CYBER SECURITY
Boost innovation and security while managing risk
Practice Leader
- Ramkumar Balasubramanian
- ramkumar@spcnc.com
Ram is a Cloud Security Expert with 30+ years of IT experience, holding 26 patents in Infra, AI-ML, and Automation. He’s a Wipro Fellow, an Independent Consultant for Fortune 15 companies, and has won international awards for Automation. Ram’s cost rationalization work benefited enterprises like Citi Bank, Credit Suisse, and UBS.
Companies are highly dependent on Information Technology Infrastructure and need to build a fine balance between implementing advanced IT solutions and mitigating the cyber risks at all levels to manage those risks. Our insights and experience gained through continuous involvements in IT governance projects and IT certification and attestation services enable us to assist you in project management of major IT changes, as we have seen that it is often of utmost importance to find and implement solutions for issues encountered in daily operations, especially concerning cybersecurity and data protection.
Best Practices
Best PracticeS
- IS Audit based on guidelines issued by Govt. on Cyber Security Frameworks
- Digital Forensic Readiness Assessment
- Guidelines on Working group on Infosec, Electronic Banking, Data Protection & Cyber Frauds Prevention
- Identity Protection secure and robust control framework to prevent information leakages
- Digital Banking Transactions in India – Operative guidelines for bank
- Threat Monitoring using sophisticated technology for Digital financial transactions
- Financial fund flow monitoring and advisory for optimal utilization
- IS Audit of vendors as a part of onboarding checks to evaluate adherence to industry standards
Three Lines Of Defense In Reference To It Governance
OUR SERVICES IN A NUTSHELL
IS Audit
BCP/ DR Assessment & Implementation
Certification Readiness Assessment
Application Security Life Cycle (ASLC)
ISAE 3402 & SSAE 18
Third Party/Vendor Risk Management
Advanced Real-time Threat Defense and Management
Data Leak prevention strategy
Dev Sec Ops
Cyber Security Strategy & Due Diligence Reviews
Cyber Forensics
Network Management and Security
Technology Assessments
User / Employee/ Management Awareness Training
VA/PT
One Policy Framework Implementation
Regulatory & Compliance Reviews
Source Code Review
Red Team Assessment
SDLC Review
IT & IS AUDIT
IT Audit is an essential function of any organization’s governance, risk management and compliance framework. IT Audit provides independent assurance to the management team and the board of directors that the organization’s operations, internal controls, and risk management processes are effective and efficient. An internal audit also helps identify areas for improvement and opportunities for cost savings, leading to increased profitability and better decision-making. In the case of companies operating in the digital landscape internal audit plays an even more critical role, given the ever-evolving nature of technology, security threats, and compliance requirements. The internal audit team will need to be proficient in a broad range of areas, including data security, project management, vendor management, and IT infrastructure, to ensure the company’s continued success and growth in the digital space.
To perform an audit should contact the parties under consideration to gather basic documentation focusing on people, processes, and technology directly related to the product or service the organization is seeking. Categories of information gathered for audit might include:
IT RISK MANAGEMENT & CYBER SECURITY SERVICES
- Experts With Relevant Certification
- Proven Methodology On Similar Projects For Leading Indian Banks
- Technical Expertise And Knowledge Repository
- Access To SPNX Consulting Proprietary Tools & Techniques
- Use Of Cutting-Edge Technology
IT RISK MANAGEMENT and CYBER SECURITY ROADMAP
OUR BUSINESS DIFFERENTIATORS
Tools & Accelerators
Speed to Delivery & Simplifications
- Security Maturity Assessment services
- Third Party Risk Management (TPRM) & GRC Performance Management Service
- PCI Advisory & Implementation services powered by Control case platform
COE & CERTIFICATIONS
GRC CoE & Certifications
- Security Maturity Assessment services
- Third Party Risk Management (TPRM)
- Governance, Risk and Compliance(GRC)
- Security Awareness and Training &Certification resources
delivery model
Advisory to Implementation Partner
- Flexible global delivery approach
- Factory model across our deployment and consultin
integrated approach
Reusable Accelerators for Better Success
- Industry-leading framework standards and templates
- Framework with templates to assess and embark on a 3- 5 years of maturity journey
- Productized solution for reduced implementation time, Real Time visibility, Continues compliance
- Automated Maturity scoring, Correlation and analysis, Reports & Dashboard
strong partnership
Close Solution Partner Network
- Best of the Breed and strong partnership
- Seamless Integration
VULNERABILITY ASSESSMENT & PENATRATION TESTING
Co-managed Vulnerability management operations
Develop VM Governance Structure
- Understand the architecture, Network/IP distribution, existing processes & reports, existing security solutions, Device location, Connectivity, Application (in scope), SLAS
- Develop a structured VM program plan, Risks & Dependencies, Report type, formats & frequency, SOPs, Escalation. Matrix, Roles & Responsibilities, etc.
- Develop process for managing workload via agile framework
Asset Discovery
- Periodic Asset Discovery scans, Asset grouping & Asset tagging
Scheduled Scanning & Reporting
- Perform Vulnerability Scanning, False positive analysis & removal
- Remediation Advisory, remediation co-ordination
- Visualizing threat data from the SOC analysts
- Determining susceptible assets and prioritize vulnerability patches using threat intel advisory
- Vulnerability Scan report, Executive Management Report as per Customerdirections.
PENETRATION TESTING SERVICES APPROACH
Define Scope
Discussion on In Scoped & Out Scoped Parameters
Enumeration /Recon
Passive & Active Information Gathering
Assessment Scanning
Identification & Validation of Vulnerabilities
Exploitation
Exploit True Vulnerability to gain unauthorized access
Post Exploitation
Escalate privilege level & extract the sensitive data
Reporting
Report all Findings with Remediation
tools used for va&pt
ACUNETIX
Acunetix Vulnerability Management. Acunetix is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
NESSUS
Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. It employs the Nessus Attack Scripting Language (NASL),
BURP SUITE
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals to identify vulnerabilities and verify attack vectors for web- based applications.
NETSPARKER
Netsparker is an automated web application security scanner. Netsparker helps identify security flaws such as SQL Injection, Cross-site scripting, OS Injection and other vulnerabilities.
NMAP
The structured data is then used in reporting tools like Power BI and Praxis-Pro, which help visualize and analyze the information. It enables companies to make informed decisions based on clear, concise data reports.