Empanelled Information Security Auditing Organisations
Empanelled Information Security Auditing Organisations
Empanelled Information Security Auditing Organisations
The List of IT Security Auditing Orgnisations, as given below, is up-to-date valid list of CERT-In
Empanelled Information Security Auditing Orgnisations. This list is updated by us as soon as there is
any change in it.
E-52, Sector-3,
Noida – 201301.
Website URL : http://www.aksitservices.co.in
Ph: 0120-4545911, 0120-2542253
Fax : 0120-4243669
Contact Person : Mr. Ashish Kumar Saxena, Managing Director
Mobile : +91 7290058951
E-mail : [email protected]
B4 Laxmi Niwas, Opp Gokhale Hall (Bedekar School), BPD Road, Naupada, Thane (W)
400602, Maharashtra, India
Ph : +91-9870484240 / +91-9324210232
Fax: Not available
Contact Person : Ms Tasneam V / Mr Murtuza Laheri
E-mail : [email protected] / [email protected]
38. KPMG
NSIC Campus,
Software Technology Park Extn,
Okhla Phase III,
New Delhi - 110020
Contact person:Mr. Srivathsan Sridharan, Vice President- Sales
Mobile: 9599057764
Email: sri.s@ lucideustech.com
Shilpa Vidya 49, 1st Main, 3rd Phase, JP Nagar, Bangalore- 560078
Website URL: www.paladion.net
Ph : 080-42543444
Fax: 080- 41208929
Contact Person: Mr. Amit Tewari, Sales Manager
Mobile: +91 09910301180
E-mail : [email protected]
Shri Milind Dharmadhikari , Practice Head - IT Risk & Security Management Services
2nd Floor, SumaCenter,
Opposite Himali Society,
Erandwane,
Near Mangeshkar Hospital ,
Pune, Maharashtra 411004
Email: [email protected]
Mobile: 9870006480 , 9822600489
Corporate Office :A-302 & A-303, Oxy Primo, Gate No. 599, Bakori Phata,
Pune-Nagar Highway,Opp. Jain College, Wagholi, Pune-412207, Maharashtra, India.
Ph: 2040222891
Fax: 2040222891
Contact Person : Shrushti Sarode
Email : [email protected]
Mobile: 840 8891 911
Wipro Infotech,
480-481, Udyog Vihar, Phase-III,
Gurgaon, Haryana
Ph No: 0124-3084000
Fax : 0124-3084269
Contact Person : Mr. Prabir Kumar Chaudhuri
Mobile : +91 9818600990
Fax: 0124-3084269
E-mail : prabir.chaudhuri @wipro.com
86. Wings2i IT Solutions Pvt. Ltd.
Postal address: No 80, 3rd Floor, BOSS SQUARE, 1st Cross, 2nd Main, BTM 2nd Stage,
Bangalore, Karnataka, INDIA 560076
Ph : +91 80 50271700/01
Contact Person : Reena Ramachandran, Director
E-mail :[email protected]
Govt. : 160+
PSU : 75+
Private : 20+
Total Nos. of Information Security Audits done : 255+
CISSPs : 4+
BS7799 / ISO27001 LAs : 25+
CISAs : 12+
DISAs / ISAs : 5+
Any other information security qualification : 30+
Total Nos. of Technical Personnel : 60+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Information Security Audit including SAP Audit for a Municipal Corporation for above Rs. 1
Crore
Consultancy for Implementing ISO 27001 for 17 Data Centers across India including
Vulnerability Assessment and Penetration Testing for Rs. 54.57 Lakhs
Commercial
i. Acunetix
ii. Core Impact
iii. Nessus Pro
iv. Nipper
v. Burp Suite
Freeware
i. Nmap
ii. DOMTOOLS - DNS-interrogation tools
iii. Nikto - This tool scans for web-application vulnerabilities
iv. Firewalk - Traceroute-like ACL & network inspection/mapping
v. Hping – TCP ping utilitiy
vi. Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files,
etc.). facilitate the interception of network traffic normally unavailable to an attacker
vii. HTTrack - Website Copier
viii. Tools from FoundStone - Variety of free security-tools
ix. SQL Tools - MS SQL related tools
x. John - John The Ripper, Password-cracking utility
xi. Paros - Web proxy for web application testing
xii. Wikto - Web server vulnerability assessment tool
xiii. Back Track
xiv. Meta Sploit
xv. Ethereal - GUI for packet sniffing. Can analyse tcpdump-compatible logs
xvi. NetCat - Swiss Army-knife, very useful
xvii. Hping2 - TCP/IP packet analyzer/assembler, packet forgery, useful for ACL inspection
xviii. Brutus – password cracking for web applications, telnet, etc.
xix. WebSleuth - web-app auditing tool
xx. HTTPrint – detect web server and version
xxi. OpenVas
xxii. W3af
xxiii. Owasp Mantra
xxiv. Wire Shark
xxv. Ettercap
xxvi. Social Engineering Tool Kit
xxvii. Exploit database
xxviii. Aircrack-Ng
xxix. Hydra
xxx. Directory Buster
xxxi. SQL Map
xxxii. SSL Strip
xxxiii. Hamster
xxxiv. Grimwepa
xxxv. CAIN & Able
xxxvi. Rips
xxxvii. Iron Wasp
xxxviii. Fiddler
xxxix. Tamper Data
Proprietary
i. AAA - Used for Finger Printing and identifying open ports, services and
misconfiguration
ii. Own developed scripts for Operating System and Database Audit
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 6
PSU : 2
Private : 33
Total Nos. of Information Security Audits done : 41
Billing Audit 1
Total 41
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations Refer Annexure II
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value. Refer Annexure_III & Purchase order copies attached.
Back
ANNEXURE – I
Back
ANNEXURE – II
Details of technical manpower deployed for information security audits in Government and
Critical sector organizations
Back
ANNEXURE - III
Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value.
Scope includes
1. IS Audit of Application Controls - Evaluating the
adequacy and effectiveness of controls in a
particular application
2. IT Environment Review - Evaluation of controls
addressing the general risks associated with the
operation of information technology viz. change
control, disaster recovery, physical upkeep of the
surroundings such as cleanliness, physical access to
the computers, fire-fighting readiness, etc.;
3. IT Technical Review - Evaluation of the network
architecture and the vulnerability of the IS
environment to the risks such as unethical hacking,
etc.
a) Information System Security Policy
(ISSP)
b) Implementation of ISSP
c) Physical Access Controls
d) Operating System Controls
e) Database controls
f) Network Management
g) IS Audit Guidelines
Sr. Client Name Project Title Particulars of Projects
No.
IT Management Controls
Certification, Accreditation and Security Assessment
Planning
Risk Assessment
System and Services Acquisition
IT Operations Controls
Awareness and Training
Configuration Management
Contingency Planning
Incident Response
Maintenance
Media Protection
Physical and Environmental Protection
Personnel Security
System and Information Integrity
Sr. Client Name Project Title Particulars of Projects
No.
IT Technical Controls
Access Controls
Audit and Accountability
Identification and Authentication
System and Communications Protection
Short term
Medium Term
Long Term
Consortium/Syndicated Loans
v. Trade Finance – non-fund based
Letter of credit
Bank Guarantee
Deferred Payment
Sr. Client Name Project Title Particulars of Projects
No.
vi. Bills Business
Collection of bills and cheques - Inward and
outward
Purchase/Discounting of sales/drawee bills (clean
and documentary) / Cheques
Bills Related Advances
Retail Loans
x. Government Business
Pension payments (State / Central / Railways)
Direct Tax collection
RBI Relief Bonds
Indirect Tax - Excise
A. Functionality perspective:
B. Controls perspective
Compliance Test
The auditor will use Quick Test Pro (QTP) for the
purpose of auditing the application
Data Migration Audit
Scope of work
Back
ANNEXURE- IV
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
AKS Information Technology Services Pvt. Ltd., E-52, Sector-3, Noida-201301 (UP)
Govt. : 794
PSU : 60
Private : 180
Total Nos. of Information Security Audits done : 1034
CISSPs : 02
BS7799 / ISO27001 LAs : 06
CISAs : 02
DISAs / ISAs : 00
CEH/OSCP/CCNA/CASP/MBCI : 28
Total Nos. of Technical Personnel : 40
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Carried out Infrastructure, Process & Security Audit of one of the competition exam
conducted online. Total Number of Nodes were approx. 2,00,000. 31 different cities
with 276 locations. Project value was approx. 70 Lakh
Carrying out Cyber Security Audit for one of the National Level Power Sector Project
including audit of SCADA system, Project value is approx. 40 Lakh
Freeware Tools
Commercial Tools
*Information as provided by AKS Information Technology Services Pvt. Ltd. on 25th Nov
2016
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : <4>
PSU : <0>
Private : <140>
Total Nos. of Information Security Audits done : 145
CISSPs : <9>
BS7799 / ISO27001 LAs : <45>
CISAs : <15>
DISAs / ISAs : <2>
Any other information security qualification: <number of>
CEH : 57
CISM : 2
CHFI : 2
CSSLP : 3
CCNA : 26
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
One of the largest banks in Middle East (We cannot declare the name of banks we have NDA
signed with them). Three Geographical Locations: India, SA, and London
Complexity: Project involved Network Security Architecture Review, Wireless Security Audit,
Internal Vulnerability Assessment and Penetration Testing, Social Engineering, Security
Configuration Review, Phishing Diagnostics, Physical Security Review, Application Penetration
Testing, Risk Assessment, Polices and Procedures Review
Name Description
Open Source Tools
Nmap Port Scanner, Fingerprinting
Netcat Network Utility
SuperScan Port Scanner
Snmp Walk SNMP Scanner
User2SID Windows Service Identifier
Sid2User Windows Service Identifier
John the Ripper Unix and Windows Password Analyzer
Metasploit Exploit Framework
Backtrack Live CD Exploit Framework
Paros HTTP/S Interception Proxy
Burp Suite HTTP/S Interception Proxy
Brutus Brute force password utility
Cookie Editor Firefox Plug-in to Edit Cookies
Netstumbler Wireless Network Detector / Sniffer
Kismet 802.11 Wireless Network Detector / Sniffer
MySQL Administration Tool Administration tools for SQL Database
GoCR OCR Reader
Commercial Tools
Accunetix Web Vulnerability Scanner
Burp Suite Pro Web Vulnerability Scanner & Interceptor
Nessus Network Vulnerability Scanner
CheckMarx Source Code Review
Custom Tools
PHP Security Audit Script Web application configuration review tool
We don’t outsource information security audit to outside vendors. Aujas execute its entire
project undertaken.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 28+
PSU : 6+
Private : 8+
Total Nos. of Information Security Audits done : 42+
CISSPs : -
BS7799 / ISO27001 LAs : 2
CISAs : 3
DISAs / ISAs : -
Any other information security qualification: 7
Total Nos. of Technical Personnel : 15+ Information Security Experts having an experience
from 1 to 15+ years.
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (indicative list only)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value: CyberQ has executed a number of large projects:
- Geographical locations – India, South-east Asia, SAARC, Middle East, Africa and Europe
- Industry – Government, Telecom, BFI, IT, Power, BPO, Automotive
- Services provided – IT Security Audit, ISMS Consultancy /Audit, Application Security audit,
Performance audit, PKI audit, Industrial Control Systems security audit, etc.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 15
PSU : 03
Private : 500+
Total Nos. of Information Security Audits done : 500+
CISSPs : 8
BS7799 / ISO27001 LAs : 15
CISAs : 10
CEH : 8
PCI QSA : 15
PA QSA : 4
ASV : 3
CISM : 1
CRISC : 1
CCNA : 3
ITIL : 3
PMP : 2
Total Nos. of Technical Personnel : 50 plus
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value:
Commercial :
Backtrack / Kali Linux Framework – Nmap, Netcat, cryptcat, Hping, Sqlmap, JTR, OpenVAS,
SET, MSF, Aircrack suite, Dirbuster, Cain
Rapid 7 NExpose
Fiddler
Charlse Proxy
Eco Mirage
Proprietary :
ControlCase GRC - ControlCase GRC is a consolidated framework that quickly and cost-
effectively enables IT governance, risk management and compliance (GRC) with one or
several government or industry regulations simultaneously. It allows IT organizations to
proactively address issues related to GRC and implement a foundation that is consistent and
repeatable.
ControlCase Compliance Manager (CCM) - Built upon the ControlCase GRC (CC-GRC)
platform and provides an integrated solution to managing all aspects related to compliance.
CCM allows organizations to implement the processes, integrate technologies and provide a
unified repository for all information related to Compliance.
Card Data Discover (CDD) - ControlCase Data Discovery (CDD) addresses key need of
Credit Card Data Discovery and is one of the first comprehensive scanners that not only
searches for credit and debit card data on file systems, but also in most commercial and
open source databases, and all this searching is done WITHOUT installing any agents on any
scanned system. It scans the whole enterprise from one location.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
ERP application audit (Application Security review - 500+ screens across various Roles
)
Freeware
6. Libnet – High level API for construction & injection of network packets
9. Somersoft -- Security configuration, registry entries and access control lists on systems
running the Windows operating system.
Commercial
Proprietary
2. *nix scripts -- A collection of scripts to assess the security configuration including file
level ACLs on *nix systems (SCO OpenServer, Linux, HP-Ux, AIX, Solaris, *BSD).
4. FakeOra -- Security assessment of 2-tier applications that use Oracle 8i (and above) as
the RDBMS).
9. EY/Mercury – Web based technical work plan generator to perform security configuration
review of IT infrastructure
Back
napshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 20
Total Nos. of Information Security Audits done: 20
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : <1>
BS7799 / ISO27001 LAs : 15
CISAs : NA
DISAs / ISAs : NA
Any other information security qualification : 10
Total Nos. of Technical Personnel : 25
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Netmagic’s one of the largest and complex project was to carry out Information Security
Assessment / Audit for one of India’s new age finance company which has recently acquired
banking license. The scope of entire activity includes:
The project value was approximately 42+ Lacs and managed security services worth 1 Cr. INR.
Open Source
Webscarab/Paros/Burp
Grendle scan/Nikto/w3af
KALI Linux
Dir buster
WebSecurify
Commercial
Nessus
Hacker Guardian
Netgear Wi-Fi Scanner
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 25
PSU : 3
Private : 90
Total Nos. of Information Security Audits done : 118
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 4
BS7799 / ISO27001 LAs : 10
CISAs : 3
DISAs / ISAs : None
Any other information security qualification: 10
Total Nos. of Technical Personnel : 40
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Commercial: Netsparker, Burp Suite Pro, Nessus, GFI, Havij, Appscan, Acunetix,
Checkmarx, Veracode, Cenzic Hailstorm
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 2
PSU : 1
Private : 20
Total Nos. of Information Security Audits done : 23
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
6. Technical manpower deployed for information security audits : CISSPs : 1 CISAs : 1 Any other
information security qualification:
MCTS : 1
CCNA Security : 1
CEH : 3
Cyber Security Specialists : 2
Certified Forensics Professionals : 2
Total Nos. of Technical Personnel : 22
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
- Annual Information Security project with client based out of multiple locations in India and USA.
Project having work scope of 24 man months which includes testing of web applications, client server
applications and network and security reviews of offshore sites. The total project value has been US
$ 200,000.
10. Outsourcing of Project to External Information Security Auditors / Experts: No ( If yes, kindly
provide oversight arrangement (MoU, contract etc.))
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 10+
BS7799 / ISO27001 LAs : 25+
CISAs : 10+
DISAs / ISAs : 5+
Any other information security qualification : 50+ CEH
Total Nos. of Technical Personnel : 700+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required):
We have 700+ technical personnel who are into information security projects. Here
are a few of them-
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value.
