Beruflich Dokumente
Kultur Dokumente
The List of IT Security Auditing Orgnisations, as given below, is up-to-date valid list of CERT-In
Empanelled Information Security Auditing Orgnisations. This list is updated by us as soon as there is
any change in it.
B4 Laxmi Niwas, Opp Gokhale Hall (Bedekar School), BPD Road, Naupada, Thane (W) 400602,
Maharashtra, India
Ph : +91-9870484240 / +91-9324210232
Fax: Not available
Contact Person : Ms Tasneam V / Mr Murtuza Laheri
E-mail : tasneam[at]imperiumsolution.com / murtuza[at]imperiumsolution.com
36. M/s IBM India Pvt. Ltd
NSIC Campus,
Software Technology Park Extn,
Okhla Phase III,
New Delhi - 110020
Contact person:Mr. Srivathsan Sridharan, Vice President- Sales
Mobile: 9599057764
Email: sri.s[at] lucideustech.com
41. M/s Locuz Enterprise Solutions Ltd
Shilpa Vidya 49, 1st Main, 3rd Phase, JP Nagar, Bangalore- 560078
Website URL: www.paladion.net
Ph : 080-42543444
Fax: 080- 41208929
Contact Person: Mr. Amit Tewari, Sales Manager
Mobile: +91 09910301180
E-mail : amit.tewary[at]paladion.net
62. M/s Robert Bosch Engineering and Business Solutions Private Limited
Shri Milind Dharmadhikari , Practice Head - IT Risk & Security Management Services
2nd Floor, SumaCenter,
Opposite Himali Society,
Erandwane,
Near Mangeshkar Hospital ,
Pune, Maharashtra 411004
Email: infosec[at]sumasoft.net
Mobile: 9870006480 , 9822600489
Corporate Office :A-302 & A-303, Oxy Primo, Gate No. 599, Bakori Phata,
Pune-Nagar Highway,Opp. Jain College, Wagholi, Pune-412207, Maharashtra, India.
Ph: 2040222891
Fax: 2040222891
Contact Person : Shrushti Sarode
Email : shrushti[at]varutra.com
Mobile: 840 8891 911
Wipro Infotech,
480-481, Udyog Vihar, Phase-III,
Gurgaon, Haryana
Ph No: 0124-3084000
Fax : 0124-3084269
Contact Person : Mr. Prabir Kumar Chaudhuri
Mobile : +91 9818600990
Fax: 0124-3084269
E-mail : prabir.chaudhuri [at]wipro.com
Postal address: No 80, 3rd Floor, BOSS SQUARE, 1st Cross, 2nd Main, BTM 2nd Stage,
Bangalore, Karnataka, INDIA 560076
Ph : +91 80 50271700/01
Contact Person : Reena Ramachandran, Director
E-mail :info@wings2i.com
87. M/s Xiarch Solutions Pvt Ltd
Govt. : 300+
PSU : 100+
Private : 25+
Total Nos. of Information Security Audits done : 425+
CISSPs : 5+
BS7799 / ISO27001 LAs : 30+
CISAs : 20+
DISAs / ISAs : 5+
Any other information security qualification : 40+
Total Nos. of Technical Personnel : 80+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Information Security Audit including SAP Audit for a Municipal Corporation for above Rs. 4.5
Crore
Consultancy for Implementing ISO 27001 for 17 Data Centers across India including
Vulnerability Assessment and Penetration Testing for Rs. 54.57 Lakhs
Commercial
i. Acunetix
ii. Core Impact
iii. Nessus Pro
iv. Nipper
v. Burp Suite
vi. Idea
Freeware
i. Nmap
ii. DOMTOOLS - DNS-interrogation tools
iii. Nikto - This tool scans for web-application vulnerabilities
iv. Firewalk - Traceroute-like ACL & network inspection/mapping
v. Hping – TCP ping utilitiy
vi. Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files,
etc.). facilitate the interception of network traffic normally unavailable to an attacker
vii. HTTrack - Website Copier
viii. Tools from FoundStone - Variety of free security-tools
ix. SQL Tools - MS SQL related tools
x. John - John The Ripper, Password-cracking utility
xi. Paros - Web proxy for web application testing
xii. Wikto - Web server vulnerability assessment tool
xiii. Back Track
xiv. Meta Sploit
xv. Ethereal - GUI for packet sniffing. Can analysetcpdump-compatible logs
xvi. NetCat - Swiss Army-knife, very useful
xvii. Hping2 - TCP/IP packet analyzer/assembler, packet forgery, useful for ACL inspection
xviii. Brutus – password cracking for web applications, telnet, etc.
xix. WebSleuth - web-app auditing tool
xx. HTTPrint – detect web server and version
xxi. OpenVas
xxii. W3af
xxiii. Owasp Mantra
xxiv. Wire Shark
xxv. Ettercap
xxvi. Social Engineering Tool Kit
xxvii. Exploit database
xxviii. Aircrack-Ng
xxix. Hydra
xxx. Directory Buster
xxxi. SQL Map
xxxii. SSL Strip
xxxiii. Hamster
xxxiv. Grimwepa
xxxv. CAIN & Able
xxxvi. Rips
xxxvii. Iron Wasp
xxxviii. Fiddler
xxxix. Tamper Data
Proprietary
i. AAA - Used for Finger Printing and identifying open ports, services and
misconfiguration
ii. Own developed scripts for Operating System
iii. Own developed scripts for Database Audit
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 6
PSU : 2
Private : 33
Total Nos. of Information Security Audits done : 41
Billing Audit 1
Total 41
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations Refer Annexure II
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value. Refer Annexure_III & Purchase order copies attached.
