Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Transcription

1 Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property of Skillmine Technology Consulting Pvt. Ltd. and may not be copied or communicated to a third party or used for any purpose other than that for which it is supplied without the written consent of Skillmine Technology Consulting Pvt. Ltd.

2 Introduction Security in a Box Banking and Financial Institutions are making huge investments and efforts to ensure seamless access and transaction processing for their customers. Adoption of online banking and usage payment wallets are growing. Along with this, The associated security threats are also growing exponentially. In this context, the security governance, security policy framework and its implementation assume prime importance. As any system cannot be perfect, its audit and expeditious action on the findings become crucial to continuous enhancement of security systems in the face of ever-growing sophistication of potential attackers. Security in a Box is an innovative approach from Skillmine to help customers achieve a highly secure framework with compliance to RBI guidelines and Security standards. The approach allows organization to understand their current state using a gap assessment and to build a framework based on a modular approach at a very value price executed by experts. The customization allows the organization to pick and choose the on demand services based on the priority to provide much needed flexibility. The following pages describes the offerings in detail Skillmine Technology Consulting Pvt. Ltd. Confidential

3 Skillmine Information Security Services Portfolio Governance Risk & Compliance Identity & Access Management Threat Management Security Intelligence Data Protection ISO & ISO (IT Services Management) Consulting IT Governance - COBIT Implementation Advisory Enterprise Security Architecture Design Business Continuity & DR planning Network Security Architecture Reviews Information & Network Security Audits Vulnerability Assessment Penetration & Application Security Testing Web Application Security Identity Governance & Administration Access Management for Web & Mobile Directory Services Privileged Access Management Mobile Security Enterprise Single Sign-On IAM Architecture Design Cloud Single Sign-On Technology and Product Selection VM Framework & Strategy APT Risk Mitigation Strategy Advanced Security Testing Services Software Composition Analysis Security Posture Assessment Open Source Compliance Audit Web Threat Detection SOC Consulting Security Analytics Planning Security Dashboard Design Log Analysis Alert Tuning and Optimization SIEM Health Check Audits and Assessments Data Protection Framework Privacy Framework Data Flow Assessment Data Leakage Risk Assessment Data Privacy Assessment DLP Incident Analytics Database Security Data Protection and Audit Skillmine Technology Consulting Pvt. Ltd. Confidential

4 Our Approach to Security SECURITY OPERATIONS Maintenance & Support Managed Security Services SOLUTIONS Implementation Integration Testing ASSESSMENT Firewall Assurance Services GRC, VA & PT, DLP Assessment PCI Readiness Assessment Gap Analysis ARCHITECTURE Design Network Segmentation Build PLANNING Workshop Evaluations POC Policies & Procedures Skillmine Technology Consulting Pvt. Ltd. Confidential

5 Security In A Box Services Offering BRONZE SILVER GOLD ON DEMAND ISMS Frame Work Policies & Process Development IT Risk Management Framework Development Managed Security operations Centre On Demand Remediation of Gaps High Level Gap Assessment & Recommendations High Level Architecture assessment of Endpoint Protection High Level Architecture Review of Perimeter Security ISMS Governance Framework Creation Vulnerability Assessment & Penetration Testing Deep Dive Gap Analysis & Road map Creation for IT Security & Infrastructure Standards & Compliance Adherence Framework Creation Pre Audit Consulting for Certification Audit. Managed Security Services Audit & Certification Solution Design & Implementation of Security Technologies Firewall Assurance Services Secure Code Review & Web Application Security Testing. Virtual CISO Skillmine Technology Consulting Pvt. Ltd. Confidential

6 Bronze ISMS Frame Work Policies & Process Development Building Information Security Management Framework in Lines with ISO Standards Development of Information Security Policies & Processes in Lines with ISO High Level Gap Assessment & Recommendations Core infrastructure assessment and security gap analysis based on discussion with IT team Based on identified gaps recommend industry best practices and solutions High Level Architecture assessment of Endpoint Protection Existing endpoint protection architecture assessment Gap assessment in the endpoint architecture and recommendation based on same High Level Architecture Review of Perimeter Security Network security assessment at perimeter level Recommendation based on observations in the network security assessment Skillmine Technology Consulting Pvt. Ltd. Confidential

7 Silver IT Risk Management Framework Development Comprehensive view of all risks related to the use of IT and Develop a Framework for Management of IT Related Business Risks ISMS Governance Framework Creation Documenting an ISMS governance framework, and organisational information principles based on ISO standards Vulnerability Assessment & Penetration Testing VM assessment for current infrastructure and Pen test for core devices with detailed reporting Deep Dive Gap Analysis & Road map Creation for IT Security & Infrastructure Technical analysis (based on tools and techniques) of the existing infrastructure and creation of detailed road map for IT security Standards & Compliance Adherence Framework Creation Creation of ISMS Standards adherence requirement framework with respect to technology, Process & People perspective for the bank. Pre Audit Consulting for Certification Audit. Ensure that Bank is Adhering to all the Standards and guidelines provided by RBI and other Regulatory Authorities. Ensure that all Processes, Policies and Technology controls are in place as per ISMS Standards and other RBI Guidelines Helping the Bank in Remediation of Identified GAP during the Pre Audit. Ensure that Bank is ready for a Standards & Compliance audit. Engage & Coordinate with Third party Certified Auditors for Conducting an Audit and Issuance of Successful audit from the Third Party Auditor Skillmine Technology Consulting Pvt. Ltd. Confidential

