it risk advisory brochure v1 0
Post on 14-Jul-2015
141 Views
Preview:
TRANSCRIPT
1
IT Risk Advisory Services
Riskpro India Ventures (P) Limited New Delhi, Mumbai, Bangalore
2
Who is Riskpro… Why us?
ABOUT US
Riskpro is an organisation of member firms around India devoted to client service excellence. Member firms offer wide range of services in the field of risk management.
Currently it has offices in three major cities Mumbai, Delhi and Bangalore and alliances in other cities.
Managed by experienced professionals with experiences spanning various industries.
MISSION
Provide integrated risk management
consulting services to mid-large sized corporate /financial institutions in India
Be the preferred service provider for complete Governance, Risk and Compliance (GRC) solutions.
VALUE PROPOSITION
You get quality advisory, normally delivered by large consulting firms, at fee levels charged by independent & small firms
High quality deliverables
Multi-skilled & multi-disciplined organisation.
Timely completion of any task
Affordable alternative to large firms
DIFFERENTIATORS
Risk Management is our main focus
Over 200 years of cumulative experience
Hybrid Delivery model
Ability to take on large and complex projects due to delivery capabilities
We Hold hands, not shake hands.
3
Our Network Presence
New Delhi
Mumbai
Bangalore
Ahmedabad
Pune
Agra
Salem
Kolkata
4
IT Services Landscape
The Backdrop:
o Fast changing IT services market
o Technological advances
o Rising integration of business and technology
o Corporate focus on core competencies
o Maturation of IT vendor management role
Business Need:
o Meeting cost, time-to-market
o Innovation objectives
o Realization by corporates to assemble and integrate services and solutions
o Growing demand from best-in-breed suppliers
o Acquire the right services at the right prices
o Must have deep knowledge of the IT services marketplace
o Understanding its future direction
o New trends in the application and infrastructure services marketplace
5
IT Risk Advisory Service
Information Technology
Service Management
Information Security
Management
Information Security
Audit
Information Technology Assurance
Information Technology Governance
Riskpro
Service Offerings
6
IT Service Management
Consulting
Standardizing
Compliances
•Service architecture Scoping
•SLA’s
•ITSM Assessment
•Control Processes
• Service Delivery
• Release & Resolution
• IT service road mapping
• GAP Analysis
• Tollgate review
• Performance metrics analysis
• Compliance review
• Standard pre-assessment
• ISO 20000
• ITIL practices
• PDCA cycle alignment
• Training- Basic / Advanced
Value Proposition
• Efficient business service delivery processes
• Reduced risk in using external service providers
• Reduced costs
• Enhanced ability to manage business complexities in a diverse operational environment
How we Do
7
Information Security Management
Consulting
Standardizing
Compliances
• Risk Assessment & Management
• IS security policy framework
• Internal audit procedures
• IS controls review
• Penetration testing
• Compliance- IS policies
• IS security implementation review
• GAP analysis
• Performance metrics analysis
• Vulnerability assessment
• SAS Type II audits & compliance
• BS 7799 implementation
• ISO 27001/17799 implementation
• DPA
• GLBA
• HIPAA
Value Proposition
• Operational resilience
• Risk reduction
• Secure best practices
• Business continuity preventive approach
How we Do
8
Information Security Audit
Consulting
Standardizing
Compliances
• Operating system audits
• Database audits
• Networking/ Firewall audits
• Application systems – Functionality assessment
• Web application/Data centre audit
• Institutional risk areas review
• General Controls- Physical security/BCP/BRP
• Change management – Controls & Tracking
• Application Controls- System edits/Access
• IS policies and procedures
• IDS
• Forensic auditing
• FERPA
Value Proposition
• Robust IT governance framework
• Strategic & operational value through business-risk focused approach
• Pre-emptive risk control capability
• Corporate IT compliance adherence for future business initiatives and IT investments
How we Do
9
IT Assurance
Consulting
Standardizing
Compliances
• Business Continuity Planning
• Cyber crime investigative services
• IT external & internal audits
• IT assessment and benchmarking
• Data protection and privacy
• IT security & business flexibility
