CYBER SECURITY
Boost innovation and security while managing risk
Practice Leader
- Ramkumar Balasubramanian
- ramkumar@spcnc.com
A Cloud Security Expert with over 30 years of experience in IT and a remarkable portfolio of 26 patents across Infrastructure, AI/ML, and Automation. As a Wipro Fellow and an Independent Consultant for Fortune 15 companies, he has garnered international recognition for his contributions to Automation. His cost rationalization initiatives have delivered significant value to enterprises such as Citi Bank, Credit Suisse, and UBS. A dedicated innovator, Ram continues to drive excellence and transformation in the technology space.
Case Studies
Companies are highly dependent on Information Technology Infrastructure and need to build a fine balance between implementing advanced IT solutions and mitigating the cyber risks at all levels to manage those risks. Our insights and experience gained through continuous involvements IT governance projects and IT certification and attestation services enable us to assist you in project management of major IT changes, as we have seen that it is often of utmost importance to find and implement solutions for issues encountered in daily operations, especially concerning cybersecurity and data protection.
Cloud Audit-Our Approach
Approach Phases
Assess
Gathering architectural and design documents.
Analyzing the current cloud deployment and configurations
Documenting current procedures and practices
Identifying any gaps in documentation and alignment
Reviewing security policies and compliance measures
DESIGN AND CONSTRUCT
Analyzing cloud architecture and network configurations.
Performing GAP Analysis and suggesting solutions.
Recommending architectural improvements and optimization strategies.
Assessing disaster recovery strategies and business continuity plans.
Proposing the right architecture and improvements
EXECUTE AND REPORT
Developing a detailed action plan for audit recommendations.
Ensuring implementation of CAPA & Develop report.
Setting up a schedule for regular review and updates.
Building processes for incident change and Problem Management.
IT Audit - Our Approach
Approach Phases
Assess
Decide on sampling methodology
DESIGN AND CONSTRUCT
Review policies for test of design
Develop initial data request
Conduct walkthrough
EXECUTE AND REPORT
Conduct detailed testing of controls related to ITGC
Execute scripts and perform script output review
Review the deployment architecture through discussions
Review access control to test and development environment
Develop report
OUR SERVICES IN A NUTSHELL
IS Audit
BCP/ DR Assessment & Implementation
Certification Readiness Assessment
Application Security Life Cycle (ASLC)
ISAE 3402 & SSAE 18
Third Party/Vendor Risk Management
Advanced Real-time Threat Defense and Management
Data Leak prevention strategy
Dev Sec Ops
Cyber Security Strategy & Due Diligence Reviews
Cyber Forensics
Network Management and Security
Technology Assessments
User / Employee/ Management Awareness Training
VA/PT
One Policy Framework Implementation
Regulatory & Compliance Reviews
Source Code Review
Red Team Assessment
SDLC Review
Soc
Our Experience in SOC
OUR EXPERIENCE IN VARIOUS TYPES OF AUDIT
LIST OF SECTORS AUDITED BY US
- Automobile
- Logistics
- Consultancy
- Healthcare
-
IT Industry (Automation, Software
Development and many more)
OFFSHORE APPROACH
We provide assistance in End-to-end SOX lifecycle / IT audit service / VAPT
TOOLS SPNX TEAM IS FAMILIAR WITH
Brief Description
Cloud based workflow management Solution. Helps CPA firms in document
exchange and request list management
Used By SPC for
PBC request list management
Brief Description
DaaS/VPN tool used for providing secured remote access to team members.
Used By SPC for
Remote Access
Brief Description
Used to manage, organize and prepare supporting documentation and financial
reports in paperless binder
Used By SPC for
SOC Audit/ SOX Audit management
Brief Description
A leading cloud-based platform used for performing audit, risk, ESG and Compliance
management
Used By SPC for
SOX Audit
Brief Description
A leading cloud-based platform used for performing audit, risk, ESG and Compliance
management
Used By SPC for
SOX Audit
Brief Description
Provides end to end workflow environment.
Used By SPC for
Under training
USE CASE
SOC Compliance Enhancement
For an enterprise client, SPCNXT leveraged Gen-AI, specifically Meta AI’s LLama2 and LLama3,to significantly improve the SOC compliance process. By utilizing the input documents provided
by the enterprise, SPCNXT’s AI-powered solution was able to assess the level of compliance
more comprehensively and efficiently compared to the traditional sampling method. This usecase demonstrates SPCNXT’s ability to streamline compliance processes and ensure higher
accuracy in meeting regulatory requirements.
OUR BUSINESS DIFFERENTIATORS
Tools & Accelerators
Speed to Delivery & Simplifications
- Security Maturity Assessment services
- Third-Party Risk Management (TPRM) & GRC Performance Management Service
- PCI Advisory & Implementation services powered by the Control case platform
COE & CERTIFICATIONS
GRC CoE & Certifications
- Security Maturity Assessment services
- Third Party Risk Management (TPRM)
- Governance, Risk and Compliance(GRC)
- Security Awareness and Training &Certification resources
delivery model
Advisory to Implementation Partner
- Flexible global delivery approach
- Factory model across our deployment and consultin
integrated approach
Reusable Accelerators for Better Success
- Industry-leading framework standards and templates
- Framework with templates to assess and embark on a 3- 5 years of maturity journey
- Productized solution for reduced implementation time, Real Time visibility, Continues compliance
- Automated Maturity scoring, Correlation and analysis, Reports & Dashboard
strong partnership
Close Solution Partner Network
- Best of the Breed and strong partnership
- Seamless Integration
VULNERABILITY ASSESSMENT & PENATRATION TESTING
PENETRATION TESTING SERVICES APPROACH
This methodology covers everything related to a penetration test. Right from the initial communication, information gathering it also covers threat modeling phases to get a better understanding of the target through vulnerability research, exploitation and post exploitation.
tools used for va&pt
ACUNETIX
Acunetix Vulnerability Management. Acunetix is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
NESSUS
Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. It employs the Nessus Attack Scripting Language (NASL),
BURP SUITE
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals to identify vulnerabilities and verify attack vectors for web- based applications.
NETSPARKER
Netsparker is an automated web application security scanner. Netsparker helps identify security flaws such as SQL Injection, Cross-site scripting, OS Injection and other vulnerabilities.
NMAP
The structured data is then used in reporting tools like Power BI and Praxis-Pro, which help visualize and analyze the information. It enables companies to make informed decisions based on clear, concise data reports.
- Ramkumar Balasubramanian
- ramkumar@spcnc.com
A Cloud Security Expert with over 30 years of experience in IT and a remarkable portfolio of 26 patents across Infrastructure, AI/ML, and Automation. As a Wipro Fellow and an Independent Consultant for Fortune 15 companies, he has garnered international recognition for his contributions to Automation. His cost rationalization initiatives have delivered significant value to enterprises such as Citi Bank, Credit Suisse, and UBS. A dedicated innovator, Ram continues to drive excellence and transformation in the technology space.