Snapshot of skills and competence of CERT-In empanelled Information Security Auditing Organisation

1. Name & location of the empanelled Information Security Auditing Organisation : Cyber Security Works Pvt. Ltd., Chennai
   
   
2. Carrying out Information Security Audits since : October 2008
   
   
3. Technical manpower deployed for informationsecurity audits :
   CISSPs: 3
   CISAs: 2
   DISAs / ISAs: 0
   Total Nos. of Technical Personnel: 8
   


4. Outsourcing of External Information Security Auditors / Experts : No
   
   
5. Information Security Audit Tools used (owned, in possession) :
   Freeware: 19
   Commercial: 6
   Proprietary: 4
   Total Nos. of Audit Tools: 29
   (Click here for details of the audit tools)
   


6. Information Security Audit Methodology : OWASP, ISO27001, COBIT
   
   
7. Information Security Audits carried out so far:
   Govt.: 6
   PSU: 2
   Private: 6
   Total Nos. of Information Security Audits done: 14



8. Business domain of audited organizations: Banking, Financial, Power and Energy, Government, e-Governance, Media, ISP
   
   
9. Typical applications in use by audited organizations: ERP , Web Based, Client-Server
   


10. Typical bandwidth (maximum) of any audited organizations :
    Internal Bandwidth (LAN / Intranet): 1 Gbps
    External Bandwidth (WAN / Internet): 140 Mbps
    



11. Networked Infrastructure details of an organizations audited with most complex network:
    No. of Computer Systems: 8000
    No. of Servers: 400
    No. of Switches: 100
    No. of Routers: 60
    No. of Firewalls: 1
    No. of IDS': 1
    
    


12. Ability to carry out vulnerability assessment and penetration test : Yes
    

Key : NA = Not Available (data not provided by the CERT-In empanelled Information Security Auditing Organisation).