Formerly known as Acquisory Risk Consulting Pvt. Ltd.
Excedor IT Risk Consulting Pvt. Ltd.
In this day and age of ever-increasing cyber threats, every organization must have a robust information security management system (ISMS) in place to manage and safeguard sensitive information. Excedor uses a systematic and structured approach to help organizations design and implement a holistic, customised ISMS that meets their specific information security requirements.
Excedor begins the exercise with an exhaustive Planning phase which involves:
• Comprehensive Gap Analysis to determine the difference between the current and required security levels. The gap analysis helps Excedor identify areas that need to be revamped to comply with relevant standards and best practices.
• Information Classification to categorise your information assets by focusing on the damage or loss that can result from its disclosure....
Excedor begins the exercise with an exhaustive Planning phase which involves:
• Comprehensive Gap Analysis to determine the difference between the current and required security levels. The gap analysis helps Excedor identify areas that need to be revamped to comply with relevant standards and best practices.
• Information Classification to categorise your information assets by focusing on the damage or loss that can result from its disclosure. Excedor uses the classification as the foundation for creating rules to ensure that each category of asset receives the requisite level of protection.
• In-depth Risk Assessment of each information asset helps Excedor to uncover any threats to the asset and/or its own vulnerabilities. This involves understanding the impact of the identified threat or vulnerability on each touchpoint of your information ecosystem. Risk assessment is a crucial phase of building an ISMS as it helps determine optimal ways to mitigate the identified hazards.
• Risk Treatment and Control is perhaps the most strategic component of risk management. Excedor’s risk treatment options enable you to avoid, mitigate, and transfer risks or to accept a risk, as appropriate. In addition to covering IT, the risk mitigation controls we design encompass the gamut of operations from the physical environment to legal and human resource components.
• Policy and Procedures delineate who is to do what in every situation. This helps in socializing the risk management framework within the organisation and helps team members take responsibility.
Excedor ensures that its risk management framework covers all areas: technology, process and people. Technology covers both hardware, software and networking, while process involves devising practices and policies that safeguard information, such as formulating and implementing access control policies. Finally, there is the human element and risk management requires defining how people handle, store, and share information.
In addition, Excedor also creates and conducts training programs to enable all stakeholders to effectively use the ISMS.
Excedor conducts an audit 30 to 60 days after the ISMS is implemented. This audit is used to ensure that the organization is following the processes, policies and protocols that were implemented, and identifies pain points and vulnerabilities, if any. Excedor refines the ISMS to address any findings and further strengthen the organisation’s risk management.
The ISO: 27001 certification helps boost an organisation’s reputation. Excedor’s stringent implementation of ISMS standards facilitate the certification process for organizations that choose to acquire the ISO 27001 certification. We also handhold the organisation during its preparation for external certification audits.
An outdated ISMS nullifies the benefits of implementing one. Therefore, Excedor has devised Managed Information Security Services and Sustenance solutions to preserve the momentum of your information security initiative.
We align ourselves closely with your internal ISMS team to facilitate the smooth functioning of the ISMS...
An outdated ISMS nullifies the benefits of implementing one. Therefore, Excedor has devised Managed Information Security Services and Sustenance solutions to preserve the momentum of your information security initiative.
We align ourselves closely with your internal ISMS team to facilitate the smooth functioning of the ISMS. We collect relevant metrics from each segment of your organization to discover any lacunae in following the ISMS precepts and recommend remedial measures such as changes in technology, processes, and/or people-oriented controls to immediately redress the discerned issues.
In addition to technology penetration , our Managed Information Security Services and Sustenance experts create a road map for the continuous improvement of your information security landscape to reinforce its ability to counteract new threats.
With the growing trend of outsourcing business operations, it is now incumbent on organizations to bring third-party service providers within the ambit of the organizations’ information security frameworks. While relevant controls are often embedded in service covenants, it is essential to monitor if the providers are adhering to the controls.
Excedor employs the failure mode effects analysis (FEMA) to thoroughly assess the risks of your outsourcing options.
With the growing trend of outsourcing business operations, it is now incumbent on organizations to bring third-party service providers within the ambit of the organizations’ information security frameworks. While relevant controls are often embedded in service covenants, it is essential to monitor if the providers are adhering to the controls..
Excedor employs the failure mode effects analysis (FEMA) to thoroughly assess the risks of your outsourcing options. Using the results of the analysis, we define the minimum security criteria for onboarding vendors. .
We also evaluate and classify your existing partners according to their ability to successfully manage transferred risks. Excedor creates an audit checklist of requisite controls—based on best practices or vendor agreements—and ascertains if the vendors are maintaining the stipulated controls. We devise optimal strategies to systematically implement any missing controls and secure your organization against extrinsic risks.