Vulnerability Assessment / Penetration Testing
Security Gap Analysis
Security Architecture Design Implementation & Testing
SAP Security Audit
Vulnerability Assessment / Penetration
A Vulnerability Assessment is a simple process to determine the
current state of security. It usually entails using a standard Vulnerability
Penetration Testing is the single most effective means by which
an organisation can test for security vulnerabilities without actually
being breached by an unauthorized perpetrator. Penetration Testing
can provide new insights into the security infrastructure, and the
points of weakness most likely to be targeted by a hacker .
Security GAP Analysis
Most organizations have information security controls in place.
Usually it is a mixture of firewalls, IDS / IPS systems and organizational
security policies such as a Email usage / Internet usage . Some
organizations must satisfy regulatory compliance requirements, while
others want to ensure they are taking all the appropriate steps
to keep their data and networks secure.
vAptus can perform a Gap Analysis to establish an organization’s
current security policies, standards and procedures, and compare
them to compliance requirement. The Gap Analysis helps an organization
gain insight into the areas that need Mapping to required Compliance.
vAptus has experienced security practitioners that help companies
establish a comprehensive security program by addressing their
security organization, deployment strategy and overall security
Security auditing is the formal examination and review of actions
taken by system users. This process is necessary to determine
the effectiveness of existing security controls, watch for system
misuse or abuse by users, verify compliance with current security
policies, capture evidence of the commission of a crime (computer
or non-computer related), validate that documented procedures
are followed, and the detection of anomalies or intrusions. Effective
auditing requires that the correct data should be recorded and
that is undergoes periodic review.
vAptus Security Consulting will customize the audit to focus on
those areas that concern your organization more. We can also assess
your ongoing requirements, including regular problems of your
systems, and alerts customized to your organization regarding
known security risks with the current systems.vAptus has well
experienced technical, certified lead auditor's team to handle
the assignments and deliver in time.
Security Architecture & Network Services
Our InfrastrurceConsulting Services group helps you plan, design
and implement technical architectures and infrastructure.
The Security solution based on the defined security architecture
and the associated security policies are re charted out for implementation
during this phase. A detailed activity plan with specific schedule
is chalked out. Post implementation, recommendations are given
to test for security vulnerabilities and patches and apply them
accordingly. The implementation plan ensures that the applications
are tested for functionality at each stage.
An implementation plan brief will be delivered for the proposed
security architecture framework, which will consist of:
• Details of current systems within the Security Architecture.
• Network diagrams all the details
• Security Framework and configuration details
• Configuration of various recommended security products
Application Security Audit
Application Security Review evaluates the security posture of
an application across the development life cycle, enabling you
to identify, eliminate, and prevent security risks in the applications
that drive your business.
SAP Security Audit
Our auditing services range from very detailed audits (including
detailed lists of who can do what, detailed and understandable
risk descriptions, conceptual and procedural findings, relevant
recommendations, Sarbanes-Oxley internal control impact) to quick
scans. Following is a list of some of the areas we review:-
1. Assessing, defining, and making recommendations to the existing
SAP security landscape
2. Analyze roles and access provided and develop recommendations
on how to best design roles to meet
business and security requirements (i.e. analyze authorization
3. Check for Segregation of duties compliance
4. Security parameters and security relevant internal processes
5. Set up and review risk acceptance
6. Internal security policing policy and tools
7. Custom reporting for auditors and/or audit tools
8. Assist in audit remediation