We execute 500+ projects each year globally. Here are a few of them-
e) Host discovery
c) Threat Advisory
4 Application Security Assessment Burp Proxy and Scanner, Paros Proxy and Scanner,
Wireshark, Winhex, , CSRF Tester, Elixan, OpenSSL,
tHCSSLCheck, Firefox Extensions, NetSparker
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 50+
PSU : 32+
Private : 50+
Total Nos. of Information Security Audits done : 100+
11. Number of audits in last 12 months , category-wise (Organization can add categories
based on project handled by them)
CISSPs : 5+
BS7799 / ISO27001 LAs : 5+
CISAs : 5+
DISAs / ISAs : -
Any other information security qualification : CEH – 20+
Total Nos. of Technical Personnel : 200+
13. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
14. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Design and monitor the Information Security and Performance as part of the
Governance, Risk and Compliance (GRCP) initiative of the largest biometric service
provider
M/s. PricewaterhoouseCoopers Pvt. Ltd. has been engaged to facilitate creation of a robust,
comprehensive, secure environment for UIDAI ecosystem including setting up the GRCP
framework for the organization, carrying out compliance assessment of more than 250+
ecosystem partners based on ISO standards and organization’s information security policy,
conducting vulnerability assessment, penetration testing and application assessment for the
entire ecosystem based on OWASP guidelines.
Implementation and Monitoring of GRC Framework for the IT consolidation Project for
a
Department under Ministry of Finance (GoI)
PwC has been engaged with the client to assist in design, implementation and monitoring of
framework aimed towards achieving secure virtualization of processes/ systems supporting
generation, processing and creation of sensitive tax-payer data. Broadly our scope includes:
Review of Security governance framework covering three data centers and select other
locations
Review of the security policy and procedures and assistance in ISMS implementation
Performance measurement for all large vendors for SI, Data Centre, LAN, WAN and MPLS
services
Periodic Security audit for critical site locations including Data Centers, Custom and Excise
Houses
Application Audit and SDLC review for all the 5 business critical applications used by the
department
Periodic Vulnerability Assessment and Penetration Testing (both Internal and External) of the
centralized IT Infrastructure.
Periodic Configuration review of the supporting network devices at the Data Centres
Periodic Security Assessments of the web applications
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
STQC Directorate
STQC Directorate,
6 CGO Complex and STQC IT Centers at Delhi, Kolkata, Mohali, Pune, Bangalore, Hyderabad,
Trivandrum, Chennai.
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
Network security audit : 16
Web-application security audit : 90
Wireless security audit : Nil
Compliance audits (ISO 27001, PCI, etc.) : 12
8. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Secure software
development, ISMS
2 Mr. Manoj Saxena 1985 LA, Master Trainer 2
3 B.K. Mondal Jan-90 ISMS LA, CEH 13
4 Aloke Sain Nov-91 ISMS LA, CEH 11
5 Subhendu Das Jun-89 ISMS LA, CEH 13
6 Chittaranjan Das Nov-86 ISMS LA, CEH 5
Tapas
7
Bandyopadhyay May-91 ISMS LA, CEH 9
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value. 28 number of Important Government website hosted at
various locations.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
Network security audit : 28
Web-application security audit : 40
Wireless security audit : 10
Compliance audits (ISO 27001, PCI, etc.) : 7
CISSPs : 1
BS7799 / ISO27001 LAs : 17
CISAs : 1
DISAs / ISAs : NIL
Any other information security qualification : 15
Total Nos. of Technical Personnel : 5
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Large Global Presence Hotel- 95 hotels, both network and web applications,
Across the globe.
Project value : RS 120,00,000.00 (1.2 Crores)
Freeware –
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
11. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No ( If yes,
kindly provide oversight arrangement (MoU, contract etc.)) –
For this, we have (a) Confidentiality and Non Disclosure Agreement; (b)
adherence to IT Security and other Policies and (c) clear cut scope of work,
with clear knowledge of client.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : <0>
PSU : <2>
Private : <280+>
Total Nos.nof Information Security Audits done : 282
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : <3>
BS7799 / ISO27001 LAs : <7>
CISAs : <10>
DISAs / ISAs : <1>
Any other information security qualification : <26>
Total Nos. of Technical Personnel : 47+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Back
Annexure 1
List of Tools SISA presents the most commonly used commercial and open source tools in a
SISA Security Audit
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Torrid Networks Pvt. Ltd. , C-171, 2nd Floor, Sector 63, Noida, NCR
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Metasploit, Burp Suite SQLMAP, Dnsenum, Knockpy, whatweb, Nikto, Subbrute, Recon-ng,
Owasp zap, Fiddler, Tamper data, Live http header, Appscan, Accunetix, Wapplyzer,
Dirbuster, wfuzz, Weevely, Nmap, Nessus, Hydra, fping, Wireshark, Tcpdump, testssl,
sslscan, rpcclient, Ethercap, enum4linux, snmpwalk, netcat, Nipper-ng, Microsoft Baseline
Security Analyzer, Intrust, Intrufi
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
ValueMentor Consulting
ValueMentor Consulting
"Chandanam”, Infopark Thrissur,
Koratty, Kerala, India – 680 308
Ph: +91 - 487 - 2970 700 / 974 5767 949
Govt. : 20
PSU : 2
Private : 117
Total Nos. of Information Security Audits done : 139
CISSPs : 3
BS7799 / ISO27001 LAs : 1
CISAs : 4
Any other information security qualification : 14
Total Nos. of Technical Personnel : 18
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
# Category Tools
Acunetix
Nessus Professional Feed
1 Commercial Qualys Guard
Burp Professional Suite & Charles Proxy
Metasploit Pro
NMAP
KALI Linux Distribution and tools in it
Metasploit
OWASP ZAP / Paros / Fiddler / SSL Strip
SQLMap
Bowser Add-ons / extensions
Wireshark
WinHEX
NIKTO / Wikto / W3af
2 Freeware / Open Source
Tools from FoundStone
John The Ripper / Hydra
Social Engineering ToolKit
Aircrack-Ng
Android Emulator
Java De-compiler
APK Inspector
APK Analyzer
Cydia Tool set
Automating scripts
3 Proprietary ValueMentor Windows / Unix / Oracle / MS SQL /
MYSQL Scripts
BacK
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Wipro Limited
4. Information Security Audits carried out in last 12 Months : Govt. : Atleast 5 PSU : Atleast 5
Private : Atleast 10 Total Nos. of Information Security Audits done : Atleast 30
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
6. Technical manpower deployed for information security audits : CISSPs : Atleast 10 BS7799 /
ISO27001 LAs : Atleast 15 CISAs : Atleast 20 DISAs / ISAs : 0 Any other information
security qualification: CEH: Atleast 15 Total Nos. of Technical Personnel : Atleast 20
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value
Commercial Tools:
a. Nessus—Vulnerability Scanner
b. Acunetix -- Web Application Auditing
Freeware Netcat Nexpose SuperScan John the Metasploit
Tools: Nmap Ripper
Backtrack Burp Suite w3af Brutus Aircrack-ng Netstumbler
Live CD
Kismet Foundstone SSlscan Sqlmap Hydra Social
Tools Engineering
toolkit
Wireshark Cain and Fiddler Sysinternals Firefox chrome
Able addons addons
Proprietary Tools/Scripts
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required) Refer Annexure – A
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value. : 16 major projects handled which include government
network infrastructure audits and various websites".
Back
Annexure – A
7. List of technical manpower deployed for information security audits in Government and
Critical sector organizations
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 2+
PSU : 1+
Private : 7+
Total Nos. of Information Security Audits done : 20+
CISSPs : 2
BS7799 / ISO27001 Las : 1
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : 2
Total Nos. of Technical Personnel : 7+
Vulnerability Management for the Largest KPO firm in the world, scope included VA, PT of
over 500 servers, 5000 desktops and over 200 network devices, 10+ web application.
Location encompassed US, Australia, India and UK
Managing complete IS and compliance service for one of the first and largest NBFC in
india, work included PCI audit, CMMI, ISO 27001, Vulnerability assessment, web app
security, network and wifi security, log management, SIEM and DLP implementation
Nmap , Superscan
Backtrack kali linux Live CD,
Encase, FTK, Pro discover etc.
Custom Scripts and tools.
Metasploit Framework, Netcat , BeEf
Wireshark – Packet Analyser
Cisco Netwitness.
Tenable Nessus
Rapid7 Nexpose community edition
Burpsuite
SQL Map
Tamper Data
Directory Buster
Nikto
Ettercap
Paros Proxy
Webscarab
Brutus
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 29
Total Nos. of Information Security Audits done : 29
CISSPs : 1
BS7799 / ISO27001 LA : 2
CISAs : 3
DISAs / ISAs : 1
CEH : 3
CCNA : 1
Total Nos. of Technical Personnel : 11
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Application Review
Security Policy & Implementation
Risk Management
Capacity Management
Disaster Recovery, Back-up and Contingency Planning
Internal Vulnerability Assessment etc.
*Information as provided by RSM Astute Consulting Pvt Ltd. on 30th November 2016.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 1
PSU : 21
Private : 86
Total Nos. of Information Security Audits done : 108
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 2
BS7799 / ISO27001 LAs : 3
CISAs : 6
DISAs / ISAs : 9
Any other information security qualification : -
Total Nos. of Technical Personnel : 9
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Client : A project for Government of Tamilnadu
Scope: Information System Security Audit, Developing Security Policy & Procedures,
Application Software Audit
Coverage: all municipalities across Tamilnadu
Project Value: Rs. 27 lakhs
Proprietary
NsVulnAssessor
Ora DBSecAssessor
MSSQL DBSecAssessor
Router Config security assessor scripts
Commercial
Tenable Nessus Professional Edition
*Information as provided by Qadit Systems & Solutions Pvt Ltd on 29th Nov 2016
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
6. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
Duration Experience in
S. Name of Qualifications related to
with Information
No. Employee Information security
<Varutra> Security
Masters in Computer
Mr. Kishor 2 years 8 Science, Certified Ethical
1 10+ years
Sonawane months Hacker, ISO 27001 – Lead
Auditor
Bachelor in Computer
Science, CEH, CHFI,CCSA,
2 Mr. Omkar Joshi 2 months 2 years
CISP and ISO 27001 Lead
Auditor
Mr. Jeevan 1 year 10 BE (Computer Science),
3 2 years
Dahake month CSLLP- Appeared
BE (Computer
1 year 10
4 Mr. Snehal Raut 1 year 10 months Science),Certified Ethical
month
Hacker
BE (Computer
1 year 6
5 Mr. Sachin Wagh 2 years Science),Certified Ethical
months
Hacker
BE (Computer
Mr. Chetan
6 2 years 2 years Science),Certified Ethical
Gulhane
Hacker
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Network and Applications (Mobile + Web) Security Assessment consisting of more than 1,200
IP addresses for network level vulnerability assessment and penetration testing, 20 web and
mobile applications for MCIT (Ministry of Communications and Information Technology,
Kingdom of Saudi Arabia).
Complexity: High. This was the complex project as the assessment included security testing
and hacking of various types and platforms of servers such as Windows, Linux, Unix, MSSQL
Databases, MySQL Databases, Oracle Databases, DB2 Databases, VOIP, Network Sniffing,
Wireless Network Pentest, VLAN Hopping and Hacking , Application Security Testing for Web
Applications and Mobile Application of Android, iOS and Windows platforms, Web Services ,
Social Engineering etc.
At present conducting source code review, threat modeling, SDLC review for 10 web and
mobile applications for the same client.
Freeware Tools
Vulnerability Assessment & Penetration Testing – Nessus, Nmap, OpenVAS, MBSA,
Nipper, KaliLinux, BackTrack, AirCrack, Helix (Forensics) etc.
Application Security Assessment – W3af, Nikto, BurpSuite, FireBug, SQLMap, N-
Stalker, WebScarab, Powerfuzzer, etc.
Proprietary Tools
MVD - Mobile Vulnerability Database, provides mobile operating system level
vulnerabilities for Android, iOS, Blackberry and Windows platforms.
MASTS - Mobile Application Security Testing Suite: Security Testing Suite for android
mobile applications.
11. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (If yes,
kindly provide oversight arrangement (MoU, contract etc.))
Yes, NDA (Non Disclosure Agreement getting signed between the two parties before
outsourcing any project to external experts.
12. Whether organization has any Foreign Tie-Ups? If yes, give details : No
rd
*Information as provided by Varutra Consulting Private Limited on on 3 Nov 2015
BacK
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
6. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
Duration Experience in
S. Name of Qualifications related to
with Information
No. Employee Information security
<Varutra> Security
Masters in Computer
Mr. Kishor 2 years 8 Science, Certified Ethical
1 10+ years
Sonawane months Hacker, ISO 27001 – Lead
Auditor
Bachelor in Computer
Science, CEH, CHFI,CCSA,
2 Mr. Omkar Joshi 2 months 2 years
CISP and ISO 27001 Lead
Auditor
Mr. Jeevan 1 year 10 BE (Computer Science),
3 2 years
Dahake month CSLLP- Appeared
BE (Computer
1 year 10
4 Mr. Snehal Raut 1 year 10 months Science),Certified Ethical
month
Hacker
BE (Computer
1 year 6
5 Mr. Sachin Wagh 2 years Science),Certified Ethical
months
Hacker
BE (Computer
Mr. Chetan
6 2 years 2 years Science),Certified Ethical
Gulhane
Hacker
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Network and Applications (Mobile + Web) Security Assessment consisting of more than 1,200
IP addresses for network level vulnerability assessment and penetration testing, 20 web and
mobile applications for MCIT (Ministry of Communications and Information Technology,
Kingdom of Saudi Arabia).
Complexity: High. This was the complex project as the assessment included security testing
and hacking of various types and platforms of servers such as Windows, Linux, Unix, MSSQL
Databases, MySQL Databases, Oracle Databases, DB2 Databases, VOIP, Network Sniffing,
Wireless Network Pentest, VLAN Hopping and Hacking , Application Security Testing for Web
Applications and Mobile Application of Android, iOS and Windows platforms, Web Services ,
Social Engineering etc.
At present conducting source code review, threat modeling, SDLC review for 10 web and
mobile applications for the same client.
Freeware Tools
Vulnerability Assessment & Penetration Testing – Nessus, Nmap, OpenVAS, MBSA,
Nipper, KaliLinux, BackTrack, AirCrack, Helix (Forensics) etc.
Application Security Assessment – W3af, Nikto, BurpSuite, FireBug, SQLMap, N-
Stalker, WebScarab, Powerfuzzer, etc.
Proprietary Tools
MVD - Mobile Vulnerability Database, provides mobile operating system level
vulnerabilities for Android, iOS, Blackberry and Windows platforms.
MASTS - Mobile Application Security Testing Suite: Security Testing Suite for android
mobile applications.
11. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (If yes,
kindly provide oversight arrangement (MoU, contract etc.))
Yes, NDA (Non Disclosure Agreement getting signed between the two parties before
outsourcing any project to external experts.
12. Whether organization has any Foreign Tie-Ups? If yes, give details : No
rd
*Information as provided by Varutra Consulting Private Limited on on 3 Nov 2015
BacK
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 43
PSU : 0
Private : 151
Total Nos. of Information Security Audits done : 194
CISSPs : 1
BS7799 / ISO27001 LAs : 4
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : 4
Total Nos. of Technical Personnel : 13
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Complexity: Project involved of Network Security Review, Internal and External Vulnerability
Assessment and Penetration Testing, Security Configuration Review, Physical Security
Review, Application Penetration Testing, Risk Assessment, Polices and Procedures Review.
Commercial Tools
Acunetix
Nessus
Nexpose
Burp Suite Pro
Proprietary
Risk sense - Vulnerability management tool for Network infrastructure and web application.
Vapsploit - Data mining tool for Network infrastructure assessment.
