Security ROI

Gandiva Networks consultants know it is difficult to decide where to spend money to secure your company's network.  Many vendors encourage IT managers to spend money on new security gadgets that their companies may not need.

The key to network security is in pinpointing where network problems exist, rather than simply throwing money at the problem.Unless the return on investment (ROI) is measured it is very difficult to determine whether the information security strategy is fit for purpose and aligned with the business strategy.

Unfortunately, many companies never even discover network vulnerabilities until an attack against their network has succeeded. A comprehensive network security assessment will enable you to discover existing vulnerabilities so that you may use your limited security budget in the most cost-effective manner.

Methodology

Gandiva Networks professionals will use many of the same tools and techniques used by malicious hackers to probe your company's network for vulnerabilities. Following the assessment, we will present a detailed analysis of any discovered vulnerabilities with a Threat Vulnerability Analysis ( TVA)  along with possible security control solutions. Once actual vulnerabilities are discovered, network security is no longer a guessing game. You have specific knowledge about which vulnerabilities need to be addressed for your network, allowing you to allocate your security budget more effectively.

Gandiva Networks uses ISO 17999 based methodologies to define security policy and controls for the organization. IT Security implementations are approached in a PDCA model             (Plan > Do > Check > Act)  for continuous process improvement and reaching  the security and maturity goals of the organization.

We look at Security both from a  tactical perspective  (technology centric) and strategic perspective  (risk centric approach).

Regulatory Compliance

Upon completion of the assessment phase, GNI progresses with a review of design and operational effectiveness of controls over the following areas:

• Physical security
• Logical security
• Personnel security
• Third-party security

One of the key challenges in today's context is that organizations are trying to implement Security Controls to comply with multiple regulations at the same time like SOX, HIPPA, PCI  etc.,   This sometimes leads to "re-inventing the wheel" syndrome. GNI Consultants would understand the various industry specific regulatory requirements and recommend processes and  controls which prevents this.

Most companies today seek an underlying control framework that they can use to map to multiple regulations

Implementation Services

For Network and Security controls Implementation and Migration projects Gandiva
handles them in a methodical fashion as follows. 

Requirements Gathering > Scope of Work > Project Plan

Staging > Deployment > Functional Testing > Performance Testing

Cutover > Monitoring > User Acceptance Test > Customer Signoff