Facing a challenge or a problem?

( Allow our Industry Experts to revert in complete confidentiality )

If you knew your Business Risks from IT, you would have managed them by now.

We believe in: Protecting the ABCs of your business.

>> Is your identity SAFE?

>> Is your identity SAFE?

Is our personal data at Hospitals, Airlines,Railways, Banks, Insurance Companies, Internet or Telecom operators SAFE?  

>> Controls for PEACE of MIND

>> Controls for PEACE of MIND

Follow what is prescribed. Ensure controls are compliant to ISO27001, SEBI, Clause49, NSE, BSE, DOT, SOX, PCI and Indian IT ACT. 

>> Be in Line

>> Be in Line

Unwanted Derogatory Comment on FACEBOOK, Social sites can land you behind bars. BODY CORPORATEs must take care  and Protect PERSONAL data.  

>> Nirvana of the MIND

>> Nirvana of the MIND

EXPAND and INCLUDE greater knowledge to MANAGE business RISKS and GROWTH.    

>> Aware Workforce

>> Aware Workforce

Information security is a habit and a culture. Adopt before it's late!

TPL_BEEZ3_NAV_VIEW_SEARCH

TPL_BEEZ3_NAVIGATION

Q1. Consultants from all walks of life talk about best practices and aim to implement them. Further there are many standards such as ISO 27001, COBIT, ITIL, COSO, CMM etc. which is so confusing.
Q2. Our company is growing and has global presence. Our business models include e-commerce, online customer services (internet banking, account management, insurance) and information delivery models. What level of security should be in place?
Q3. We suspect that our data and IT resources are often being misused.
Q4. We are a growing company with excellent product lines but there are endless customer complaints and customer royalty is limited.
Q5. Most IT consultants find problems with older systems, technology and systems. The recommendations mean more investments, many times not viable.
Q6. We have implemented a known brand of ERP / Biz application solution but the benefits are not visible as anticipated.
Q7. Users and IT department do not understand importance of data security.
Q8. We have spent millions ($, Euro, INR…) on setting up IT, systems and infrastructure, but they seem to fail us at most crucial times and when least expected.
Q9. Last time, our server crashed / IT services were down we lost more than 2 days of time.
Q10.
What are the benefits of getting the IT systems audited?
Q11. There is a never ending request from IT to upgrade hardware, software and networking citing reason of performance, obsolescence, technology issues. How do we validate and justify these?
Q12. Software solutions are always delayed or cost more. Implemented solutions constantly throw up bugs. Software support service remains a key concern.
Q13. We are a small organization having 30+ computers connected on LAN. We do not need security Audit.
Q14. IT expenses are already high requiring constant inputs. Security auditing is additional expense.

Q1. Consultants from all walks of life talk about best practices and aim to implement them. Further there are many standards such as ISO 27001, COBIT, ITIL, COSO, CMM etc. which is so confusing.

A. The standards are best practices that guide organizations. Adapted good systems and procedures which meet the objectives of business are BEST for that company. Implementing what is best for others may not suit your organization. Select and implement only that standard which benefits your business and delivers customer objectives.

Solution – IT Governance and compliance

Q2. Our company is growing and has global presence. Our business models include e-commerce, online customer services (internet banking, account management, insurance) and information delivery models. What level of security should be in place?

A. Protection of Information Assets and business continuity is most critical. Attack to IT infrastructure can happen from external or internal sources. Hackers and white collar crimes are on the rise. Some of the ongoing solutions that may be desired are-

  • Vulnerability Assessment and Penetration testing (WAN and LAN)
  • Business continuity planning reviews
  • Data Access control review

Q3. We suspect that our data and IT resources are often being misused.

A. Employees, staff and associates have more than necessary access to confidential data, IT resources and controls are weak. The best practice of “Need to know, need to use” is not being followed. Further the company maybe facing financial losses or potential frauds due to data leakages, white collar crime / thefts many of which are not visible. Internet, email and cell phones are enablers of bad practices.

Solution – Network and access security audits

Q4. We are a growing company with excellent product lines but there are endless customer complaints and customer royalty is limited.

A. Business applications (ERP, CBS) do not deliver. Applications are underutilized, are inefficient and access controls are weak. Adequacy of business application and support systems need to be checked to ensure customer records, interaction, turnaround times and handling of repeat problems. Weak customer service will eventually become a bottleneck. Identifying and fixing the application operations bottlenecks or IT operations will help improve customer satisfaction.

Solution – Application review, IT effectiveness and efficiency audits, BCP and DR audits

Q5. Most IT consultants find problems with older systems, technology and systems. The recommendations mean more investments, many times not viable.