Freeware Tools:
Nmap
Netcat
Snmp Walk
Metasploit
Kali Linux
Santoku
Paros
Brutus
Nikto
Firewalk
Dsniff
SQL Map
John the ripper
Paros
Wikto
Ethereal
Netcat
Openvas
W3af
OWASP Mantra
Wireshark
Ettercap
Aircrack – Ng
Cain & Abel
Ironwasp
OWASP Xenotix
Fiddler
Tamperdata
Social Engineering Toolkit
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : <03>
PSU : <07>
Private : <90>
Total Nos. of Information Security Audits done : 100
CISSPs : <00>
BS7799 / ISO27001 LAs : <10>
CISAs : <05>
DISAs / ISAs : <00>
Any other information security qualification:
CEH, CHFI, CFE, M.Tech (Information Security), MCSP, CISM, CRISC,
C|CISO
Total Nos. of Technical Personnel : 24
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Network Security Audit (VAPT) and Audit of Web applications and devices of a major
Insurance company for Rs. 1+ crores.
Consultancy for ISO 27001:2013 for a US based Platform Services company for over
75 Lakhs
Consultancy for ISO 27001:2013 for a private Sector Bank in India for over 50 Lakhs
1. Burp Suite
2. NMAP
3. Hping3
4. John The Ripper
5. NetCat
6. PW DUMP
7. WireShark
8. OWASP ZAP
9. KALI Linux
10. Rapid7
11. Acunetix
12. TCP Dump
13. Nessus
14. Brutus
15. Metasploit
16. Mozilla Tools for web app audits
17. Fiddler
18. Dir buster
19. Nipper
20. Nikto
21. W3AF
22. SQL tools
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 20+
PSU : 2+
Private :
1000+
Total Nos. of Information Security Audits done :
1022+
CISSPs : 2+
BS7799 / ISO27001 LAs : 2+
CISAs : 2+
DISAs / ISAs : -
Any other information security qualification : 20+
Total Nos. of Technical Personnel : 25+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Information Gathering
- Bile-Suite
- Cisco torch
- SpiderFoot
- W3af
- Maltego
- SEAT
- In-House sdFinder
- … and 50 other tools
Port Scanning
- Nmap
- In-House networkMapper
- Amap
- Foundstone
- hPing
- ... and 30 other tools
- In-House webSpider
- In-House webDiscovery
- In-House webTester
- Achilles
- Sandcat
- Pixy
- W3af
- Nikto
- Paros
- … and 100 other tools
- Metasploit
- Nessus
- SAINT
- Inguma
- SARA
- Nipper
- GFI
- Safety-Lab
- Firecat
- Owasp CLASP
- Themis
- In-house VAFramework
- … and 30 other tools
Exploitation
- Saint
- SQL Ninja
- SQL Map
- Inguma
- Metasploit
- … and 100 other tools
Social Engineering
Privilege Escalation
Commercial Tools
- Nessus Commercial
- Burp Suite
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 2
Private : 20+
Total Nos. of Information Security Audits done : 30+
SANS GWAPT : 1
OPSE : 1
CEH : 10
ECSA : 1
ITIL : 1
Any other information security qualification : -
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Greenfield security implementation and Infrastructure security audit for one of the NGO. We
architected & implemented a complete security program encompassing infrastructure,
operations, security response ability and competency development to make the Organization
skilled enough to sustain and address the future security needs. Project value USD 150000.
Information Gathering
1. Dnsenum
2. Fierce domain scan
3. Dig
4. Whois
5. Wget
6. Google Advanced search
Mapping
1. Nmap
2. Scapy
3. Ike-scan
4. Superscan
5. Dirbuster
6. Openssl
7. THC SSLCheck
8. Sslscan
9. Netcat
10. Traceroute
11. Snmpcheck
12. Smtpscan
13. Smbclient
14. Wireshark
15. Web Browser
Vulnerability Assessment
1. Nessus Professional
2. Openvas
3. Skipfish
4. Ratproxy
5. IronWASP
6. Grendel scan
7. Web securify
8. Burp suite professional
9. Paros Proxy
10. SOAPUI
Exploitation
1. Custom python script
2. W3af
3. Metasploit
4. Sqlmap
5. Sqlninja
6. BeEF Framework
7. Hydra
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 13
PSU : 1
Private : 2
Total Nos. of Information Security Audits done : 16
CISSPs : -
BS7799 / ISO27001 LAs : 3
CISAs : 4
CEH : 2
CEH, ECSA : 2
DISAs / ISAs : 1
Any other information security qualification:
CCSE, CCI, ACE, ITIL, RHCE, CCNA, MCP, OCP,
Total Nos. of Technical Personnel : 16
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value.
Commercial
IBM AppScan
Burp Suite Pro
Nessus
Acunetix
Netsparker
Freeware
Kali Linux
Metasploit
Sqlmap
For this purpose, we use Confidentiality and Non-Disclosure Agreements before engaging the
consultants for assignments with defined scope of work and with clear knowledge of the
client. Also the consultants need to adhere to IT Security and other Policies of Suma Soft and
also of the client during the course of the engagement.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
AGC Network
AGC Network,
2nd Floor, Equinox Business Park,
Tower 1, (Peninsula Techno Park)
Off Bandra Kurla Complex, LBS Marg
Kurla (West) Mumbai – 400070.
Govt. : 1
PSU : 1
Private : 6
Total Nos. of Information Security Audits done : 8
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : -
BS7799 / ISO27001 LAs : 10
CISAs : 3
DISAs / ISAs : --
Any other information security qualification -CEH : 10
Total Nos. of Technical Personnel : 25
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
Duration Experience in
S. Name of Qualifications related to
with Information
No. Employee Information security
Organization Security
1 Atul Khatavkar 7 Years 23 Years CISA, CRISC
2 Prashant Ketkar 7 Years 18 Years ECSA, CEH, ISO27001LA
3 Sachin Ratnakar 7 Years 18 Years CISA,ISO27001LA,BS2599LA
4 Kris Coutinho 6 Years 6 Years CISM
5 Shivkumar Singh 10 months 4 Years CCNA, CEH, McAfee SIEM
Satya Narayan
6 Yadav 1.6 months 6 Years CCNA, McAfee SIEM
7 Arnold Antony 11 months 2.11 years OSCP, CEH
8 Aakanksha Deo 1.8 Years 1.8 Years CEH
9 Imdadullah M 1.0 Years 4 years
10 Delmin Davis 1.8 years 3.8 years CCNA, CEH
11 Kamlakar Kadam 1.8 Years 1.8 Years Solarwind CP
12 Sunil Sahu 1.8 Years 1.8 Years
13 Sandip Bobade 11 months 1.11 years
14 Satyajeet Darjee 3 months 3.6 years
15 Sadanand Jadhav 4 months 2 Years
16 Omkar Patil 1 month 2.5 Years CEH, Qualys
17 Aniruddha Gurav 4 months 4 months CEH
18 Ganesh Patil 4 months 4 months CEH
19 Priyanka Malusare 3 months 3 months CEH
20 Harsh Shah 3 months 3 months CEH
21 Faisal Shaikh 3 months 3 months CEH
22 Reena Bhoyar 2 months 2 months
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No NO ( If yes,
kindly indicate mode of arrangement (MoU, contract etc.))
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : <15>
PSU : <2>
Private : <19>
Total Nos. of Information Security Audits done : 36
6. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
8. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
Locations covered: Mumbai (2 locations), Pune (2 locations), Chennai (2 locations) and Gurgaon (1
location)
Scope: ISMS Compliance Audits on daily basis for a year, Handling U.S. Clients audits at locations,
imparting training sessions to employees in reference to Information Security at regular Intervals,
Doing Risk Assessment at annual basis, Transition done from ISO 27001:2005 to ISO 27001:2013,
DR and BCP drills for each account.
Commercial:
Burp Suite Pro
Freeware:
Nmap
Nikto
Metasploit
OpenVas
Wireshark
Crowbar
Nessus
Webscarab
Paros
Wapiti
Nemesis
NetCat
Brutus
GrendeIscan
Havij
Hydra
Httprint
Hydra
W3af
12. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
KPMG
KPMG,
DLF Building No. 10,
8th Floor, Tower B
DLF Cyber City, Phase 2
Gurgaon 122002
Govt. : 20
PSU : 15
Private : 40
Total Nos. of Information Security Audits done : 75
CISSPs : 6
BS7799 / ISO27001 LAs : 40+
CISA / CISMs : 40+
CEH/OSCP : 35
CCSK/OSCP : 5
CCNA / CCNP/CCIE : 10
Total Nos. of Technical Personnel : 300
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Commercial –
Acunetix,
Burp,
Nessus
AppScan
WebInspect
Proprietary
KRaptor,
KPMG Brand Protection Tool,
KPMG SABA,
KCR Tool
Freeware
BackTrack,
Kali Linux,
Fiddler,
Paros,
SQLMap,
nmap,
Wireshark
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No ( If yes,
kindly indicate mode of arrangement (MoU, contract etc.)) NO
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 60
PSU : 7
Private : 83
Total Nos. of Information Security Audits done : 150
CISSPs : 1
BS7799 / ISO27001 LAs : 47
CISAs : 4
DISAs / ISAs : 2
Any other information security qualification:CEH/CFE/CAMS- : 18
Total Nos. of Technical Personnel : 113
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
CEH; ISO
27001:2013 LA
48 MitaNaik 1 14 BCA,
DCPLA (DSCI
Certified
Professional Lead
Auditor) ,ISO
270001 LI-LA
Certified, CEH v8
certified, pursuing
CISSP, CCNA ,CCIP
Certified, ITIL V3
Foundation &
Service Strategy
certified.
49 Sameer Goyal 1 2.5 B. Tech, CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt : 6
PSU : 0
Private : 2110
Total Nos. of Information Security Audits done : Around 2000
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:OSCP, CEH, Internal Certifications
Total Nos. of Technical Personnel : 60
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
One of the Red Teaming, Complex business Onsite and INR 2.5MN
Insurance consulting, mobile applications and remote
companies in and web red teaming locations in
India application assignments Bangalore
assessments
One of the Web Applications, High complex Onsite at client INR 6.5MN
Software Architecture risk business location in
products analysis and applications Bangalore
company based Advanced Pen
in Bangalore testing
One of the Network Testing Internal and Remote location INR 1.5MN
Global IT external in Bangalore
Services and
Support
company
focused on
Financial
Services market
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
CISSPs : 5
BS7799 / ISO27001 LAs : 25 LAs
CISAs : 10
CISMs : 5
DISAs / ISAs : <number of>
Star Certified (Cloud Security) : 10+
OSCP : 2
Any other information security qualification:5 CEH, 10 ISO 22301 LAs, OEM
Certifications (Skybox, Qualys, RSA, Checkpoint, CISCO, Juniper Certified)
Total Nos. of Technical Personnel : 35+ resources
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 5
PSU : 3
Private : 300+
Total Nos. of Information Security Audits done : 45+
CISSPs : 0
BS7799 / ISO27001 LAs : 1
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : OSCP, LCEH, MCP
Total Nos. of Technical Personnel : 40+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
● One of India’s biggest retail payment system
Activities - Secure Code review, Application security assessment, Network
Architecture review, Configuration Review, DDoS Testing.
● Burp Suite
● OWASP Zap
● Skipfish
● CheckMarx
● Arachini
● MS CAT
● Xenotix
● FxCop ● Nmap
● BeeF
● OWASP SWAAT ● Nessus
● Tilde Scanner
● RIPS ● OpenVAS
● Nikto
● LAPSE+ ● Metasploit
● SQL Map
● Visual Studio and
● W3af
other IDE
● Dirb
● Nessus (for Web App
Scanning)
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 10
PSU : 0
Private : 5
Total Nos. of Information Security Audits done : 15
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 2
Total Nos. of Technical Personnel : 3
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
S.N Categor Brief Descrition of Details of Contact Person at Auditee Additional Info.
o y Scope of Work Organization (Name, email, website
(Govt./ URL, Mobile, telepohne, fax, etc)
PSU/Pri
vate)
1 Private External Network Comnet Vision India Private Limited External Network
Penetration Test B-1 Aggarwal Bhawan, 35-36, Nehru Penetration Test on Public
Place, IPs
New Delhi – 110019
2 Private Internal Network Comnet Vision India Private Limited Internal Network
Penetration Test B-1 Aggarwal Bhawan, 35-36, Nehru Penetration Test on Private
Place, IPs
New Delhi – 110019
3 Govern Web Application Varkul Websoft Private Limited Bureau of Energy Efficiency
ment Penetration Test New Delhi, Delhi 110007 A staturory body under
Ministry of Power,
Government of India
www.beeindia.gov.in
4 Govern Web Application University IT Services Cell (UITS) Guru Gobind Singh
ment Penetration Test Room No.D-412 Indraprastha University
GGS Indraprastha University www.ipu.ac.in
Sector 16C, Dwarka, N.Delhi-110078
Phone: 25302746 Email: [email protected]
5 Govern Web Application Varkul Websoft Private Limited Bureau of Energy Efficiency
ment Penetration Test New Delhi, Delhi 110007 A staturory body under
Ministry of Power,
Government of India
www.beesdaportal.com
6 Govern Web Application Varkul Websoft Private Limited Bureau of Energy Efficiency
ment Penetration Test New Delhi, Delhi 110007 A staturory body under
Ministry of Power,
Government of India
www.beestarlabel.com
7 Govern Web Application IT Cell, Ministry of Power, http://staging.indianic.com
ment Penetration Test Room No. 123, 1st Floor, /power/ and
Shram Shakti Bhawan, Rafi Marg, http://staging.indianic.com
New Delhi /ujwalbharat/
8 Govern Web Application Hindustan Insecticides Limited http://www.hil.gov.in/
ment Penetration Test New Delhi, Delhi 110003
9 Govern Web Application State Consumer Disputes Redressal http://chdconsumercourt.g
ment Penetration Test Commission, U.T., Chandigarh. ov.in/
10 Private Web Application MSF Insurance Web Aggregator Direct Insure
Penetration Test Pvt.Ltd, Delhi http://www.directinsure.in
11 Govern Web Application Mahatma Gandhi Mission
ment Penetration Test College of Engineering & Technology,
Noida
12 Govern Web Application Recruitment and Assessment Centre http://rac.gov.in/
ment Penetration Test (RAC) Defence Research and
Development Organisation
Ministry of Defence
Lucknow Road, Timarpur, Delhi (INDIA)
13 Govern Web Application Mukesh Kumar, http://ccestagra.gov.in/
ment Penetration Test Immortal Technologies (P) Ltd.
Nmap Freeware
Nikto Freeware
Sqlmap Freeware
HTTrack Freeware
Nessus Commercial
Metasploit Freeware
Nexpose Freeware
Brutus Freeware
MBSA Freeware
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
VISTA InfoSec
nd
VISTA InfoSec, 001, North Wing, 2 Floor, Neoshine House,
Opp. Monginis Factory, Link Road, Andheri (West), Mumbai,
Maharashtra, India.
Govt. : 25+
PSU : 30+
Private : 100+
Total Nos. of Information Security Audits done : 200+
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
InSolutions Global – Into card printing, Payment processor to Mumbai, Pune, Delhi
Compliance card processing, some of the largest and Bangalore
Management payment application banks and
development – We merchants in India
support end to end
compliance
Rapid7 NeXpose
IBM Rational AppScan.
NESSUS.
GFI Languard.
Acunetix WVS.
QualysGuard.
BurpSuite.
MetaPacktPublishingoit.
Nikto.
Wikto.
BackTrack Security Distro.
Paros Proxy.
Nmap.
Exploits DB from “astalavista”, “packetstormsecurity”, “exploitdb” etc.
Google Hack DataBase.
Inhouse customized Scripts.
Zero Day Scripts / Exploits.
Other Tools (As when required by the type of work).