Back
ANNEXURE – II
Details of technical manpower deployed for information security audits in Government and
Critical sector organizations
Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value.
Scope includes
1. IS Audit of Application Controls - Evaluating the
adequacy and effectiveness of controls in a particular
application
2. IT Environment Review - Evaluation of controls
addressing the general risks associated with the
operation of information technology viz. change
control, disaster recovery, physical upkeep of the
surroundings such as cleanliness, physical access to
the computers, fire-fighting readiness, etc.;
3. IT Technical Review - Evaluation of the network
architecture and the vulnerability of the IS
environment to the risks such as unethical hacking,
etc.
a) Information System Security Policy
(ISSP)
b) Implementation of ISSP
c) Physical Access Controls
Sr. Client Name Project Title Particulars of Projects
No.
d) Operating System Controls
e) Database controls
f) Network Management
g) IS Audit Guidelines
• IT Management Controls
• Certification, Accreditation and Security Assessment
• Planning
• Risk Assessment
• System and Services Acquisition
• IT Operations Controls
• Awareness and Training
• Configuration Management
Sr. Client Name Project Title Particulars of Projects
No.
• Contingency Planning
• Incident Response
• Maintenance
• Media Protection
• Physical and Environmental Protection
• Personnel Security
• System and Information Integrity
• IT Technical Controls
• Access Controls
• Audit and Accountability
• Identification and Authentication
• System and Communications Protection
• Short term
• Medium Term
• Long Term
• Consortium/Syndicated Loans
v. Trade Finance – non-fund based
• Letter of credit
• Bank Guarantee
• Deferred Payment
x. Government Business
• Pension payments (State / Central / Railways)
• Direct Tax collection
• RBI Relief Bonds
• Indirect Tax - Excise
Sr. Client Name Project Title Particulars of Projects
No.
xii. Miscellaneous Services
• Locker Services
• Merchant Banking Services
• Dividend/Interest/Refund Warrants
• Agency Arrangement with other Banks
A. Functionality perspective:
B. Controls perspective
Compliance Test
The auditor will use Quick Test Pro (QTP) for the purpose
Sr. Client Name Project Title Particulars of Projects
No.
of auditing the application
Data Migration Audit
Scope of work
Back
ANNEXURE- IV
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt : 1100
PSU : 80
Private : 300
Total Nos. of Information Security Audits done : 1330
CISSPs : 02
BS7799 / ISO27001: 12
CISAs : 06
DISAs / ISAs : 00
CEH/CCNA/CASP/MBCI/OSCP 50+
Total Nos. of Technical Personnel : 75+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8.
Anil Kumar Murkha Mar 2016 4.0 CEH
9.
Yogendra Singh May 2016 8.0 CEH
10.
Siddharth Shukla Jan 2015 5.0 CEH
11.
Aniket Prasad Oct 2016 3.0 CEH, ISO 27001 LA
12.
Pragya Varshney Jun 2016 4.0 CEH, ISO 27001 LA
13.
Raghwendra Kumar Sep 2016 3+ CEH
14.
Mahesh L Singh Jan 2017 3.0 CEH
15.
Rohit Singh Chauhan June 2017 2+ CEH
16.
Viswanathan G. Jan 2018 2.0 CEH
17.
Rupika Feb 2018 2.0 CEH
18.
Akshay Kumar K Mar 2018 4.0 CEH
19.
Vaibhav Mittal Sep 2018 1.0 CASP
20.
Akshay Bajaj Aug 2017 2+ CEH
21.
Rahul Kumar Singh Aug 2017 2+ CEH
24.
Himanshu Dubey Dec 2017 2.0 CEH
25.
Amit shrivastava Mar 2018 2.0 CEH
26.
Pankaj Singh Nov 2017 4.0 CEH
27.
Sonu Sahu Sep 2018 1+ CEH
28.
Mayank Agrawal Jan 2018 2.0 CEH
29.
Parthsarthi Biswal May 2018 2.0 CEH
30.
Deepika June 2018 2.0 CEH
31.
Shreya Srivastava June 2018 2.0 CEH
32.
Snehita July 2018 2.0 CEH
33.
Sheela Aug 2018 2.0 CEH
34.
Pritam Das Aug 2018 2.0 CEH
35.
Faisal Shadab Sep 2018 2.0 CEH
36.
Jyoti Sharma Oct 2018 1.0 CEH
37.
Akankhyu Dixit Oct 2018 1.0 CEH
38.
Sunil Kumar Jan 2017 5+ CEH
39.
Shiva Sunar June 2016 4.0 CEH, ISO 27001
40.
Onkar Babar Sep 2013 6+ CEH, ISO 27001
43.
Kunal Mahar Feb 2018 4+ CEH
44.
Nilesh Yadav May 2018 2.0 CEH
45.
Gurpreet Singh June 2018 2.0 CEH
46.
Ankur Kumar June 2018 2.0 CEH
47.
Suyog Sheode May 2018 2.0 CEH, ISO 27001 LA
48.
Aakash Verma Sep 2018 4.0 ISO 27001 LA, ACE
49.
Arjit Agrawal Jul-15 4+ CASP
50.
Piyush Garg Jun 2016 4.0 CASP
51.
Antony Ukken Jun 2018 2.0 CASP
52.
Ankur Upadhyay Jun 2018 2.0 CASP
53.
Bhupendra Koshariya Nov 2019 3.0 CHFI
54.
Arnav Shukla Jan 2019 1+ CEH
57.
Raghav Charan Mishra Feb 2019 4+ ISO:27001 LA, ACE
58.
Bhumi Bobde Mar 2019 2+ CASP
59.