• IT project assurance reviews
• Compliances – IS policies
• SAS 70
• ISAE 3402
• ISO 27002
• PCI DSS
Value Proposition
• Advanced technologies capabilities advisory
• Proactively manage your technology risks
• Helping you to use data to fullest potential use
• Securing while delivering high performance business results
How we Do
10
IT Governance
Consulting
Standardizing
Compliances
• COBIT and ITIL reviews
• Identification of IT risks exposure
• Risk mitigation controls review
• Balanced scorecard
• Val IT business valuation plan
• IT & Business Maturity models
• IT governance improvement methods
• Improving IT skills & resources
• ISO 38500/COBIT
• CMM
• TOGAF
• ISO 22301 (new standard)
Value Proposition
• Ensuring your organizational structures & business processes are complaint
• IT support framework enables to meet business strategic objectives
• Useful framework tool for benchmarking the balance and effectiveness of IT governance practices
How we Do
11
Annexure- IT Advisory Offerings
12
IT Service Management- Detailed Components How we Do
Process Excellence
Service Excellence
Agile Services
Lean Six Sigma
Software Estimation
- Systematic defining business case
- Assessment of current- state gaps
- Defining optimum process frameworks
- Training & process deployment
- Effective change management
- Service model assessment & design
- Process design , documentation
- Maturity evaluation and audits
- Outsourcing service model design
- Configuration management
- Lean assessment for end-to-end processes
- Opportunity assessment - Identifying improvements
- Project execution
- Coaching & mentoring for processes
- Training & Certification- GB/BB
- Agile readiness- Risk identification & mitigation
- Agile maturity assessment
- Process definition and best fit deployment
- Project manager services
- Training and mentoring services
- Baseline assessment existing vs industry best practice
- Design estimation processes and techniques
- Deployment and continuous improvement process
- Organization performance benchmarking
13
Information Security Mgmt- Detailed Components How we Do
- Risk assessment /Developing mitigation strategy
- Business critical function>Outage & Recovery time
- Developing business/IT disaster recovery plan
- BS 25999 implementation support –BCM tools
- BCM audits and training
-
- Compliance assessment – GAP analysis
- Vendor/ Third party risk assessments
- ISO 27001 advisory (Controls design & Evaluation)
- IS Audit- Risk based/IT security/IT operations/ERP
- IT GRC : Software's, Strategy , framework & roadmap
-
- IAM Visualization- Feasibility/Roadmap/Business case
- IAM solution evaluation-
- IAM prioritization- TCO & Cost benefit analysis
- IAM Execution- Role management/SSO/Access
- Audit, reporting, Training
- Vulnerability & penetration testing
- Static and dynamic analysis (secure code review)
- Security configuration review
- Compliance assessment ( SOX, PCI, HIPAA)
- Remediation plan
Business Continuity
Enterprise Application Security
Identity and Access Management
IS Compliance
14
Information Security Audit- Detailed Components How we Do
- Policy and Procedure Review
Security Operations
Threat Mitigation
Security Technologies
Professional Services
- Active Social Engineering
- Third Party Oversight Review
- System Inventory & Documentation
- Physical/Environmental SecurityReview
- Personnel / IT Staff Training
- Internal Vulnerability assessment
- Host/ Network Diagnostic Review
- Access Control Review
15
IT Assurance - Detailed Components How we Do
- Enterprise Test Strategy
- Test process definition
- Structural code assessment
- Test automation strategy: Tools/ Framework
- Performance Test strategy: Tools
- Security Test strategy: Tools
- Test environment & Data management
- Specialized test strategy
- Tool and product evaluation
- Administration and Management
Consulting & Advisory
Functional/ Support Services
- Requirement management
- Static Analysis/Structural code evaluation
- Unit and integration testing
- Functional testing ( system, integration cycle)
- Performance testing (Load, volume, Stress , tuning)
- Security testing
- Non-functional testing ( OAT, Usability)
- Regression testing
- Test automation
- Environment management- Data, Release, UAT
16
IT Governance - Detailed Components How we Do
Project Portfolio Management
Strategy & Roadmap
Process Re-engineering