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 3
PSU : 1
Private : 6
Total Nos. of Information Security Audits done : 10
CISSPs : 1
BS7799 / ISO27001 Las : 1
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:
CISM : 1
CIWSA : 1
MS (Cyber Law & Information Security) : 1
C|EH : 4
Total Nos. of Technical Personnel : 7
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 40
PSU : 02
Private : 12
Total Nos. of Information Security Audits done :
CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : NIL
DISAs / ISAs : NIL
Any other information security qualification : 12
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Nmap
Superscan
Metasploit & Securityforest - Penetration Testing
Process explorer, Sigcheck, Kproccheck - Windows Kernel & malware
detection
Netstumbler & Kismet – WLAN Auditing
Nikto - Web server vulnerability scanner
SQLMap – SQL Injections
Wireshark – Protocol Analyzer
BackTrack tools
Burp Proxy
Nessus
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 990
PSU : 406
Private : 270
Total Nos. of Information Security Audits done : 1666
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 03
BS7799 / ISO27001 LAs : 22
CISAs : 25
DISAs / ISAs : 1
Any other information security qualification: CEH : 19
Total Nos. of Technical Personnel : 44
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
IT Infrastructure Audit – System Upgrade & Integration (SOC) TPA for 2016-
2018. Value of Order Rs. 14.45 Lacs approx.
CBS Data Migration Audits of RBI across the Country from August 2011 to
2013. Vulnerability Assessment & Penetration Testing for RBI Network & Web
application. Value of Order Rs. 68.70 Lacs + Rs. 1.20 Lacs.
eKuber Treasury Migration Audit for RBI during 2014-15. Value of Order Rs.
29.35 Lacs Approx.
Reserve Bank of India, RTGS Application Data Migration Audit during 2015-
2016. Value of order Rs. 13.20 Lacs
II. ONGC, Govt. of India – Paperless Office Implementation – Third Party Auditor (TPA)
for L&T Infotech Ltd., for 2017-2018.
Cyber Security Audit and Comprehensive Audit of CBS Project & other
Applications 2016 – 2017. Value of Order Rs 14.50 Lacs Approx.
VI. Ministry of Finance & Economic Affairs, Government of The Gambia 2015 - 16
ICT Audit covering Data Centre, Disaster Recovery Site, Audit of Epicore
Core Application, IS Audit of Nine Applications, Vulnerability Assessment and
Penetration Testing of the entire network covering all IT Assets. Gap
Assessment against COBIT Version 5.0, Gap Assessment against ISO
27001:2013 Standard, detailed Risk Assessments, Future Capacity Plan, Way
Forward Initiatives for IT etc. Value of the order Rs. 48 Lacs.
Attack & Penetration Testing of Bank of Uganda during 2016 – 17 etc. Value
of the Order Rs. 46 Lacs.
Security Audit of Softwares and Network System for 2015-16. Value of the
Order Rs. 15.60 Lacs.
IS Audit of all areas of Audit like DC, DRS, Treasury, ATM Internet Banking,
Mobile Banking including ITMS Migration Audit, CAAT Tools Evaluation,
Capacity Planning, Risk Assessment, Policies Review, VA & PT of entire Bank
etc. for 2015 -16 & 2016-17. Value of the Order Rs. 24 Lacs.
XII. Wipro - Data Migration Audit of 803 Branches of RRBS of UCO Bank across India.
Value of order Rs. 32.12 Lacs.
CBS Data Migration Audit for 586 branches of two RRBs sponsored by
Allahabad Bank for the year 2011-12 & 2012-13. Value of order Rs. 35.36
Lacs.
Core Banking Solution Migration Audits of 805 RRBs of Canara Bank for
2011-12 on behalf of CCSL. Value of order Rs. 56.66 Lacs.
Digital Age will be using the following Audit Tools depending upon the specific requirements
of this Audit.
I. Commercial Tools
1. Nessus Pro
2. Burp Suite Professional
3. Secure Cisco Auditor tool
4. Hash Suite Standard
1. Kali Linux
2. Nmap
3. Wireshark
4. OWASP ZAP
5. Paros
6. Web Scarab
7. coSARA
8. Network Stumbler
9.Aircrack suite
10. Nikto
11. Cain and Abel
12. MBSA
13. L0phtcrack: Password Cracker ver. 6.0
14. BackTrack
15. OpenVas
16. W3af
17. Directory Buster
18. SQL Map
19. SSL Strip
20. Tamper Data
21. FOCA
Back
Annexure
Details of technical manpower deployed for information security audits in Government and
Critical sector organizations
12. Mr. R. Janardhanan August, 2013 18 Years CISA, PGDB, ISO 27001
Lead Auditor.
13. Mr. K. Rajasekharan August, 2013 16 Years CISA, ISO 27001 Lead
Auditor.
14. Mr. S. V. Iyer February, 2014 16 Years MCA, CISA, CISSP,
CEH, CFE.
15. Mr. Ravichandran R. February, 2014 8 years CISA, ISTQB.
16. Mr. Vikram Kapoor April, 2014 18years CISA.
17. Mr. Prabhakar Raju C. S. April, 2014 15 Years CISA, DISA, ISO 27001
LA.
18. Mr. Manjunath Babu April, 2016 14 Years CISA, ISO 27001 LA.
19. Mr. Vishwas Utekar April, 2014 17 Years CISA, CEH, ISO 27001
L. A.
20. Mrs. Padmashree S. August, 2014 16Years CISA, CCNA.
21. Mr. Prathik Shanbhag January, 2014 5 Years B.E., CISA, CEH, ISO
27001 LA.
22. Mr. Jaiprakash J. L. April, 2014 15Years ISO 27001 LA, CQA,
PMP, 6 Sigma Green
Belt.
23. Mr. Soundarajan S. G. December, 2015 6 Years CISA, CISSP.
34. Mr. Patrick Oswald Pinto December, 2016 14 Years PGDCA, CISA, CIA.
35. Mr. Sridhar Pulivarthy December, 2016 16 Years BE, CISA, ITIL Expert,
ISO 27001 LA.
36. Mr. Dhyan September, 2016 8 Months BE, CEH.
37. Mr. Santhosh Kumar K R May, 2016 1 Year M.Tech, CEH, ISO
27001 LA.
38. Mr. Padmanabha N. November, 2016 12 Years CEH, ISO 27001 LA.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
1. Name&locationof theempanelledInformationSecurityAuditingOrganization :
3. Capabilitytoaudit, categorywise(addmoreifrequired)
4. InformationSecurityAuditscarriedoutinlast12Months :
Govt. : 1
PSU : 2
Private : 16
TotalNos.of InformationSecurityAudits done : 19
(In last12 months)
Network securityaudit : 5
Web-applicationsecurityaudit : 6
Wirelesssecurityaudit : 2
Complianceaudits(ISO27001,PCI,etc.) : 20
CISSPs : 1
BS7799/ISO27001LAs : 6
CISAs : 1
DISAs /ISAs : NA
Anyother informationsecurityqualification : NA
TotalNos.ofTechnicalPersonnel : 7
7. Detailsoftechnicalmanpower deployed for informationsecurityaudits in Government and
Critical sectororganizations(attach Annexureif required)
CommercialandFreeware
Nmap
Dontools
Nikto
Dsniff
SqlTool
Metasploit
Netcat
Ethereal
SSLProxy,STunnel
Webinspect
Wireshark
Acuentix
Appscan
BurpSuite
Nessus
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 380
PSU : 35
Private : 144
Total Nos. of Information Security Audits done : 559
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
The largest project handled in last year, was an end-to-end Information security governance and
business continuity management review for one of our customers in Middle-East. The details of the
project are mentioned below:
Project Scope:
Project Complexity:
This was a project for a financial sector client having large IT Infra-setup in Middle-East. The project
covers multiple applications, infrastructure systems and networks that were in the scope of the
security assessment. The project covered multiple locations within the region. The project required
the assessment team to perform its review against local and international best practices, compliance
requirements and regulatory standards. This was an approximately 20-man month project with the
team carrying out assessments across locations.
Locations:
Middle-East
Project Value:
Rs. ~1.6 Crores
i. Commercial Tools
1. Google Search
2. SamSpade
3. Tcp traceroute
4. Nmap
5. Sparta
6. hping2
7. Protos
8. XProbe
9. P0f
10. Nmap-cronos
11. Httprint
12. Smtpscan
13. SinFP
14. Metasploit Framework
15. Nikto
16. Cain & Cable
17. SQL Map
…. And many other open source tools
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : Approximately 15
BS7799 / ISO27001 LAs : Approximately 25
CISAs : Approximately 70
DISAs / ISAs : Approximately 10
Any other information security qualification : Approximately 70
Total Nos. of Technical Personnel:We have approximately 140 technical personnel. The
names listed in Annexure A is illustrative list of professionals involved in critical
infrastructure support for Public Sector.
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value.
Commercial Tools:
1. Nessus
2. Acunetix
3. Nipper
4. Burp-Suite
5. Netsparker
Freeware Tools:
a. Xprobe
b. Dnssecwalker
c. Tcpdump/tcpshow
d. Dsniff
e. Ettercap
f. Ethereal
g. Fping/ Hping
h. Queso
i. Nmap
j. SuperScan
k. Netwag
l. Firewalk
m. Q-Tip
n. SQLMap
o. Jack the Ripper
p. Crack 5.0a
q. NGS SQLCrack
r. HydraCain and Abel
s. Metasploit
The above list of tools is indicative.
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (If yes,
kindly indicate mode of arrangement (MoU, contract etc.))
Not Applicable
*Information as provided by Deloitte Touche Tohmatsu India Limited Liability Partnership on 27-
march-2017
Back
Annexure A:
Details of technical manpower deployed for information security audits in Government and Critical
sector organizations:
Duration Experience in
S. Qualifications related to
Name of Employee with Deloitte Information
No. (Years) Security (Years) Information security
CEH, ISO 27001 LA_LI, ITIL
1 Achal Gangwani 5.9 13.86 Foundation, CCNA
CISM, CISSP, ISSAP, ISO 22301
2 Anand Venkatraman 5.8 16.78
LI, COBIT5
OSCP, Certified Ethical Hacker
3 Abhijeet Jayaraj 2.6 3.63
(CEH v8)
4 Ashish Arora 0.7 10.72 CISSP, ITILV3, CNAP, RHCE, CWSE
5 Ashutosh Jain 1.2 5.22 CISA, CEH
6 Chinkle Umrania 2.3 6.00 CCNA, ISMS Internal Auditor, CISA
Certified Ethical Hacker (CEH V7),
ISO/IEC 27001:2005 Lead Auditor
7 Anand Kishore Pandey 3.2 6.10 from ISC, ISO/IEC 27001:2005
Lead Implementer from BSI, BS
25999:2007 Lead Auditor from ISC
8 Divin Proothi 2.0 10.96 CISA, SAP GRC 5.2
9 Gautam Kapoor 6.7 16.70 CISA, CISSP, ISO 27001 LA_LI
ITIL v3, ISO 27001, CEH V7,
10 Kapil Dev Sharma 1.3 10.83 PRINCE2 (Foundation), PRINCE2
(Practitioner)
11 Kartikeya Raman 4.0 7.48 ITIL v3, CISA
12 Maninder Pal Singh 1.1 12.78 Lead Auditor, CISSP, CISA, CEH
CCSK, CISM, CPISI, COBIT 5
FOUNDATION, ISMS, BCMS , QMS
13 Navaneethan M 1.2 6.22 ,DSCI, CEH, ITIL Version 3, RHCE,
CCSA, CCSE, CCNA, SCSA PART-1
& SCSA PART-II, SCNA
Certified Information Systems
Auditor (CISA).
ISO 27001:2005 ISMS Lead
Implementer
EC - Council Certified Ethical
14 Pawan Kumar 4.9 10.68 Hacker (CEH v6)
ITIL v3 Foundation certified.
Cisco Certified Network Associate
(640-802)
Deploying ASA Firewall -CCNP
Security (642-617
CEH, ISO 27001 LI, BCM - 400,
15 Preetam Hazarika 2.0 11.23 ArcSight ESM
CISA, ECSA LPT, CISSP, ITIL v3,
16 Reena Ulhas Pradhan 2.1 7.02 CEH, Cyber Crime investigator
certificate
CISA, ITIL V3 Foundation, ISO
17 Rohit Rane 1.8 12.10 27001 LI, ISO 27001 LA, ISO 2000
LA, BS25999 LA, A+, N+, CCNA,
ISO 27001 LI, ISO 25999 LI, BCM
Implementation, ISO 31000
18 Santosh Kumar Jinugu 4.0 12.46
Internal Auditor, CEH, SAP
Security
CEH, Qualys Guard Vulnerability
Management Certified, Nexpose
19 Shashank Gupta 0.8 4.26
Certified Administrator, Java
Professional
ISO 9001:2000 ; BS7799 LI ; ISO
27001 LA ; CISA ; CISM ; CISSP,
PMP, CEH, BS7799 LA, Info.
Security/ BS7799 LA, Info.
20 Vikas Garg 6.7 13.34
Security/ BS7799 LI, BS7799 to
ISO27001 Transition Certified,
BCP/ DR Certified, BS 15000 RCB
Auditor Examination (itSMF
Certified), ITSM/ BS15000
Certified LA, ITSM/ BS15000
Certified LI, QMS/ ISO 9001:2000
Certified Lead Auditor, DSCI - lead
assessor for privacy
21 Vivek Patil 0.8 5.81 CEH v8, PCISI, CISO, ITIL
22 Arshdeep Singh 5.5 5.5 ISO 27001 LI, CCNA
Program in Information security
23 Mahesh Kumar Heda 5.6 8.6
management
CISM, CRISC, COBIT, ITIL
24 Praveen Sasidharan 6.3 15.3 Foundation, BCCS, ISO 27001 LI,
BS25999 LI & CSPFA, CBCP
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : N/A
PSU : N/A
Private : 15+
Total Nos. of Information Security Audits done : 15+
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
CSSP : 1+
CSSA : 1+
Any other information security qualification : 2+
Total Nos. of Technical Personnel : 5+
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Project for one of the largest tyre manufacturer in the country. Scope included external network
and web VAPT, Internal Network VAPT of 50 + servers with 300 + systems. Value of the project
was approx 5 Lacs.
Network VAPT:
1.) Nessus
2.) Nipper freeware
3.) Manual review
Red-Team:
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 3
PSU : 8
Private : 175
Total Nos. of Information Security Audits done : 186
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 6
BS7799 / ISO27001 LAs : 9
CISAs : 4
DISAs / ISAs :
Any other information security qualification:CEH,GCIA, GCIH,CISM,CHFI
Total Nos. of Technical Personnel : 150+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Network security Audit for of one of the largest Airline logistics company covering data center
locations in US and UK. The total deal value is INR 1,65,00,000 for Network and Security audit.
