gloriolesoft consulting security and privacy offering

5

Click here to load reader

Upload: debasis-chakraborty

Post on 22-May-2015

139 views

Category:

Business


1 download

DESCRIPTION

Gloriolesoft Consulting Security and Privacy Offering : Security, Enterprise Security Architecture, SOA Security , REST, Mobile Gateway Solution, IAM, GRC, Application Security, Risk and Compliance

TRANSCRIPT

Page 1: Gloriolesoft Consulting Security and Privacy Offering

Gloriolesoft Consulting 

Page 2: Gloriolesoft Consulting Security and Privacy Offering

Information Security

Identity and AccessManagement,Identity Lifecycle ,SOA Securityand

Cloud Security

Security and Privacy

Enterprise Security Strategy and Roadmap, Security Architecture Blueprint , Design and Governance

Application Security Strategy , Secure Policy, Guidelines and Procedure

Security Risk Assessment, Security Audit, Regularity and Compliance

Page 3: Gloriolesoft Consulting Security and Privacy Offering

Engagement Lifecycle Assessment, Strategy and Roadmap

Planning and Budgeting

Secure Architecture and Design

Manage Security and Educate

Secure Package Implementation and Deployment

1. Sit with CXOs and detailing business vision ,strategy, direction and roadmap

2. Develop strategic Goal, benefit and ROI

3. Build trust and assess customer’s security posture

4. Evaluate existing security policies, processes and standards, and security architecture

5. Establish security baseline and define strategic security roadmap

6. Identify the Risk Associated with Enterprise, i.e. both business and technical risk

1. Define Governance Model

2. High level Plan, estimation and budgeting

3. Define delivery gate 4. Vendor selection

and strategic alignment

5. Detailed program plan ,resource ,ownership and milestone .

6. Risk and Mitigation plan

1. Architectural blueprint

2. Architectural Governance and Design Authority

3. Best practice and guidelines , technology feasibility and vendor selection based on best fit scorecard

4. Develop policies, standard and process

5. Architectural Decision

6. SAD [ Software Architecture and Design]

7. HLSD [ High Level Solution Design ]

8. LLSD [Low Level solution Design]

9. Test Plan and Test Strategy.

10. Application Security Guidelines and Strategy

11. App and Web Security checklist

1. Platform and environment readiness

2. SW and Hardware licensing an d procurement

3. Implementation Identity life Cycle

4. Develop custom code

5. Integration 6. Static , Dynamic

and interactive security testing

7. Secure Code review ,penetration testing

8. EIT, SIT9. Audit, reporting ,

Management dashboard

1. Infrastructure readiness

2. Deployment at Preprod , Preview and Production

3. UAT4. Security Testing 5. Operational Readiness6. Go-Live7. ITSM lifecycle 8. En User Training 9. Security Awareness

Training

Page 4: Gloriolesoft Consulting Security and Privacy Offering

Service Offering ‐ ArtifactsIdentity , Account Lifecycle and Cloud Security

Managed Security and Infra Security

1. Develop Identity Life cycle strategy andRoadmap

2. IAM Risk assessment , Gap analysis andFederation readiness.

3. Product Evolution, Licensing strategy andscorecard based product recommendation

4. Cloud and API Gateway Security solution [OAUTH2.0, OpenID, SAML2.0].

5. IAM Architecture design and technicalblueprint

6. Identity Data Modeling , Migration plan7. Identity Lifecycle , Directory Services and

Access Management installation,configuration and customization

8. Account life cycle such as Userprovisioning , de-provisioning, self serviceand password Management

9. Federated Identity Management , TrustedIdentity Solution

10. RBAC, Role Mapping11. Authorization ,Policy Manager , runtime

authorization and Entitlement12. SOA Security, Web Service Security13. Public Key Infrastructure (PKI)14. Smart Cards management Solution,

2Factor /Multifactor Authentication15. Single Sign on , Web Single Sign On,

Single Sign Off/ Logout and EnterpriseSingle On , Secure Token Services

16. Integration, custom adapter/connectordevelopment

17. Testing Plan and Strategy [UAT, SIT andE2E Functional Testing and PerformanceTesting]

1. Application Security Roadmap, Strategy and Guidelines

2. Secure process development through out SDLC

3. E2E Security Testing [ Static , Dynamic , Interactive and Glass box testing]

4. Secure policies, guidelines and standard [OWASP TOP 10, SANS and Industry best practice]

5. Secure Code review, coding standard and guidelines

6. Design and Architecture review

7. Code scanning through Static scanning, Website testing and Webservice Testing through dynamic scanning

8. Application Vulnerability Assessment , Threat modeling and Penetration Testing

9. Database security Assessment and security checklist for Non Standard Applications

10. Training and awareness

1. Management Security Dashboard

2. Information Security Assessment and Audits

3. Outsourcing and Third-party security checks and audits

4. Risk Assessment, Gap Analysis, Control Design & Test of Operating Effectiveness

5. Standards and Regulatory Compliance Strategy

• Sarbanes Oxley (SOX)• Gramm-Leach-Bliley Act

(GLBA)• HIPAA• Payment Card Industry

(PCI) standards• Basel II• SAS-70• ISO 27001 Readiness

review and Pre certification services

1. Vulnerability Management & Incident Response

2. Emergency Response and Forensic Investigation

3. BCP/ DRP – Business Impact Analysis, DR Strategy & Testing

4. ITSM - Continuous Application Maintenance Services

5. IDS, IPS, Firewall policy and Rule configuration

6. Secure network design [F5, BigIP]

Assurance, Risk, Governance, Regularity Compliance

Application Security

Page 5: Gloriolesoft Consulting Security and Privacy Offering

Technology EnablerIdentity , Account Lifecycle and Cloud Security

Managed Security and Infra Security

IBM ISS SiteprotectorIDS, IPS

Assurance, Risk, Governance, Regularity Compliance

Application Security

Tivoli Identity Manager (TIM)Tivoli Access Manager (TAM)Tivoli Access Manager For eBusiness (TAMESSO)Tivoli Federated Identity Manager (TFIM , STS)Tivoli Directory Server (TDS) & Directory Integrator (TDI)Tivoli Security Policy Manager

Oracle Identity Manager (OIM)Oracle Access Manager (OAM)Oracle Entitlement Server (OES)Oracle Identity Directory and Oracle Virtual Directory (OID, OVD)

Microsoft ILM, UAM, TMG Microsoft ADFS

RSA Access ManagerRSA Federated Identity Manager

CA Identity Manager / Access control / Single sign-onCA SiteMinder, CA SSO, CA IdentityNovell NSure Identity Manager, Access Manager and Federation Solution

Ping Identity and Federation Service

Web Sphere Data powerApigee Gateway ApplianceLayer 7

Rational Appscan for SourceEdition [Static]

Rational Appscan Enterprise Edition [Interactive and Dynamic]

Rational Appscan Standard Edition [ Dynamic and Glassbox]

Fortify SoftwareSPI Dynamics

Security Information & Event Management (SIEM)

Tivoli Security Operations Manager & Consul InSight

ArcSight Enterprise Security Manager

NetIQ Security ManagerCA Security Command Center

Vulnerability & Threat Management

IBM Internet Scanner Software

IBM Proventia Network Enterprise Scanner

IBM Proventia Management SiteProtector

CA Vulnerability Manager