Shubham Bhargava Mar 2019 3+ ISO 27001 LA
60. 1+
Sachin Singh Apr 2019 CEH
63.
Tarun Grover June 2019 1+ CASP
64.
Abhishek Choudhary June 2019 1+ CASP
65.
Amit Kumar July 2019 3.0 CEH
66.
Rishi Raj Oct 2019 2+ CASP
67.
Shubham Saxena July 2019 1+ CEH
68.
Ome Mishra July 2019 1+ CEH
69.
Prashant Thakur July 2019 1+ CEH
70.
Aviral Jain July 2019 1+ CEH
71.
Rupanshi Sharma Aug 2019 1+ CASP
72.
Sahil Verma Aug 2019 1+ CASP
73.
Sachin Sharma Aug 2019 1+ CASP
74.
Nitin Sharma Oct 2019 1+ CASP
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Carrying out Cyber Security Audit for one of the National Level Power Sector Project
including audit of SCADA system, Project value is approx. 1.3 Crore
• Carried out Infrastructure, Process & Security Audit of one of the competition exam
conducted online. Total Number of Nodes were approx. 2,00,000. 31 different cities
with 276 locations. Project value was approx. 70 Lakh
• Carried out IT Security Audit, ISO 25000 for one of the International Stock Exchange.
Project value was approx. 43 Lakhs.
Freeware Tools
Commercial Tools
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
*Information as provided by AKS Information Technology Services Pvt. Ltd. on 20th Dec 2019
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 02
PSU : 00
Private : 147
Total Nos. of Information Security Audits done : 149
CISSPs : 07
BS7799 / ISO27001 Las : 14
CISAs : 06
DISAs / ISAs : 00
Any other information security qualification :
CEH – 106, OSCP - 17
Total Nos. of Technical Personnel : 418
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
One of the Major Telecom giant in India (we cannot share the client details as we have signed NDA).
Complexity : Project involved Network Security assessment, VAPT of Web application, Mobile
application, configuration review, Physical security, Risk Assessment, API Security assessment, Policy
& Procedure review, Architecture review, Secure code review.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Mumbai
Gurgaon
Jersey City
Canada Ottawa
400−1565 CARLING AVENUE, OTTAWA,
ONTARIO CANADA K1Z 8R1.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 52
PSU : 3
Private : 81
Total Nos. of Information Security Audits done : 137
CISSPs : 1
BS7799 / ISO27001 LAs : 4
CISAs : 4
DISAs / ISAs : O
Any other information security qualification : CEH – : 5
Total Nos. of Technical Personnel : 17
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (indicative list only)
S. Name of Duration with Experience in Qualifications
No. Employee <organization> Information related to
Security Information security
1 Pankaj Thakur 5 years 7 years CEH
2 Mathew Verghese 5 years 11 Years - CISA - ISO 27001 LA
3 Debopriyo Kar 28 years 21 years CISA - Technical
Expert for JAS-ANZ
(Australia) - IRCA
Certified ISO 27001 -
COBIT Foundation
Certified
4 Pramod Pant 15 years 21 years CISSP , ISO 27001
And Many More…
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value:
S. Commercial / Open
No. Tool Name Source
1 Nessus Professional Commercial
2 Qualys Guard Commercial
3 Burp Suite Commercial
4 Acunetix vulnerability scanner Commercial
Commercial / Open
5
Nipper Source
6 Kali Linux - PT Framework Open Source
7 CIS Benchmark Open Source
8 CyberQ Proprietary Checklist
11. Whether organization has any Foreign Tie-Ups? If yes, give details : NO
*Information as provided by M/S CYBERQ CONSULTING PVT LTD. 19th Dec 2019, New Delhi
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 1
PSU : 3
Private : 100+
Total Nos. of Information Security Audits done : 500+
CISSPs : 8
BS7799 / ISO27001 LAs : 25
CISAs : 8
DISAs / ISAs : 0
Any other information security qualification:
ISO27001 LIs : 11
CEH : 17
PCI QSA : 20
PA QSA : 4
PCI P2PE QSAs : 4
PCI 3DS Assessors : 4
PCI PIN Assessors : 2
HiTRUST CSF : 5
CSA STAR : 1
ASV : 5
CISM : 6
CCNA : 4
ITIL : 8
ECSA : 2
OSCP : 3
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Commercial:
Netsparker
Checkmarx
Tenable Nessus
Rapid7 Nexpose
QualysGuard
Burp Suite Professional
Nipper
Proprietary:
ControlCase GRC - ControlCase GRC is a consolidated framework that quickly and cost-
effectively enables IT governance, risk management and compliance (GRC) with one or
several government or industry regulations simultaneously. It allows IT organizations to
proactively address issues related to GRC and implement a foundation that is consistent and
repeatable.
ControlCase Compliance Manager (CCM) - Built upon the ControlCase GRC (CC-GRC)
platform and provides an integrated solution to managing all aspects related to compliance.
CCM allows organizations to implement the processes, integrate technologies and provide a
unified repository for all information related to Compliance.
Card Data Discover (CDD) - ControlCase Data Discovery (CDD) addresses key need of
Credit Card Data Discovery and is one of the first comprehensive scanners that not only
searches for credit and debit card data on file systems, but also in most commercial and open
source databases, and all this searching is done WITHOUT installing any agents on any
scanned system. It scans the whole enterprise from one location.