Nessus
Qualys Guard
Burp Suite
NMAP
Kali Linux – Armitage
Metasploit Framework
SQL MAP
FireEye Ax
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 13
Total Nos. of Information Security Audits done : 13
CISSPs : 0
BS7799 / ISO27001 LAs : 2
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 6
Total Nos. of Technical Personnel : 12
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Commercial:
Burp Suite
Acunetix
Freeware:
Wireshak
RIPS
NexPose
Nmap
Metasploit scanner
Sparta
OWASP ZAP
Cookie Manager
W3AF
Netstumbler
Kismet
Hydra
Cain & Abel
Tamper Data
Net Sparker
Nikto
DirSearch
Hamster
Sqlmap
SET
Ettercap
.Net Reflector
NetStumbler
Brutus
BackTrack OS
Kali Linux OS
Proprietary:
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 34
Total Nos. of Information Security Audits done : 34
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 6
CISAs : 3
CWWH : 1
CEH : 7
CISM : 1
CoBIT : 1
DISAs / ISAs : 0
Any other information security qualification : 0
Total Nos. of Technical Personnel : 11
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
This solution has various modules integrated which requires security implementation
end to end
1. Web Application
2. Web services
3. Android App
4. iOS App
5. Hardware Device
6. Bosch Cloud
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 10
PSU : 2
Private : 30+
Total Nos. of Information Security Audits done : ~45
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs :
BS7799 / ISO27001 LAs : 1
CISAs :
DISAs / ISAs :
Any other information security qualification: CEH, OSCP, CCNA
Total Nos. of Technical Personnel : 40+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience in
Duration with Qualifications related to
S. No. Name of Employee Information
<organization> Information security
Security
1. SUNIL KAPRI 6 YEARS 10 YEARS EMBA, BE (IT)
2. PRAVEEN SINGH 6 YEARS 10 YEARS B.TECH (IT)
3. ABHIJEET DOKE 5 YEARS 5 YEARS B.E (IT) CISC
4. ABHISHEK TIWARI 5 YEARS 5 YEARS MSC (IT), CISC
5. MOHSIN DESHMUKH 7 MONTH 7 MONTH B.E (COMPUTER ENGG.)
6. ANUP NAIR 7 MONTH 3 YEARS B.E (IT) , CEH
7. SWAPNALI DIGHE 3 YEARS 3 YEARS B.SC , CEH
1 & HALF
8. KALYANI MALI 1 & HALF YEAR YEAR B.E (IT) , CEH
1 & HALF
9. PRAJAKTA VAITY 1 & HALF YEAR YEAR B.E (IT) , CEH
AMEYA 1 & HALF
10. HATKHAMBKAR 1 & HALF YEAR YEAR B.E (IT) , CEH
1 & HALF
11. SANDEEP DEOGIRE 1 & HALF YEAR YEAR MSC.COMPUTER
12. SHASHANK PUTHRAN 1 .5 YEAR 1 .5 YEAR B.SC (IT), OSCP
13. SAMEED KHAN 1 .5 YEAR 1 .5 YEAR B.E (IT) , CEH
14. AWDHESH YADAV 7 MONTH 7 MONTH B.SC (IT) , CCNA
15. VARUN KARAYAT 7 MONTH 7 MONTH B.SC (CS)
16. VIGNESH 1 .5 YEAR 1 .5 YEAR B.E (IT)
17. KARTIK 8 MONTHS 8 MONTHS B.E (ELE), CEH
18. SOORAJ KUMAR 2 YEARS 2 YEARS MSC.IT, CEH
1 & HALF
19. RUKSAR PATHAN 1 & HALF YEAR YEAR B.E (EXTC)
20. SUPRIYA PATIL 2 YEARS 2 YEARS MSC (IT), CEH
SHRINATH
21. NARAYANKAR 7 MONTHS 7 MONTHS B.E (IT)
22. ATHUL 4 YEARS 4 YEARS B.SC (IT)
23. SWAPNIL RANE 2 YEARS 2 YEARS B.SC
1 & HALF
24. VIDIT DAS 1 & HALF YEAR YEAR B.SC
25. AJIT SHARMA 5 YEARS 5 YEARS B.SC IT
26. SAURAV BHATT 3 YEARS 3 YEARS BCA
27. DOSHAN JINDE 3 YEARS 3 YEARS B.SC (IT), CEH
MSC NETWORK SYSTEM
28. AJITA GAWAI 5 YEARS 5 YEARS ENGINEERING
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value.
Commercial:
Nessus Professional
Nipper
Acunetix
Burp Suite
CheckMarx
Freeware:
Nmap
DOMTOOLS - DNS-interrogation tools
Nikto - This tool scans for web-application vulnerabilities
Firewalk - Traceroute-like ACL & network inspection/mapping
Hping – TCP ping utilitiy
Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files, etc.).
facilitate the interception of network traffic normally unavailable to an attacker
HTTrack - Website Copier
Tools from FoundStone - Variety of free security-tools
SQL Tools - MS SQL related tools
John - John The Ripper, Password-cracking utility
Paros - Web proxy for web application testing
Wikto - Web server vulnerability assessment tool
Back Track
MetaSploit
Ethereal - GUI for packet sniffing. Can analyse tcpdump-compatible logs
NetCat - Swiss Army-knife, very useful
Hping2 - TCP/IP packet analyzer/assembler, packet forgery, useful for ACL inspection
Brutus – password cracking for web applications, telnet, etc.
WebSleuth - web-app auditing tool
HTTPrint – detect web server and version
OpenVas
W3af
Owasp Mantra
Wire Shark
Ettercap
Social Engineering Tool Kit
Exploit database
Aircrack-Ng
SOAPUI
Hydra
Directory Buster
SQL Map
SSL Strip
Hamster
Grimwepa
CAIN & Able
Rips
xIron Wasp
Fiddler
Tamper Data
FOCA
Proprietary: -
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 6
PSU : 2
Private : 12
Total Nos. of Information Security Audits done : 20
5. Number of audits in last 12 months ,category-wise (Organization can add categories based on
project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 4
BS25999 : 1
LA-QMS-ISO 9001:2015 : 1
LA-BCMS-ISO 22301:2012 : 1
LA-ITSM-ISO/IEC 20000-1:2011 : 1
CISAs : 9
DISAs / ISAs : 2
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required) : As per Annexure-1
8. Specify Largest Project handled in terms of scope (in terms of volume,complexity, locations
etc.) along with project value.
IT Security Audit for one of the leading Banks in India
1. Scope inclusive of
1. Nessus(Commercial)
2. Burpsuite(Commercial)
3. Nmap
4. Nikto
5. Sqlmap
6. John the Ripper
7. Wireshark
8. Hping3
9. SNMP Walk
10. Metasploit
11. W3af
12. Netcat
13. Pdump
14. THC Hydra
15. Acunetix Free Web Application Scanner
16. Dirbuster
17. ZAP
18. PW Dump
19. OWASP Xenotix
20. SEToolikit
21. Aircrack-ng
10. Outsourcing of Project to External Information Security Auditors / Experts(If yes, kindly
indicate mode of arrangement (MoU, contract etc.) : No
Back
Annexure-1
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 17 plus
PSU : 40 plus
Private : 600 plus
Total Nos. of Information Security Audits done : 5000 plus
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs :
BS7799 / ISO27001 LAs :
CISAs :
DISAs / ISAs :
CEH : 10
Total Nos. of Technical Personnel : 12
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 1
PSU : Nil
Private : 20
Total Nos. of Information Security Audits done : 21
(In addition to the above engagements, we have carried out 9 ITGC reviews as a part of
internal audit and 50+ ITGC reviews as a part of Statutory Audit engagements)
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
(*Some of the audits covers more than one scope as stated above)
6. Technical manpower deployed for information security audits :
CISSPs : Nil
BS7799 / ISO27001 LAs : 4
CISAs : 3
DISAs / ISAs : 2
CEH : 4
M.Tech/MS Cyber Security : 8
Total Nos. of Technical Personnel : 14
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
The organization provides guaranteed clearing and settlement functions for transactions in
Money, G-Secs, Foreign Exchange and Derivative markets. We conducted a systems audit
comprising of 21 business critical applications. All the business operations are mission
critical. 4 of these applications and infrastructure is covered as a part of Payment Settlement
Systems Act 2007 of RBI. There were more than 100 infrastructure components like mix of
operating systems, databases, firewall, switches, routers etc.
Areas included Process Flow Statement, Risk Assessment of Systems, Achievement of the
Business Objectives of the system, Application level controls, IT Infrastructure assessment,
OS/db and application level controls, System Life cycle Maintenance, Backup, Business
Continuity Planning, Network architecture, Overview of External Personnel Security, Physical
security, General Controls and Assessment of HR requirement
Team Size: 5
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Nessus, NMAP, Accunetix, Burp Suite, Kali Linux, AppDetective, SQL Map, Nikto, ZAP,
Wireshark, NetCat
*Information as provided by Haribhakti & Company LLP , Chartered Accountants on 11 July 2017
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
CISSPs : Nil
BS7799 / ISO27001 LAs : 1
CISAs : 2
DISAs / ISAs : Nil
Any other information security qualification : 4
Total Nos. of Technical Personnel : 5
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
Experience in
Working with Qualification Related to
S.No Name of Employee Information
MAP_IT Since Information Security
Security
1. Roopak Srivastava Aug, 2014 5 Years CISA, PMI – PMP, ITIL v3
2. Viral Tripathi Nov, 2015 10 Years CCIE
3. Priyank Soni Apr, 2014 5 Years CISA, ISMS LA,CEH v9
4. Satyarth Dubey Oct, 2015 3 Years CSQA, COBIT Foundation,
Six Sigma
5. Vasundhara May, 2015 3 Years STQC-CIISA
Raghuvanshi
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value : 50 Govt. of MP Dept. web application audited till date.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 2
PSU : 0
Private : 72
Total Nos. of Information Security Audits done : 74
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 Las : 14
CISAs : 8
DISAs / ISAs : 4
CEH : 5
ISO22301 IA : 5
Total Nos. of Technical Personnel : 30
more than
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
1 Freeware Nmap
Snmp Walk
Metasploit
Cookie Editor
Echo Mirage
Winhex
Kali Linux Framework
Wireshark
APK Analyser
SQLMAP
Dirbuster
OWASPZAP
VAMT
2 Commercial Nessus Professional
Burp Suite Professional
ARSIM
Lansweeper - License Compliance Auditing Software
3 Proprietary Scripts for Oracle, Linux, AIX, Solaris, Windows
10. Outsourcing of Project to External Information Security Auditors / Experts : NO
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 3 Approximately
PSU : 6 Approximately
Private : 15 Approximately
Total Nos. of Information Security Audits done : 25 Approximately
CISSPs : 4 Approximately
BS7799 / ISO27001 LAs : 5 Approximately
CISAs : 4 Approximately
DISAs / ISAs : 4 Approximately
Any other information security qualification : 15 Approximately
Total Nos. of Technical Personnel : 30 Approximately
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
More than 1000+ end-points, 50+ servers, spread over 17 locations of the country
2. SOC 2 Type II and Web Trust Audit for one of the biggest trust service provider
company
More than 5 location across the world in scope of SOC 2 Type II and Web trust Audit.
Commercial Tools:
1. Nessus
2. Acunetix
3. Burp-Suite
4. Netsparker
5. Encase
6. FTK
15. Netcat The swiss army knife of network tools. A simple utility which
reads and writes data across network connections, using
TCP or UDP protocol
16. NMAP The best-known port scanner around
17. p0f Passive OS Fingerprinting: A tool that listens on the network
and tries to identify the OS versions from the information in
the packets.
18. Pwdump Tools that grab the hashes out of the SAM database, to use
with a brute-forcer like L0phtcrack or John
19. SamSpade and Graphical tool that allows to perform different network
Dnsstuff queries: ping, nslookup, whois, IP block whois, dig, traceroute,
finger, SMTP VRFY, web browser keep-alive, DNS zone transfer,
SMTP relay check, etc.
Not Applicable
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : <0>
PSU : <1>
Private : <10>
Total Nos. of Information Security Audits done : 11
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : <1>
BS7799 / ISO27001 LAs : <4>
ISO27001 LIs : <2>
CISAs : <2>
DISAs / ISAs : <0>
Any other information security qualification : <30 >
Total Nos. of Technical Personnel : 135
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
The audit was conducted across complex architecture of multiple Gateway Locations and audit
comprised of:
Policy/Process Assessment
Network Architecture Review
Network Security Assessment
Security Configurations Review
Vulnerability Assessment & Penetration Testing (Applications & Infra)
The audit was conducted across the enterprise aiming at identifying the gaps in security posture and
remediating them through a well-established Security Roadmap:
This assessment was conducted across the enterprise to identify vulnerabilities that were existent in
network, devices and web applications, and the remediation thereof,
Policy/Process Assessment
Network Security Assessment
Vulnerability Assessment & Penetration Testing (Applications & Infra)
Policy/Process Assessment
Network Security Audit
Security Configurations Review
Vulnerability Assessment & Penetration Testing
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Commercial &
Freeware
Commercial:
Nessus
Acunetix
Burp Suite
Freeware:
Kali Linux
Nmap
Wireshark
SQLMap
TCPDump
Metasploit
OpenVAS
Nikto
Dirb
Open source tools
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Registered Address:
Branch Office:
Govt. : 01
PSU : 02
Private : 15
Total Nos. of Information Security Audits done : 18
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 3
CISAs/ CISMs : 1
DISAs / ISAs : 0
Any other information security qualification : CEH – 6,
ECSA, CDFE, Nexpose Certified, Metaploit Certified, Tenable Certified, MCSE,
ITIL V3, Cyberark Vault Admin, PCI DSS 3.2, Sourcefire Certified,
QualysGuard Security Expert.
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
• Metasploit,
• Nexpose,
• Nessus,
• Nipper,
• Netsparker,
• Checkmarx,
• Burp Suite,
• Nmap,
• Wireshark,
• Immunity Canvas,
• Immunity Silica,
• Hak5 (Pineapple Wifi),
• Social Engineering Toolkit
• Kali Linux
• Aircrack-ng.
• Cisco Global Exploiter,
• Ettercap.
• John the Ripper.
• Kismet.
• Maltego.
• Cuckoo
• Volatility
• sslstrip
• hping3
• dnswalk
Proprietary – DDOS Assessment
*Information as provided by < eSec Forte Technologies Pvt. Ltd.> on <Dec 02 2017>
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 01
PSU : 01
Private : 13
Total Nos. of Information Security Audits done : 15
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 00
BS7799 / ISO27001 LAs : 02
CISAs : 00
DISAs / ISAs : 00
Any other information security qualification -CEH : 05
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Commercial
Nessus
WebInspect
Acunetix
Burp
Freeware
Paros
W3af
nmap
SQLMap
Kismet
Kali Linux
Fiddler
Wireshark
BeEF
Nikto
Metasploit framework
John the ripper
*Information as provided by Finest Minds Infotech Pvt Ltd on 03rd December 2017
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Imperium Solutions
1. Name & location of the empanelled Information Security Auditing Organization :
Imperium Solutions,
#B4 Laxmi Niwas,
Opp Gokhale Hall (Bedekar School),
BPD Road, Naupada, Thane (W) 400602,
Maharashtra, India
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes / No (If yes,
kindly provide oversight arrangement (MoU, contract etc.))
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : Nil
PSU : 1
Private : 25+
Total Nos. of Information Security Audits done : 25+
CISSPs : Nil
BS7799 / ISO27001 LAs : 3
CISAs : 5
DISAs / ISAs : 2
Any other information security qualification: : 1
Total Nos. of Technical Personnel :
(* Some of the personnel have multiple certifications)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Scope of Work:
Sr. Activities
Reviewing and carry out necessary changes of Standard Operating Procedure (SOP) for
1. all the departments of the organization as per latest ISO 9001:2008, 14001:2004 &
27001:2013 standards for its improvement.
Review and carry out necessary changes of Information Security Policies / procedures /
2.
Plans / Risk Management report / Guidelines etc. and its implementation.
Carry out audit of internal process for each department and effectiveness of controls
3. implemented based on ISO 9001:2008, 14001:2004 27001:2013 and as per TOR of SEBI
circular CIR/CDMRD/DEICE/01/2015 dated November 16, 2015, excluding VA & PT.
Vulnerability Assessment and Penetration Testing (VA & PT) of all servers and network
4.
components.
Reviewing and updating BCP, DRP for new changes, if any and Review for area of
5.
improvement as per ISO 22301 standard.
Preparing Cyber Security & Resilience Policy considering the SEBI circular and industry
6.
best practices
7. Consultancy for Implementation of Cyber Security & Resilience Policy
Review the controls implementation against Guidelines for Protection of National Critical
8. Information Infrastructure issued by National Critical Information Infrastructure
Protection Centre, National Technical Research Organization
Freeware Tools
o Nmap, Superscan and Fport - Port Scanners
o Metasploit framework, Netcat, BeEF , Cain & able, Hydra, John the ripper - Penetration
Testing & Password cracking
o Process explorer, Sigcheck - Windows Kernel & malware detection
o Netstumbler , Aircrack-ng suite & Kismet – WLAN Auditing
o OpenVas, W3af, Nikto - Vulnerability scanner
o Wireshark – Packet Analyser
o SQL Map
o Kali Linux and all tools inbuilt into it.
