Facebook NRI Fintech India Linkedin NRI Fintech India Instagram NRI Fintech India Youtube NRI Fintech India

Information Security Consulting

 
Services Enterprise Software Development Domain Consulting for Capital
Market Solutions Testing Services Implementation and Ongoing
Maintenance Cloud Advisory and Management
Services Information Security Consulting Remote Infrastructure Management
Services
 

At NRI FT India, we implement and maintain security compliance to minimize threats to business assets and have proficiency in:

1. Vulnerability Assessment/Penetration Testing
  • A. Internal and External Vulnerability assessment.
    • Assessment for publicly deployed application as an external attacker.
    • Detailed onsite assessment of all critical servers (Database, Web Server, App server, other application components) and insider threat modelling.
    • Exploitation demonstration to visualize real time impact.
    • Penetration testing with compliance report as per ISO-IEC-27001, PCI-DSS, SOX, SOC, COBIT etc.
  • C. Application Security Assessment
    • Find potential vulnerabilities in any kind of complex application tier independent of technology stack.
    • Customized business specific assessment to address appropriate business logic flaws.
    • Includes but not just limited to OWASP-Top 10 and CWE-SANS Top 25
    • Discover potential zero day vulnerabilities
  • B. Real time intrusion Testing
    • Discover potential security weakness from an absolute Blackbox environment without any access to network.
    • Assessment includes external discovery to penetration from outsiders perspective.
  • D. Reporting:
    • Executive summary with key findings.
    • Evidences with attack simulation details.
    • Solution considering most feasible and economic mitigation and countermeasure techniques.


2. Periodic Vulnerability Management
  • A. Dynamic vulnerability scan and Penetration Testing
    • Scan with only new signatures for whole application
    • Assessment Frequency - Periodical (Twice in a year)
  • C. Dynamic vulnerability scan and Penetration Testing
    • Verify the exploitability and impact in application from daily news review if there is some high risk probability
    • Scan with all signatures for any delta part of the application
    • Assessment Frequency - Ad-hoc
  • B. Daily news check to discover zero day vulnerability
    • Checking multiple news feeds and various threat advisory sites over internet
    • Assessment Frequency - Daily


3. Risk Management and Remediation Consulting
  • Initial gap analysis in terms of information security to identify criticality of assets and help in identifying gap after remediation
  • Identify and classify potential area of risks for organization.
  • Quantify risk and demonstrate and qualitative risks.
  • Check requirement of compliance and understand policies.
  • Prepare Gap analysis report and assist in choosing the right product/service
  • Implement/review information security policies as required.
  • Support organization to achieve the compliance level.
  • Interview existing security services.
  • Help improving existing security solutions.
  • Consultation to achieve any leading information security management system certification which includes but not limited to ISO/IEC 27001,SOC-2, PCI_DSS,HIPAA,GDPR etc.