An enterprise grade information security & forensic technical team

Transcription

1 An enterprise grade information security & forensic technical team

2 About Us Pyramid Cyber Security & Forensic (P) Limited is an ISO and ISO certified boutique Digital Forensics, Information Security & Fraud management Solutions & Services company. Pyramid helps customers in Law Enforcement, Government and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, frauds and acts of terrorism arising due to vast proliferation and usage of Digital & Communication applications, assets and artefacts in our personal and professional lives. Solution & Services portfolio covers Digital Forensic, e-discovery, Cyber Intelligence, Incident Response, Fraud Management and Information Protection. Co-Founded by Dinesh Sawhney and Alok Gupta, an entrepreneur, thought leader and industry speaker on Digital Forensics along with a talented team of Digital Forensic Experts, Cyber Crime Investigators and Certified Information Security experts; Pyramid is poised to leverage the fast growing Digital Crime and Fraud investigation market space.

3 Our expertise includes Security Incident & Event Monitoring Forensic Triage services Full Forensic Analysis and reporting e-discovery Vulnerability Assessment Penetration Testing Security Policy creation Security Maturity Assessment

4 Pyramid Solutions & Services Digital Forensic Solutions Setting up specialized Digital Crime & Fraud Investigation Centers & Digital Forensic Labs for Law Enforcement and Enterprises Digital Crime, Fraud & Forensic Investigation Forensic Acquisition, Investigation & Analysis of Digital Evidences Computer Forensics, Mobile Forensics, e-discovery Cyber Intelligence & Incidence Response Cryptography, Steganography, Crime Pattern and Link Analysis Remote Forensics and Network Forensics Video Analytics, Layered Voice Analysis & Voice Biometrics Forensic Readiness Audit Forensic reporting & testimony support aligned to IT Law Information Security & Cyber Warfare Design & Architecture, Audit & Assessment, VA-PT, Policy & Process consulting, Data Leak prevention, Information Protection, SIEM, Security Analytics Professional Services on Malware, Exploits, Threats Analysis, Honeypots Fraud Management Enterprise & Employee Fraud Management Digitized Document Fraud detection

5 Pyramid Technology Partnerships Pyramid has nurtured long term partnerships with best of breed technologies coming from world s leading Digital Forensic and Information Security technology companies that offer cutting edge solutions to organisations such a CIA, FBI, NASA, DOJ, Scotland Yard, NSA in the Law Enforcement to leading corporations, multinationals and governments across the globe. Access Data Logicube Elcomsoft FMS Inc. Vound Software Cyber Security Technologies ADF Solutions Inc. Decision Group FIS Global Cellebrite Nuance Polaris Wireless Polixel RSA Saint Corporation IBM Seclore Hewlett Packard Backbone Security Belkasoft 5

6 Information Security Services Vulnerability Assessment & Penetration Testing Application Security Assessments BCP / DR implementation Change Management Data Classification Data Governance Software Asset Management DLP / SIEM solution implementation and optimization ISMS Current State Analysis and Optimization SOC Setup / Gap Analysis Incident Readiness Security Awareness Program Information Rights Management implementation Risk Framework Metrics and KPI development and evaluation Process Training Incident Management, Change Management Configuration reviews of devices like firewalls, IDS/IPS, servers etc Readiness assistance for standards like ISO27001, ISO22301, PCI-DSS, SSAE16, RBI Guidelines etc

7 Information Security Engagement Model Policies and procedures Risk Assessment Inventory, information / data classification Defining roles and responsibilities Access Control Information security and information asset life-cycle Personnel security Vulnerability Assessment Establish on-going security monitoring processes Patch Management: Change Management Physical security Network Security User Training and Awareness Remote Access: Incident management Application Control and Security Migration controls Implement new technologies: Encryption Date Security Audit trails Information security reporting and metrics Information security and Critical service providers/vendors Distributed Denial of service attacks(ddos/dos): Implementation of ISO Information Security Management System Wireless Security Business Continuity Considerations: Information security assurance General Information Security delivery Develop and maintain security policies Generation of meaningful security metrics of security performance Assignment of roles, responsibilities and accountability for information security Development/maintenance of a security and control framework that consists of standards, measures, practices and procedures Classification and assignment of ownership of information assets Periodic risk assessments and ensuring adequate, effective and tested controls for people, processes and technology to enhance information security Processes to monitor security incidents Effective identity and access management processes IS awareness program for users/officials

8 IS Maturity Path OPTIMIZED MONITOR Continuous Systems and Controls monitoring. Process updating. Compliance and Reporting EVALUATE Current State Analysis Leading to Scope Definition and Implementation Strategy. Device configuration; Asset Inventory; SUSTAIN Information Security is managed. Controls and compliance systems are in place. Technology controls for IS are implemented Security Controls are automated to high level. Management reporting is continuous, growth through self service is built in. CREATE Security Organization. Security Policies and Documents. Define Controls. Awareness and Training. DEPLOY Implement process and technology controls. Conduct technical testing of IT systems, applications. and measurement systems.

9 Design & Build Posture Analysis Scope Definition Maturity Baseline EVALUATE CREATE Organization Documentation Controls Implement controls Awareness & Training VAPT, AppSec Testing DEPLOY MONITOR Metrics & Reports Audit Maturity Level KPIs, KGI, SLA Monthly Tech and Mgt Reports Report Compliance RBI, IDBRT, ITA Evaluate and Improve Process Review and Update ISO Certification Improvement Defense-in- Depth Automation Threat Mgt Continuous Monitoring Sustain & Grow

10 Web Application Security Testing INFORMATION GATHERING Investigation of application design and programming from the developer s perspective to determine format for testing TECHNICAL TESTING Assessment of the application to uncover security vulnerabilities and weaknesses using OWASP web application penetrating testing framework TARGETED SOURCE CODE REVIEW Targeted review of the application code that will provide solid recommendations for improving the code for greater security DELIVERABLES Detailed report on the application s current security posture and detailed recommendations for remediation of vulnerabilities discovered

11 Team Pyramid s technical engineers hold highest certifications, and always eager to help you with your security related challenges, improve security posture and compliance by following industry s best practices.