Commercial Tools
o Nessus – Vulnerability Scanner
o Burp Suite, Acunetix - Web application auditing
o Passware: Password Cracking
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 10+
PSU : 0
Private : 62+
Total Nos. of Information Security Audits done : 72+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 2
BS7799 / ISO27001 LAs : 7
CISAs : 2
DISAs / ISAs : 0
OSCP : 1
CEH : 24
CHFI : 2
CCNP and CCNA : 11
PCI DSS v3.2 Implementation : 1
CRISC : 1
OEM vendor certified professionals : 13+
Total Nos. of Technical Personnel : 170+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience
S. Name of Duration in Qualifications related to Information
No. Employee with LTI Information security
Security
3 years CISA, ISO 27001 LA, CEH, Certified
Pavankumar
1 12 years Qualys Guard Specialist, IBM QRadar
Shukla
SIEM Certified
3 years COBIT5, ISO 27001 LA, CEH v8, ECIH,
Nath Dibya ITIL, Prince2, Privacy and Data
2 8 years
Ranjan Protection (PDPF), PCI DSS v3.2
Implementation, Certified Sarbanes
Oxley Expert (CSOE), IBM QRadar,
Qualys Guard Certified Specialist
Pradeep 3 years
3 11+ years OSCP, ISO 27001 LA, CEH, CCNA
Mahangare
Hartley John 1 year
4 25 years MCSE, CCNP, CISSP
Dow
Rajesh 11 months
5 8 years ISO 27001 LA, CEH, CHFI, MCP
Sharma
Vijaykumar 2+ years CEH, ISO 27001, CISRA, ITIL V3 F, UK
6 13 years Government GCHQ-Certified CIPR
Reddy
Sudarsanan 1+ years
CEH , ISO Lead Auditor 27001:2013 ,
7 Sudheesh 6 years
McAfee SIEM Admin
Nambekkat
3+ months CISA, CRISC, PMP,
Prasanna
8 9 years CSX(Fundamentals), ISO 27001 LA,
Lalgudi
DCPP
Mayur 1+ years
9 8 years CEH, MCP
Somwanshi
10 Rahul Mehta 2+ months 14 years CEH
Vinayak 11 Months
11 6+ years CEH, CCNA
Sakhare
Aakanksha 1 Month
12 2+ years CEH, ISO 27001 LA
Deo
13 Nikhil Kasar 2.11 years 3+ years CEH
Chetansingh 2.11 years CEH, QualysGuard– Vulnerability
14 3+ years
Rathod Management
15 Ravi Teja 2.10 years 3+ years CCNA, CEH
16 Navin Mhatre 9 months 6 years CEH, ArcSight AESA, IBM Qradar
Chattopadhyay 1+ years
17 2 years CEH
Tishya
Fernandez 1+ years
18 6 years CEH
Dominic
19 Madhavan N 1+ years 6 years CCNA, CEH
1+ years Arcsight ESM Security Analyst, CEH,
20 Vijay Lalwani 3.9 years Certified Network Defender, ITILv3
Foundation, CCNA
Ameer 1+ years
21 5 years CEH
Prakash
22 Ankur Joshi 1+ years 8.3 years CEH
1 year CEH v9, ITIL v3, IBM QRadar Security
Mangesh
23 14 years Analyst, Symantec SEP Administration,
Salunkhe
CCNA
Deshpande 11 months
24 4 years CEH, Splunk Power User, Cyber Law
Amar Shishir
Bhandari 7 months
25 2.2 years CEH
Shahbaz A
Avugadda 1+ years
26 3.5 years CCNA R&S
Venkatesh
Chanda 1 year
27 4.5 years MCSA
Chiradip
4 months Palo Alto CNSE, CCSA, CCSE, CCNA
28 Rahul Rane 9.10 years Sec
1 month ArcSight Certified Security Analyst
(ACSA), Check Point Certified Security
Jitendra
29 13+ years Expert (CCSE), Qualys Vulnerability
Chaudhari
Management, Cisco Certified Security
Professional (CCSP)
Mahaldar 1+ years
30 9+ years CCIE Security, PALO ALTO ACE
Salman Qasim
1+ years CCNA, CCNP, Cisco ASA, Palo Alto
31 Rakesh Shirsat 11 years
ACE, ITIL V3
~0.5 month CISSP,CEH,CHFI,ISO27001,CPISI,ITIL-
32 Karthik P 7 years
F
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Leading Insurance Web and Mobile Business critical Remotely USD 65K
company in Apps Insurance (Mumbai)
Europe applications
used by end
users
One of the leading Banking Test in-line with Onsite from USD 16k
bank in middle application PCI standard client location
east (Middle East)
Commercial: IBM Appscan, IBM Source, Acunetix, Nessus, Burp Suite Pro, Checkmarx,
QualyGuard, HP Fortify
Freeware: WireShark, Nmap, Kali Linux, Metasloit, OpenVas, THC Hydra, John The Ripper,
SamSpade, Netcat, Nikto, Fiddler, Dirbuster, SQLMap, CSRFtester, SSLscan, Fiddler, Eco Mirage
etc.
*Information as provided by Larsen & Toubro Infotech Limited on 4th Dec 2017
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 2
PSU : 0
Private : 104
Total Nos. of Information Security Audits done : 106
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Done the largest Infrastructure Security Audit and Assessment more than 5000
machines plus Enterprise UTM/IDS/IPS/SIEM/ Routers and other related IP based
devices etc. across the Global for an Fortune 500 US based company.
Done The Security Testing for World's 3rd largest image and video content portal for an
UK based Enterprise. Its owned and stock more than 100 millions video and image
contents.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 2
Private : 200+
Total Nos. of Information Security Audits done : 200+
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 7
CISAs : 3
DISAs / ISAs : 0
CEH/OSCP/ECSA/CCNA : 5
Any other information security qualification : 14
Total Nos. of Technical Personnel : 20+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Duration Experience in
SL. Qualifications related to
LIST OF EMPLOYEES with Information
NO. Panacea Security Information security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
License
Tool Purpose
Type
Burp Suite Pro Licensed Application Security Testing
Nessus 5 Pro Licensed Vulnerability Assessment
Qualys Guard Licensed Network and Application VA
AppUse 4.3 Open source Mobile Application Pen Test
Echo Mirage Open source Network Proxy
Kali Linux Rolling Edition Open Source VAPT
Nipper Open Source Network Configuration File
SonarQube Open source Static Code Analysis
Nmap Freeware Port Scanner
SoapUI Freeware Web Services
Helix3 Freeware Computer Forensics
Oxygen Forensic Suit Commercial Mobile forensic
ProDiscover Forensic Commercial Computer Forensics
Rapid 7 Metasploit Community N/W and Application Pen Test
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 56
Total Nos. of Information Security Audits done : 56
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS779 / ISO27001 LAs : 9
BS25999 LI : 1
CISM : 2
CISA : 4
COBIT Foundation : 2
CEH : 8
CCNA : 5
ITIL (Variant) : 5
CCNP : 1
Any other information security qualification : 5
Total Nos. of Technical Personnel : 37
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value:
Listed below are one of the largest projects handled in India and for an international Protiviti
firm:
5 Open Source Kali Linux An advanced Penetration Testing Linux distribution used
for Penetration Testing, Ethical Hacking and network
security assessments.
6 Open Source THC-IPV6 THC-IPV6 is a penetration testing tool which will exploit
the protocol weaknesses of IPV6 and ICMP6 and includes
an easy to use packet factory library.
9 Open Source CryptCat CryptCat is a Unix utility which reads and writes data
across network connections, using TCP or UDP protocol
while encrypting the data being transmitted
11 Open Source Fierce Fierce is a reconnaissance tool (PERL script) that quickly
scans domains using several tactics.
12 Open Source SHODAN Shodan is a search engine that lets the user find specific
types of computers connected to the internet using a
variety of filters. Shodan collects data mostly on web
servers (HTTP/HTTPS - port 80, 8080, 443, 8443), as
well as FTP (port 21), SSH (port 22), Telnet (port 23)
etc.
18 Freeware Cain & Abel Cain & Abel is a password cracking tool. It allows easy
recovery of various kinds of passwords by sniffing the
network, cracking encrypted passwords using Dictionary.
ARP feature enables sniffing on switched LANs and Man-
in-the-Middle attacks
19 Open Source Zed Attack The OWASP Zed Attack Proxy (ZAP) is an opensource
Proxy (ZAP) proxy/vulnerability scanner which will automatically
discover security vulnerabilities in the applications
20 Open Source Nikto Nikto is an Open Source (GPL) web server scanner which
performs comprehensive tests against web servers for
multiple items, including over 3500 potentially
dangerous files/CGIs, versions on over 900 servers, and
version specific problems on over 250 servers
21 Open Source W3af w3af is a web application attack and audit framework
which aims to identify and exploit all web application
vulnerabilities
25 Open Source BeEF Beef is a penetration testing tool that focuses on the
web browser. BeEF will hook one or more web browsers
and use them as beachheads for launching directed
command modules and further attacks against the
system from within the browser context.
26 Open Source Lucy LUCY is a social engineering frame work, which runs
different variations of phishing, malware and portable
media attack simulations to measure organizational
team's awareness of attacks.
27 Open Source Social The Social-Engineer Toolkit is a penetration testing
Engineering framework designed for Social-Engineering which has a
Toolkit number of custom attack vectors that allow you to make
a believable attack in a fraction of the time.
33 Open Source Apk Tool A tool for reverse engineering Android .apk files
34 Freeware OllyDbg Debugger used for reverse engineering
35 Proprietary Clickjacking Clickjacking Tool helps in exploiting Clickjacking
Tool vulnerability in web application.
45 Freeware dex2jar Dex2jar is a command line tool used for converting the
“.dex” file of an android application into “.jar” file, post
extraction, the source code of an android application is
accessible in a readable format.
*Information as provided by Protiviti India member Private Limited on December 4th, 2017
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 9+
Private : 30+
Total Nos. of Information Security Audits done : 45+
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
ESCA : 2
OSCP : 4
CEH : 14
Any other information security qualification : 4
Total Nos. of Technical Personnel : 24
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Security Audit for the Largest Pulp and Paper manufacturing company: The scope of the work
includes to perform yearly security audit for the network, Thick client applications, SAP
applications, HR applications, firewall review. As part of this assessment SecureLayer7
performed extensive penetration testing of the external 140 server IP address, 40+ application,
network architecture review. The project cost is $60,000.00 USD
Security audit for the largest Middle east bank: The scope of the work includes to perform the
mobile application, all banking applications, 1200 IP address vulnerability assessment and
penetration testing, middleware, ATM security assessment. The project cost was $12,1000.00
USD.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Commercial
1. Nessus
2. Qualys
3. Burp Suite
Freeware
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Business Address:-
TÜV SÜD South Asia
Shiv Ashish, 2nd Floor,
Andheri - Kurla Road,
Behind Lathia Rubber Factory,
Saki Naka. Andheri (East),
Mumbai - 400 072, Maharashtra,
India.
Govt. : 0
PSU : 0
Private : 171
Total Nos. of Information Security Audits done : 171
5. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)
OSCP : 11
CEH : 18
ISO 27001 LA : 6
CISSPs : none
BS7799 / ISO27001 LAs : none
CISAs : none
DISAs / ISAs : none
Any other information security qualification
OSCE : 1
OSWE : 1
Total Nos. of Technical Personnel : 23
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Name Description
Proprietary Tools
TÜV SÜD Portal for PCI Compliance For PCI Merchants and Acquirers – In-house developed
Commercial Tools
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 09
PSU : 02
Private : 16
Total Nos. of Information Security Audits done : 27
3. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 02
BS7799 / ISO27001 LAs : 02
CISAs : 01
DISAs / ISAs : 03
Any other information security qualification : 02
Total Nos. of Technical Personnel : 09
5. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
6. Below are details of specified Largest Project handled in terms of scope (in terms of volume,
complexity, locations etc.) along with project value, as follows -
S. Client & Location Details Project Scope & Delivery Details Project
No Value
. (In INR)
Red Teaming, Cyber Security Architecture Review, 65 Lakhs
APJII, Jakarta, Indonesia Cyber Security Operation Center, Security Incident
Management, VAPT, Web App PT, Security Code
1 Review, System Forensics & Malware Assessment,
URL -
https://www.apjii.or.id/ Information Security & Data Protection Awareness
Trainings
Cyber Security Architecture Review, Cyber Security 27 Lakhs
SGS McNet, Maputo,
Operation Center, Security Incident Management,
Mozambique
VAPT, Web App PT, Security Code Review,
2 Information Security & Data Protection Awareness
URL -
Trainings
https://www.mcnet.co.mz/
Home.aspx,
Security Incident Management, VAPT, Web 15 Lakhs
VEGA Industries - AIA Application Testing, Security Code Review, System
Engineering, Ahmedabad, India Forensics & Malware Assessment, Data Protection
3 & Information Security Awareness Drills &
http://www.aiaengineering Trainings
.com/
Red Teaming, Jugaad - Mobile App Security 18.5
Testing, Web Application Security, Cloud security, Lakhs
Cyber Security Architecture Development & SOC
4Ever Payments, Mumbai,
Lab Set-up, ISO 27001, PCI DSS, Security Incident
India.
Management Response Cell, Security Code Review,
4 System Forensics & Malware Assessment, Cyber
URL -
Incident Handling Awareness Trainings
http://www.4everpayment.
com/,
GOI, DRDO – Cyber Unit, Cyber Security Attack Simulation Analytics & 15 Lakhs
Bangalore, India. Incident Operational Response : Software,
5 Analytics & Report Documentation
URL -
https://www.drdo.gov.in/
We utilize mix of all commercial, freeware & proprietary editions of these following tools with its
respective latest versions & updates -
1. Acunetics - v8.0
2. AppScan_8.0.2
3. Burp Suite Professional v1.5.01
4. Cain & Able
5. JohnTheRipper
6. SQLMAP
7. Kali Linux
8. Nikto
9. NMAP + Zen Map
10. ZAP
11. Wireshark
12. Metasploit
13. Netsparker
14. Web Inspect
15. Nessus
16. W3af
17. CSRFT Tester
18. Wapiti
19. Fiddler
20. SQL Ninja
21. Aircrack-ng
22. IronWasp
23. Nagios
24. Ettercap
25. Social Engineer Toolkit
26. Retina
27. Veracode –Vulnerability Analyzer Toolkit
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
TCG Digital Solutions Private Limited. Registered Office and Head Office is in Kolkata.
The address is as follows:
Govt. : <none>
PSU : < Eastern Regional Load Despatch Centre, (ERLDC) – A Govt. of India Enterprise>
Private : <SREI Infrastructure Finance Ltd, MCPI Ltd, India Power Corporation Ltd. >
Total Nos. of Information Security Audits done : 5
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : <1>
BS7799 / ISO27001 LAs : <4 >
CISAs : <1>
DISAs / ISAs : <none>
Any other information security qualification : <6>
Total Nos. of Technical Personnel : 14
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
8 Abir Atarthy 1.5 years 10 yrs. CEH, CHFI, Trained in cyber range
simulation
9 Dinendu Das 2 years 10 yrs.
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Vulnerability Assessment, Web Security Assessment and Penetration Test covering all ICT infra of SREI
Group spread across India. Value of the project was 34.8 Lac + taxes
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Nessus,
Nmap,
Nikto,
Acunetix,
Brupsuit,
Appscan,
Hydra,
Netsparker,
Wireshark,
and some customized scripts.
