Information Security services
The dynamic nature of security threats, the increasing complexity of information security infrastructure, regulatory compliances and the need for strong domain skills are driving more and more organizations to outsource their information security management to a trusted service provider. The challenge of the service provider lies in delivering a comprehensive managed security program. This program must addresses the technological needs of the customer, as well as the issue of alarming increase in security administration over head and cost of compliance and maximizing return on investments.

Sify’s offerings
Sify’s Enterprise Security services offerings are primarily based on the Information Assurance Framework shown here. The IAF approaches IA as a life cycle of continuous process and technology improvements. It consists of a set of modular solutions that fall into the areas of
Management
Operational
Personnel
Physical
Technical

Sify offers the following Governance Risk and Compliance services for customers in international markets
Governance Risk and Compliance Services
Enterprise Security Consulting Services
Information Assurance Services
Compliance Consulting Services
Business Continuity Management Services

Enterprise Security and Consulting Services

Vulnerability Assessment
Ethical Hacking Service (EHS)
Web Application Security Testing (WAST)
Secure Architecture Design (SAD)
Information Security Metrics
Security Policy and Procedures Design
Enterprise Security Assessment

Compliance Consulting Services

ISO 27001: Information Security Management Systems (ISMS)
ISO 20000: Information Technology Service Management (ITSM)
BS 25999: Business Continuity Management (BCMS)
Sarbanes-Oxley Act (SOX) Reviews
PCI Compliance (PCI)
Statement on Auditing
Standard No.70 Readiness Audit (SAS 70)
Other Compliance Services (HIPPA, GLBA, FDCPA, DPA, PCI Audits and CFR)

Information Assurance Consulting Services

Security Audit (SA)
Risk Assessment (RA)
Application Audit (AA)
IT Governance (ITG)
IS/IT Audit (ISA) / Information Security Assessment (ISA)
Internal Audit
Revenue Assurance Service (RAS)

BCM Consulting Services

BCP/DR Consulting
Identifying MCAs (Mission Critical Activities)
BCP Plan
Business Impact Analysis
Recovery Solutions

Governance Risk and Compliance Services
Today's business environment is marked by increased competition and the need for quicker and better information for decisions. In addition, the complexity of systems and the anonymity of the Internet present barriers to growth. Businesses and their customers need assurance that their decisions are based on information which is reliable. To take these decisions, Enterprises need to follow a Risk management process to address various security related issues. Enterprise Security and Risk management helps ensure effective reporting and compliance with laws and regulations, and helps avoid damage to the entity’s reputation and associated consequences.

Vulnerability Assessment (VA)
This service has been designed to determine the degree to which an enterprise’s critical information systems and infrastructure components are susceptible to intentional attack or unfortunate error as a result of weaknesses or vulnerabilities.

Ethical Hacking Service (EHS)
Ethical Hacking is a method of evaluating the security of computer systems or networks by simulating an attack by a hacker.

Web Application Security Testing (WAST)
Web Application Security Testing involves testing of web applications for security weaknesses in the web applications that has databases, application and accessed by both internal as well as
external clients.

Secure Architecture Design (SAD)
The Secure Architecture Design service involves understanding the level of security required by an organization to solve a specific business issue and then designing a security solution that meets requirements.

Enterprise Security Assessment (ESA)
The Enterprise Security Assessment service provides organizations with an overall view of how effectively their security plan is working and if they have the right security controls in place to protect critical information.

Security Policy and Procedures Design (POL)
This service enables organizations to define and articulate the organizational information security principles with clear roles and responsibilities within the organizational construct under a common reference model.

Information Security Metrics (ISM)
Security Metrics facilitate decision making and improve performance and accountability through collection, analysis, and reporting of performance-related data.

Compliance Consulting Services
Sify’s compliance consulting services
· Provide standards based Certification and Accreditation services delivered by experienced consultants.
· Apply the best practices gathered from C&A experience across multiple industry domains.
· Utilize internationally recognized project management methodologies and create streamlined reusable templates and management packages – to maximize cost and schedule efficiency, improve quality and reduce the risks of delays and budget overruns.

