Vendor Information Technology Audit

As a CERT-India Empanelled auditor, we are proud to help secure websites for the Government of Punjab and Gujarat among others.

To get more information on Security Brigade's Professional Services, Contact Us.

Introduction

Today, companies share information with third party vendors based on their business needs and requirements. So it is imperative that they carry out vendor security audit to ensure adequate information security and data protection controls are in place. This is necessary to ensure customer and employee personal information; including organizations trade secrets are safe. A hack on your vendor may leave your organization as exposed as if you had been hacked.

Security Brigade's Vendor Information Security Audit gives you a detailed analysis of your vendor's data protection programs so you can have an accurate understanding of how well your data is being protected.

  • Comprehensive Security Assessment of applications and network infrastructure directly supporting the application while identifying security weaknesses, misconfigurations, design & logic flaws.
  • Customer Specific reports with clearly outlined responsibilities and detailed remediation steps including device specific commands/patches and source-code examples.
  • Detailed Recommendations focusing on mitigating immediate threats and suggesting best-practice recommendations to prevent future events.
  • Detailed Analysis of the application to identify threats that may jeopardize the confidentiality, integrity and availability of critical or sensitive data.
  • Expert managed, safe simulations of typical internet and insider threats, impact monitoring and easy to understand reports with corrective actions and best-practice recommendations.
Some of Our Unique Value Propositions
Experience
Consultants are certified with industry recognized IS Certifications (eg: eCPPT, SANS, CISSP).		 Free Re-Testing
Ensures vulnerabilities are completely closed.
Customized Reports
Designed to help developers understand issues for the long-term.		 Hybrid Approach
Unique combination of manual and proprietary automated processes.
Identifying the "True Impact"
Identify the real-world impact of threats against your IT infrastructure.		 Enhanced Remediation
Solutions specific to your operational and development environments.

Approach

Security Brigade will use a five step approach in identifying security vulnerabilities in vendor's IT infrastructure. This would enable you to get a snapshot of your vendors security posture, regulatory compliance and contractual compliance.

External Penetration Testing

In this phase the network and system infrastructure of the third party vendor would be tested for known vulnerabilities.

[+] Read More

  • Ensures that Network and System Infrastructure is Secure
  • Attempts to Compromise and Bypass Existing Security Measures
  • Validates Security at All Layers: Hardware, Digital, Human, Process, etc
  • Isolates any Security Bottlenecks and High Risk Areas
  • Ensures Resilient and Dynamically Secure Architecture
  • Helps Comply with PCI DSS, ISO 27001 and Other Standards
  • Meets Cyber Emergency Response Team of India (CERT-In) Standards

For more information about our External Penetration Testing Service please click here.

Internal Vulnerability Assessment

During this assessment we will identify security vulnerabilities on the vendor's internal network that could be exploited to obtain critical information that should not be available to everyone.

[+] Read More

  • Ensures that Network and System Infrastructure is Secure
  • Identifies Any Insecure Configurations
  • Weeds Out Insecure or Weak Password Credentials
  • Isolates Missing Network and System Patches
  • Ensures Resilient and Dynamically Secure Architecture
  • Helps Comply with PCI DSS, ISO 27001 and Other Standards
  • Meets Cyber Emergency Response Team of India (CERT-In) Standards

For more information about our Internal Vulnerability Assessment Service please click here.

Policy Implementation Audit

The Policy Implementation Audit phase checks if the vendor's information security policy is comprehensive enough to protect your sensitive information from being abused.

[+] Read More

  • Ensures that Vendor's Policies are Compliant with Best Practices
  • Confirms Compliance of Policies with Contractual Standards
  • GAP Assessment against Policies to Identify Potential Holes
  • Ensures Policies are Implemented in Real-World Conditions
  • Thorough Audit to Ensure Policies cannot be Bypassed or Abused
  • Meets Cyber Emergency Response Team of India (CERT-In) Standards
  • Helps Comply with PCI DSS, ISO 27001 and Other Standards

For more information about our Policy Implementation Audit Service please click here.

