• Enterprise Vulnerability Assessment Services (EVAS) : An effective identification and prioritization of vulnerabilities
  
• Test : A Service that effectively simulates attackers to check if your security controls can be breached
  
• Policies and Procedures Assessment Service : A check for compliance against established security policies and procedures
  
• GAP Analysis : An effective identification and prioritization of vulnerabilities
  
• Policies and Procedures Assessment Service : A check for compliance against established security policies and procedures
  
• Security Architecture Design (SAD) : A secure architecture aligned with your business need
  
• BS7799 Standard Compliance : An effective and efficient way to create a world acknowledged Information Security Management System
  
• Impact Assessment : This service sets the stage for your continuity management process
  
• Business Continuity Planning : A comprehensive continuity plan, design service
  
• Incident Response : Helps you develop a structured and standards based incident recovery program

• Need: The profusion of vulnerabilities and exploits, in today's networked world, makes many organizations vulnerable to security breaches ranging from Web site defacements to theft of proprietary information and unavailability of critical business systems. Organizations are realizing the need for an effective information risk management program. Complete and periodic enterprise vulnerability assessment is an important component of the information risk management program and in many cases is mandated by legal and regulatory requirements.
  
• Advantages
  • Identification of security vulnerabilities
    
  • Prioritization of risks
    
  • Pragmatic recommendations
    
  • Detailed and easy to read reports
    
  • Cost effective
• What is Enterprise Vulnerability Assessment Services (EVAS)?

Sify: EVAS has been designed to help organizations understand the nature and implications of the risks they face and to determine the degree to which an enterprise's critical information systems and infrastructure components are susceptible to intentional attack or unfortunate error as a result of weakness or vulnerabilities, inherent in most popular applications and operating systems.

The Sify: EVAS consists of the following components that can be tailored to meet your specific needs:

• Need: Information is critical to the success of organizations in the new economy. However, the new economy also introduces the threat of hackers, which range from lone teenagers to well funded criminal organizations. The conventional threat to information from disgruntled employees and corporate espionage is ever present and more dangerous as sophisticated attacking tools are readily available and information becomes more valuable. It is in such a scenario that you must ensure that your information is not exposed to the ongoing threats faced by organizations today.
  
• Advantage
  • Simulates attackers before they attack your organization
    
  • Proven methodology
    
  • .Independent testing of security control
    
  • .Identifies security holes
    
  • Easy to read reports
    
  • .Pragmatic recommendations
    
• What is Sify: Test?

It is a Penetration Testing Service that simulates attackers to determine if your information security controls can be breached. It is a systematic and structured, high-end analysis, testing and reporting exercise conducted in order to obtain an information trophy to prove that the security holes in your organization are real rather than theoretical possibilities.

We offer different modes of in-depth testing to ensure a thorough check of all security tiers of client infrastructure. A partial list of the modes used would be Penetration Testing, Perimeter Testing, Perimeter penetration testing, Telecommunications penetration, Penetration testing,

• Need: Security programs based on standards minimize security practitioner's oversight in establishing a robust information security management system. This also reduces opaqueness surrounding selection of controls to fellow employees and management.
  
• Advantages
  • Highlights current security posture against any of the above standards
    
  • Customized and pragmatic recommendations
    
  • Easy to read and reports
    
• What is Sify: Gap Analysis

It helps organizations understand their current security posture in regards to the above standards and guidelines.

It will highlight your shortfalls in regards to compliance with these standards as well as provide a blue print /to-do list to meet the requirements of the standard.

It follows a systematic and structured approach in conducting the gap analysis and uses a combination of tools, questionnaires and interviews with relevant organizational personnel.

It provides a customized, pragmatic, to-do-list, highlighting the controls that need to be implemented in order to meet compliance to selected standard.

• Need: Adherence to security policies and procedures are the key requirements to ensure higher security levels. The security policies and procedures also need to effectively permeate into all organizational levels to ensure total compliance to achieve organizational security objectives. The security landscape is constantly changing and even a minor deviation from adherence to policies and procedures can have serious repercussions on the organizational security.
  
• Advantages
  • A comprehensive audit that checks for compliance to security policies and procedures.
    
  • Assess organizational risk based on non-compliance to security policies and procedures.
    
  • Understand the level of permeation of security policies and procedures
    
  • Use as a feedback report post implementation/enforcement of policies and procedures
    
• What is Policies and Procedures Assessment Service?

It is a service that involves a review of your IT Security policies, procedures, standards and guidelines to identify inconsistencies between documented policies and procedures and day-to-day practice. Standards and Guidelines will be benchmarked against industry (regulatory) recommended best practices and a benchmark score will be provided.

The various tasks include: Organizational Policy and Procedure review, Framing Audit Objectives, Sampling, Control Testing, Information Gathering and Reporting

• Need: The network acts as the foundation on which businesses rely for normal business operations. Regardless of the size of a network or its connectivity, a Secure Architecture design is critical to ensure that networks will operate when needed and that it will prevent against security breaches. Secure architecture design is the "master plan" of your information security system. Well-designed security architecture provides the level of assurance you require for the integrity, availability, access control to and audibility of your information assets. Furthermore, good architecture ensures that your security does not get in the way of the usability of your system. Proper design allows you to have control with a minimum of inconvenience.
  
