System Audit

Power Your Business with Our System Audit Services

Being a prominent information security company with a vast experience of various aspects of this business, we think it’s our duty to serve different sectors and domains of industries to provide them with our cutting edge tehnology experience. So we all grow together!!

Security Architecture Review

Policies

Network Security

Database Security

Processes and internal controls such as patch management, hardening

Review and monitoring

Access controls

Logs and audit trails

Physical security

Framing Policies, Processes, Procedures and Guidelines

Review of policies as per ISO 27001

Relevant regulatory guidelines

Application Security Review

Application security testing manually and with tools

Adherence to Legal & Statutory Requirements(GST Recovery, data protection etc.)

EOD-BOD, EOD Reconciliations

STP (Strait through processing) possibility

Application security policy, access controls, audit trails, user management

Segregation of duty, separation of duty

Input, output, processing controls, authorisation controls such as maker, checker, parameterisation

Business Logic, session management, exception handling

Interfaces

Backup and BCP

Reconciliations, database security, server security, operations, effectiveness

Change Management, patch Management

Third party management (sla etc)

User training

Incident Management

Regular review of accesses

Network Security, Wireless Security

Network architecture security

Segregation of networks, redundancy and Load Balancing

Access controls, single point failure

Presence of security devices such as firewalls, IDS/IPS, their placement

End point security

Configuration Review

External VA/PT for vulnerable ports and openings

SIEM, SOC, performance, business continuity / redundancy

Incident Management, monitoring and review

Exploitation of vulnerabilities in wireless network, internet controls, email and web controls, social media controls

Capacity planning, performance monitoring, licenses and compliance, help desk

Cyber security preparedness indicators

Special audits for ATM Systems

Audit includes ATM Switch, Reconciliations, cash management, encryptions and key management

Periodic VA/PT of systems, card data integrity, third party management

Alerts and incident management, patch management, helpdesk, certifications of vendor

ATM Device Management, site Management, call centres/helpdesks, backup and BCP, physical security

Source Code Review

Review Business logic, bugs, errors and exceptions, backdoors

Secure Development/SDLC

Controls at all stages plan, design, coding, testing, rolling, change Management, etc

End to end audit of system development life cycle

Internal Controls & Processes

Core application parameter controls

Access Controls, User Management, Change Management, Incident Management, escalations

Asset Management, Reconciliations

Physical security, logs and audit trails, Reviews, Maker Checker, segregation and separation

Backups, internet controls, social media controls

CBS/ERP Application Security

Functional capabilities and controls Review

Parameter controls, access controls, user Management, segregation and separation of duty

Change management, incident Management, business continuity and backup

Audit trails and logs, database security, server security, physical security

Reconciliations, business logic verification, etc.(all controls as mentioned in application security)

Internet/
E-commerce Security

Application Security

Compliance to Regulatory Guidelines, business logic

Capacity and performance controls

Logs and audit trails, database security, server security

Backup and Business Continuity

Escalations, Incident Management, Change Management, physical security, etc

Special Audits for Swift

Application security controls as mentioned under application security like STP, access Controls, user management

Reconciliations, Change Management, Incident Management, parameter controls, Network security

Internal controls backup and BCP

HSM Management, physical security

Relevant regulatory guidelines

Payment Gateway Security

Certifications of the service provider, firewall security, access controls

Data privacy controls, server hardening, SSL, patch management

Internal controls, segregation of networks, end point security, change management

Periodic VA/PT by external auditor, logs and audit trail, Backup and BCP, logs and audit trails, physical security

Business Impact Analysis

As a prelim to Risk Analysis and BCP, BIA is done. Critical business is identified by assessing the impacts on various criteria for RA and BCP

Internet Banking, Mobile Banking

Application security

VA/PT of devices and application

Compliance to regulatory guidelines

Prepaid Instruments

Compliance to RBI Guidelines on PPI

ISMS – ISO 27001 implementation Audit

Review of implementation Organisation study, scope and objective definition, gap assessment and recommendations

Defining ISMS organisation, SOA, Risk analysis, Risk treatment and mitigation strategy, policies, procedures, record maintenance

Determination and maintenance of metrics

Management Review, Internal audits, CAPA (Corrective preventive action), pre assessment audits

Business Continuity and Disaster Recovery

Conduct business impact analysis, Risk assessment and devise Business continuity and Disaster Recovery plan