8 Gold Managed Security operations Centre Real time Security alert monitoring Security event management Security threat management Advanced SIEM tools based security incident response Managed Security Services On-site consulting Perimeter management of the client's network Penetration testing and vulnerability assessments Compliance monitoring Audit & Certification Pre-assessment audit Stage 1 certification audit Stage 2 certification audit Award of ISO certification Skillmine Technology Consulting Pvt. Ltd. Confidential

9 On Demand On Demand Remediation of Gaps Technical analyse the identified gap/s, design and craft the best fit solution in compliance to the existing infrastructure and implement the same as needed Post implementation support for implemented solution Solution Design & Implementation of Security Technologies Design, Stitch and implement security solution fit to existing environment Compare the available technologies in market with regard to features, stability, effectiveness and cost Firewall Assurance Services Firewall policy audit & clean-up Hidden device rules & rule usage analysis, Rule risk assessment Identification of technical mistakes in firewall rules, Un-used rules audit Secure Code Review & Web Application Security Testing. Authentication, Authorization, Session management, Data validation, Error handling, Encryption, logging Vulnerability, URL manipulation, SQL injection, XSS (Cross Site Scripting), Spoofing etc. Virtual CISO Information security leadership and guidance, Steering committee leadership or participation, Security compliance management, Security policy, process, and procedure development, Internal audit, Penetration testing, Vulnerability assessments, Risk assessment etc Skillmine Technology Consulting Pvt. Ltd. Confidential

10 Skillmine Consulting Services Approach Engage Initiate Discover Construct Recommend Implement Establish relationship Assemble the engagement team Schedule interviews & data collection methods Determine future IT state Build the business case justification Debrief the account team Determine business needs Conduct internal kickoff Execute data collection Conduct gap analysis Develop recommendations Develop detailed implementation plan Capture project requirements Conduct client kick-off Validate assumptions and findings with client Conduct roadmap analysis Conduct roadmap and dependency analysis Develop transition plan Determine scope of consulting engagement Identify quick wins Develop high-level implementation plan Hand-off roadmap to implementation team Develop proposal Conduct Cost Benefit Analysis Were Applicable Present recommendations Evolve client relationship Present proposal Agree on next steps Gain agreement to conduct engagement Skillmine Technology Consulting Pvt. Ltd. Confidential

11 Skillmine Methodology Strategic Initiative Planning INSCAPE Information Security through Controls & Processes Project Scope & Planning Conduct current state assessment Co-create the Security Framework Risk Management Conduct Impact Analysis & Risk Assessment Develop Risk Treatment Plan Prepare Control Implementation Strategy Controls Deployment Develop Policies, Procedures & Define Metrics Recommend and Implement Technology Tools Conduct awareness programs and Training Assurance Perform Verification tests & audits Review & Measure Effectiveness, Refine Establish Security Governance & continuous improvements Skillmine Technology Consulting Pvt. Ltd. Confidential

12 Skillmine Methodology COMBAT Continuity Management for Business & Technology Strategic Initiative Planning Understand Business & Technology Conduct current state assessment Develop Project Charter Development of Plan Co-create Continuity with Secured Systems Conduct Impact Analysis & Risk Assessment Develop Recovery Strategy, Processes & Procedures Execution, Testing & Maintenance Conduct Testing & Training Refine & Finalize Processes & Procedures Develop Maintenance Procedures & Handover Skillmine Technology Consulting Pvt. Ltd. Confidential

13 Our Capability Portrait of Capability Application Dev IT Security IT Infrastructure IT Service Mgmt ERP Bahrain Suite 12, Building 3809 Road 475 Manama PO Box India # 711, Carlton Tower A-Wing, Old Airport Road Bangalore Singapore 1 Harbour front Place, Harbour front Tower One Level Singapore Sydney Level 5, 7 Eden Park Drive Macquarie Park, North Ryde NSW Skillmine Technology Consulting Pvt. Ltd. Confidential

14 Our Customers Skillmine Technology Consulting Pvt. Ltd. Confidential

15 Thank You Chandraprakash C chandraprakash.c@skill-mine.com Our Values Think & Care about Customer s Investment Predictable Delivery Every Time since First Time Passionate about Desired Outcome orders@skill-mine.com info@skill-mine.com Skillmine Technology Consulting Pvt. Ltd. Confidential