*Information as provided by < TCG Digital Solutions Private Limited> on <12th January 2018>
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 1
Private : 5
Total Nos. of Information Security Audits done : 6
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 5
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification:
1. CRISK : 1
2. Master’s Degree in Computer Management : 1
Total Nos. of Technical Personnel : 2
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
At Energy InfoTech Centre (a division of Chattisgarh State Power Distribution Company Ltd.), a state
government enterprise
Commercial Tools: Burp Suite, Nessus, Qualis ( On demand), Acunetix ( Cloud version)
Freeware tools: Kali Linux and applications, OWASP-ZAP, Open Vas, SQLMAP, Zenmap, Vega, Nikto,
Wire shark
please find attached the Confidentiality Agreement signed by Satish Meda, Ajay Mathur and
Sudhanwa Joglekar
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : NIL
PSU : NIL
Private : 15
Total Nos. of Information Security Audits done : 15
5. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)
CISSPs : 4
BS7799 / ISO27001 LAs : 4
CISAs : 4
DISAs / ISAs : NIL
Any other information security qualification : CEH, CISM etc. 4
Total Nos. of Technical Personnel : 6
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
Reliance Jio Data Centers covering Mumbai, Jamnagar and Nagpur for SSAE 18 SOC Audit
Currently No but in case we need to we will have proper due diligence, NDA, MOU and project will
be supervised and managed by one of our team members.
11. Whether organization has any Foreign Tie-Ups? If yes, give details Yes/No : Yes
Association with Accedere Inc USA for SSAE 18, SOC Attest Reports
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 48
Total Nos. of Information Security Audits done : 48
5. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 13
CISAs : 9
DISAs / ISAs : 0
Any other information security qualification : 2 CCNA,
1 CHFI,
1 CCSA,
2 ISO 22301,
1 CISM,
2 SAP,
2 OSCP,
1 RHCE,
3 ITI
Total Nos. of Technical Personnel : 52
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required) Please refer to Annexure - 1
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Commercial Tools:
Nessus
Nipper
Burpsuite
Freeware Tools:
Metasploit
Wireshark
NMAP
SQLMap
Nikto
MobiSF
Metasploit
Hydra
Cain and Abel
John The Ripper
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Yes, Grant Thornton India is part of the GT Member Firm network which is spread across the globe
in 130+ countries.
Back
Annexure – I
3. Lalit Vazirani January 2018 ISO 27001 LA, ISO 22301, 15+ years
Symantec DLP certified, Qualys
Guard certified
7. Shweta Pawar November 2015 ISO 27001: 2013 Lead Auditor 9 years
(ISMS)
ITIL V3 Foundation
10. Krishna Jere October 2017 CCNA, CCSA, ISO 27001 LA 13+ Years
11. Dhananjay Deo April 2017 CISA, ISO 27001, COBIT 20+ Years
13. Sandeep Sharma April 2013 Microsoft SAM 673, and 74-678 5+ years
SCJP
ITIL Foundation Certified
16. Umesh Jain February 2016 ISO 27001:2013 Lead Auditor 6+ years
CEH (Certified Ethical Hacker)
17. Bhavna Nakra August 2017 ISO 27001:2013 Lead Auditor 3+ years
19. Aditya Tiwari May 2017 ISO 27001:2013 Lead Auditor 6+ months
S. Name of Employee Duration with Grant Qualifications related to Experience in Information
No. Thornton India Information security Security
LLP
24. Charu Lata April 2017 Sap (SD,FI) Trained 1.5 Years
26. Lalit Sharma July 2012 DCPP (DSCI Certified Privacy 4+ years
Protection Certificate)
ITIL Foundation Certified
Certificate Program in Cyber Law
(SYMBIOSIS)
27. Makarand Ramesh June 2017 Lead Audit ISO 27001:2013 - 8 years
Kadave Information Security
Management System
Diploma in Information Security
& Ethical Hacking
28. Muralikrishna Joshi February 2016 ITIL Foundation Certified 1.8 years
36. Sagar Gajara November 2017 CEH, CCI, Diploma in Cyber 4+ Years
forensics
37. Amit Bedwa December 2017 ISO 27001 LA, ISO 22301 LA, 2 years
ITSM
43. Arvind Kumar April 2018 ISO 27001 LA, ISO 27001 LI, 4+ years
ERM
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : None
PSU : None
Private : 20
Total Nos. of Information Security Audits done : 20
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : None
BS7799 / ISO27001 LAs : 4
CISAs : 2
DISAs / ISAs : 5
Any other information security qualification : CEH- 5
Total Nos. of Technical Personnel : 12
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
IT management project (renewed annually) for a client based in India.Project includes secure IT
operations, Web application testing, network security management, continuous vulnerability and
patch management, data center security and Disaster recovery management. The annual
revenue is over INR 1.1Cr
KALI Linux, Nslookup, Dnsmap, Nmap, Firewalk, Hping, Nessus, Nikto, John the ripper, Sqldict,
Firewall Analysers
Vulnerability Scanning:
Burp suite, Paros, Wireshark, Accunetix, Netsparker, Metasploit framework, SQL Map,
customized python scripts
Social Engineering
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 20
PSU : 1
Private : 2407
Total Nos. of Information Security Audits done : 2428
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 11
BS7799 / ISO27001 LAs : 20
CISAs : 10
DISAs / ISAs : 0
CEH : 85
CISM : 02
Total Nos. of Technical Personnel : 128
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Commercial:
Qualys Guard, IBM App Scan, Burp Suite Pro, Web Inspect, Checkmarx, HP Fortify, ISF
Security Health Check, ISF Benchmarking, Algosec.
Freeware:
NMap, Metasploit, SSL Digger, SSL Scan, SQL Map, MOB-SF, Quark, Drozer, SOAP
UI,Owasp Zap.
Third party ISAE 3402 audit has been outsourced to E&Y since 2015. This was a client
requirement. (Attached here for ready reference). As TechM has implemented, hence the
auditing was provided to third Party (E&Y)
Jakarta
China
Nanjing
Shanghai
Shenzhen
Hong Kong
Japan
Kanagawa
Tech Mahindra Ltd.
Fujitsu Atsugi Technical Center, 3065, 3rd floor
Okada, Kanagawa, Tokyo, Japan
Phone:+ 81 5038040928
Tokyo
Malaysia
Cyberjaya
Philippines
Cebu
Manila
Singapore
South Korea
Seoul
Taiwan
Taipei
Thailand
Bangkok
Vietnam
Hanoi
Americas
Argentina
Buenos Aires
Bolivia
Santa Cruz
Brazil
Alphaville
Rio de Janeiro
Sao Paulo
Canada
New Brunswick
Ontario
Vancouver
Colombia
Bogotá
Costa Rica
San Jose
Ecuador
Guayaquil
Quito
Guatemala
Phone:+502-2334-3421
Fax:+502-2334-2648
Mexico
Mexico City
Panama
Peru
Lima
California
Connecticut
Florida
Tech Mahindra
501 Brickell Key Drive,
Suite 200, Miami,
Florida, 33131
Georgia
Illinois
Kansas
Tech Mahindra
12980 Foster South Creek Building 1,
Suite 190, Overland Park,
Kansas 66213
Kentucky
Michigan
Nebraska
Nevada
New Jersey
New York
Tech Mahindra
Equinix NY9, 111 8th Avenue,
New York 10011
North Dakota
Ohio
Pennsylvania
Texas
Washington
Australia
Brisbane, Queensland
Canberra, ACT
Chatswood, NSW
Melbourne, Victoria
New Zealand
Auckland
Austria
Vienna
Belgium
Brussels
Charleroi
Bulgaria
Sofia
Czech Republic
MladaBoleslav
Ostrava(Virtual Office)
Denmark
Copenhagen
Finland
Helsinki
France
Paris
Phone:+33 01 44 43 47 20
Toulouse
Germany
Berlin
Dresden
Düsseldorf
Hamburg
Muenchen
Wiesbaden
Wolfsburg
Hungary
Budapest
Ireland
Dublin
Northern Ireland
Waterford
Italy
Milano
Latvia
Riga
Luxembourg
Senningberg
Netherlands
The Hague
Norway
Oslo
Romania
Bucharest
Spain
Madrid
Sweden
Gothenburg
Stockholm
Switzerland
Basel
Geneva
Zurich
Bristol
Crewe
Ipswich
London
Manchester
Milton Keynes
Norfolk
Bahrain
Manama
Qatar
Doha
Saudi Arabia
Al-Khobar
Abu Dhabi
Dubai
Africa
Chad
Ndjamena
Tech Mahindra Ltd
Quartier Béguinage, Rue 1029, BP 324,
Ndjamena, Tchad.
Phone:+235 600-100-10
Congo(B)
Pointe-Noire
Kinshasa
Ethiopia
Gabon
Libreville
Ghana
Accra
Kenya
Nairobi
Malawi
Lilongwe
Nigeria
Abeokuta
Tech Mahindra Ltd.
3rd to 6th Floor, Opic Towers, Oke–Ilewo
Abeokuta - Ogun State
Phone:+234 8066792757
Lagos
Rwanda
Kigali
South Africa
Cape Town
Johannesburg
Uganda
Kampala
Zambia
Lusaka
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : NA
PSU : NA
Private : 25+
Total Nos. of Information Security Audits done : 25+
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : NA
BS7799 / ISO27001 LAs : 1
CISAs : 2
DISAs / ISAs : NA
Any other information security qualification : 4 CEH,
2 OSCP,
5 ECIH,
3 ECSA,
1 ECSP .net
Total Nos. of Technical Personnel : 20
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
10. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 1
PSU : 2
Private : 42
Total Nos. of Information Security Audits done : 45
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : -
BS7799 / ISO27001 LAs : 3
CISAs : 4
DISAs / ISAs : 1
Any other information security qualification : 3
Total Nos. of Technical Personnel : 7
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
- NW Security audit / Web App Security audit / ERP - SAP security audit - One of the top Indian
MNC - multiple manufacturing plants in India and abroad - worldwide spread computer network with
data centre and DRS sites in India - Multiple user domains - about 15000 employees.
- SAP - GRC Access Controls Review / Audit - top Indian MNC - Pharmaceutical mfg. industry - N/W
size & complexity - 100+ servers, 600+ nodes
Commercial :
- Nessus
- Burp
- Acunetix
- AppScan
- Core Impact
- Net Sparker
- Web Inspect
- Nipper
- EnCase Forensics from Guidance Software
- IDEA data analytics
- Check Marx
- Immunity Canvas
Proprietary :
- SAP-GRC SoD conflict resolution tool
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : N/A
PSU : N/A
Private : 85 Approximately
Total Nos. Of Information Security Audits done : 150 Approximately
5. Number of audits in last 12 months, category-wise (Organization can add categories based on project
handled by them)
S.NO Security Assessment Category Quantity (Approx.)
1 Web Application Security 60
2 Infrastructure Security 40
3 Mobile App Security 35
4 Cloud Security 20
5 Security Training Assignments 80
6 Secure Development Implementation 15
CISSP : 3 Approximately
BS7799 / ISO27001 Las : 4 Approximately
CISA : 3 Approximately
Any other information security qualification : 20 Approximately
Total Nos. of Technical Personnel : 30 Approximately
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations
Experience in
Duration with Qualifications related to Information
S. No. Name of Employee Information
Briskinfosec security
Security
2 Mr.Lakshmi Narayanan 2.5 Years 25 Years CISSP, CISA. PMP. ISO 27001
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 100
Total Nos. of Information Security Audits done : 100
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 2
BS7799 / ISO27001 LAs : 5
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification :
C.E.H - 4
PCI – 5
PA - 1
ECSA - 1
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
13 Server Locations, 300 + IP addresses that includes DC, Network devices and POS locations.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 1
Private :
(Etyacol, Fincare, Samasta, ITC Infotech, Zeotap, Firstsource, DTDC,
Mphasis, Marlabs, Market Xpander, Axis Cades, Rang De, BeMore)
Total Nos. of Information Security Audits done:
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 1
CISAs :
DISAs / ISAs :
Any other information security qualification :
CEH (2),
CISM (1),
CBCP (1),
PCI DSS QSA (1)
Total Nos. of Technical Personnel : 14
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Tool Detail
Nessus Professional Infrastructure Scanning
Qualys Web Application Scanning
Fortify Web Inspect Web Application Scanning
Burp Suite Penetration Testing
Metasploit Penetration Testing
NMAP Infrastructure Scanning
Wireshark Infrastructure Scanning
Charles Infrastructure Scanning
Nikto Penetration Testing
SQLmap Penetration Testing
Compliance Audits
LogicGate
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : None
PSU : None
Private :
Delhivery Pvt Ltd , Audio Magick, Fairfax , Risq Group
Total Nos. of Information Security Audits done : 5
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : none
BS7799 / ISO27001 LAs : 3
CISAs : none
DISAs / ISAs : none
Any other information security qualification :
EC Council Certified Ethical Hacker( CEH), ISO20000 , ISO 9001 2000 LA
Total Nos. of Technical Personnel : 7
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value – Delhivery Private Ltd (Implemented ISO 27001 : 2013 for their
organization, Carried our surveillance audit) , Annual Review of ISMS & Implementation of
controls for ISO 27017 (Security controls for cloud services) . Project Scope was their corporate
office in Gurgaon. Total Project value Approx – 5.5 L
Freeware -Zed Attack Proxy (ZAP), Vega, SQLMap Burpsuite OWASP SQLi
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Dubai
SAIF ZONE , Q1-06-141/C
PO Box – 124932
Sharjah Airport Free Zone
Singapore
Regus Vision Exchange
2 Venture Drive
Level #24-01 - #24-32
Singapore 608526
+65 87308006
Sri Lanka
32 Uswatte Road,
EtulKotte,Kotte,
Sri Lanka
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
NSEIT Ltd.
Govt. : 3
PSU : 3
Private : 8
Total Nos. of Information Security Audits done : 100 plus
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs :
BS7799 / ISO27001 LAs : 1
CISAs :
CEH : 4
ECSA : 1
Total Nos. of Technical Personnel : 8
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Microsoft Certified
Professional (MCP)
Khushboo Sharma 0.7 yrs 11 yrs
Mittal Amrutbhai 2.3 yrs 3 yrs
Patel
Sagar Karan 2.9 yrs 16 yrs Cambridge Certified
Security Associate
Cambridge Certified
Internet Associate
International Associate
– Association Of
Certified Fraud
Examiners
CEH – Certified Ethical
Hacker
CIW Security Analyst
International Associate
– Association Of
Certified Fraud
Examiners.
Vidula Tendolkar 0.5 yrs 3.2 yrs ECSA
Sayed Abbas Raza 0.4 yrs 1.10 yrs CEH
Sneha Kawadgave 1.1 yrs 1.1 yrs CEH
Bhavesh Patil 0.3 yrs 3 yrs CEH, ISO 27001 LA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value. Cyber Security Architecture and Configuration review for a
payment gateway in India. 55 lacs
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 1
PSU : 0
Private : 20+
Total Nos. of Information Security Audits done : 21+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 2
CISAs : 2
DISAs / ISAs : 1
Any other information security qualification:
OSCP : 2
OSWP : 1
CISM : 1
ITIL : 2
CEH : 2
Total Nos. of Technical Personnel : 20
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
1. Conducted Network Security & Web Security Audit for complete internet facing
infrastructure of an Oil and Energy Company in Africa.
