Snapshot of skills and competence of CERT-In empanelled IT Security Auditing Organisation

1. Name, Location of the empanelled IT Security Auditing organisation : Ernst & Young Pvt. Ltd., Chennai
   
   
2. Carrying out Information Security Audits since : January 2001
   
   
3. Technical manpower deployed for IT security audits :
   CISSPs : 9
   BS7799 / ISO27001 LAs : 2
   CISAs / CISM : 65
   DISAs / ISAs : 1
   Total Nos. of Technical Personnel : 145
   
   
4. Outsourcing of External IT Security Auditors / Experts : No
   
   
5. IT Security Audit Tools used (owned, in possession) :
   Freeware : 9
   Commercial : 8
   Proprietary: 9
   Total Nos. of Audit Tools : 26
   (Click here for details of the IT Security audit tools)
   
   
6. IT Security Audit Methodology : Beyond Standard
   
   
7. IT Security Audits carried out since empanelment till now :
   Govt. : 4
   PSU : 7
   Private : 68
   Total Nos. of Security Audits : 79
   
   
8. Business domain of auditee organisations : Banking, Financial Services, Software Development, Telecom, FMCG, Manufacturing.
   
   
9. Typical applications in use by auditee organisations : Online Banking Solutions, Stock Trading Platforms, Online / Mobile Payment Solutions, ERP, CRM, Billing Systems, Corporate Websites.
   
   
10. Typical bandwidth (maximum) of any auditee organisations :
    Internal Bandwidth (LAN / Intranet) : 150 Mbps
    External Bandwidth (WAN / Internet) : 20 Mbps
    
    
11. Networked Infrastructure details of an organizations audited with most complex network :
    No. of Computer Systems : 10000
    No. of servers : 600
    No. of switches : 400
    No. of routers : 400
    No. of firewalls : 15
    No. of IDS' : 24
    
    
12. Ability to carry out vulnerability assessment and penetration test : Yes
    
    

Key : NA = Not Available (data not provided by the CERT-In empanelled Information Security Auditing Organisation).