PANSYS e-Risk Solutions is the Enterprise and Technology Risk Consulting division of
PANSYS Network Limited. PANSYShas a tie up with a renowned company which carries a heritage and expertise of over 25 years in the field of Security and Risk Advisory. The consulting arm specializes in Security Risk assessment, Policy reviews, Compliance Audits Vulnerability assessment and Penetration Testing services.

Our technical competency coupled with investigative strength gives us a distinct advantage of providing tailor made cutting edge solutions to mitigate the risks associated
with your business processes and information systems.

 Our in house risk assessment methodology makes use of internationally accepted best practises like ISO: 27001,COBIT etc. that help assess current and future risks associated with the organization and ensures that security becomes an ongoing process.

Choosing your information security partner or advisor demands a great deal of trust. At
PANSYS, we understand that by listening and responding to the needs of customers.

The companies deal with lot of proprietary and customer sensitive data, it is important from the data security and compliance point of view that the data must be handled with utmost care. The assessment service is mainly aimed at the reviewing the basic security controls and other arrangements already in place to prevent data theft and/or attack from an external intruder into the data and service critical systems. We understand that building security controls or enhancing the existing security infrastructure can be a tricky process and will require you to justify the investment on the security and the return on investment on security. Thus, keeping in mind the need of the hour we have divided our basic security assessment module into 3 stages. This not only will give you a comfort level to work with us but also gives you confidence in our methodology (inspired by industry wide accepted best practices) for carrying out the security assessment in your
organization.
The assessment service has been designed especially covering all the major domains of security at the centres dealing in outsourced activities involving data and voice. However, there is more than that to what PANSYS has to offer to increase the security of the operations and the environment in which the business is operating. These can be discussed as per the requirement basis. At the end of this assessment activity, relevant control measures and security solutions are suggested to enhance the security of the existing infrastructure.

Complete support is provided for implementation of security controls, documentation (if required), evaluating the right security product as per the organization’s security requirements and vendor management (if required) for procuring security products.

The activities carried out during this phase will determine Information Security
requirements and the threats associated with Information assets of the organization.

Scope of services covered
1. Understanding the Threat Perception of the stakeholders of the Information Owners
and the Management.

2. Infrastructure Review:

This will include a detailed infrastructure review covering following 8 domains:

I. Network Architecture Devices
�� Review of network architecture to assess its robustness in
protecting the information/ information assets from attacks within
and outside.
�� Review configuration of the systems and servers critical to
network environment:
• Network Infrastructure devices:
o Layer 2 and Layer 3 Switches,
o Routers, if any
• Servers
• Firewalls and Intrusion Detection Systems

II. Single Point of Failures(SPOF)
Identify SPOFs
Review counter measures against single points of failures.

III. Physical and Environmental controls

Review physical and environmental controls at Server room.

IV. Logical Access controls

Review controls for IT admin users and General (non-IT) users

V. Internet
Review security for access and usage of the Internet

VI. Backup
Review backup procedures,

VII. Virus protection

Review controls for virus protection

VIII. Enduser computing

Review of desktop
• Review of desktops: Basic hygiene (including password
setting, OS version/patches, HD sharing , virus protection
etc)
Controls for local storage of data
Protection measures against use of unauthorized software

This stage will involve review the existing network design of your organization from the
optimal security point of view. Based on the infrastructure review carried out in the
previous stage and requirements understood for a secure network design in this phase, the
security products/solutions and/or any necessary physical re-arrangements in the design
of the network will also be recommended.

Scope of services covered

• Review of existing Network design and arrangement.

VA will be carried out to determine whether potential vulnerabilities or security
exposures exist on the systems, servers and applications of the organization. This
particular service can be hired on the regular (quaterly, half-yearly or yearly) basis to
scan and fix new vulnerabilities on the regular basis to maintain optimal level of
security in the systems and applications.

Scope of services covered

1. Perform TCP/IP Vulnerability Scanning with state-of-the-art TOOLS with plugins
enabled to discover the latest known & potential Vulnerabilities as on the day of
scan.
2. Perform Vulnerability Scanning for any internet and intranet application using
state-of-the-art scripts and TOOLS with plugins enabled to discover the latest
known & potential Vulnerabilities as on the day of scan.

Deliverables
1. Infrastructure security assessment report detailing the status of reviewed
parameters of 8 domains.
2. Secure Network Design document.
3. Evaluation report of best security solutions accompanied with
recommendations for deploying appropriate solutions.
4. Highlighting Vulnerability in the Assessment report.
5. Recommendations to fix Vulnerabilities & put controls in place.
Time Frame
Varies from 6 working days to 25 working days depending upon the scale of setup.

We review the implementation of security controls according to the existing security
policy (assuming the existing security policy is ISO27001 compliant). In case the policy
is not present we prepare it for the organization and we can see to it that the controls are
implemented according to the policy. On the technical front implementation manuals for
the existing IT Systems and sub systems can be provided for the company. These
implementation manuals contain value for parameters required for hardening/securing
servers, systems related to network security i.e firewalls, ids etc., Network infrastructure
including wi-fi networks, databases and other applications that have impact on IT
Security for the enterprise.

In other words, the complete deployment of an ISMS (of which the above mention points
are an integral part) against IEC/ISO:27001 audit scenarios can be managed by our firm.
For external audit for the purpose of certificate our consultants have the competence and
experience to carry out compliance audits at large scales. To understand the depth and
breadth of Security Controls and Security Policy that are developed and reviewed during
the compliance preparation, kindly get in touch with us.
Time Frame
For a setup of a network with 125 workstations and 8 servers it takes around intensive 3
months to get an organization ready for the ISO:27001 audit.

Depending on the need of the business we also provide the following services:
 Risk Assessment and Recommendations
• Penetration Testing
• Compliance Review and Audits for ISO: 27001, SOX, HIPAA, GBLA etc.
• Policy Development
• e-Security Awareness and Training
• Risk Management
• Computer Forensics
• IT Disaster/Contingency Plan Development and Evaluation
• Threat and Vulnerability Assessment
• Procedures Development Review
• Configuration Management/Change
• Control Process Development and Assessment
• Wireless Security
• VoIP Security
• Asset (Software and Hardware) Management
• Security Product Evaluation and Vendor management