ControlCase Compliance Scanner - ControlCase Compliance Scanner allows QSAs/Auditors
and consultants to streamline and automate the process of evaluating PCI compliance during
onsite engagements. Results from leading vulnerability scanners and application scanners,
along with cardholder data search features are processed by the Compliance Scanner to pre-
populate approximately half the controls of PCI DSS.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 15+
PSU : 15+
Private : 90+
Total Nos. of Information Security Audits done : >120
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)*
13. Suhas Ranjan 1.5+ years 10+ Years • ISO 27001:2013 Lead
Auditor
• Advanced Auditing for
CSA STAR Certification
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Third Party Audit for State Wide Area Network and State Data
Centres(Vulnerability Assessment - 500+node).
Freeware
Commercial
Proprietary
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Ernst & Young LLPis registered in India with Registrar of Companies under Ministry
of Corporate Affairs. EY has its 700 offices in 150 countries which provide services
across Assurance and Advisory Business Services, Tax, Transaction Advisory
Services.
Address
25 Churchill Place
Canary Wharf
E14 5EY London
phone: +44 20 7951 2000
fax: +44 20 7951 1345
13. Locations of Overseas Headquarters/Offices, if any : Yes,
Ernst & Young LLPis registered in India with Registrar of Companies under Ministry
of Corporate Affairs. EY has its 700 offices in 150 countries
Back
napshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 37
Total Nos. of Information Security Audits done : 37
CISSPs : 2
BS7799 / ISO27001 LAs : 4
CISAs : NA
DISAs / ISAs : NA
Any other information security qualification : 32
Total Nos. of Technical Personnel : 38
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Out of 25+ large projects of Netmagic, one of the largest and complex project was to carry out
Information Security with following detail scope.
Open Source
• Webscarab/Paros/Burp
• Grendle scan/Nikto/w3af
• KALI Linux
• Dir buster
• WebSecurify
Commercial
• Nessus
• Hacker Guardian
• Netgear Wi-Fi Scanner
YES. Oversight through formal contract and purchase order terms and conditions
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
NTT Limited
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
CATEGORY: ASSESSMENT
Subcategory:Technical Security Assessments
Network Security: Yes
Web Applicationand Web Services Security: Yes
Mobile Application / Thick-Client: Yes
Source Code Review: Yes
Infrastructure VAPT, PCI ASV Scanning: Yes
VOIP and IVR Testing: Yes
Configuration Review (Operating Systems, Databases, Network Devices): Yes
Configuration Review (Security Solutions such as PIM, DAM, WAF, etc.): Yes
Wireless Security Audit: Yes
Subcategory: Auditing:
a. IT Security Audit: Yes
b. Information Systems Audit: Yes
c. Infrastructure Audits: Yes
d. Network security audits: Yes
e. Internal Audits for ISMS, BCMS, Cloud Security: Yes
f. Cyber Security Audits: Yes
g. Regulatory Compliance Audits for all regulators: Yes
h. GDPR Assessment: Yes
i. IOT/ SCADA maturity assessments based on NIST: Yes
j. SWIFT CSP Audits: Yes
k. HIPPA third party assessment: Yes
l. Third Party Audits/ Vendor Risk Management: Yes
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Requirement / Scope: In late 2018, the client asked us to help them dramatically improve
their cybersecurity readiness by achieving a cybersecurity maturity model across the 5
business units using combination of frameworks, standards and regulatory compliance
controls. These controls had never been applied at scale across their 75 power plants and was
thought to be too high a bar for application to these systems. However the client wanted to
maintain a consistent program across both IT and OT and, hence, established the same
objective for all of their assets.
During the 6-month project we worked hand in hand with the client to not only establish a
comprehensive IT/OT convergence cybersecurity program in their OT environment, but to also
build a sustainable, dynamic compliance and security management road map with integrated
cybersecurity blueprint of their digital transformation journey. Assessment and Risk Road map
provided them visibility into their gaps, vulnerabilities, risk posture and design flaws. Our
Security Assessment and Program ensured compliance but also captured value from their
investment, speeds resolution of emerging events and provides unparalleled visibility into
otherwise disconnected practices.
Leveraged the tool to make changes to assets and networks – e.g., removal of
decommissioned/unnecessary software across all sites, elimination of unnecessary
services and ports, implementation of complex passwords on devices where feasible, etc.
Record technical feasibility exceptions for any devices where the control was not feasible,
and develop compensating controls in their place
Creation/revision of procedures for areas such as patching, change management, etc.
Lockdown application whitelisting
Leverage the assessment tools installed in phase 1 to provide ongoing assessment in real
time – e.g., patch updates, new asset discovery, change management alerting, etc.
1. Qualys
2. Nessus
3. BurpSuite
4. Firesec
5. Checkmarx
6. Kali Linux Suite
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
We have partnered with various international security solutions which we are reselling and / or
providing support in the region. Some of the 3rd party products are:
1. IBM QRadar
2. HP ArcSight & Fortify
3. Qualys
4. Tenable Nessus
5. Appknox
6. Checkmarx
7. TripWire
8. Cylance
9. CyberArk
10. CyberX
USA
Network Intelligence LLC
16192, Coastal Highway,
Lewes, Delaware 19958,
County of Sussex
UAE
Network Intelligence India Pvt Ltd
803, Blue Bay Tower, Business Bay,
Dubai, United Arab Emirates
Singapore
Network Intelligence Pte Ltd
30 Cecil Street
#19-08 Prudential Tower
Singapore (049712)
*Information as provided by Network Intelligence India Pvt. Ltd. on 23rd December 2019
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 5
PSU : 1
Private : 25+
Total Nos. of Information Security Audits done : 50+
CISSPs : 1
BS7799 / ISO27001 LAs : 1
CISAs : 1
DISAs / ISAs : <number of>
Any other information security qualification :
Other security certifications are mentioned below in Clause 7
NSCE : 1
CEH : 15
CCNA : 3
Net Square also runs its own certification program called Net Square
Certified Expert (NSCE). Details of this are also available from the
contacts provided above.
