Bizinfosec LLP: Bolstering Business Information Security

CIO Vendor starting off in 1980s as a key IT professional at Bank of Maharashtra to becoming the Head of Systems Audit and Information Security at ICICI Bank, Mr. Shirish Ketkar has adorned many business critical roles. Along with being a speaker at various institutes and organisations like the RBI, ICAI, NIBM, and ISACA Chapters in India and outside etc., he heads Bizinfosec LLP as the Chairman and Managing Director with a team of three professional directors - Mr. Sandeep Moghe, Mr. Subhash Salian and Mr. Shashank Ketkar - and has taken information security services to the next level of efficiency and completeness.

Bringing forth a rich legacy of successful execution of hundreds of projects and an enviable list of clientele in India and outside which includes HDFC Bank, AXIS Bank, ICICI Prudential, ICICI Prudential AMC, UTI AMC, JM Financial, Reliance Capital Group, Saraswat Bank, TOYO India, OMAN Government and many more large enterprises, Bizinfosec provides a plethora of services and products which help address security concerns revolving around Governance, Risk and Compliance in an increasingly hostile business environment. Bizinfosec provides Information Security Consulting, ISO-27001:2013 facilitations, Systems Audit, Vulnerability Assessment and Penetration Testing, Automated Data Migration Audits and Virtual CISO services.

Bizinfosec has engineered three unique applications that automate the configuration audit of hundreds of information assets such as operating systems, databases and routers and switches.

OSCARE (Operating System Control Assessment & Risk Evaluation), DBCARE (Data Base Control Assessment & Risk Evaluation) and NEAT (Network Equipment Audit & policy compliance Tool). These proprietary appli-cations help ensure compliance to various guidelines and standards, such as CIS, ISO- 27001, PCI-DSS, RBI-IRDA-NSE-BSE and best practices for various Operating Systems (Windows 2008, 2012, 7,8,10, Solaris, AIX, HP-UX & Linux), Databases (Oracle, MS-SQL and MYSQL) and Routers-Switches (CISCO, Techroutes, Fortinet and Maipu). These Applications provide reports on various registry values, patches; password and audit policies, users and groups with privileges, last password change dates, default
and weak passwords, status of various services, status of devices like USB - CD, Anti Virus, sharing attributes, list of software installed and uninstalled for IPR checking, ACLs and much more. These automated applications, bring in the dexterity to audit reports of hundreds of devices within just a few minutes.

Bizinfosec has also developed two Governance applications - SecuRET (Security Risk Evaluation and Treatment)and InfrAAA (Infrastructure Authentication, Authorisation and Auditing).

Bizinfosec provides a plethora of services and products which help address security concerns revolving around Governance, Risk and Compliance in an increasingly hostile business environment

Secu-RET helps ensure compliance to the ISO- 27001:2013 standard by facilitating asset inventory, threat master, control master, process master, risk assessment, Statement of Applicability, various MIS reports and also provides for recording of change management, incident management and movement of assets.

InfrAAA is yet another major governance application which meets organizations’ requirement for ensuring identity, authorization and accountability over accesses by administrator teams to various information assets like business applications, databases, operating systems, routers, switches and firewalls. While providing the facility of "single sign on" InfrAAA also provides for device wise and administrator wise audit trails for establishing accountability.

All these applications have attained maturity and stability in the market. Bizinfosec is looking out for partners to reach the international market.Presently, Bizinfosec is working on developing new applications for Operating Systems, Databases and Router Switches to ensure “Continuous Configuration Compliance” through monitoring of changes to the configurations of various devices.