Snapshot of skills and competence of CERT-In empanelled Information Security Auditing Organisation

1. Name & location of the empanelled Information Security Auditing Organisation : Technologics and Controls, New Delhi, India

2. Carrying out Information Security Audits since : December 2002

3. Technical manpower deployed for information security audits :
CISSPs : 1
BS7799 / ISO17799 / ISO27001 LAs : 1
CISAs / CISMs: 4
DISAs / ISAs : 1
Total Nos. of Technical Personnel : 6

4. Outsourcing of information security auditing work to external Information Security Auditors / Experts : No

5. Information Security Audit Tools being used (available, installed and licensed):
Freeware : 10
Commercial : 3
Proprietary: 0
Total Nos. of Information Security Audit Tools : 13
(Click here for details of the information security audit tools)

6. Information Security Audit Methodology : OSSTM, OWASP, ISO27001, COBIT, Audit ICQ

7. Information Security Audits carried out so far :
Govt. : 2
PSU : 0
Private : 45
Total Nos. of Security Audits : 47

8. Business domains of auditee organisations : Banking, Insurance, Services, ITES, Finance, Stock traders, UN, Manufacturing, Defence, NGO, Government

9. Typical applications in use by auditee organisations : ERP (SAP, MFGPro, Ingenium, others), HR and Payroll, Document Imaging, Banking (CBS / TBA), Web and E-commerce Applications

10. Bandwidth available with an auditee organisation having most complex network:
Internal Bandwidth (LAN / Intranet) : 1 Gbps
External Bandwidth (WAN / Internet) : upto 16 MBPS

11. LAN infrastructure details of an auditee organisation having most complex network :
No. of Computers : 4000
No. of Servers : 190
No. of Switches : 400
No. of Routers : 150
No. of Firewalls : 4
No. of IDS' : 1

12. Ability to carry out vulnerability assessment and penetration test : Y