• Advantages
  • A Secure Architecture aligned with your business needs
    
  • Defense in Depth and Defense in Breadth approach
    
  • Ensures seamless integration with your current infrastructure
    
  • Enhance the performance characteristics of your network
    
  • Enables a network infrastructure that supports emerging business and technology requirement
    
  • Product comparison charts provided to enable proper selection of appropriate technologies
    
  • A phased implementation plan provided
    
• What is Sify : SAD?

It involves understanding the level of security required by an organization to solve a specific business issue and designing a security solution that meets the defined requirements. By balancing business needs with security technology, we enable our clients to make clear, informed decisions regarding the protection of their valuable resources and reputation

Our whole, or in part, architecture designs are threat – driven and based on your IT security policies; and our technology recommendations are derived from a portfolio of current best-of-breed security products.

Our expert staff can design a system from the ground up, or help to integrate a new service, policy or countermeasure into an existing design.

• Need: The current CXO’s need to answer the following
  i.How to decide which control to bet his last rupee on?
  ii.What are those parameters based on which he/she can quantitatively measure improvement as a result of the actions taken?
  iii.Whom can he/she trust to help him/her really plan and monitor the effectiveness of the controls in place?
  iv.Is there an independent party who really knows what Security is and can recommend the best practices?
  
• Advantages
  • i.Identifies company as one that upholds best business practice.
    
  • ii.Gives your Sales & Marketing team Unique Selling Proposition to trade from
    
  • iii.Enhances customer and partner confidence
    
  • iv.Increased business efficiency hence saves you money.
    
  • v.Highlights current security posture against any of the above standards
    
  • vi.Customized and pragmatic recommendations
    
  • vii.Easy to read and reports.
    
• What is Sify: BS7799 Compliance

It helps organizations understand their current security posture in regards to the BS7799 Standard.

It will highlight the shortfalls in regards to compliance with the standards as well as provide a blue print /to-do list to meet the requirements of the standard.

It follows a systematic and structured approach in conducting the gap analysis and uses a combination of tools, questionnaires and interviews with relevant organizational personnel.

It provides a customized, pragmatic, to-do-list, highlighting the controls that need to be implemented in order to meet compliance to selected standard.

• Need: The continuity of a business can be at stake due to various factor such as : natural disasters, security breach, malicious data theft, lack of back up processes, power surge, temperature, system failure, etc. This puts the reliability of the systems and information assets at stake. These risks not only result in financial losses but so may also impact the business growth and damage the public image of the company as a whole. Recent catastrophic events have heightened the need for business continuity planning, and yesterday's contingency plan is no longer adequate to keep today's information-centric organizations up and running. Organizational resilience is proving not only to be a competitive advantage for organizations but is also aiding organizations to inspire confidence among their stakeholders.
  
• Advantages
  • Understand your key processes and acceptable downtimes
    
  • ii.Assess your current level of preparedness
    
  • iii.Effectively plan for contingencies
    
• What is Sify: Impact Assessment

It is the starting point for organizations to develop, plan and implement its business continuity process.

It sets the stage for shaping a business – oriented judgment concerning the appropriation of resources for recovery planning efforts.

It is a structured, standards based process that not only focus on your technology infrastructure, but also on the integration of your business processes and supporting information flows. It involves Developing a grasp of the proportion of impact individual business units would sustain subsequent to a significant interruption of computing and communication services. These impacts may be financial, in terms of dollar loss or impact, or operational in nature, such as the inability to deliver and monitor quality customer service, etc, thus providing the data required for your continuity strategy and plan. Through in-person interviews, questionnaires and proprietary tools, we identify, assess and prioritize your critical systems according to your business requirements and criticality of data.

• Need: To ensure that the organization has the capacity of making assets and resources which are of business critical value available within a short specified time after an incident.
  
• Advantages
  • Assistance in formulating a strategy that best meets your needs
    
  • An established framework that can be continuously updated and improved as your business evolves
    
  • A complete solution roadmap to guide your efforts
    
• What is Sify BCP?

It is a comprehensive continuity plan design service that establishes organizational resilience plans for 'business critical' IT systems and applications including procedures for detection, escalation, notification, alert/declaration, relocation, restoration, application system synchronization and end user certification.

With the data gathered from the impact analysis, Sify: BCP focuses intensely on your continuity strategy and researches how best to address each mission critical business process.

Helps you identify and evaluate various recovery strategies and also provide a complete roadmap for implementing the strategy and tactics required for your business continuity plan.

Supplemented with the fact that we work with your various departments and information stakeholders to develop and document a cross-functional and enterprise business continuity plan covering continuity of business processes, as well as recovery of supporting IT systems.

Help develop a forum for updates and continuous improvement to reflect the inevitable changes to your business.

• Need: Attacks on organization’s computer systems are growing exponentially, often causing massive disruption, loss of revenue and credibility. Even the best security program can be susceptible to attack. It is thus critical that organization's have a well thought out plan on identifying and responding to security incidents quickly and effectively with no or minimum disruption to business.
  
• Advantages
  
  • Structure and standards based approach
    
  • Tailored to your business risks
    
  • Rapid restoration of normal business activity after a compromise
    
  • Restoration of systems with logs intact for forensic review
    
  • Availability of an experienced EAP consultant to advise during initial recovery operations
    
• What is Sify: Incident Response?