A. You have valid concerns. But it is important to seek help of IS consultants, auditors who provide unbiased solutions without vested interests. It is important to provide solutions which are practical and match business needs of the organization. The focus should be to align IT to business and not the other way around. Our experience however suggests that 90% of IT audit recommendations relate to systems or management solutions (procedural and operational) and the balance 10% may require investments.

Solution – Suitable, experienced, qualified Risk management consultant

Q6. We have implemented a known brand of ERP / Biz application solution but the benefits are not visible as anticipated.

A. ERP is the necessary evil every business needs however small. Making a success of ERP takes a toll on business. Post implementation reviews can bring about many benefits -

  • Utilization levels are assessed
  • Managers trained to use ERP for decision making
  • Performance bottlenecks are identified
  • Missing controls implemented
  • Access security reviewed
  • Functional / requirement gaps identified
  • Management satisfaction

Solution – ERP / Business Applications audit

Q7. Users and IT department do not understand importance of data security.

A. Data security culture takes time to sink in. This culture must be top down. Starting with a simple policy on data security all the players must understand, trained, implement and be accountable towards confidentiality of information assets.

Solution –Security Audit, Training and culture building

Q8. We have spent millions ($, Euro, INR…) on setting up IT, systems and infrastructure, but they seem to fail us at most crucial times and when least expected.

A. The problem is common to organizations in the SME segment as the IT is managed on ad hoc basis, there are no defined systems, people dependency is high, sometimes with limited competency. There are more problems during month ends or peak load hours. Management have little or no time to look or get involved with IT issues, IT strategies and investment approvals are given based on recommendations by IT departments.

Solution – IS Audit review followed by IT Governance.

9. Last time, our server crashed / IT services were down we lost more than 2 days of time.

A. IT management is not appropriate with lack of incident handling or basic Business continuity implementation. This can happen again due to power outages, IT handling problems, Virus attacks, lack of people competency, inadequacy of backup systems and methodology.

Solution – Business continuity and disaster recovery planning review

Q10. What are the benefits of getting the IT systems audited?

A. IS audit is mandatory as per guidelines / for compliance of RBI, NSE, SOX, Kings II, clause 49. For most companies it is important to know the business risks from IT. Many benefits can be derived if organization are aware of -

  • Data security weaknesses
  • Missing or weak controls
  • IT utilization concerns
  • Adequacy of IT alignment to Business
  • Readiness towards minor and major disasters
  • Business risks due to IT are identified
  • Saving opportunities identified

Solution – Security Audits and IT Governance

Q11. There is a never ending request from IT to upgrade hardware, software and networking citing reason of performance, obsolescence, technology issues. How do we validate and justify these?

A. Technology is changing every day with newer, better, faster hardware and software solutions. Peer pressure or market demands forces companies, people to stay up-to-date to support business operations. Buying the latest is not the solution. Facts point otherwise. Newer hardware may not justify upgrade in most cases. For example an MNC in US still continues to use OLD servers as the investments do not equate benefits of faster performance. A software or application may not require upgrade until it can enhance effectiveness of business requirements. A version upgrade of a software / OS / application would also demand hardware upgrade too (catch 22 situation).

Solution – IT operations reviews, application audit and IT Consulting

Q12. Software solutions are always delayed or cost more. Implemented solutions constantly throw up bugs. Software support service remains a key concern.

A. Software development and customization is mostly an expensive and time consuming exercise. Further the software delivery process is riddled with risks. In case you are an end user, it is important to ensure that vendor is tied tightly to success of contract and SLA. In case you are a software vendor, it is important to ensure that SDLC, change management process and systems follow standards, project risk management and best practice for software development.

Solution – SDLC Audits, Project risk management, design and post implementation reviews

Q13. We are a small organization having 30+ computers connected on LAN. We do not need security Audit.

A. Is your business dependable on IT and does it store / manage confidential data? If yes, the security audit is like a basic IT health check up, to know whether there are concerns that need addressing. One must note that unlike most other departments which have gone through phases of ISO, Quality, Internal Audits, statutory audits, BPR other efficiency and control objectives IT has never been subjected to any external scrutiny. For most companies it is the FIRST time.

Solution – Security Audit and IT Governance

Q14. IT expenses are already high requiring constant inputs. Security auditing is additional expense.

A. IS auditing aims to bring efficiency and controls within the IS environments. The assessment reviews installation setup and recurring costs. Implementing recommendations can deliver tangible and intangible gains. For example if your total IT investments are $1,000,000, annual capex budgets are $250,000 and running expenses are $250,000. Post audit it is possible that both your capex and recurring expenses may go down by at least 10-20% which is a good $100,000 per annum. After spending $15,000-20,000 on audit you still save a whopping $80,000. Imagine how much saving is possible in a large IT setup.

Solution – Security Audit and IT governance

Banking, Government, Insurance, Equity Trading, Commodity Trading, IT / ITES, BPO, Cement, Health, NGO, UN, Media