INFORMATION SECURITY MANAGEMENT

We work in close collaboration with our key partner Coral eSecure to bring excellence to your Information Security Management System.    

Coral eSecure is an Information Security, Risk Management, Business Continuity and IT Service Management Consulting and Training organisation with specific focus on:   

·         IT Governance (COBIT)       

·         Information Security ISMS (ISO 27001, ISO 17799, PCI, HIPAA, GLBA, DPA)     

·         Business Continuity (BS25999)       

·         ITIL/ IT Service Management (ISO 20000)     

Coral is the first Indian consulting organisation which provides an INTEGRATED MANAGEMENT SYSTEM CONSULTING, CONSISTING OF ISO 27001, ISO 20000 AND BS25999 – ALL THREE IN ONE!  

Coral provides Consulting, Assurance Audit and Training to address these industry standards and has successfully accompanied the following companies towards certification: 

• Birlasoft, NIIT Technologies, InterGlobe Technologies, Serco Global, Porritts & Spencer, eMR Technology Ventures, IVY Comptech, Inuva Info Systems and Tecnovate eSolutions (a Travelport company)    

In the following business sectors: 

• Data Centre services, Banking, Software Development, Manufacturing and Business Process Outsourcing    

TOP 5 BENEFITS OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) 

If you are considering what could possibly be the top benefits to build your information security management system, here are the top 5:   

1.       Partner Trust  - Demonstrate your business partners an element of trust – that their information is secure!    

2.       Adherence to secure practices  - Demonstrate your adherence to the best practices as per international practices (there are more than 11 domains and more than 133 controls)    

3.       Internal Risk Metrics  - A comprehensive framework of identification of information assets, and their risks (impact, vulnerability, probability), and their measurement.    

4.       Internal vulnerability management  - You yourself are conscious that information is secure and your are aware of how security breaches can take place independent of the existing controls.    

5.       Internal security measurement  - Key information security measurements in place to demonstrate how are in keeping track of security processes.    

6.       Last but not the least – an awareness to each member of staff, with clearly defined information security roles & responsibilities!    

GAP ANALISYS ON BEST PRACTISES (ISO 27001/ISO 20000/BS25999/OTHERS)  

If you really need an independent opinion of how far you are away from the international best practices, Coral provides you benchmarking against all of the following standards in just 7 days of assessment!  

·         Business Continuity Management System (BCMS) – BS25999

·         ITIL Service Management (ITSM) – ISO 20000

·         Information Security Management System (ISMS) – ISO 27001/ISO 27002      

·         Control Objectives for Information and related Technology ( COBIT)      

·         Payment Card Industry (PCI-DSS)     

·         Integrated Model (chose combination of the above) – NB: this may take more than 7 days  

Coral adopts a risk-based, high impact methodology to assess control applicability. The outcome of such assessments includes the followings:    

·         Status of the detailed control (the chosen standard/s) whether performing (conformity) or not-evident (non-conformity)    

·         Maturity rating of the control objective on a 6-point rating stating whether the control is not-existent (rating – 0), or whether the control process is optimal and maturing (rating 5)    

·        Recommendation on gaps through clear management     

Listed below are some of the benefits of each of these management systems as applicable to the practice:  

Top 5 benefits of ISMS – ISO 27001 Compliance  

See here!  

Top 5 benefits of ITSM – ISO 20000 Compliance      

1.       Provides a single, definable, repeatable, and scalable documented framework for IT best practices that flows across the IT organization.

2.       Defines IT in terms of services rather than systems.     

3.       Improves communication and information flows between IT and organization business departments.     

4.       Supports reducing IT costs and justifying the cost of IT quality.     

5.       Supports ability of IT to measure and improve internal performance and service provisioning.    

Top 7 benefits of ITSM – BS25999 Compliance      

1.       Survival - The harsh but simple fact is that there are a hundred and one things that can disrupt a business. A well thought out, practical plan can mean the difference between coping with a disaster and going bust.     

2.       Revealing inefficiency -   A business under threat can be viewed like a patient on an operating table. The priorities are clear; maintain the blood supply (like cash flow), oxygen (like communication links) and at all costs protect the vital organs (like the staff, or premises). Business continuity planning starts with a thorough analysis of the business to decide what parts are vital. Is that product or service really essential to what we do? Why do we need four of those not two? When viewed like this the non-critical parts reveal themselves – all the procedures and resources that have appeared over the years but which aren’t really necessary.      

3.       Gaining the marketing edge   - Having a business continuity plan can give you the edge over your competitors. It shows your commitment to deliver no matter what happens. Put yourself in your customer’s shoes - do you sign the contract with the business that has a business continuity plan? Or the one that doesn’t?      

4.       Boosting staff morale -   To find and keep excellent staff you need to inspire confidence and maintain loyalty. When something goes wrong they expect/demand the business to have a plan and to cope. In return they will give you their best efforts.      

5.       Compliance -   The demand for business continuity plans is now rippling down from big business to their smaller suppliers. Irrespective of the country that you are located, it is highly likely that if your enterprise has public transactions, then the regulatory body must be demanding ever-increasing regulations, one of which would be business continuity.       

6.       Increased business value - A business that will cope with whatever is thrown at it is a more valuable and reliable investment than others. Ensure this is factored in when asking your bank manager for a loan, when selling some equity or dealing with the new owner when you have decided to sell up and relax.      

7.       Relaxation!   While other business people lie awake at night, you can rest easy knowing your business continuity plan is ready should the worst happen.      

Coral eSecure can advise and consult you for all the above and more.

Contact Us for more details.