Network Security Configuration Audit

During this phase we carry out comprehensive network configuration auditing across vendor's hosts, network and security devices to identify security vulnerabilities.

[+] Read More

  • Ensures that Network Devices are Configured In-Compliance with Best Practices
  • Eliminates Common Configuration related Vulnerabilities
  • Cross-Checked with Policies and Contractual Requirements to Ensure a Holistic Security Environment
  • Ensures that Appropriate Logging and Access Controls are In-Place to Prevent and Detect Threats
  • Helps Comply with PCI DSS, ISO 27001 and Other Standards
  • Hardware Security Devices Can Become Useless if Not Configured with Appropriate Standards and Best Practices
  • Meets Cyber Emergency Response Team of India (CERT-In) Standards

For more information about our Network Security Configuration Audit Service please click here.

Web-Application Security Assessment

In this phase we identify the weaknesses and potential threats to your web application. Each finding will be assigned a risk rating based on the following criteria, along with remediation recommendations to resolve the threat.

[+] Read More

  • Ensures that Web-Application Infrastructure is Secure
  • Attempts to Compromise and Bypass Existing Security Measures
  • Validates Security at All Layers: Hardware, Digital, Human, Process, etc
  • Isolates any Security Bottlenecks and High Risk Areas
  • Ensures Resilient and Dynamically Secure Architecture
  • Helps Comply with PCI DSS, ISO 27001 and Other Standards
  • Meets Cyber Emergency Response Team of India (CERT-In) Standard

For more information about our Web-Application Security Assessment Service please click here.

Case-Studies

Vendor Information Technology Audit for a Insurance Company


Security Brigade conducted a Vendor Information Technology Audit for an Insurance Company. This case study highlights the techniques and processes implemented to meet the Client's key business goals while helping them to ensure that their vendors met the security standards and compliance requirements enforced by them.

Download PDF

Vendor Information Technology Audit for a Public Sector Bank


Security Brigade conducted a Vendor Information Technology Audit for a Public Sector Bank. This case study highlights the techniques and processes implemented to meet the Client's key business goals while helping them to ensure that their vendors met the security standards and compliance requirements enforced by them.

Download PDF

Vendor Information Technology Audit for a Telecom Company


Security Brigade conducted a Vendor Information Technology Audit for a Telecom Company. This case study highlights the techniques and processes implemented to meet the Client's key business goals while helping them to ensure that their vendors met the security standards and compliance requirements enforced by them.

Download PDF

Deliverables

Security Brigade's reporting process is industry-unique and aims to deliver maximum value to your organization and the administrations / developers directly interacting with the security audit. Each report is customer-specific and contains detailed information, proof of concepts, source code examples and configuration details with the aim of educating your IT teams for the long-term. The following are some of the deliverables you will receive on completion of a Vendor Information Technology Audit.

Executive Presentation


Provides a holistic overview of the entire engagement, detailing the issues from an impact and business risk perspective. The presentation is aimed at helping senior management quantify risks and take an informed decision while aligning security with business objectives.

Download PDF

Executive Report


Provides a high-level summary of the systems, network and applications covered, vulnerabilities discovered and the recommendations made to mitigate the threats identified through the engagement.

Download PDF

Technical Report


Provides comprehensive information about all the threats discovered on the systems, network and applications. It will include proof-of-concepts, technical explanations, remediation recommendations, screenshots, exploits, etc.

Download PDF

Project Summary Report


Provides a detailed summary of the engagement, the vulnerabilities identified, recommendations made and current status of the identified issues.

Download PDF

Excel Vulnerability Tracker


Simple and comprehensive vulnerability tracker aimed at helping the IT asset owner keep track of the vulnerabilities, remediation status, action items, etc.

Download PDF

Request a Call

Telephone: +91-022-23532909 | Contact Us | Twitter | Linked In
Security Consulting | Penetration Testing | Web Application Security | CERT-IN Empanelled | Privacy Policy
Copyright © 2007-2013 by Security Brigade InfoSec Pvt. Ltd. All rights reserved.