Outsourcing Governance
Application Portfolio Rationalization
High Availability –Disaster
Recovery Set up
Dashboards- Predictive Analysis
Migrations-
Extract > Transport > Load
Integrations & Upgrades
Production Support-
Implementation /Maintenance Performance Management
17
Annexure – Service Sample
18
Your Organization
Your Supplier
• We will assist you to ensure your information is secure
• Compliance checks – ISO27001,ITGC,SOX,PCI-DSS and
generic checks
• BCP/DRP solutions
• Long term/Short term goal setting – efficient mitigation*
• Unique reporting – Dashboard based*
• Certification is important but not everything
rather security is
• Check your IT Suppliers to ensure they follow your
standards
• Check current implementation of standards
(ISO27001…)
• Hand hold mitigation control implementation
• Increase security of your suppliers
• Dashboard view of all your suppliers and their status
• Checks and repeat checks to ensure security controls
are maintained
• Exit Assessments
Dash Board
Long Term
Short Term
Usually 3-4 Weeks depends on Projects
Usually 1-2 Weeks depends on Projects
Non-Compliance
Insider Attack
Manage your Compliance Needs
Compliance related Services
19
Requirements
engineering
Design
Coding
Testing
Rollout
Threat model
Information Classification
Security in Requirements
Are standards followed?
How much security is enough?
Architecture Security
HOUSTON methods
How to API’s interact
IT Policy compliant?
Is encryption is needed? how?
Code reviews done?
How to handle buffer overflow
Developers & Security?
Can the code protect itself?
XSS,SQL Injection, CSRF?
Risks mitigated? How to handle buffer overflow
Proof of Concept intrusion
Do we have a security test plan throughout?
Does Testing involve security?
Can you confidently go to Production? is there a Security Quality Gate Pass?
Phases Do you want a Secure Rollout?
S (SDLC) – Secure Your Code/Information
Mobile Malware Phishing
ACH Fraud Insider Attack Services on the applications users use
Security in Software Development
20
We don’t call it Vulnerability
Scanning, We say “hacking”
Ethical Hack and Fix Services
• Focus on critical business systems for your enterprise • Ethical hacking into your network to find out security issues before a hacker does • Routers/Switches/UPS/Videoconference systems/Servers/VOIP systems/Firewalls/ and most connected
devices on the network, the information can be stolen anywhere if we don’t take proper care • Dashboard view of vulnerabilities v/s the security risks • Vulnerabilities mapped to actual business risks (not just telling you to fix the issue but also why to
fix it?, can you live with a risk?) • Training your IT teams to understand vulnerabilities • Year long support in fixing the issues and ensuring your systems stay up to dated with latest security
patches
Our Services
1-2 Weeks onsite & 4 Weeks Offshore Usually
Hackers/Disgruntled Employees/Competition/Insider Attacks
How Can I get access to Your
Network/People/Money?
May be I should get in through the WLAN, it seems to be unsecure
How about, the receptionist, can I coax her into revealing some info?
May be it is better I access the router… SNMP? MD 5 Hash Decryption?
Looks like their Videoconference has a public IP That user could be a good
target for key logger Trojan! I can get credit cards!
Hey I have administrator Access locally so, it’s a gold mine!
That webserver is not at all patched, lets Deface them!
How about launching a attack on the government using their systems?
DDoS Attacks Fraud Your network, servers, computers
Vulnerability Assessment and Penetration Testing
21
This is a unique service designed to assess the Cloud Service
Provider platform from an information security risks/threats point
of view.
• Cloud Service Operational/Governance Assessment
(Onsite Interview based): We will check for your cloud
security compliance to well known industry standards including
cloud security alliance.
• Penetration testing of the Cloud Service Provider: This
service would be a intruders perspective on your cloud setup
to see if your customers are protected from different security
risks like espionage, Information theft, customer privacy
exposure, defacements, financial data leakage, Virus/Trojan
insertion, DDoS attacks, etc. Apart from this the report would
also indicate your compliance to different industry standards
like ISO 27001, PCI-DSS, SOX etc.
