Our Services
 
Security Consulting:
 
We provide security consultancy based on ISO27001 standard. It comprises of best practices for IT Security. Information Security Management System (ISMS) is the framework around ISO27001 Standards.
 
Following processes cover the entire ISMS:
Gap analysis
Threat Profiling
Risk Assessment
Asset register
Risk Mitigation plan
Control Identification
Statement of Applicability
Policies, procedures and guidelines preparation
Records and documentations
Monitoring matrices
Review of controls performance

 
ISMS is a continuous process, means continuous improvement. Our engagement with our customers is to complete one ISMS cycle. During this cycle, customer’s employees also form a part of team and get trained on ISMS. At the end of one cycle, these employees will be able to maintain ISMS and manage continuous improvement.

Many a times, customers do not choose to be ISO27001 Certified. But they would like to have similar controls and processes in place to protect the information assets. Some customer would like to adopt a phased approach, completing all the above activities in 3 or 4 phases. Similarly, many customers would like to take up one or two important departments, which play a major role in company’s performance, for ISMS.  In all such cases, we are flexible with our engagement modes. We adjust our times and costs as per customers needs.

Please see Methodologies Chapter for activities in details.
 
 
 

 
Security Audit:
 
With a strength based on vast technical experience, we offer technical audit of any IT Infrastructure. It includes:
 
Following processes cover the entire ISMS:
Network Infrastructure – including routers, firewalls, Chassis Switches, L2/L3 Switches, Load Balancers, Content Switches etc.
Operating System – Windows, AIX, HP-UX, Any flavor of UNIX, Any Linux
Data Bases – Oracle, MS SQL, MySQL, any other databases
Web Applications – Java, .Net, WebSphere
MiddleWare – WebSphere MQ Series
 
We also provide security consulting for SCADA Systems. Manufacturing industries use process controlled equipments, capturing vital production and operational data. We are equipped to provide security consultancy and auditing of such systems.
 
 
 

 
Regulatory/Compliance consulting:
 
Governments and corporate bodies frame regulatory compliance for businesses to follow. These compliances are based on best governance practices of the industry. Regulatory authority also lay down punitive measures in case of non-compliance. Such measures range from heavy fines and up to jails. SecureKeys Consulting provide consulting services for regulatory compliances like:
 
PCI-DSS
Sarbanes-Oxaley (SOX)
SAS70
GLBA
HIPAA
21 CFR Part 11
 
 
 

 
Vulnerability Assessment:
 
Research organizations and individuals continuously try to find out and identify vulnerabilities in IT Infrastructure. They address the entire spectrum of Technology, including obsolete ones. Most of the companies’ core business is other than Information Technology. Hence, sometimes, companies can not keep a track of these vulnerabilities and may miss to patch them up.

SecureKeys Consulting help in identifying vulnerabilities in the IT Infrastructure components using multiple tools, interpret the outputs of these tools and submit a concise, easy-to-understand report on vulnerabilities and also recommend remedial actions.
 
 

 
Penetration Testing:
 
To protect our assets from thief, we have to think like a thief! Hackers and malicious users exploit the vulnerabilities in the IT Infrastructure and carry out their nefarious activities. Thinking and acting like them, penetrating our own infrastructure, gives a clear picture about the impact of compromise of IT Infrastructure.

SecureKeys Consulting provide Penetration testing services to customers’ infrastructure. We carry out internal as well as external penetration testing, as per customer’s requirement. Based on identified vulnerabilities, we create attack scenario and Proof of Concept. At the end of the activities a detailed report on the outcome of the penetration testing is submitted to the customer. Customer can take precautionary steps to fill up the gaps and plug the loopholes and weaknesses.
 
 
 

 
DR/BCP Consulting:
 
Any disaster, man-made or natural, affects the functioning of any organization. The survivability of any organization entirely depends on its approach to react fast and continue the business as usual.
 
SecureKeys Consulting provides Disaster Recovery and Business Continuity Planning consultancy services to organizations. Disaster Recovery Plan is a subset of Business Continuity Plan. Based on the business model and its needs, many organizations decide to have only DR Plan.
   
We carry out the following activities DR/BCP Consulting Activities.
Business Impact Analysis
Identification of Critical Components
Creation of specifications and RFP
Vendor evaluation and SLA formulation
Testing and Implementation of critical components
Policy, procedures and guidelines preparation
Contingency planning
Preparation of other supporting plans like Coop Plan, Communication Plan etc.
Testing of Plan
Training, records and documentation
 
Please see Methodologies Chapter for activities in details.
 
