Reduced risks and doing business knowing your data is secure

We have a team of leading experts to analyze and identify threats to the information systems in your organisation and develop strategies to prevent infiltration and attacks, as well as ensure statutory and regulatory compliance to various standards and frameworks.

eHosting DataFort’s Consulting and Advisory Services team provides a wide variety of consulting and advisory services which include:

1. Security Assessment

a. Penetration Testing

b. Vulnerability Assessment & Architecture Review
c. Security Program Review (Policy, Process, Procedures, etc)
d. Application Audit

2. Enterprise Risk and Compliance

a. Statutory and Regulatory Compliance
b. Standards and Frameworks

i. IT Service Management (ITSM) (ISO 20000)
ii. Business Continuity Management (BS 25999)
iii. Information Security Management System (ISMS) (ISO 27001)
iv. Quality Management System (ISO 9001)

3. Support Services

a. Gap Analysis
b. Internal Audit
c. Risk Assessments
d. Business Impact Analysis

 

Features

1. Security Assessment

a) Penetration Testing -- Regular penetration tests are an essential component of an information security program involving extensive analysis of security controls from the perspective of external and internal attackers.

b) Vulnerability Assessment & Architecture Review - Vulnerability Assessment involves security analysis of weaknesses prevalent in Servers, Desktops, Network and Security components whereas Architecture review involves reviewing the current security architecture design and implementation aspects.

c) Security Program Review (Policy, Process, Procedures, etc) - Based on ISO 27002:2005 code of practice for information security management. Our teams perform a Gap analysis to find out an organizations completeness and effectiveness based on the above. This includes reviews of security policies, processes, procedures and other related practices.

d) Application Audit - Involves a comprehensive review of the applications to check its security posture against well known threats.

2. Enterprise Risk and Compliance

a) Statutory and Regulatory Compliance - We prepare organizations to identify potential gaps and have a mitigation plan for compliance by implementing strategic, tactical and operational controls such as Policies, Processes, Procedures etc. as a part of an overall risk management plan.

b) Standards and Frameworks – We have expert consultants in IT related standards and frameworks critical for business profitability, productivity and efficiency. As complexities of IT tools, technologies and applications increase, they can be controlled by implementing standards and frameworks such as:

i. IT Service Management (ITSM) (ISO 20000) - The ITSM standard allows users to establish, manage, monitor and measure IT services. The framework allows costing, charging and budgeting of IT services against the respective activities.

ii. Business Continuity Management (BS 25999) - Business Continuity Management standard allows users to study, calculate and foresee business impacts and risks on various scenarios. Acceptable risks and investments towards business continuity program are addressed through meeting requirements of the Business Impact Analysis (BIA).

iii. Information Security Management System (ISMS) (ISO 27001) - The ISMS standard provides a framework that controls the confidentiality, integrity and availability of all areas where information can be classified, categorised, labeled and protected against threats and vulnerabilities assessed against perceivable risks.

iv. Quality Management (ISO 9001) – Quality Management Standards can be applied for establishing, documenting, implementing and maintaining a Quality Management System standard framework which controls and achieves agreed specifications on products and services.

3. Support Services

The type of support services we provide against the mentioned standards and frameworks are (but not limited to) the following:

a) Gap Analysis
It is a holistic analysis of mandatory requirements as per the prescribed framework of various standards and is done in order to verify the integrity of the framework and any deviations from it by comparing the mandatory requirements of the standard with those that are applied and running in the organisation.

b) Internal Audit
Through a yearly contract we provide an unbiased and comprehensive auditing service of your internal systems in order to ensure a higher degree of compliance within your organisation.

c) Risk Assessments
Our expert consultants have immense experience in formulating, planning and exercising a risk assessment by correlating the business, organisational and standard framework focus requirements.

d) Business Impact Analysis (BIA)
The relevant standards specify the focus areas and criteria for business impact analysis (BIA) for the relevant standards. BIA would arrive at the various risk factors for the organization to consider and we can perform BIA against Quality, Security, IT Services and Business Continuity.