Information Security

80% of information security breaches are led by crime-rings around the world. In retail, they exploit consumer information for further hacking into bank accounts. In business, they sell information to buyers. In government hacks, they sell information or disrupt operations.


The new era of Internet, mobile phones, PDAs, PCs, are heralding a "Boundaryless Enterprise”. However, boundarylessness also runs contrary to fundamental concepts in security creating massive challenges for the CIO. Increasing speeds of execution coming through shadow IT, business led Cloud initiatives etc. create further challenges and a tendency to be oblivious to the burgeoning security risks to the enterprise. Compliance, security related reporting and breaches are not just a CIO responsibility but that of Boards and CEOs. Organizations have to develop a top-down, 360 degree view of security- at the perimeter, in the applications, during transactions, in wireless data exchanges and on devices.

Besides encryption, firewalls, log analyses and monitoring- educating users about digital security is one of the most important things to do. They need to know that protecting information is like protecting their own house against a theft. It is their duty and responsibility

Information Security

Ensuring security has to become an orthogonal process to the rollout of applications and managing business transactions, and not an impediment. CIOs can no longer do this through mere monitoring and manual interventions but will have to leap towards cognitive computing, automation and DevOps based approaches to monitor, catch, prevent, intervene and remediate threats before they materialize.

Key Services


Information Security Policy & Audits

  • IS Audits & Threat Assessments
  • Governance - Risk and Compliance
  • InfoSec and BCP Risk Assessments
  • Policy & Governance Design
  • Cloud Security Alliance
  • Cloud Controls Matrix (CCM)
Application Security & Testing

  • Applications & Data Security Testing
  • Security Applications Architecture
  • Periodic and Surprise Testing Strategy
  • Cloud Security - at rest and in motion
  • Black Box and White Box Testing
  • Friendly Hacking - Internal Hackathons
Infrastructure Security & Testing

  • Cloud Security Assessment
  • IT Security Architecture Design
  • Package Selection for - Perimeter, Identity & Access
  • Control, Platforms, Data, Applications, Open Source
  • Access & Identity Management Testing
  • Platforms Implementation
Data Management & Statutory Compliance

  • ISO 27001 / ISO27002
  • Payment Card Industry (PCI) Security
  • HIPAA
  • GLBA
  • Domain and Compliance Audits
  • Threat & Risk Assessments
  • Vulnerability Testing
  • Penetration Testing
  • Policy & Governance Design
  • Remedian Roadmap

Business Outcomes


Regulatory Compliance with Information Security Regulatory Compliance with Information Security Audit Lifecycle Management
Enhanced Operational Efficiency with Managed Security Operation Enhanced Operational Efficiency with Managed Security Operation
Cyber Security Assessment and Assurance Uninterrupted Customer Experience by Continuous Cyber Security Assessment and Assurance
Data Analytics Based Enterprise Security Metrics Data Analytics Based Enterprise Security Metrics for Predictive Security Measures

Platform Capabilities


information security policy audits

  • GRC Tool Evaluations
  • Risk Assessment based on ISO27005, OCTAVE, NIST SP800-30
application security testing

  • OWASP model
  • Security Applications Architecture
  • Tools (indicative) – Nessus, GFILAN Guard, Snort, BSA, Net Stumbler, Qualys Guard
  • Open SAMM
  • NETIQ
  • Kali Linux. Metasploit, Burpe Suite
  • Deepsight Threat Manager
infrastructure security testing

  • SANS - B.A.S.E methodology for Security Assessment
  • IBM Secure Identify and Access Management
  • Perimeter Security – Fortinet
  • Kali Linux. Metasploit, Burpe suite
  • IBM AppScan
  • F5 networks, BIG-IP
Data Management & Statutory Compliance

  • ISO27001 Readiness Audit
  • HIPAA, PCI-DSS, Privacy Audits
  • Threat & Risk Assessments
  • Vulnerability Testing
  • Penetration Testing
  • Policy & Governance Design
  • Remediation Roadmaps


Menu