yhcg - it security and risk management

~ Aegis ~ ~Product overview

~

Yellow House Consulting

Group

Copyright © 2014-15 yhcg.in

Beyond Firewalls

Protection

& Performance

~ Aegis ~~ Aegis ~


IT assessments bring in IT discipline, reality check and ensures continuous IT maturity and readiness for the organization

80% of large and 60% of small organizations experienced at least one “malicious security incident” in 2014

60% Indian IT professionals feel organizations cannot protect itself from Cyber attacks

Why IT Security and Risk Management ?

Yellow House Consulting GroupAegis ~ IT Security & Risk Management

DDoS, Web applications, and IT infrastructure attacks represent some of the most critical threats to enterprises today ~ Akamai security report, Q4, 2014


Hackers used email information from Mumbai firm, “Mallak Specialities Pvt Ltd”, to fleece the firm to deposit money into bank accounts~ 27-OCT-2014 - HC directs CBI to investigate

19% of incidents are a results of insider privilege misuse – Verizon Report

The ONLY way to strengthen and test your IT systems effectiveness, efficiency & readiness of IT security is by periodic systems assessment and vulnerability tests by a systems vendor

Why IT Security and Risk Management ?



IT security and risk management Objectives

Common IT assessment Observations

What we are confident of – YHCG IT services lines

IT for Business transformation

What after IT assessment ?

Index



Alignment of Business requirements with existing IT Support Systems

Availability of mature and cost effective IT systems – for negligible down time

Security – Accessibility to ONLY authorized users, prevention of Data theft and Vulnerability to unwarranted intrusions and attacks

…contd.

Risk Management Objectives – what we look for ?



Capability – Provide users with necessary tools and solutions to efficiently and effectively do their jobs and be flexible in adapting to changing business needs

Competitiveness – IT being used as an business enabler for competitive advantage

Risk Management Objectives – what we look for ?


No pre-defined IT Strategy hence absence of Business-IT Alignment

No SOP made available for Policy reference and Security Implementation

Absence of IT Security & Configuration management (baseline & setup) plan

Critical lapses in IT operations control leading to attack vulnerability …contd.

Common Observations during assessment




No IT Disaster Recovery Plan for Business Continuity

Low level of IT Security Maturity, IT Ops Control, Configuration Management, Data Loss and Theft prevention

No evidence of IT being used as an enabler to transform business



Organization’s IT Setup – managed by quality team having pre-defined KPAs and responsibilities (in - house and/or outsourced)

IT Framework – to implement IT Security policies and Operation Control Systems

IT Role - to facilitate, support and steer the organizational goals as a Business Transformational Agent

…contd.

Post Assessment Implementation by YHCG



Secure IT Network Architecture – Network overhauled and re-postured due to lack of security controls & concepts like zoning & DMZ

Security management and IT ops monitoring software Implementation

IT Vulnerability - Overcome IT Operational Control weaknesses and implement governance framework & security policies to mitigate Business-IT risks

…contd.




DLP (data loss prevention)- to be implemented at the organization level

Disaster Recovery Plan - to be developed to support the organization’s Business Continuity Plan

IT Cost Control – evaluate early adoption of Hybrid Cloud solutions, Server Virtualization and Open Source Software to reduce cost, infra manageability and maintain high availability of certain data & software services

…contd.




Secure Connectivity - evaluate cost and implement VPN connectivity for more secure connectivity between HO & branches

IT Planning – Short / Long Term plans and Vision which include:

Processes - tuned & in alignment with Business needs Systems - operational control and overhaul People - optimally sized trained staff augmentation to

satisfy new necessary roles and responsibilities





Smart & Disciplined IT implementation can help to solve specific business complexities and help do business effectively and efficiently

In today’s fast paced business environment, it is about managing your systems & data optimally so that it will transform your business

Excellence in Technology Implementation is the best way to put distance between a company and its competitors

IT should not be just adopted for IT sake

IT Myth : ~ more resources, extra cost, more hardware & software

- but best-in-class practices prove otherwise

IT for Business Transformation…



IT systems & software setup, Network & IT Security Grade - assessment

Secure Network Design and implementation (Small and Medium businesses)

Data Loss Prevention (DLP) – design and implementation

Cyber defence – assessment, design and implementation

Vulnerability assessment & Penetration Test (VAPT)

Identity and access management - design and implementation

Hybrid Cloud – design & implementation

YHCG service lines ……..



What after IT assessment ?

Yellow House Consulting GroupAegis ~ IT assessment Overview


Thank you !

Yellow House Consulting Groupwww.yhcg.in


http://www.yhcg.in/