Services and Solutions

System Audits of Application System security & Control

The control objective is to ascertain whether adequate technical security controls have been implemented to secure the infrastructure, platforms hosting the critical Business application systems for the organisation.

The Assessment approach adopted starts with reviewing the network diagram/ topology/ network traffic profile and understand security devices deployed to protect organisations information assets.

  • Assess Application Threat profile and build Threat Vulnerability Asset Matrix, understand weak links in application, evaluate if weak links in application can be exploited

  • Assess the Risk of the underlying Information Assets and carry out Risk Rating and reporting with remedial action plan

  • Assess the adequacy of the Data Integrity, Privacy & Security controls

  • Carry out Testing of Key controls through technical vulnerability assessment and penetration testing

  • Assess Application system Architecture, Authentication, Authorization & Audit process controls

  • Assess the adequacy of the inbuilt Application Input, Process & Output controls ( say for e.g have concept of Dual control implemented for high value transaction, Monetary value validation, Error handling etc)