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
This is confidential information. Kindly contact us on the contact details provided above
for details of technical manpower.
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Net Square takes its non-disclosure agreement with customers very seriously and
therefore is in no position to share this information. Kindly contact us on the contact
details provided above for customer testimonials.
10. Outsourcing of Project to External Information Security Auditors / Experts:(If yes, kindly
provide oversight arrangement (MoU, contract etc.) : Yes,
this is done based on the requirement of client and fitment of a partner with whom Net
Square has partnership agreements. Since these agreements are governed by Non-
Disclosure clauses, we cannot provide such information on a public domain. We bring in
the right partner to the table when we see a need for one.
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes. Cannot provide
details due to Non-Disclosure agreements with our foreign partners.
*Information as provided by Net Square Solutions Private Limited on February 24, 2019
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 10+
BS7799 / ISO27001 LAs : 25+
CISAs : 10+
DISAs / ISAs : 5+
Any other information security qualification : 50+ CEH
Total Nos. of Technical Personnel : 700+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required):
We have 700+ technical personnel who are into information security projects. Here
are a few of them-
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value.
We execute 500+ projects each year globally. Here are a few of them-
e) Host discovery
b) Security Monitoring
c) Threat Advisory
4 Application Security Assessment Burp Proxy and Scanner, Paros Proxy and Scanner,
Wireshark, Winhex, , CSRF Tester, Elixan, OpenSSL,
tHCSSLCheck, Firefox Extensions, NetSparker
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 50+
PSU : 10+
Private : 250+
Total Nos. of Information Security Audits done : 300+
CISSPs : 5+
OSCP : 10+
CEH : 50 +
BS7799 / ISO27001 LAs : 80+
CISAs : 12+
DISAs / ISAs : None
Any other information security qualification : 500+
Total Nos. of Technical Personnel : 600+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
We have over 600 + technical manpower involved in Government & Critical Sector
organizations across organization. For a reference purpose we are sharing details of 10
resources here below. Additional resource details can be submitted if required.
· CISSP
· BS7799 Lead Auditor
14 years 10
1 Rahul Aggarwal 19 years · ISO 20000 Lead Auditor
months
· ISO 22301 Lead Auditor
· ISO 27001 Lead Auditor
· CISSP
· CIPP/US
CIPP/E
· DCPP
5 years 7 · CEH
2 Rajinder Singh 14 years
months · BCCS
· CISRA
· CCNA
· ISO31000
· ISO27001
CISM
CISSP
CISA
GIAC Certified Incident Handler
(GCIH)
COBIT
3 VikasSood 2 years 27 years
TOGAF
CHFI
CEH
ECSA
LPT
ISO 22301
7 years 2 · CEH
4 Manish Gupta 9 years
months · Oracle certified Java Professional
· OSCP
4 years 1
5 Ankit Goel 10 years · CEH
month
· OWASP Member
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
PwC PL has done more than 100 Cyber security project in India in last 1 year. Some of the
projects are-
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
STQC Directorate,
6 CGO Complex and STQC IT Centers at Delhi, Kolkata, Mohali, Pune, Bangalore, Hyderabad,
Trivandrum, Chennai.
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
Network security audit : 16
Web-application security audit : 90
Wireless security audit : Nil
Compliance audits (ISO 27001, PCI, etc.) : 12
8. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value. 28 number of Important Government website hosted at various
locations.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
Network security audit : 28
Web-application security audit : 40
Wireless security audit : 10
Compliance audits (ISO 27001, PCI, etc.) : 7
CISSPs : 1
BS7799 / ISO27001 LAs : 17
CISAs : 1
DISAs / ISAs : NIL
Any other information security qualification : 15
Total Nos. of Technical Personnel : 5
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Large Global Presence Hotel- 95 hotels, both network and web applications, Across
the globe.
Project value : RS 120,00,000.00 (1.2 Crores)
Freeware –
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Sysman Computers
312, Sundram, Rani Laxmi Chowk, Sion Circle, Mumbai 400022
Contact : Dr. Rakesh M Goyal, Managing Director
Phone – 99672-48000 / 99672-47000
Email – rakesh@sysman.in / �ससमैन@�ससमैन.भारत
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
For this, we have (a) Confidentiality and Non Disclosure Agreement; (b)
adherence to IT Security and other Policies and (c) clear cut scope of work,
with clear knowledge of client.
Govt. : <0>
PSU : <1>
Private : <450+>
Total Nos. of Information Security Audits done : 451+
CISSPs : <3>
BS7799 / ISO27001 Las : <30+>
CISAs : <3>
DISAs / ISAs : <1>
Any other information security qualification(OSCP) : < 2>
Total Nos. of Technical Personnel : <90+>
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
S. Name of Duration with Experience Qualifications related to Information security
No. Employee <organization> in
Information
Security
1 Renju October 2006 13 Years 2 CISA, CISSP, GCFA, PCI QSA, PA QSA
Varghese months
Jolly
2 Lohith January 2015 5 Years NM.B.A IT, MSc ISS and Trained in: CEH,
Narayana ECSA, Sans IDS, Sans CF, Sans IHHT, BSI
27001
3 Yogesh 2014 5 years 1 Master of Technology
Patel month (M.Tech.)Info
rmation
Security &
Management,
Bachelor of Engineering
(B.E.)Computer
Technology
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
*Information as provided by <SISA Information Security Pvt Ltd> on <Dec 30, 2019>
Back
Annexure 1
Tools :
** Please note that list of tools mentioned below are the major tools used for testing. Additional tools
can be used as per requirement of testing.
