
registering, CCTV surveillance)
security End-to-end Logical
(including VA-PT audits)
 Data and equipment theft

11. Audit Recommendations:
 Recommendation for mitigating VA-PT Gaps
 Harden Server environment for robust security
 Firewall policy and monitoring
 Recommendations for physical security as per best practices
Key User Audit
 Collective view of the key users driving the
organisation
 Understand training requirements
 Identify the key expectations of majority
stake holders.
Audit Recommendations:
 Key User’s knowledge level for utilising technology investment of company
 Recommendation for areas of training required by key users.
Vulnerability Assessment & Penetration Testing
Vulnerability Assessment services are a series of tests performed on a system to
identify the vulnerability of the system. This is a Security Assessment conducted
to understand the vulnerabilities and by this process the vulnerabilities are
identified and exposed to the security experts who in turn are able to quantify
and prioritise such vulnerabilities.

12. Basically a vulnerability of a system refers to the inability of the system to
withstand a hostile threat to its environment and
the effects that may be caused by this hostile
attack.
Vulnerability assessment has many things in
common with risk assessment. Wiki states
that assessments are typically performed
according to the following steps:
 Cataloguing assets and capabilities (resources)
in a system
 Assigning quantifiable value (or at least rank
order) and importance to those resources
 Identifying the vulnerabilities or potential threats
to each resource
 Mitigating or eliminating the most serious vulnerabilities for the most valuable
resources
Penetration Test (PT)
Penetration Tests are different from
vulnerability assessment services, in that
they simulate an actual attack on a
computer system or network as it would
have been from an external or internal
threat. By this method we are able to
evaluate the computer or network's security
levels based on the defined objective of the
test. Thus a vulnerability penetration test
can help determine whether a system is
vulnerable to attack, if the defences were
sufficient and which defences (if any) were defeated in the penetration
test.

13. Why VA-PT is required?
As new technologies emerge and change the IT scenarios, newer audit security
challenges are given to be faced by corporates. Thus the business that do
transaction over the internet are at high risk, though other companies are also at
risk when being exposed to
external networks. Thus many
unforeseen traps with multiple
vulnerabilities and numerous
threats do manifest themselves in
the least expected time and at the
least expected place. Thus in order
to take-up such challenges and
address then, a robust system with
appropriate security policies,
adequate controls, periodic review
and monitoring are to be in place
to protect the organisation's
information assets. Hence it is
highly recommended to carry out
an indepth Network Assessment comprising of VA-PT audits in a periodic
manner to ensure software compliance to controls established and the policies
set in the organisation and further to evaluate whether they are adequate to
address all the threats.
What Do We Gain by VA-PT?
 In-depth testing of IT infrastructure leads
to understanding of the effectiveness of
security systems in place
 Testing the ability of network defenders to
successfully detect and respond to the
attacks
 Enables planned investment to secure the
IT setup resulting in better ROI
 Helps to identify the security gaps and
secure them

14.  Focus and prioritise high-risk and threats rather than false encounters
 Optional Software Assessment to understand the vulnerabilities within
 Process and policy in place helps to run regular and periodic tests
 Assessing the magnitude of potential business and operational impacts of
successful attacks