|
|
 |
INFORMATION
SYSTEMS CONSULTANCY, SECURITY &
AUDIT :
|
|
The core competence
of the Information Systems division
is in rendering consultancy service
in the field of management, planning
and organization of Information
Systems, developing Information
Systems Security Policy and security
policy for protection of Information
system assets including physical,
logical and environmental security,
disaster recovery plan, business
continuity plan, audit of system
development, acquisition and maintenance
and implementing and carrying out
Information System Audit through
out the organization.
The coverage of the audit would
include:
|
|
|
Perimeter Testing |
|
|
This
would cover the surroundings
& environment in which the
IS assets function |
|
|
Physical
& Logical Security |
|
|
This would cover
the physical access controls
& logical access controls
that need to be in place for
the IS assets to function and
relative system performance. |
|
|
Hardware
Audit including Operating System
- Hardening |
| |
To
assess whether the operating
system controls are in place |
|
|
Operating
Systems - Application Software
Audit |
|
|
To
assess whether the controls
regarding the usage of the application
software is in place. This will
include software vulnerability
testing. |
|
|
Infrastructure
Audit - To assess
the condition and adequacy of
infrastructure and to detect
idle capacity and bottlenecks. |
|
|
Network
Audit
o Penetration testing
o Audit Trail & Log |
|
|
To
assess whether the local network
or the wide area network is
weak or prone to any hacking |
|
|
Conversion/Migration
audit |
|
|
To
assess whether the data conversion
from an earlier database to
the new database is proper.
This will include change management,
version control system including
authorization and library management |
|
|
Application
audit including software functionality
audit |
|
|
To
assess whether the application
software in use conforms to
the business functionality determined
by the bank. |
|
|
Web
site and Server Audit |
| |
This
includes audit of the complete
website against various parameters,
to ensure confidentiality, integrity
and availability of information,
security of the website,server
and content, efficiency, effectiveness,
responsiveness of the website
to Visitor's needs and compliance
with legal requirements. |
|
|
Data
Base Audit and Data retention
audit |
|
|
This
includes assessing the data
storage, data backup, data restoration
and data archival procedures
in place. |
|
|
BCP
and DRP Audit |
|
|
Audit
of the Business Continuity Plan
and Disaster Recovery Plan (if
any) and its efficiency would
also be covered in detail. The
Incident Response capability
of the bank would also be measured
and reported upon. |
|
|
|
|
|
|
|
 |
 |
 |
| |
|
|
|
KCPL offers one-stop
"knowledge partner and mentoring"
solutions, providing end to end
services for development of Policies,
Procedures, Implementing Systems,
Training, Evaluation and Certification
of ISO based systems, Information
Systems, Cost Systems, MIS, Assurance
& Certifications, Valuations
& a host of other areas of
discipline. |
| |
|
 |
The Company
has a multidisciplinary team of
professionals employed and retained
on consultancy basis consisting
of - Certified Information Systems
Auditors (CISA's), Certified Fraud
Examiners (CFE's), Cerified Information
Security Managers (CISMs), Chartered
Accountants, Management Consultants,
Cost Accountants, ISO Consultants,
Lead Auditors & Professionals,
Doctors, Software Programmers
& Networking professionals
and other professionals. |
|
|
|
|
|
