Problem Statement

Customer pursued CSA STAR certification and a review of the Information Security program to address Investor and customer requirements on information security and cloud security.

Services Delivered

• Conducted a comprehensive risk assessment, identified risks across organization (Engineering, Facilities, Human Resources, IT Infrastructure etc.) and provided recommendations
• Reviewed SDLC practices, IT infrastructure setup, regulatory requirements etc. and identified opportunities for improvement.
• Conducted Business Impact Analysis to identify critical services/products and business operations.
• Provided CSA STAR Certification Readiness Assessment, identified gaps against Control Areas and provided recommendations.
• Conducted Vulnerability Assessment and Penetration Testing (VAPT) for IT Infrastructure and Web Applications, identified vulnerabilities and provided recommendations for mitigation.

Value Provided

• Customer received Silver Certification for CSA STAR
• Provided the customer A Single Repository for Risks with controls mapping to ISO 27001, CSA STAR, NIST 800-53, COBIT 5.0
• Identified critical products and services as well as recovery requirements as part of Business Impact Analysis
• Enhanced Security Posture by identifying security flaws such as authentication, authorization, session management, input validation etc. in applications and infrastructure