IT governance policies and procedures

Risk Management involving,

• Identification of key Information assets

• Assessing the vulnerability levels of the key information assets

• Assessing the probability of the threat upon vulnerability exploitation

• Assessing the impacts on confidentiality, integrity, availability upon such exploitation (both qualitative and quantitative)

• Evaluating the resultant risk level for each key information asset or group of assets

• Assessing information security requirements

• Evaluating the prevailing controls (if any)

• Gap analysis over the effectiveness of the prevailing controls vis-à-vis the level of security requirements

• Recommending appropriate risk treatment plan taking into consideration the residual risk, risk appetite of the client organization, additional controls where necessary

Information Systems Assessment/Audit

• Conducting design assessment with a walkthrough of the business / IT processes and verify if the applicable controls are placed appropriately in the business / IT processes

• Performing operational effectiveness assessment to verify if the controls placed in the business /IT processes are operating and such operation is effective to mitigate the risks per control objective

• Gaps identified will be put to analysis and necessary remediation is recommended

• Remediation testing is performed to verify the effectiveness of such remediation

• Submitting necessary reports to the management on the assessment/audit performed