Breadcrumbs Image

IT and Information Security Audit Services

About IT and Information Security Audit

1. In-house or remote security operation center for monitoring their activity like transactions, attacks/threat to the bank:

  • A complete threat research and prevention facility in the premise of the company to actively respond and mitigate to the cyber-attacks Carried on the bank.
  • Being an in -house setup analysts will have proper knowledge of Network architecture of the the company and this will help in solving the issues.
  • As bank infra is confidential and has sensitive data it is not a good practice to outsource this to third party.
  • In case of third party the connection between bank network and third party should be secure.


2. DLP and MDM management and compliance check

A complete mobile device management solution can manage devices running on Android, iOS, Windows, macOS Blackberry OS and Chrome OS. With development inenterprise mobility management, several MDM solutions also support Windows 10 and IoT devices.Again for MDM compliance check is done first by understanding the architecture of the MDM deployed in the company and understanding all the devices are being used.Logs coming from MDM tools are gathered and then presented to management
  • DLP-Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect and secure their data and comply with regulations
  • Usually banks will have DLP tools or if not tools can be suggested to bank as it’s a must for a banking sector according to RBI
  • Providing a compliance check from data provided by their DLP tool is often outsourced to third party as it should be done so, according to audit clause
  • You can also consider deploying and manage their DLP tool from an architect stand point
3. Antivirus and Patching compliance check, also its deployment and maintenance.Any antivirus or patching tools can be deployed in network for regular antivirus scans and patch of various systems
  • Usually in compliance of antivirus , the antivirus signature should not be less that 3 days
  • Again in patch compliance a company should always apply all the critical and zero day patch when they are released and all patching of medium to low severity should be carried once a month with the latest patch release.
  • Compliance checks are carried out by third party as its in audit clause as it removes biasedness.


4. Financial audits

5. PIM and PAM solutions

a. PIM- Privileged identity management (PIM) is the monitoring and protection of superuser accounts in an organization's IT environments. Oversight is necessary so that the greater access abilities of super control accounts are not misused or abused

b. PAM: Privileged Access Management (PAM) is a solution that helps organizations restrict privileged access within an existing Active Directory environment.

c. Managing and deploying the tools for pim and pam

  • 6. Vulnerability and penetration testing
  • a. Ethical hacking methodology to safe guard company’s assets and network
  • 7. Active Threat hunting
  • a. Cyber-attacks and threat hunting research work from network devices
  • b. Network devices can be integrated with ELK to do faster threat hunting, other AI based technology will be faster
8. Providing a comprehensive dashboard for management to visualize all data. Statistical overview and also health check of devices

9. Device management

a. Management of network devices and configuring network devices for the client.

b. Network devices like firewall router switch etc

10. ISO 27001 :

a. Audit for 27001 information security can be carried out as internal audit or a second party audit for the bank

Contact Us

Office Location

1416 DLF Galleria, Action Area 1B,New Town, Kolkata 700156, India

Quick Contact

Quick Links