Sysinternal Tools
Open Source
(eg.ProcMon)
• Nessus
• Nmap
• AngryIPscannner
Network Scan • Kalilinux
• Metasploit
• Burpsuite
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Torrid Networks Pvt. Ltd. , C-171, 2nd Floor, Sector 63, Noida, NCR
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Metasploit, Burp Suite SQLMAP, Dnsenum, Knockpy, whatweb, Nikto, Subbrute, Recon-ng,
Owasp zap, Fiddler, Tamper data, Live http header, Appscan, Accunetix, Wapplyzer, Dirbuster,
wfuzz, Weevely, Nmap, Nessus, Hydra, fping, Wireshark, Tcpdump, testssl, sslscan, rpcclient,
Ethercap, enum4linux, snmpwalk, netcat, Nipper-ng, Microsoft Baseline Security Analyzer,
Intrust, Intrufi
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 12
PSU : 6
Private : 22
Total Nos. of Information Security Audits done : 41
CISSPs : 3
BS7799 / ISO27001 LAs : 2
CISAs : 5
DISAs / ISAs : 0
Any other information security qualification : 11
Total Nos. of Technical Personnel : 12
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Website/Web Application –
Scope Details:
Name of Application - MACRO FISCAL PROJECTION
Total Number of Pages - 600
Number of Dynamic Pages – 480
Number of Static Pages – 120
Number of login modules - 1
Number of Input Forms – 650
Number of roles – Normal user- 3, Power User- 2, Admin user - 1
Number of Input Fields - 2500
Number of API's used – Email Gateway
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No
BacK
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 20+
PSU : 25+
Private : 200+
Total Nos. of Information Security Audits done : 250+
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 76
BS7799 / ISO27001 LAs : 131
CISAs : 75
DISAs / ISAs : NA
Any other information security qualification : 150
Total Nos. of Technical Personnel : 500+
out of 7500 Cyber Security Professionals
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value
1 DIAL Delhi
2 NPCI Hyderabad
3 SBI Mumbai
4 NIC Delhi
12. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required) Refer Annexure – A
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value. : 16 major projects handled which include government
network infrastructure audits and various websites".
Back
Annexure – A
7. List of technical manpower deployed for information security audits in Government and
Critical sector organizations
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 2+
PSU : 1+
Private : 7+
Total Nos. of Information Security Audits done : 20+
CISSPs : 2
BS7799 / ISO27001 Las : 1
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : 2
Total Nos. of Technical Personnel : 7+
7. Updated details of technical manpower deployed for information security audits in Government
and Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Vulnerability Management for the Largest KPO firm in the world, scope included VA, PT of
over 500 servers, 5000 desktops and over 200 network devices, 10+ web application.
Location encompassed US, Australia, India and UK
• Managing complete IS and compliance service for one of the first and largest NBFC in
india, work included PCI audit, CMMI, ISO 27001, Vulnerability assessment, web app
security, network and wifi security, log management, SIEM and DLP implementation
• Nmap , Superscan
• Backtrack kali linux Live CD,
• Encase, FTK, Pro discover etc.
• Custom Scripts and tools.
• Metasploit Framework, Netcat , BeEf
• Wireshark – Packet Analyser
• Cisco Netwitness.
• Tenable Nessus
• Rapid7 Nexpose community edition
• Burpsuite
• SQL Map
• Tamper Data
• Directory Buster
• Nikto
• Ettercap
• Paros Proxy
• Webscarab
• Brutus
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 1
PSU : 2
Private : 29
Total Nos. of Information Security Audits done : 32
CISSPs : 1
BS7799 / ISO27001 LA : 18
CISAs : 6
DISAs / ISAs : 8
CEH : 5
CCNA : 2
Total Nos. of Technical Personnel : 31
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Clients Details
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
(RSM Astute Consulting Private Limited is a member firm of RSM International located in 50
Cannon Street, London, EC4N 6JJ – United Kingdom)
*Information as provided by RSM Astute Consulting Pvt. Ltd on 23th December 2019
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 63
PSU : 0
Private : 116
Total Nos. of Information Security Audits done : 179
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 6
CISAs : 9
DISAs / ISAs : 4
Any other information security qualification : 6
Total Nos. of Technical Personnel :
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Proprietary
• NsVulnAssessor
• Ora DBSecAssessor
• MSSQL DBSecAssessor
• Router Config security assessor scripts
Commercial
• Tenable Nessus Professional Edition
• Titania Nipper Network Device Configuration Review Tool
• Acunetix Web Application Vulnerability Assessment Tool
• Codified Security Mobile Security Assessment Tool
*Information as provided by Qadit Systems & Solutions Pvt Ltd on 23rd December 2019
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
6. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)
Duration Experience in
S. Name of Qualifications related to
with Information
No. Employee Information security
<Varutra> Security
Masters in Computer
Mr. Kishor 2 years 8 Science, Certified Ethical
1 10+ years
Sonawane months Hacker, ISO 27001 – Lead
Auditor
Bachelor in Computer
Science, CEH, CHFI,CCSA,
2 Mr. Omkar Joshi 2 months 2 years
CISP and ISO 27001 Lead
Auditor
Mr. Jeevan 1 year 10 BE (Computer Science),
3 2 years
Dahake month CSLLP- Appeared
BE (Computer
1 year 10
4 Mr. Snehal Raut 1 year 10 months Science),Certified Ethical
month
Hacker
BE (Computer
1 year 6
5 Mr. Sachin Wagh 2 years Science),Certified Ethical
months
Hacker
BE (Computer
Mr. Chetan
6 2 years 2 years Science),Certified Ethical
Gulhane
Hacker
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Network and Applications (Mobile + Web) Security Assessment consisting of more than 1,200
IP addresses for network level vulnerability assessment and penetration testing, 20 web and
mobile applications for MCIT (Ministry of Communications and Information Technology,
Kingdom of Saudi Arabia).
