Security Improvement Services

Home \|\| About Us \|\| People \|\| Services \|\| Products \|\| Contact Us \|\|

Security Improvement Services

Our security services philosophy is that security should be based on business risk and be an integral part of the day-to-day operation of the business. We believe that any organisation that uses information technology (IT) should have an ongoing security improvement program.

The objective of the security improvement program is to achieve a balanced security profile, which we define as the level of control and security necessary to achieve the desired balance between business risks and the information security and control measures put in place to mitigate those risks. Our approach to information system security services is to recommend to all clients that they have a security improvement program in place.

Elements of the Security Improvement Program
The process that any organisation should follow to achieve a balanced security profile is described below. There are four major elements:

- Risk Assessment
- Assessment of Current Conditions

Security Improvements

Audit and Monitoring

We use a standard IS Security Assessment methodology. The methodology focuses on aspects of data security such as confidentiality, loss/corruption of data and the associated business impact. The methodology recognises data as being a corporate asset and evaluates the risks associated with the disclosure or loss of data and brings out avoidance and mitigation measures.
Our approach is based on the International Standards and essentially follows the following framework:

Risk Assessment
This basically is the process of analysing and interpreting the risk and covers 3 basic activities:

Determining the assessment scope

Collecting and analysing data including asset valuation, consequence assessment and threat identification, safeguard analysis, vulnerability analysis and likelihood assessment.

Interpreting risk assessment results.

Risk Mitigation
We test the controls and assess whether such controls are good enough for minimising the risks. In the process we suggest /recommend security controls to reduce risk to an acceptable level to the management. The following activities are discussed in a specific

Select safeguard

Accept residual risk

Testing the existing controls to ensure that they are effective continuously

Implementing, controls and monitoring effectiveness

While proposing security controls, we carry out the cost benefit analysis to ensure that cost of the control does not exceed the cost of risk. For testing, we use Automated tools, Internal Controls (computer based and non computer based), Security checklists, Penetration testing tools etc.

We also take part in the development, implementation and maintenance of IT Security Policy and Procedures which broadly covers the following:

Policy

Management

Risk Management

Personal and User Issues

Computer security incident handling

Awareness and Training

Security considerations in operations and maintenance

Physical and environmental security

Identification and Authentication

Audit trails

Cryptography

Data Handling Review
The review seeks to evaluate the management of data standards and data management and to evaluate controls over the development and implementation of data conversion systems and system interfaces.
Top

PRODUCTS

a	RCS - A web based application for Retail Classification
a	PICASSO - A web based application for Pay and Incentive Calculation and Accounting System
a	SOP 2003 - A web based application for Sales Order Processing
a	Financial Accounting System - A general Accounting Software
a	Edipack - An Oil Inventory Management System
a	Harpoon - A web based Suit of application Software
a	GuestPro - A Hotel Management System

pssitsonlineservicecohello