Our Business / Information Systems Security and Controls

a. I S Security Policy Development and review

Good Information security is a combination of different types of controls which include technical as well as human controls. We provide consulting on development of IS Security Policy, which provides the framework of control over information assets of the organisation.

b. Information Systems Security and Control Audits

Management requires assurance from time to time on the effectiveness and efficiency of various aspects of Information Systems Security and Controls which includes Compliance with IS Security Policy, legal compliance requirements and internal controls various IS processes. IS Systems Control Audits examine the management and administrative controls over Information Systems, IS Security examines the technical controls and procedural compliances. Some of the audit services under this category include:

  • Identity Management and Access Control Reviews
    Helps assess whether access to information assets by people as well as information processes is on “need to know-need to do” basis.

  • Information Asset Classification and Control
    With significant volume and variety of information handled by a organisation, Information Assets needs to be carefully classified to apply the right degree to security and controls, and right investment in security thereof.

  • Vulnerability Assessment & Penetrating Testing
    Organisation internal and internet-based networks are continuously vulnerable to a range of threats from hackers and potential attackers, who are looking to exploit the security weaknesses in the networks and exploit the vulnerabilities for challenge or personal gain. Pristine offers vulnerability assessment and penetrating testing services to help the organisation independent and expert evaluation of the vulnerabilities of its networks and technology infrastructure and vulnerable employees.

  • Audit and Certification of Outsourced IS Services
    Moving towards core-competence, business often outsource IT services, however the information security and risks, and effectiveness issues often surface subsequently leading to strained services and relationships.

    Review of outsourced IS services helps evaluate the risks, effectiveness of such services. Vendor Due Diligence Critical IS process such as the Software Development are often outsourced to vendors. A due diligence of IS Controls at the Vendors end assures the business of security of its Information assets and processes. The review also examines the Service Level Agreement with regard to IS Strategic risks, performance metrics and information safety.

  • Technical Security Reviews & Audits includes
    Review of critical IS process provide assurance on the security of the specific IS processes. These include:

    • E- Mail Security Management
    • Anti-Virus Management
    • Operating Systems Audits
    • Database Audits
    • Network Security Audits
    • Firewall Audits


 
     
Copyright 2007 - 2008 Redeve Conuslting Pvt Ltd
Site Design & Development by Bizdez Solutions