DDoS Attacks
Fraud
Insider Attack
Dark Cloud
Securing the cloud that you operate on
Cloud Specific Security Services
22
Riskpro Clients
Our Clients
*Any trademarks or logos used throughout this presentation are the property of their respective owners
23
Team Experiences Our Experiences
Our team members have worked at world class Companies
*Any trademarks or logos used throughout this presentation are the property of their respective owners
24
RESUMES – Our team
Co-Founder - Riskpro
CA, CPA, MBA-Finance (USA), FRM (GARP)
Over 10 years international experience – 6 years in Bahrain and 4 years USA
15 years exp in risk management consulting and internal audits, Specialization in Operational Risk, Basel II, Sox and Control design
Worked for Ernst & Young (Bahrain), Arab Investment Company (Bahrain), Navigant Consulting(USA), Kotak Mahindra Bank (India) and Credit Suisse(India)
Sox Compliance project for Fannie Mae, USA ( $900+ Billion Mortgage Company)
Ma
no
j Ja
in
Co- Founder - Riskpro
CA (India), MBA (Netherlands), CIA (USA)
Over 15 years of extensive internal and external audit experience in India and abroad.
Worked with KPMG United Arab Emirates, PKF South Africa, Ernst and Young Kuwait, Deloitte Netherlands and KPMG India.
Worked with clients in a wide variety of industries and countries including trading, retail and consumer goods, NGO, manufacturing and banking and finance. Major clients include banks, investment companies, manufacturing organizations, aviation etc.
Ra
hu
l B
ha
n
Credentials
25
RESUMES - Our team
Co-Founder - Riskpro
PGD (Electrical & Electronics & Computer Programming)
30 years of experience in Information & Communications Technology (ICT) Solutions for Retail, Garments, Manufacturing, Services Industries.
Has created Companies, Divisions, Products, Brands, Teams & Markets.
Consulting in Business, Technology, Marketing & Sales & Strategic Planning.
Advisory, Training, Workshops & Implementation in Systems Thinking, Systems Modeling & Balanced Scorecard
Worked with TIFR, Mahindra, Ambience, Communico-Graphique & Ionidea Inc, USA,
Ca
sp
er A
bra
ha
m
Credentials
Sr Vice President – Risk Management
MBA, PDFM,NSE-NCFM, PMP, CSSGB,ISO 9001:2000 I.A,GARP-FBR, ITILV3,CPP-BPM
Professional with 17 years of rich experience into diverse Consumer finance/ Lending operations ,Risk Management,BPMS, Consumer Banking, NBFC, Management Consulting & Housing finance in BFSI industry having successfully led key business strategic engagements across multi-product environment in APAC, Australia and US regions.
Worked with GE, ABN AMRO Bank, Citigroup, Accenture, Deutsche Postbank
Highly skilled and expert Trainer in Risk areas across Credit, Fraud, Operational, Corporate Risk management.
Specializes in Fraud Control, AML/KYC Compliance ,QA ,ERM and Regulatory governance.
He
ma
nt S
eig
ell
26
RESUMES - Our team
Head - Insurance Risk Advisory services
B.sc, Associate of Indian Institute of Insurance
Licensed Category A Insurance surveyor
26 years of experience in Insurance advisory services, Loss adjusting for large corporates,Claims management.
Has assessed more than 4500 high value insurance claims across various industry sectors.
Risk management inspection
Valuations of fixed assets for insurance purpose.
R. G
up
ta
Credentials
Head - Human Capital Management
Chartered Accountant, Lead Assessor ISO 9000, Six Sigma Trained, Trained on Situational
Leadership, Trained on interviewing skills and Whole Message Model.
Over two decades of international, multi-cultural experience in finance and human resources viz. internal audit, accounting operations, accounting process review & re-designing, risk management, business solutioning, six sigma projects, talent acquisition, talent retention, organization design/redesigning, compensation and appraisal processing, employee and customer satisfaction surveys, knowledge management and finance services.