 
 

 
Data Centre Consultancy, Audit and Review:
 
Many new technologies like Virtualization, Storage Consolidation, Cloud computing, Software-as-a-Service (SaaS) etc. have changed the IT Infrastructure setup norms in the world. It has been further bolstered by higher bandwidths, reducing cost, ease of operation and focus on core competencies. Technical development and engineering in the field of semiconductors and protocols have materialized many ideas and concepts which seemed impossible a few years back.

Overall, a new computing methodology has evolved. And many innovative companies have already started offering such services with underlying concept of data centre designed as per industry standards. The Telecommunications Industry Association (TIA) has formulated a standard for Data Centres known as TIA-942 standards. Depending on the availability requirements, it defines data centres in 4 Tiers, Tier-I to Tier-IV.

We provide Data Centre consultancy to upcoming data centres. We also provide review and audit services for existing data centres. We follow the TIA-942 guidelines for data centres which cover broadly following four areas:
 
Architectural Design
Environmental Design
Cabling Design
Electrical Design
 
Apart from the above, we also consider the security aspect in the design of the data centre
 
 
 

 
Digital Forensics and e-Discovery:
 
Corporate companies may require forensics services to identify any malicious activities like fraud, forgery or industrial espionage. With collected evidences, management will be able to take necessary actions.
 
SecureKeys Consulting provides such services. Following are the activities covered in it:
 
Evidence collections
Computer forensics,
E-discovery
Network forensics
 
 
 
 

 
C-SIRT Consulting:
 
C-SIRT is a very important part of organization’s security setup. In fact, it works in conjunction with Security Organization of the company. C-SIRT handles all security relevant incidences within the company as per its IT Security Plan. Every reported incident passes through the lifecycle and provides valuable input to Security Plan as well as it enriches the knowledge base of the organization.

SecureKeys Consulting provide C-SIRT implementation strategy and consulting services to corporate companies. We also provide training for setting up C-SIRT centre. Following are the major stages of C-SIRT activities.
 
 
 
 
 

 
Managed Security Services:
 
IT industry is ever growing and technical skills to manage IT are always in shortage. It leads to high attrition rate of skilled manpower. Especially, specialized and certified security professionals are available very rarely. Again this class of professional is also affected by attrition. Professional and qualified security personnel are highly paid professionals and corporate companies spend lots of money and resources to train and retain them. When this person leaves the job, companies have to go through the same rigor of interview, hire, train and retain security professional. To come out of this vicious loop, SecureKeys Consulting can be a part of your organization by providing Managed Security Services.
 
Outsourcing Security Services helps companies in following aspects:
 
Cost
Responsibilities
Effectiveness
 
Cost of hiring professionally qualified security personnel is quite high compared to any other IT Professional. Manpower attrition adds up to the cost of interview, hire, train and retain them again. By opting Managed Security Services, companies can reduce the cost associated with these activities.

SecureKeys Consulting will take up the full responsibility of managing company’s IT security. It is always easier to handle an external agency than the internal staff, in case of a violation or breach of security. This is true because of well formulated SLAs and contracts with external agency.

All the resources available with SecureKeys Consulting are at customer’s disposal under the Managed Security Services. Having a vast pool of resources and knowledgebase, SecureKeys Consulting is better positioned to provide effective security solution.

We use open source as well as commercial tools to manage security services for a company. Based on the customer’s requirements and SLAs, we design the security architecture for the customer. It would also be required to deploy some devices and tools at customer premises to monitor and manage the security of the company.

SecureKeys Consulting provides two options of engagement for Managed Security Services. In first mode, SecureKeys Consulting takes the full ownership of remediation of the vulnerabilities observed in IT Infrastructure. In second mode, SecureKeys Consulting will provide email/SMS support to IT manager of the company who will carry out remediation actions. In both the modes, SecureKeys Consulting will be communicating to higher management as well as to IT manager with possible remediation steps.

We also review the performance of service at a regular interval, ideally every quarter or as per customer’s requirement.
 
 
 
 
 
 
   




 
 
 
 
 
© Copyright SecureKeys Consulting
 
 
  Site Best Viewed in 1024 x 768 in IE8