Complexity: High. This was the complex project as the assessment included security testing
and hacking of various types and platforms of servers such as Windows, Linux, Unix, MSSQL
Databases, MySQL Databases, Oracle Databases, DB2 Databases, VOIP, Network Sniffing,
Wireless Network Pentest, VLAN Hopping and Hacking , Application Security Testing for Web
Applications and Mobile Application of Android, iOS and Windows platforms, Web Services ,
Social Engineering etc.
At present conducting source code review, threat modeling, SDLC review for 10 web and
mobile applications for the same client.
Freeware Tools
Vulnerability Assessment & Penetration Testing – Nessus, Nmap, OpenVAS, MBSA,
Nipper, KaliLinux, BackTrack, AirCrack, Helix (Forensics) etc.
Proprietary Tools
MVD - Mobile Vulnerability Database, provides mobile operating system level
vulnerabilities for Android, iOS, Blackberry and Windows platforms.
MASTS - Mobile Application Security Testing Suite: Security Testing Suite for android
mobile applications.
11. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (If yes,
kindly provide oversight arrangement (MoU, contract etc.))
Yes, NDA (Non Disclosure Agreement getting signed between the two parties before
outsourcing any project to external experts.
12. Whether organization has any Foreign Tie-Ups? If yes, give details : No
rd
*Information as provided by Varutra Consulting Private Limited on on 3 Nov 2015
BacK
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
6. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)
Duration Experience in
S. Name of Qualifications related to
with Information
No. Employee Information security
<Varutra> Security
Masters in Computer
Mr. Kishor 2 years 8 Science, Certified Ethical
1 10+ years
Sonawane months Hacker, ISO 27001 – Lead
Auditor
Bachelor in Computer
Science, CEH, CHFI,CCSA,
2 Mr. Omkar Joshi 2 months 2 years
CISP and ISO 27001 Lead
Auditor
Mr. Jeevan 1 year 10 BE (Computer Science),
3 2 years
Dahake month CSLLP- Appeared
BE (Computer
1 year 10
4 Mr. Snehal Raut 1 year 10 months Science),Certified Ethical
month
Hacker
BE (Computer
1 year 6
5 Mr. Sachin Wagh 2 years Science),Certified Ethical
months
Hacker
BE (Computer
Mr. Chetan
6 2 years 2 years Science),Certified Ethical
Gulhane
Hacker
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Network and Applications (Mobile + Web) Security Assessment consisting of more than 1,200
IP addresses for network level vulnerability assessment and penetration testing, 20 web and
mobile applications for MCIT (Ministry of Communications and Information Technology,
Kingdom of Saudi Arabia).
Complexity: High. This was the complex project as the assessment included security testing
and hacking of various types and platforms of servers such as Windows, Linux, Unix, MSSQL
Databases, MySQL Databases, Oracle Databases, DB2 Databases, VOIP, Network Sniffing,
Wireless Network Pentest, VLAN Hopping and Hacking , Application Security Testing for Web
Applications and Mobile Application of Android, iOS and Windows platforms, Web Services ,
Social Engineering etc.
At present conducting source code review, threat modeling, SDLC review for 10 web and
mobile applications for the same client.
Freeware Tools
Vulnerability Assessment & Penetration Testing – Nessus, Nmap, OpenVAS, MBSA,
Nipper, KaliLinux, BackTrack, AirCrack, Helix (Forensics) etc.
Proprietary Tools
MVD - Mobile Vulnerability Database, provides mobile operating system level
vulnerabilities for Android, iOS, Blackberry and Windows platforms.
MASTS - Mobile Application Security Testing Suite: Security Testing Suite for android
mobile applications.
11. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (If yes,
kindly provide oversight arrangement (MoU, contract etc.))
Yes, NDA (Non Disclosure Agreement getting signed between the two parties before
outsourcing any project to external experts.
12. Whether organization has any Foreign Tie-Ups? If yes, give details : No
rd
*Information as provided by Varutra Consulting Private Limited on on 3 Nov 2015
BacK
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Registered Office:
Corporate Office:
Govt. : 26
PSU : 1
Private : 21
Total Nos. of Information Security Audits done : 292
CISSPs : 1
BS7799 / ISO27001 Las : 4
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification : 20
Total Nos. of Technical Personnel : 30
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Commercial Tools
Acunetix
Nessus
Nexpose
Burp Suite Pro
Qulays
Proprietary
Freeware Tools:
Nmap
Netcat
Snmp Walk
Metasploit
Kali Linux
Paros
Burp Suite
Brutus
Nikto
Firewalk
Dsniff
SQL Map
John the ripper
Paros
Wikto
Ethereal
Netcat
Openvas
W3af
OWASP Mantra
Wireshark
Ettercap
Aircrack – Ng
Cain & Abel
Ironwasp
OWASP Xenotix
Fiddler
Tamperdata
Social Engineering Toolkit
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Yes, we have partners for providing information security services in the respective
countries.
II. Partner with RiskSense Inc. to provide Information Security Services in USA
RiskSense Inc
4200 Osuna Road NE, Suite 3-300
Albuquerque, NM 87109, USA
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Web applications Security audit for more than 100 sites of A government organisation with
different databases and web development technologies amounting to approximately 30 Lakhs.