Worked with Citicorp/MGF, India Glycol, Delphi, American Express India, American Express USA, Fidelity International and Macquarie Global Finance Services India.
Nile
sh
Bh
atia
27
RESUMES - Our team
Head Taxation Risk Advisory
B.Com, FCA
Senior Partner with 48 year old Delhi based Chartered Accountant firm, Mehrotra and Mehrotra
Over 19 years of experience in the field of Audit, Taxation, Company law matters.
Major clients served are NTPC, BHEL, Bank of India, PNB, Airport Authority of India etc.
Ra
jesh
Jh
ala
ni
Credentials
Specialist Risk Consultant – ERP & IT Compliance
SAP Certified, MBA (Finance), SAP Security trained (from SAP India), SAP GRC Access Controls trained (from SAP India)
Over 7 years of experience working in the area of ERP/IT Risk advisory, primarily focusing on SAP, for ‘Fortune 500’ clients in around 8 countries including US, UK, UAE, Hong Kong, etc
Specializes in SAP Risk & Controls Advisory, SAP Business Process Controls Audit, SAP Security & Segregation of Duties Control Audit, ERP Trainings,
Strong Industry experiences ranging from Beverages, Insurance, Energy, FMCG, Pharmaceutical, Retail, Telecommunication to IT Services
Worked for risk advisory teams of reputed organizations like Ernst & Young, EXL Services
Go
ura
v L
ad
ha
28
Vice President & Head – IT Risk Advisory
Over 14+ Years of Experience in Information Security and Risk Management & CISM certified
Headed the Global Information Security team of Daimler (Mercedes-Benz) Worldwide at Bangalore for 9 years, previously worked at organization like Wipro, Bangalore Labs
Multi-sector experience including Banking, Insurance, Finance, Energy, Manufacturing, Retail, Hi-Tech & Telecom, and Automobile
Well known Ethical hacker: Was featured in BusinessWorld Magazine in an article about leading ethical hackers in India and published several articles in Print and Online Media
Rich experience in Information Security Audits across Corporations, 3rd Party Suppliers, Joint Ventures across several countries in the world including US, UK, China, Germany
Ra
vik
ira
n B
ha
nd
ari
RESUMES – Our Team
29
RESUMES - PARTNERSHIPS
Consultant – Information Security & IT Governance
LLB, CA, CISA, CWA, CS, CFE and others
Over 15 years of experience in the field of Audit, Taxation, Investigations.
Specializing in the field of Systems Audit, Cybrex Audit, Computer Crime Investigations, IS Forensics
International Committee Member of Governmental and Regulatory Agencies Board and Academic Relations Committee of ISACA, USA
An
jay A
ga
rwa
l
Consultant – Quality Management
Founder of PMG, a TQM Consulting Co in Delhi
Mechanical Engineer
20+years experience in TQM concepts.
Strong skill set in various productivity & quality improvement projects including Six Sigma offerings
Past experiences include reputed organizations like Andersen Consulting, Eicher Consulting & Nathan & Nathan consultants
Piy
ush
Ku
ma
r Credentials
30
Specialist Risk Consultant – Business Continuity
Founder and 15-year Chairman of Survive, the first international user group for Business Continuity professionals
Founding director and first Fellow of the Business Continuity Institute
Over 25 years international consulting expertise in Risk, Crisis, Emergency, Incident, and Business Continuity and ICT Disaster Recovery Management
Multi-sector experience including Banking, Insurance, Finance, Oil, Gas, Energy, Manufacturing, Retail, Hi-Tech & Telecom
Western Press Award for services to business, 1994; BCI/CIR nomination for lifetime achievement in BC, 1999, London; inducted into BC Hall of Fame by CPM magazine, 2004, Washington DC.
Andre
w H
iles
RESUMES - PARTNERSHIPS
Specialist Risk Consultant – Enterprise Risk Management
Highly skilled risk and insurance professional with 25 years of experience designing, developing and implementing large, global corporate risk management programs for Fortune 500 firms.
