gloriolesoft consulting security and privacy offering
DESCRIPTION
Gloriolesoft Consulting Security and Privacy Offering : Security, Enterprise Security Architecture, SOA Security , REST, Mobile Gateway Solution, IAM, GRC, Application Security, Risk and ComplianceTRANSCRIPT
Gloriolesoft Consulting
Information Security
Identity and AccessManagement,Identity Lifecycle ,SOA Securityand
Cloud Security
Security and Privacy
Enterprise Security Strategy and Roadmap, Security Architecture Blueprint , Design and Governance
Application Security Strategy , Secure Policy, Guidelines and Procedure
Security Risk Assessment, Security Audit, Regularity and Compliance
Engagement Lifecycle Assessment, Strategy and Roadmap
Planning and Budgeting
Secure Architecture and Design
Manage Security and Educate
Secure Package Implementation and Deployment
1. Sit with CXOs and detailing business vision ,strategy, direction and roadmap
2. Develop strategic Goal, benefit and ROI
3. Build trust and assess customer’s security posture
4. Evaluate existing security policies, processes and standards, and security architecture
5. Establish security baseline and define strategic security roadmap
6. Identify the Risk Associated with Enterprise, i.e. both business and technical risk
1. Define Governance Model
2. High level Plan, estimation and budgeting
3. Define delivery gate 4. Vendor selection
and strategic alignment
5. Detailed program plan ,resource ,ownership and milestone .
6. Risk and Mitigation plan
1. Architectural blueprint
2. Architectural Governance and Design Authority
3. Best practice and guidelines , technology feasibility and vendor selection based on best fit scorecard
4. Develop policies, standard and process
5. Architectural Decision
6. SAD [ Software Architecture and Design]
7. HLSD [ High Level Solution Design ]
8. LLSD [Low Level solution Design]
9. Test Plan and Test Strategy.
10. Application Security Guidelines and Strategy
11. App and Web Security checklist
1. Platform and environment readiness
2. SW and Hardware licensing an d procurement
3. Implementation Identity life Cycle
4. Develop custom code
5. Integration 6. Static , Dynamic
and interactive security testing
7. Secure Code review ,penetration testing
8. EIT, SIT9. Audit, reporting ,
Management dashboard
1. Infrastructure readiness
2. Deployment at Preprod , Preview and Production
3. UAT4. Security Testing 5. Operational Readiness6. Go-Live7. ITSM lifecycle 8. En User Training 9. Security Awareness
Training
Service Offering ‐ ArtifactsIdentity , Account Lifecycle and Cloud Security
Managed Security and Infra Security
1. Develop Identity Life cycle strategy andRoadmap
2. IAM Risk assessment , Gap analysis andFederation readiness.
3. Product Evolution, Licensing strategy andscorecard based product recommendation
4. Cloud and API Gateway Security solution [OAUTH2.0, OpenID, SAML2.0].
5. IAM Architecture design and technicalblueprint
6. Identity Data Modeling , Migration plan7. Identity Lifecycle , Directory Services and
Access Management installation,configuration and customization
8. Account life cycle such as Userprovisioning , de-provisioning, self serviceand password Management
9. Federated Identity Management , TrustedIdentity Solution
10. RBAC, Role Mapping11. Authorization ,Policy Manager , runtime
authorization and Entitlement12. SOA Security, Web Service Security13. Public Key Infrastructure (PKI)14. Smart Cards management Solution,
2Factor /Multifactor Authentication15. Single Sign on , Web Single Sign On,
Single Sign Off/ Logout and EnterpriseSingle On , Secure Token Services
16. Integration, custom adapter/connectordevelopment
17. Testing Plan and Strategy [UAT, SIT andE2E Functional Testing and PerformanceTesting]
1. Application Security Roadmap, Strategy and Guidelines
2. Secure process development through out SDLC
3. E2E Security Testing [ Static , Dynamic , Interactive and Glass box testing]
4. Secure policies, guidelines and standard [OWASP TOP 10, SANS and Industry best practice]
5. Secure Code review, coding standard and guidelines
6. Design and Architecture review
7. Code scanning through Static scanning, Website testing and Webservice Testing through dynamic scanning
8. Application Vulnerability Assessment , Threat modeling and Penetration Testing
9. Database security Assessment and security checklist for Non Standard Applications
10. Training and awareness
1. Management Security Dashboard
2. Information Security Assessment and Audits
3. Outsourcing and Third-party security checks and audits
4. Risk Assessment, Gap Analysis, Control Design & Test of Operating Effectiveness
5. Standards and Regulatory Compliance Strategy
• Sarbanes Oxley (SOX)• Gramm-Leach-Bliley Act
(GLBA)• HIPAA• Payment Card Industry
(PCI) standards• Basel II• SAS-70• ISO 27001 Readiness
review and Pre certification services
1. Vulnerability Management & Incident Response
2. Emergency Response and Forensic Investigation
3. BCP/ DRP – Business Impact Analysis, DR Strategy & Testing
4. ITSM - Continuous Application Maintenance Services
5. IDS, IPS, Firewall policy and Rule configuration
6. Secure network design [F5, BigIP]
Assurance, Risk, Governance, Regularity Compliance
Application Security
Technology EnablerIdentity , Account Lifecycle and Cloud Security
Managed Security and Infra Security
IBM ISS SiteprotectorIDS, IPS
Assurance, Risk, Governance, Regularity Compliance
Application Security
Tivoli Identity Manager (TIM)Tivoli Access Manager (TAM)Tivoli Access Manager For eBusiness (TAMESSO)Tivoli Federated Identity Manager (TFIM , STS)Tivoli Directory Server (TDS) & Directory Integrator (TDI)Tivoli Security Policy Manager
Oracle Identity Manager (OIM)Oracle Access Manager (OAM)Oracle Entitlement Server (OES)Oracle Identity Directory and Oracle Virtual Directory (OID, OVD)
Microsoft ILM, UAM, TMG Microsoft ADFS
RSA Access ManagerRSA Federated Identity Manager
CA Identity Manager / Access control / Single sign-onCA SiteMinder, CA SSO, CA IdentityNovell NSure Identity Manager, Access Manager and Federation Solution
Ping Identity and Federation Service
Web Sphere Data powerApigee Gateway ApplianceLayer 7
Rational Appscan for SourceEdition [Static]
Rational Appscan Enterprise Edition [Interactive and Dynamic]
Rational Appscan Standard Edition [ Dynamic and Glassbox]
Fortify SoftwareSPI Dynamics
Security Information & Event Management (SIEM)
Tivoli Security Operations Manager & Consul InSight
ArcSight Enterprise Security Manager
NetIQ Security ManagerCA Security Command Center
Vulnerability & Threat Management
IBM Internet Scanner Software
IBM Proventia Network Enterprise Scanner
IBM Proventia Management SiteProtector
CA Vulnerability Manager