ctrls
Information Security Consulting

Aditri Consulting is pioneers in Information Security Consulting. Team of Experienced and Multifunctional Professional with objective of delivering the IT Services in the space of Information Security, IT infra Structure.

Compliance Consulting Services
  • ISMS Consulting ISO27001: ISO 27001 (BS 7799:2005) is a well-known security best practice that organizations benchmark to achieve enterprise security management. It entails 11 Security domains, 39Control Objectives and 133 Controls.
    We have qualified ISO27001 Lead auditors who provide consultancy for implementation of ISO27001 standards for enterprises and make them ready for certification by third party auditors.
  • ITSMS Consulting ISO20000: The IT Infrastructure Library, ITIL (ISO20000) is a series of documents that are used to aid the implementation of a framework for IT Service Management (ITSM).This framework defines how Service Management is applied within specific organizations. We have qualified ISO20000 Lead auditors who provide consultancy for implementation of ISO20000 standards for enterprises and Gearing them up to get ready for certification.
  • SOX Compliance (Sarbanes Oxley Act (SOX): As a result of the financial scandals at major Fortune 100 companies in 2001, Congress enacted the Sarbanes-Oxley Act of 2002. This act affects how public companies report financials, and significantly impacts IT. Sarbanes-Oxley compliance requires more than documentation and/or establishment of financial controls; it also requires the assessment of a company's IT infrastructure, operations, and personnel.
  • COBIT Experienced CIOs and emerging IT leaders are challenged by ever – increasing complexities in technology and business environments, leaders are faced with increasingly complex regulatory environment merger and acquisition issues and the Challenge of IT assignments at new organizations. Control Objectives for information and related Technology COBIT provides a rich frame work for Entity level and general operational controls.
  • We have qualified auditors who provide consultancy for implementation of COBIT standards for enterprises and make them ready for certification by third party auditors.
    ISO9000, HIPAA, GLBA

Security Compliance
  • Penetration Testing: A Vulnerability Assessment is a simple process to determine the current state of security. It usually entails using a standard Vulnerability Scanning tool.
    Penetration Testing is the single most effective means by which an organisation can test for security vulnerabilities without being breached by an unauthorized perpetrator. Penetration Testing can provide new insights into the security infrastructure, and the points of weakness most likely to be targeted by a hacker.
  • Security Gap Analysis: Most organizations have information security controls in place. Usually it is a mixture of firewalls, IDS / IPS systems and organizational security policies such as a Email usage / Internet usage. Some organizations must satisfy regulatory compliance requirements, while others want to ensure they are taking all the appropriate steps to keep their data and networks secure.
    The Gap Analysis helps an organization gain insight into the areas that need Mapping to required Compliance.
  • Security Architecture Imp & Design: Our Infrastructure Consulting Services group helps you plan, design and implement technical architectures and infrastructure. The Security solution based on the defined security architecture and the associated security policies are re charted out for implementation during this phase. A detailed activity plan with specific schedule is chalked out. Post implementation, recommendations are given to test for security vulnerabilities and patches and apply them accordingly. The implementation plan ensures that the applications are tested for functionality at each stage.
    Output:
    An implementation plan brief will be delivered for the proposed security architecture framework, which will consist of:
      i. Details of current systems within the Security Architecture.
     ii. Network diagrams all the details
    iii. Security Framework and configuration details
    iv. Configuration of various recommended security products


