Problem Statement
Customer pursued CSA STAR certification and a review of the Information Security program to address Investor and customer requirements on information security and cloud security.
Services Delivered
- Conducted a comprehensive risk assessment, identified risks across organization (Engineering, Facilities, Human Resources, IT Infrastructure etc.) and provided recommendations
- Reviewed SDLC practices, IT infrastructure setup, regulatory requirements etc. and identified opportunities for improvement.
- Conducted Business Impact Analysis to identify critical services/products and business operations.
- Provided CSA STAR Certification Readiness Assessment, identified gaps against Control Areas and provided recommendations.
- Conducted Vulnerability Assessment and Penetration Testing (VAPT) for IT Infrastructure and Web Applications, identified vulnerabilities and provided recommendations for mitigation.
Value Provided
- Customer received Silver Certification for CSA STAR
- Provided the customer A Single Repository for Risks with controls mapping to ISO 27001, CSA STAR, NIST 800-53, COBIT 5.0
- Identified critical products and services as well as recovery requirements as part of Business Impact Analysis
- Enhanced Security Posture by identifying security flaws such as authentication, authorization, session management, input validation etc. in applications and infrastructure
