 News & Announcement |
|
|
|
Home  Experiences
| |
 |
| |
| Following are some projects engagement and experience our consultants had over the last few years. |
|
| |
| |
FSI Industry | Local and Foreign Banks, e-Payment Operator, Investment Management Institutions
Audit and Review, Assessment, Development, Training
Our consultants have performed numerous IT security assessments projects for the FSI. These assessments involved internet facing banking systems, forex and trading systems, and other back-room systems running on commercial leading solutions like BEA Weblogic, IBM Websphere, Sun iPlanet, Oracle e-Business Suite, SAS, Sibels, CRM solutions, SAP solutions, etc. We covered a full 3-tiers assessment on web-app-database, and other infrastructure and architecture systems such as firewalls, authentication and single-sign-on, network and security devices, wireless and desktop. Occasionally, we covered legacy systems and databases.
We have successfully help secured their infrastructure, improved operation practices, and uncovered weakness and vulnerabilities on application and design of systems over these years. We have conducted audit and review, vulnerability assessment and pen-testing, and we have took on challenges to help them identify and counter new exploits and threats. We have performed secure architecture review and secure code review to further help enhance protections.
|
| Highlights |
|
|
|
| |
 |
| |
Commercial | Airline Industry
Audit and Review, Assessment, Development and Design
Our consultants serviced over 20 airline-related security assessment projects covering policies development and review, network, systems and applications penetration tests, secure architecture reviews, code and process reviews. We are familiar with airline industry ticketing, promotions, booking and membership practices. Our assessment covers Abacus system, credit-cards clearing, legacy arcade systems, complex reservation processing systems and resource booking systems. Our consultants are always able to provide new angles of considerations and discuss security operation concerns and possible risk exposure to clients. Through these projects, our consultants have advised on design and implementation flaws relating to inter-systems integration problem that lead to security loop-holes, and have recommended necessary preventions on these possible abuses.
|
| Highlights |
|
|
|
| |
|
| |
Commercial | Petrochemical, Automotive Manufacturing, Online Gaming Industry
Audit and Review, Assessment, Development and Design
Our consultant serviced a few international oil majors covering IT audit for statutory and group financial audit purposes. These audits cover IT General Controls, IT Application Controls and IT Controls relating to Financial Reporting.
We are familiar with the requirements of IT controls relating to compliance with ISO and SOX404; and are experienced in helping internal audit function or departments perform internal self-assessments on their IT infrastructure.
Our consultants are able to provide new insights into increasing the effectiveness of internal controls given the operation constraints and risk exposures of clients. Through these projects, our consultant has recommended practical solutions to system design and implementation of IT Controls relating to Financial Reporting.
Frequently, our consultant reported these findings to System Implementation Teams and worked with them to help ensure compliance and reduce or avoid findings by external auditors.
|
| Highlights |
|
|
|
| |
|
| |
Telecommunication, Commercial & Education | Multi-national Corporation (MNC) and Institutes of Higher Learning (IHL)
Large Scale Assessment, Audit and Review
Our consultants have performed multiple complex large-scale assessments and developed assessment methodologies suiting our clients’ environment. These are repeated clients that engage our services for consecutive years.
|
| Highlights |
|
|
|
| |
|
| |
PCI Industry | PCI Audit
Audit and Review, Assessment, Training
Our consultants have undergone global certification program recognized by Payment Card Industry (PCI) Security Standards. They have attained Qualified Security Assessor (PCI-QSA) and Qualified Payment Application Security Assessments (PCI – QPASA). PCI was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. Our consultants have experience in performing on-site PCI security assessment for numerous credit card service providers. Our consultants have helped these clients to enhance payment account data security by fostering broad adoption of the PCI Security Standards.
|
| Highlights |
|
|
|
| |
|
| |
Government | Ministries, Statutory Board and Agencies, Institutions
Audit and Review, Assessment, Development, Training
Our consultants have performed numerous IT security assessments on many ministries and government agencies.
These services includes: System Security Audit & Review, Physical & Environmental Security Audit & Review, Policies Development & Review, Network Vulnerability Assessment and Penetration Testing, Web Application Penetration Testing, Wireless Security Assessment, Secure Architecture Review, Application Security Design Review and Security Training.
We have successfully advised these clients to attend to their weakest security link within their organization. We provided them with practical advices on risks prioritization, mitigations or remediations needed.
In one particular project, our consultants uncovered an unusual phenomenon. The environment was well protected by a vigilant operation team and had high standards of security practices. They applied patch process conscientiously and have conducted many audits. However, we uncovered some servers were still infected with many high-severity vulnerabilities. Our consultants were able to help the client investigate and nail down the root cause of this puzzling inconsistency. We made remedy advices. We helped in explaining to the management and gained their understanding of the problem, as well as the endorsement of necessary actions.
In some projects where tight security on fund transaction systems and databases were implemented, our consultant was able to pin-point flaws or oversights that may lead to possible access to these sensitive systems from internet. We have helped education institutions in uncovering and preventing attacks that may lead to exam results database alteration and deletion, leakage of test papers. We also conducted assessments on ERP and finance systems and prevented crucial information leakage to internal and external network. Our consultant has performed audit and review on government Lotus Notes system, and security assessment on Lotus Notes applications. Our consultant reported these security findings to Notes expert team and worked with them to provide adequate mitigation and recommendation to the client. |
| Highlights |
|
|
|
| |
|
