Gap Analysis

Gap Analysis offers Comprehensive Consulting and Auditing services to your organization. The purpose of this engagement would be to do a review of existing security architecture, technology, people and processes, including General Data Protection Regulation (GDPR) compliance for complete cyber security gap analysis. This analysis will test and assess the current information security configuration and implementations to find any deficiencies compared to global practices. A final report with all the findings and recommendations will be presented before the executive team for further action.

Gap Analysis evaluates the policies, standards, and procedures implemented by your organization and how they align with the five core functions; identify, protect, detect, respond, and recover. Our experts work with your staff to identify positive practices in your program as well as the areas for improvement. Our objective is to align your organization with industry-recognized security best practices by leveraging the knowledge of our experts from various domains under Cyber Security. We will identify the shortcomings and resources needed to meet the requirements while ensuring infrastructure, staff and security controls are robust and effective.

Core Offerings

  • Log & Incident Management Review
  • Review Security Architecture Design
  • Review of Existing Processes
  • Review of Technologies Used
  • GDPR Compliance Check
  • Selective VA/PT

People, Processes and Technology are pivotal for effective cyber security. Security analysts must investigate these aspects in order to determine various possible threats. With detailed planning and a steady process, the exposure to vulnerabilities can be drastically reduced. Our Cyber Security Audit is designed to be a comprehensive analysis of your business’s IT infrastructure, exposing weaknesses and high risk practices. It allows our security specialists to advise on the best course of action to vastly improve your cyber resilience, securing your data and protecting your business.

Penetration Test

A Penetration Test simulates real world attacks from malicious users, wherein, the entire process is conducted in a controlled environment with an aim to identify vulnerabilities in an organisation’s network that may allow unauthorised access to an attacker to bypass the existing security protocols. In addition, a Penetration Test also helps in validating existing controls and protocols to helps in framing suitable guidelines for mitigation of the cyber threats. A stout system not only facilitates securing sensitive information but ensures a timely recourse, which can ultimately prevent financial losses and helps maintain business continuity, reputation and customer confidence for an organisation.

Phronesis offers Penetration Testing Services on a monthly/quarterly/annual basis, as per the client needs. Our experts use a combination of both automated tools and manual techniques to identify and validate vulnerabilities that may result from a poor or improper system configuration, known software flaws, operational process weaknesses, or any other vulnerability.

Vulnerability Assessment

Vulnerability Assessment is a pure technical audit that involves manually conducting vulnerability analysis on critical systems, reviewing multiple security logs across devices and finding vulnerabilities that may expose the network to malicious attacker. Phronesis performs vulnerability assessments in accordance with “best-in-class” practices as defined by ISECOM’s Open Source Security Testing Methodology Manual (OSSTMM) and the Open Web Application Security Project (OWASP). Our Team use both automated tools and manual techniques to detect vulnerabilities that threaten to compromise an organisation’s infrastructure, data, policies and processes.

Post the assessment, Phronesis provides a comprehensive report to include security risks and weaknesses discerned as also remedial measures which need to be initiated for eliminating the identified vulnerabilities and improve overall security. It will also involve support to legal team in drafting responses or documenting findings in accordance with legal/compliance requirements for consumption of board, stakeholders or international CERT teams.

Cyber Audits : ISO 27001

ISO 27001 is an International Standard for an unassailable security system which corroborates that an organisation has the robust Information Security Management System. Even a trivial amount of data unauthorised outflow can cost an organization heavily in terms credibility and business continuity. Hence, a robust Information Management System is an inescapable requirement to protect an organisation’s sensitive data. ISO 27001 Certificates are awarded to the organizations which scrupulously implement its indicated norms, without any gaps. Hence, ISO 27001 is the most accepted information protection standard in the world to certify an organisation’s information as ‘Highly Secured’.

Phronesis offers complete support in execution of ISO 27001 framework and makes an organisation ‘Highly Secured’. Our ISO 27001 Certified Lead Auditors and Security Implementers execute the process in following manner :-