  • IT Security Audit: Security auditing is the formal examination and review of actions taken by system users. This process is necessary to determine the effectiveness of existing security controls, watch for system misuse or abuse by users, verify compliance with current security policies, capture evidence of the commission of a crime (computer or non-computer related), validate that documented procedures are followed, and the detection of anomalies or intrusions. Effective auditing requires that the correct data should be recorded and that is undergoes periodic review.
  • Application Testing: Application Security Review evaluates the security posture of an application across the development life cycle, enabling you to identify, eliminate, and prevent security risks in the applications that drive your business.
  • SAP Security Audit: Our auditing services range from very detailed audits (including detailed lists of who can do what, detailed and understandable risk descriptions, conceptual and procedural findings, relevant recommendations, Sarbanes-Oxley internal control impact) to quick scans. Following is a list of some of the areas we review:-
    i. Assessing, defining, and making recommendations to the existing SAP security landscape
    ii. Analyse roles and access provided and develop recommendations on how to best design roles to meet business and security requirements (i.e. analyse authorization objects)
    iii. Check for Segregation of duties compliance
    iv. Security parameters and security relevant internal processes
    v. Set up and review risk acceptance
    vi. Internal security policing policy and tools
    vii Custom reporting for auditors and/or audit tools
    viii. Assist in audit remediation
    We have qualified auditors who provide consultancy for implementation of COBIT standards for enterprises and make them ready for certification by third party auditors.
    ISO9000, HIPAA, GLBA
IT Infrastructure
  • 24/7 Operation /Data Centre Setup: On deciding to build your own data centre, you have to follow certain guidelines. Building a Datacenter is not something that will last for a day or two
    You may like to consult a data centre expert to formulate a standards-based design structure for your data centre as per your customizable requirements
    There are standard and optional components to these customizable services
    i. Space utilization
    ii. Raised floor
    iii. Power distribution systems
    iv. Air Conditioning, heating, and ventilation
    v. Air Flow management
    vi. Cable management
    vii. Environmental contamination
    viii. Fire protection
    ix. Shut –down controls
    x. Engine generator
    xi. Power quality
    xii. Maintenance levels of data centre support equipment
    xiii. Physical Security systems

  • Capacity Planning: As part of capacity planning, it looks at the current and future business needs and the associated IT needs to finally arrive at an optimal IT infrastructure/ architecture that is scalable and cost effective. This would typically involve:
    >> Assess the customer's overall objective for current and future business needs.
    >> Define, in consultation with the customer, critical application workloads, response requirements, availability objectives and growth estimates for each
    i. Design of IT infrastructure, architecture.
    ii. Technical evaluation of vendor solutions and decide on appropriate cost-effective solution.
    iii. Provide future directions and road map that goes in tandem with the technology trend.
    iv. Hand hold customer during deployment
    Reduced infrastructure costs Reduced cost of acquiring new systems Improved management efficiencies Reduced risk of over-utilisation impacts

    Performance Testing & Tuning: A standard approach to performance engineering The activities related to the performance engineering process are detailed in Figure. These activities, which must be performed at each major stage in the application development life cycle, include:
    Model:
    A model represents an application's key logic flows, and describes the expected flow of messages through the entire application from end to end. Creation of an application logic model is facilitated by creating use cases and message sequence diagrams.

    Test:
    Conduct tests to capture empirical data, which can be used in the model for key application logic flows. When test data isn't available (such as during an early life-cycle phase), use reasonable estimates based on comparable applications or experience flows.

    Validate assumptions and scenarios:
    Along with the model's representation of the application logic, you need a set of scenarios that reflect expected business and application transaction volumes. Test and revisit these scenarios at each phase of the life cycle.

    Recalibrate:
    When running models, you may uncover new insights regarding an application's performance behaviour. As test data comes in, you may also need to recalibrate to better reflect the environment.

    Conduct performance analysis:
    Each activity involves the review and analysis of performance data to learn about the application, develop ways to improve performance or design alternative means for delivering the function faster.

    Security Architecture & Network Services:
    Our Infrastructure Consulting Services group helps you plan, design and implement technical architectures and infrastructure.
    The Security solution based on the defined security architecture and the associated security policies are re- charted out for implementation during this phase. A detailed activity plan with specific schedule is chalked out. Post implementation, recommendations are given to test for security vulnerabilities and patches and apply them accordingly. The implementation plan ensures that the applications are tested for functionality at each stage.
    Output :-
    An implementation plan brief will be delivered for the proposed security architecture framework, which will consist of:
    i. Details of current systems within the Security Architecture.
    ii. Network diagrams with all the details
    iii. Security Framework and configuration details
    iv. Configuration of various recommended security products

  • Stress Testing
  • IT Management On - site & Remote
  • Disaster Recovery Plan