2. Conducted Malware Incident Response along with Network Security Audit and Network
Sanitization for MFI, Kenya
Freeware
1. Nmap - Port Scanner
2. Maltego - Recon
3. OWASP ZAP - Proxy
4. Nikto – Vulnerability Scanner
5. Xsser – Vulnerability Scanner
6. Dirb/Dirbuster – File/Directory Enumeration tool
7. Empire – Post Exploitation Framework
8. Koadic – Command & Control (C2)
9. DNSscan – DNS Recon
10. Metasploit Framework – Exploitation
11. OpenVAS – Vulnerability Scanner
12. BurpSuite Community Edition – Vulnerability Scanner
13. Dirsearch
14. Veil-Evasion
15. Shellter
16. Immunity Debugger
17. WinDBG
18. MobSF Mobile Security Framework
19. Hping – TCP ping utility
20. Wireshark – Network Packet Capture
21. SQLMAP – SQL Injection Exploitation tool
22. John (Johnny) – Password cracking tool
23. Hashcat – Password cracking tool
24. NetCat – Network Swiss Army Knife
25. WafW00f – WAF Evasion tool
26. SET – Social Engineering Toolkit
27. CredSniper – Phishing Exploitation tool
28. Aircrack-ng – Wireless Exploitation Toolkit
29. Fiddler – Man-In-The-Middle Proxy
30. Sys-Internal Toolkit – Windows System Analysis & Malware Detection
Commercial
31. Metasploit Pro
32. Nessus Professional
33. BurpSuite
34. Shellter Pro
35. IDA Pro
36. Nipper
37. Accessdata FTK
38. VoundIntella
39. NetSparker
Propriety
Custom Python Exploitation Scripts
Siege Exploit Builder
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
*Information as provided by Pyramid Cyber Security & Forensic Pvt Ltd on 08-02-2019
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 180+
Total Nos. of Information Security Audits done : 180+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 12
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification:
(CEH , DSCI LA , CPISI etc.) : 17
Total Nos. of Technical Personnel : 17
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
1. Commercial
2. Freeware
1. Nmap
2. Nikto
3. Netcat
4. Wireshark
5. Kali
6. Metasploit
7. Mozilla Firefox security Addons
8. Firewalk
9. HPing
10. HTTrack
11. OWASP ZAP
12. OWASP Mantra
13. Xenotix
14. John The Ripper
15. Paros
16. Wikto
17. Ethereal
18. Brutus
19. Rips
20. IronWasp
21. Fiddler
22. Tamper Data
23. OpenVas
24. W3af
25. Exploit Database
26. SQL Map
27. Hydra
28. Android Debug Bridge
29. AndroBugs Framework
30. Apktool
31. ByteCode Viewer
32. Drozer
33. Dex2Jar
34. Jd-Gui
35. SQLite Database Monitor
36. Pidcat
3. Proprietary
1. Own developed Scripts for XSS, OS, AWS, and Database Security Audits
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Accreditation bodies like PECB, PeopleCERT, Gaming Works and
partnership with multiple organization in Middle East
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Zulon Consulting
Zulon Consulting,
2/203,Vahatuk Nagar, Amboli,
Andheri(W) Mumbai- 400058.
Govt. : 2+
PSU : 2+
Private : 30+
Total Nos. of Information Security Audits done : 40+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
Name: DK Gosavi
Email ID:
Website: www.kalyanjanata.in/
Email ID:
[email protected]
Website: www.insolutionsglobal.com
Website:
www.tata.com/company/profile/Trent
Name: Sreeram GC
Phone Number:9962589935
Phone: 7045958873
CISSPs : 2
BS7799 / ISO27001 LAs : 6
CISAs : 2
DISAs / ISAs : 1
Any other information security qualification :
PCI QSA, CRISC, CEH, OSCP
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience
Duration with
S. in Qualifications related to
Name of Employee Zulon
No. Information Information security
Consulting
Security
1 Anshuman Dubey 16-Aug 7 ISO27001LA, ITIL.
ISO 27001 LA, ITIL
2 Hamza Qureshi 16-May 4 Foundation
3 Sharon Saldanha 16-Sep 4 CEH, CND, ESCA, CHFI
1. Rapid7 NeXpose
2. IBM Rational AppScan.
3. NESSUS.
4. GFI Languard.
5. Acunetix WVS.
6. QualysGuard.
7. BurpSuite.
8. MetaPacktPublishingoit.
9. Nikto.
10. Wikto.
11. BackTrack Security Distro.
12. Paros Proxy.
13. Nmap.
14. Exploits DB from “astalavista”, “packetstormsecurity”, “exploitdb” etc.
15. Google Hack DataBase.
16. Inhouse customized Scripts.
17. Zero Day Scripts / Exploits.
18. Other Tools (As when required by the type of work).
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt.:<number of>: 33
PSU:<number of>: 23
Private:<number of>: 48
Total Nos. of Information Security Audits done: 104
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
Network security audit: 14
Web-application security audit: 57
Wireless security audit: 01
Compliance audits (ISO 27001, PCI, etc.): 16
Mobile/API PT: 06
Data Migration Audit: 03
Cloud Security Audit 01
AUA KUA Audit 02
ITCR AUDIT 09
Software Licensing 01
Source Code Reviews 02
Special / other Audits 07
Concurrent Audit 18
TOTAL 137
6. Technical manpower deployed for informationsecurity audits:
CISSPs: 0
BS7799 / ISO27001 LAs: 5
CISAs: 6
DISAs / ISAs: 0
Any other information security qualification:
CISM,CISE, CCNA,CND CISC, CDAC (PG-DITISS),MSC
forensic science, Diploma in Cyber Law, CEH,CDAC
(ITSS),Networking, Win Ad & Linux, CHFI, ECSA,Internet
crime investigation.
Total Nos. of Technical Personnel: 23
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience in Qualifications related
Sr. Duration with
Name of Employee Information to Information
no. AQM
Security security
1 Madhav Bhadra 18 Years 18 Years CA,CISA, CISM
2 Ritesh Kotecha 12.5 Years 12.5 Years CA, CISA
3 Dhruti Patel 15 Years 15 Years CISA, ISO 2000
CISA, CISM, ISO 27001
4 Rasika Manoj Patil 3 Years 3 Years
LA
Sanjay Jitendra CISA, PG DCM, ITIL, ISO
5 2.5Years 18 Years
Parikh 27001 LA
CISE, CCNA, CEH,
6 Pravin Kumar Singh 2 Years 4.5Years
CYVECTOR
7 Pratik M Chotaliya 2 Years 2.6 Years ECSA, CEH, CND CISC
8 Shekhar Bhatnagar 2 Years 15+ Years MCSE, CCNA, CEH
9 Ruchika Agrawal 2 Years 2 Years CDAC (PG-DITISS)
Gaurav Kumar
10 1 Year 2.9 Years ISO 27001 LA
Naradmuni Pandey
MSC forensic science,
ISO 27001 LA, CCNA,
Kiran Prakash Joshi 1 Year 1 Year
CEH, LINUX
11 Administration
CEH v9, Cyber Law, ISO
12 Nimesh S Kacha 1 Year 1 Year
27001 LA
Mahesh Vaman
1 Year 1 Year CDAC (ITSS)
13 Harkulkar
Akash Bharat
14 1 Year 1 Year CDAC (ITSS)
Chavan
Chaitanya Santosh
1 Year 1 Year CDAC (ITSS)
15 Anant
16 Ashish Kumar Saini 3 Years 3 Years CDAC (ITSS)
17 Smita Sharma 1 Year 1 Year CDAC (ITSS), CEH v10
CEH, Internet Crime
18 Vrushali P. Shirke 1 Year < 2Years
investigation
CDAC (ITSS),
Sanjay Kumar Verma 2 Years < 3Years Networking, Win Ad &
19 Linux Admin
CEH, CHFI, ECSA, ISO
Ankit Sunil Sharma < 1 Year < 1 Year
20 27001 LA
21 Devender Tinwal < 1 Year < 1 Year CISA
Durgesh
22 < 1 Year < 1 Year CDAC (ITSS), CEH v10
PratapraoBadgujar
23 KajolMogra < 1 Year < 1 Year MSC forensic science
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
1. State level APEX &DCCBs (Single Tender)
1. Apex Bank – 1 No.
2. DCC Banks – 19 Nos.
2. Total Branches : 620 Branches
3. Scope of audits:
1. Application Audits (HO level)
2. Application Audits (Branches)
3. IT Control Review Audits
4. Network & Security Audits
5. Data Migration Audits
6. Risk Assessments
4. Project Value: ~ INR 17.7 million
Other Tools
Mobile application VAPT, Web Application VAPT, Server VAPT,
Kali Linux
Network + WiFI VAPT.
JD-GUI / DEX2JAR/
Mobile Application VAPT
APKTOOL/ Drozer/ MOBSF
POSTMAN Web services and API Testing automated tool
WireShark Network protocol analyzer
Metasploit Framework /
Exploit code development framework for Pentesting
Netcat
EchoMirage Thick Client VA & PT
11. Whether organization has any Foreign Tie-Ups? If yes, give details: No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)
Network security audit: <number of> -4-
Web-application security audit: <number of> -11-
Thick-client application security audit : <number of> -5-
Wireless security audit:<number of> -Nil-
Compliance audits (ISO 27001, PCI, etc.,):<number of> -2-
6. Technical manpower deployed for informationsecurity audits :
CISSPs : <number of> -Nil-
BS7799 / ISO27001 LAs : <number of> -10-
CISAs : <number of> -Nil-
DISAs / ISAs : <number of> -Nil-
Any other information security qualification:
M.Tech (Information Security) :<number of> -2-
M.Tech (Cyber Security) : <number of> -2-
M.Tech (Cyber Law & Information Security) : <number of> -1-
NPT :<number of> -2-
CEH:<number of> -4-
CCNSP :<number of> -2-
CHFI :<number of> -1-
ACE :<number of> -1-
Total Nos. of Technical Personnel : 21
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
Duration
Experience in
Sl. with Qualifications related to
Name of Employee Information
No. <BEL> in Information security
Years Security (in Years)
M.Tech (Information
1. Kunal Mohan Sadalkar 8 7
Security)
M.Tech (Information
2. Neeraj Kumar 5 7 Security), CHFI V8, ACE
3. Jagan Mohan Rao B 20 8 PMP, Trained on CISSP
PMP, ISMS LA, CCNSP,
4. Shylaja K 20 15 Trained on CCISO & CISSP
M.Tech (Software
5. Bhagya Lakshmi A N 15 4 Systems), PMP, ISMS LA,
NPT, Trained on CISSP
M.Tech (Cyber Security),
6. Poornima M 10 2
CEH
7. Swathi M D 9 4 CEH
8. Antony Benedict Raja G 9 5 CEH
9. Tarun Jain 9 5 Trained on CISSP
10. Deepak D 7 3 NPT, CEH
M.Tech (Software
11. AnushreePriyadarshini 4 1
Engineering), CEH
12. Akshatha S 0.7 0.7 -
M.Tech (Cyber Security),
13. SandeepGadhvi 0.7 1
ISMS LA
M.Tech (Cyber Law &
14. Viplav 0.7 0.5
Information Security)
15. Vaman A Naik 33 5 ISMS LA
16. Praveen Kumar H T 18 13 ISMS LA, CCNSP
17. Madhavi M 15 2 PMP, ISMS LA
18. Mrityunjaya P Hegde 9 3 PMP, ISMS LA
19. Srinivas T 26 8 ISMS LA
20. DeeprajShukla 10 4 ISMS LA
21. Padmapriya T 8 1 PMP, ISMS LA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Information Systems Infrastructure Audit of BEL-IS Ghaziabad comprising of Antivirus Server,
DC, ADC, Radius, WSUS, Nagios, BEL_Sampark-Intranet Mail server,Web applications,
Switches/Routers and Firewall for both Intranet and Internetwork.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 5
PSU : 25
Private : 20
Total Nos. of Information Security Audits done : 50
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 4
BS7799 / ISO27001 LAs : 10
CISAs : 5
DISAs / ISAs : 5
Any other information security qualification :
PhD (info Sec), GDPR, CSA-STAR, Certified Forensic Detectives, PIMS
Total Nos. of Technical Personnel : 24
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 3*
* We have some more projects, as we are under NDA, we cannot furnish at this
moment
Total Nos. of Information Security Audits done : 15+
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 6
BS7799 / ISO27001 LAs : 6
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 350+
Total Nos. of Technical Personnel : India 500+
and Global 8000+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience in
S. Duration with Qualifications related to
Name of Employee Information
No. <organization> Information security
Security
1 Mreetyunjaya Daas 3 Years 9 Months 10 + Years CEH
2 DevdattaMulgund 1 Year 10 Months 7+ Years CISSP
3 Ravindra Singh Rathore 1 Year 8 Months 5+ Years CEH
4 SanketBhogale 1 Year 9 Months 10+ Years CISSP
5 Ankit Tripathi 1 Year 8 Months 4+ Years
1. CEH
6 Mohit Jain 4 Months 10 + Years 2. ISO 27001-2013
3. ECSA
Vulnerability Management for one of the largest Telco Network Operator in India
Project:
Vulnerability management for one of the largest Telco network operator (Client) in India with
approximately 160 million customers.IBM as an IT security service provider manages the
security Assessment and Vulnerability management lifecycle for Client Applications and Network
infrastructure components.
Service Offerings:
Key Activities:
Highlights:
1. Project team performed review of current set-up and validated the scope for
Security Assessment activities. It included Applications and network infrastructure
assets
2. Defined the periodicity or recurring activities and scope of non-periodic ad-hoc
activities
3. Performed security assessment of applications and network assets in scope.
4. Delivered the report to relevant recipients including development team and client
security team
5. Document and track the status of issues. Govern the application team for closure of
issues in defined timeframe. Conducted meetings and knowledge transfer sessions
with development team to guide them for issue closure
6. Re-test the closure of issues and certify them for go ahead
Freeware : 14
Commercial : 4
Proprietary : 5
Total Nos. of Audit Tools : 23
Freeware:
1. Metasploit: Penetration Testing Framework
2. NMAP : Port scanner
3. RAT : Router and firewall benchmarking
4. Wireshark - Protocol analyzer
5. MBSA : Windows security assessment
6. Nikto : Web Applications security
7. SNMPWalk : Router and network management
8. CAIN &Able : Traffic sniffing and Password cracking
9. Brutus : Password cracking
10. JohntheRipper : Password cracking
11. W3AF: Application auditing framework
12. Maltego: Intelligence and forensics application.
13. Unicornscan: Port Scanner and Information gathering.
14. Aircrack
Commercial:
1. Nessus : Network Vulnerability Assessment
2. IBM Appscan : Web Systems & Applications security
3. BurpsuiteProfessional : Web Systems & Applications security
4. Nipper Studio : Network Device Configuration Review
Proprietary Tools:
1. Windows server Security assessment scripts
2. Unix/Linux/AIX server security assessment scripts
3. Oracle security assessment scripts
4. MSSQL security assessment scripts
5. ASP and Java Scripts : Web application assessment
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York
10504-1722, United States
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York
10504-1722, United States
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 20+
Total Nos. of Information Security Audits done : 20+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 3
CISAs : 1
Any other information security qualification:
CEH : 8
CISE :
CHFI : 1
CIPR : 1
C-CTIA : 2
C-ATPA : 2
ECSA : 1
Total Nos. of Technical Personnel : 20+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
NMAP, BURSUITE, NESSUS, RAPID7 NEXPOSE, METASPLOIT, SQLMAP, KALI LINUX, SIFT
WORKSTATTION, ENCASE, FTK, W3AF, ACUNETIX, NETSPARKER, WIRESHARK, RAINBOW
TABLES, AIRCRACK-NG, NETCAT, SCUBA DB VA SCANNER, ELK, ONAPSIS, REDLINE, IDA,
SNORT, CAIN & ABLE, ZAP, TCPDUMP, CANVAS, SET KIT, SQLNINJA, BeEF, SYSINTERNALS,
OPENVAS, NAGIOS, ETTERCAP, MALTEGO.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 10
PSU : 45
Private : 320
Total Nos. of Information Security Audits done : 260
5. Number of audits in the last 12 months, category-wise (Organization can add categories
based on project handled by them)
CISSPs : 2
BS7799 / ISO27001 LAs : 0
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification : -
Total Nos. of Technical Personnel : 9
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required) - NOT APPLICABLE FOR US.
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations,
etc.) along with project value.
Unilever Mobile Application Security Testing
550 Mobile Applications VAPT.
Project Value - 1.5 Crore INR.
Location - Unilever Industries. Tower A. The Business Precinct. Prestige Shantiniketan,
Bangalore, India.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Back
-Top-