Consulting



  • Establishing PMO’s and Process Improvement
  • Project Management and Quality Framework
  • ITIL Processes
  • Transformation from Traditional to Agile
  • Customized Consulting
     
  • Cyber-Security Consulting
    • We provide Information Risk Management consulting services for managing and mitigting the risks to the organization.
    • Assessing information security risks is one element of a broader set of risk management activities. Other elements include establishing a central management focal point , implementing appropriate policies and related controls , promoting awareness , and monitoring and evaluating policy and control effectiveness.

    • As reliance on computer systems and electronic data has grown, information security risk has joined the array of risks that governments and businesses must manage. Regardless of the types of risk being considered, our risk assessments generally include the following elements:
  1. Identifying threats that could harm and, thus, adversely affect critical operations and assets
  2. Estimating the likelihood that such threats will materialize based on historical information and judgment of knowledgeable individuals
  3. Identifying and ranking the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important
  4. Estimating for the most critical and sensitive assets and operations, the potential losses or damage that could occur if a threat materializes, including recovery costs
  5. Identifying cost-effective actions to mitigate or reduce the risk. These actions can include implementing new organizational policies and procedures as well as technical or physical controls
  6. Documenting the results and developing an action plan
ISO 27001 Consulting

    ISO 27001 is a structured set of guidelines and specifications for assisting organizations in developing their own information security framework. The standard relates to all information assets in an organization regardless of the media on which it is stored, or where it is located. The standard assists organizations in developing their own information security framework. We are one of the leading consultants for ISO 27001 certification. 
      ISO 27001 has 11 domain areas, 39 control objectives and 133 controls in all. The security controls represent information security best practices and the standard suggests that these controls should be applied depending on the business requirements.
        ISO 27001 suggests development and implementation of a structured Information Security Management System (ISMS), which governs the security implementation and monitoring in an enterprise. The standard is designed to serve as a single 'reference point for identifying the range of controls needed for most situations where information systems are used'.

        Our approach:

        Understanding Business Functions 
        The purpose of this phase is to provide the initial planning and preparation for the assignment. The steps in this phase help re-emphasize the project objectives and goals and plan the various focus / target areas to be considered during the assignment.

        Data Acquisition
        The purpose of this phase is to collect all relevant data pertaining to the scoped area. This is probably the most crucial phase, since it involves meeting the stakeholders and understanding their concerns, as well as assets under their responsibility and the importance of these assets to their business function.

        Risk Assessment
        Performing a comprehensive Risk Assessment on the identified critical IT assets would enable to select appropriate risk mitigation controls. Our Risk assessment methodology is a multi-fold activity comprising assigning values to the identified critical information assets, threat assessment, Vulnerability Assessment & Penetration Testing exercise and Gap Analysis.

        Prioritize
        The purpose of this stage is to develop a risk mitigation strategy and plan to provide inputs to the selection of ISO 27001 compliant controls. The inputs from this stage will drive the development of the IT policy.

        Design & Build
        The purpose of this stage is to develop detailed and functional IT security policies and procedures for the client. The policy statements will be in line with ISO 27001 and will address the risk areas identified earlier (as per the risk mitigation and treatment plans).

        Action Plan
        The main purpose of this stage is to provide the client with a Security Improvement Program which would help the client to have a continuous improvement as well as to get ISO 27001 certification. The objective of this phase is to implement the security controls. We will manage the implementation program. This phase results in an implementation roadmap that the client can use to implement the ISO 27001 controls.