This document provides an overview of IT security and risk management. It discusses the importance of periodic IT assessments to test security effectiveness and readiness. Common observations during assessments include a lack of IT strategy and security policies. The document outlines services from Yellow House Consulting Group to implement recommendations after assessments, including securing networks, implementing governance frameworks, and developing disaster recovery plans. The goal is to help organizations transform their business through smart and disciplined IT implementation.

1. ~ Aegis ~
~Product overview ~
Yellow House
Consulting
Group
Copyright © 2014-15 yhcg.in
Beyond Firewalls
Protection
&
Performance
~ Aegis ~

2. Copyright © 2014-15 yhcg.in
 IT assessments bring in IT discipline, reality check and ensures continuous
IT maturity and readiness for the organization
 80% of large and 60% of small organizations experienced at least one
“malicious security incident” in 2014
 60% Indian IT professionals feel organizations cannot protect itself from
Cyber attacks
Why IT Security and Risk Management ?
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management
DDoS, Web applications, and IT infrastructure attacks represent some of the
most critical threats to enterprises today ~ Akamai security report, Q4, 2014

3. Copyright © 2014-15 yhcg.in
 Hackers used email information from Mumbai firm, “Mallak Specialities
Pvt Ltd”, to fleece the firm to deposit money into bank accounts
~ 27-OCT-2014 - HC directs CBI to investigate
 19% of incidents are a results of insider privilege misuse – Verizon Report
 The ONLY way to strengthen and test your IT systems effectiveness,
efficiency & readiness of IT security is by periodic systems assessment
and vulnerability tests by a systems vendor
Why IT Security and Risk Management ?
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

4. Copyright © 2014-15 yhcg.in
 IT security and risk management Objectives
 Common IT assessment Observations
 What we are confident of – YHCG IT services lines
 IT for Business transformation
 What after IT assessment ?
Index
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

5. Copyright © 2014-15 yhcg.in
 Alignment of Business requirements with existing IT Support Systems
 Availability of mature and cost effective IT systems – for negligible down
time
 Security – Accessibility to ONLY authorized users, prevention of Data
theft and Vulnerability to unwarranted intrusions and attacks
…contd.
Risk Management Objectives – what we look for ?
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

6. Copyright © 2014-15 yhcg.in
 Capability – Provide users with necessary tools and solutions to
efficiently and effectively do their jobs and be flexible in adapting to
changing business needs
 Competitiveness – IT being used as an business enabler for competitive
advantage
Risk Management Objectives – what we look for ?
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

7.  No pre-defined IT Strategy hence absence of Business-IT Alignment
 No SOP made available for Policy reference and Security Implementation
 Absence of IT Security & Configuration management (baseline & setup) plan
 Critical lapses in IT operations control leading to attack vulnerability
…contd.
Common Observations during assessment
Copyright © 2014-15 yhcg.in
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

8.  Weak Network security & end-point device access
 No Data theft prevention (people, process & systems) – DLP measures
 Minimal or no documentation of planning and methodology for IT infra
forward capacity building
 Isolated planning and implementation of IT Network and security
… contd.
Common Observations during assessment
Copyright © 2014-15 yhcg.in
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

9. Copyright © 2014-15 yhcg.in
 No IT Disaster Recovery Plan for Business Continuity
 Low level of IT Security Maturity, IT Ops Control, Configuration
Management, Data Loss and Theft prevention
 No evidence of IT being used as an enabler to transform business
Common Observations during assessment
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

10.  Organization’s IT Setup – managed by quality team having pre-defined
KPAs and responsibilities (in - house and/or outsourced)
 IT Framework – to implement IT Security policies and Operation Control
Systems
 IT Role - to facilitate, support and steer the organizational goals as a
Business Transformational Agent
…contd.
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

11.  Secure IT Network Architecture – Network overhauled and re-postured due
to lack of security controls & concepts like zoning & DMZ
 Security management and IT ops monitoring software Implementation
 IT Vulnerability - Overcome IT Operational Control weaknesses and
implement governance framework & security policies to mitigate Business-
IT risks
…contd.
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

12.  DLP (data loss prevention)- to be implemented at the organization level
 Disaster Recovery Plan - to be developed to support the organization’s
Business Continuity Plan
 IT Cost Control – evaluate early adoption of Hybrid Cloud solutions,
Server Virtualization and Open Source Software to reduce cost, infra
manageability and maintain high availability of certain data & software
services
…contd.
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

13.  Secure Connectivity - evaluate cost and implement VPN connectivity
for more secure connectivity between HO & branches
 IT Planning – Short / Long Term plans and Vision which include:
 Processes - tuned & in alignment with Business needs
 Systems - operational control and overhaul
 People - optimally sized trained staff augmentation to
satisfy new necessary roles and responsibilities
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

14. Copyright © 2014-15 yhcg.in
 Smart & Disciplined IT implementation can help to solve specific business
complexities and help do business effectively and efficiently
 In today’s fast paced business environment, it is about managing your
systems & data optimally so that it will transform your business
 Excellence in Technology Implementation is the best way to put distance
between a company and its competitors
 IT should not be just adopted for IT sake
IT Myth :
~ more resources, extra cost, more hardware & software
- but best-in-class practices prove otherwise
IT for Business Transformation…
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

15. Copyright © 2014-15 yhcg.in
 IT systems & software setup, Network & IT Security Grade - assessment
 Secure Network Design and implementation (Small and Medium businesses)
 Data Loss Prevention (DLP) – design and implementation
 Cyber defence – assessment, design and implementation
 Vulnerability assessment & Penetration Test (VAPT)
 Identity and access management - design and implementation
 Hybrid Cloud – design & implementation
YHCG service lines ……..
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management

16. Copyright © 2014-15 yhcg.in
We can execute the implementation as per the
assessment report and recommendations
Or
We can do the Implementation handholding post
assessment as per the recommendations in the
report
What after IT assessment ?
Yellow House Consulting Group
Aegis ~ IT assessment Overview

17. Copyright © 2014-15 yhcg.in
Thank you !
Yellow House Consulting Group
www.yhcg.in
Yellow House Consulting Group
Aegis ~ IT Security & Risk Management