Principal Consultant and Founder - Excellence in Risk Management, LLC. (Texas, USA) Co-founder and EVP, Professional Services, rPM3 Solutions, LLC (Maryland, USA).
Past experiences include Head of Global Risk Management for USAA, PepsiCo/Tricon Global and American National Red Cross
Additional risk and insurance experience at Verizon Corp,. Marsh USA and Liberty Mutual Insurance Co.
2004 Risk Manager of the Year – 2007 recipient of the Alexander Hamilton Award for “Excellence in ERM” (at USAA) – former President, Risk and Insurance Management Society, Inc.
Chris E
. M
andel
31
NIIT technologies and RiskPro offer a Unique GRC Management solution on cloud wherein NIIT provides the best in
the breed Application platform and RiskPro brings best in class integrated risk management consulting services
Platform Differentiators Risk Expertise
Cloud hosting model No CAPEX, Infrastructure Investment No ongoing application/infrastructure
maintenance cost
Extremely Fast Implementation Out of the box implementation in 2-3 weeks time Highly configurable and flexible platform
Credibility
Platform users include Cognizant , RBS , Fidelity , NIIT Technologies etc.
High CSAT ratings from existing Customers
System Integration Capabilities Services around solution implementation
/Application and Infrastructure support Industry packaged solution using domain
expertise from NIIT’S vertical teams.
High performance business results Improved portfolio optimization Enhancing organization’s ability for effective utilization of risk capital
Unique Delivery model Highly experienced team of risk professionals with
plethora of risk domain knowledge and business solutions
Customized solutions as per client’s needs Market Differentiators
Premier risk consulting firm serving top corporates/PSU’s as preferred knowledge partners
Increasing market penetration combined with unique value proposition in risk consulting space
Risk Management Capability Quick client assessment and delivery proposal
across ERM Multi industry and functional domain solutions
Strategic Alliance - ‘AssureEasy’ GRC Tool
32
Key Contacts
Corporate Mumbai Delhi Bangalore
Riskpro India
Ventures (P) Limited
info@riskpro.in
www.riskpro.in
C 561, Defence colony
New Delhi 110024
Manoj Jain Director
M- 98337 67114
manoj.jain@riskpro.in
Sivaramakrishnan President – Banking & FS
M- 98690 19311
smaran.iyer@riskpro.in
Rahul Bhan Director
M- 99680 05042
rahul.bhan@riskpro.in
Hemant Seigell SVP – Risk Management
M- 99536 97905
hemant.seigell@riskpro.in
Casper Abraham Director
M- 98450 61870
casper.abraham@riskpro.in
Vijayan Govindarajan EVP – Risk Management
M- 99166 63652 vijayan.govindarajan@riskpro.in
Ahmedabad Pune Kolkata Gurgaon
Maulik Manakiwala Associate Firm
M – 98256 40046
Gourav Ladha Sap Risk Advisory
M- 97129 52955
M.L. Jain Principal – Strategy Risk
M- 98220 11987
mljain@riskpro.in
Kashi Banerjee EVP – Risk Management
M- 98304 75375
kashi.banerjee@riskpro.in
Nilesh Bhatia Head – Human Capital Mgt.
M- 98182 93434
nilesh.bhatia@riskpro.in
Salem Ghaziabad Agra Hyderabad
Chandrasekeran Recruitment franchisee
M – 94435 99132
R Gupta Head – Insurance Risk
M- 98101 07387
Alok Kumar Agarwal Associate Firm
M- 99971 65253
Phanindra Prakash Member Firm
M- 95500 61616
Copyright- © 2012 Riskpro ,India .All rights reserved.
33
Key Contacts (Continued)
Corporate Bangalore
Riskpro India
Ventures (P) Limited
info@riskpro.in
www.riskpro.in
C 561, Defence colony
New Delhi 110024
Ravikiran Bhandari VP – IT Risk Advisory
M- 99001 69562
ravikiran.bhandari@riskpro.in
Copyright- © 2012 Riskpro ,India .All rights reserved.
top related