Compliance Consulting Services
ISO 27001: Information Security Management Systems (ISMS)
ISO 20000: Information Technology Service Management (ITSM)
BS 25999: Business Continuity Management (BCMS)
Sarbanes-Oxley Act (SOX) Reviews
PCI Compliance (PCI)
Statement on Auditing Standard No.70 Readiness Audit (SAS 70)
Other Compliance Services
HIPPA, GLBA, FDCPA, DPA, PCI Audits and CFR 11

Business Continuity Management Services
Business Continuity / Disaster Recovery Planning Service can help ensure the safety and security of the employees, along with critical business processes and the IT environment that supports those processes. It provides a strategic framework to identify the threats that can affect critical business functions and processes, and ensures that there is a planned and rehearsed response exists for any incident. The service is based on standards such as those from BS 25999, DRII, BCI, ISO 27001 and ITIL.

Sify’s BCP/DR services comprise of:
Comprehensive BCP/DR consulting
Identifying Mission Critical Activities (MCAs), RTO, RPO, etc
Risk assessment
Business Impact Analysis
Development of a comprehensive Business Continuity Plan and design and documentation of emergency evacuation procedures of the BCP architecture
Recommending IT infrastructure sizing for the alternate Site
Procurement and configuration of hardware and software infrastructure for alternate site
Developing system and operational procedures for business continuity during disaster
Connectivity fail-over solutions
Data backup and recovery solutions
Recommendations on data replication tools
DR Hosting space in Sify’s own ISO 27001 certified high availability data centres
Seating arrangements for customers in Sify’s data centres
BCP awareness training
BCP testing, conducting annual BCP/DR test drills
On-going infrastructure management (applications, database, OS, hardware, networking equipment and links)
24X7 expert help services, transparent online reporting

Information Assurance Consulting Services
Sify offers the following information assurance consulting services.

Security Audit (SA)
Based on industry best practices and standards such as COBIT, COSO, Trust services and IIA standards, this risk-based audit framework focuses on enterprise business drivers, associated security risks and the potential objective and subjective impacts on the enterprise.

Risk Assessment (RA)
Based on a holistic methodology that seamlessly combines industry standards and best practices such as COSO, ISO 13335, OCTAVE, NIST 800-30 etc., this unique methodology enables organizations to effectively and efficiently measure, manage and control their information security risks.

Application Audit (AA)
Application Audit service provides an objective examination of the controls that are built in the application system. This validates the fact that controls are designed to ensure that:
Data input is authorized
Valid Data is processed completely and accurately

IT Governance (ITG)
COBIT (Control Objectives for Information and related Technology) is designed as an Information Technology governance aid for the management in their understanding and managing of the risks and benefits associated with information and related technology.

IS / IT Audit (ISA) / Information Security Assessment (ISA)
Based on industry best practices and standards such as COBIT, COSO, Trust services and IIA standards, this risk-based audit framework focuses on enterprise business drivers, associated security risks and the potential objective and subjective impacts on the enterprise.

Internal Audit
An independent and objective assurance and consulting activity designed to add value and improve an organization's operations is conducted. The Sify Assure Team ensures that financial and operating information is accurate and reliable.

Revenue Assurance Service (RAS)
Revenue Assurance Services protect and optimize revenue and profit by ensuring that all revenue is billed completely and accurately in a timely manner. This is the process of rectifying revenue leakage while employing all asset resources to their maximum capacity to achieve maximum revenue.

Key Differentiators
Team
Team of experienced professionals from BFSI / IT / ITES, Manufacturing and Telecom verticals
Experienced CISA, CISM, CISSP and CBCP certified professionals
Methodology
Well-defined processes for each service
100% success rate in client certification
End-to-end enterprise security and risk management services
Benchmarking against best practices as a value-added service infrastructure