1. Burp Suite
2. NMAP
3. Hping3
4. John The Ripper
5. NetCat
6. PW DUMP
7. Wireshark
8. OWASP ZAP
9. KALI Linux
10. Rapid7
11. Acunetix
12. TCP Dump
13. Nexpose – Commercial tool
14. Brutus
15. Metasploit - Commercial
16. Mozilla Tools for web app audits
17. Fiddler
18. Dir buster
19. Nipper
20. Nikto
21. W3AF
22. Android tamer
23. Immuniweb Mobile scanner
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 10+
PSU : 10+
Private : 300+
Total Nos. of Information Security Audits done : 404+
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : -
BS7799 / ISO27001 LAs : 1
CISAs : -
DISAs / ISAs : -
Any other information security qualification : 8
Total Nos. of Technical Personnel : 14
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Qualifications
related to
Duration with Experience in
S. No. Name of Employee Information
<organization> Information Security
security
5 2 Years
SiddarthGowrishankar Dec-17 CEH and CND
6 Ishan Patil Jul-18 1.6 Years ECPPT
7 1.6 Years
Madhusudhan Kumar Sep-18 CEH
8 Deepak Kandpal Oct-18 1.3 Years CISEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value: 200+ Audits, Combination of Network Security,
Application Security, Mobile Application Security, Risk Assessments, Pan-India + 5
Global Locations, 1 Crore+
9. List of Information Security Audit Tools used ( commercial/ freeware/proprietary):
Information Gathering
- Bile-Suite
- Cisco torch
- SpiderFoot
- W3af
- Maltego
- SEAT
- In-House sdFinder
Port Scanning
- Nmap
- In-House networkMapper
- Amap
- Foundstone
- hPing
- ... and 30 other tools
Social Engineering
- Social-Engineering Toolkit (SET)
- Firecat
- People Search
Privilege Escalation
- Cain & Abel
- OphCrack
- Fgdup
- Nipper
- Medusa
- Lynix
- Hydra
- … and 40 others
Commercial Tools
- Nessus Commercial -
Burp Suite
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 1
Private : 25+
Total Nos. of Information Security Audits done : 25+
SANS GWAPT : 1
OPSE : 1
OSCE : 1
CEH : 10
ECSA : 1
Any other information security qualification:<number of>
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Web Application and Network security audit one for the USA based Analytics Product Company
to help them achieved PCI certification for their product and clod based Infrastructure.
1. Volume: 50+ URLS, 1500+ Internal IPs, 500+ external IPS
2. Complexity: High
3. Project Value USD 117000
Information Gathering
1. Dnsenum
2. Fierce domain scan
3. Dig
4. Whois
5. Wget
6. Google Advanced search
Mapping
1. Nmap
2. Scapy
3. Ike-scan
4. Superscan
5. Dirbuster
6. Openssl
7. THC SSLCheck
8. Sslscan
9. Netcat
10. Traceroute
11. Snmpcheck
12. Smtpscan
13. Smbclient
14. Wireshark
15. Web Browser
Vulnerability Assessment
1. Nessus Professional
2. Openvas
3. Skipfish
4. Ratproxy
5. IronWASP
6. Grendel scan
7. Web securify
8. Burp suite professional
9. Paros Proxy
10. SOAPUI
Exploitation
1. Custom python script
2. W3af
3. Metasploit
4. Sqlmap
5. Sqlninja
6. BeEF Framework
7. Hydra
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 35
Total Nos. of Information Security Audits done : 35
CISSPs : -
BS7799 / ISO27001 LAs : 3
CISAs : 4
CEH : 7
CEH, ECSA : 3
OSCP : 3
OSWP : 1
DISAs / ISAs : 1
Any other information security qualification:
CCSE, CCI, ACE, ITIL, RHCE, CCNP, CCNA,
Total Nos. of Technical Personnel : 13
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) Along with project value.
Type of Audit: Security Audit of Web& Mobile Applications, APIs and AWS hosted IT
Infrastructure
Scope of Work: The scope of our audit included review of following areas –
• Conduct Vulnerability Assessment and Penetration Testing on Web
Application
• Conduct Vulnerability Assessment and Penetration Testing on Android
Mobile Application
• Conduct Vulnerability Assessment and Penetration Testing on Network
Infrastructure.
• Tests vulnerabilities in web sites and applications to ensure that all the
false positives and inaccuracies are removed.
• Analyze and execute advanced testing techniques against all verified
vulnerabilities in order to penetrate through the web-based application.
• Perform re-testing after receiving confirmation from the developers on
fixing of issues
• Finalization of report and submission of the same to the client
management
IT Environment: 5 Web Applications, 3 Mobile Apps, 150+ APIs, 100+ virtual hosts in AWS
Commercial
• Kali Linux
• Metasploit
• Sqlmap
For this purpose, we use Confidentiality and Non-Disclosure Agreements before engaging the
consultants for assignments with defined scope of work and with clear knowledge of the client.
Also the consultants need to adhere to IT Security and other Policies of Suma Soft and also of
the client during the course of the engagement.
12. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Suma Soft has partnered with some niche cyber security companies from the USA and Israel
to become their channel partner India.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
AGC Network,
2nd Floor, Equinox Business Park,
Tower 1, (Peninsula Techno Park)
Off Bandra Kurla Complex, LBS Marg
Kurla (West) Mumbai – 400070.
Govt. : 4
PSU : NA
Private : 15
Total Nos. of Information Security Audits done : 8
5. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)
CISSPs : NA
BS7799 / ISO27001 LAs : 3
CISAs : 3
DISAs / ISAs : NA
Any other information security qualification : CEH(8),ECIH(3),CHFI(1),CISM(2)
Total Nos. of Technical Personnel : 14
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
A. AUSTRALIA:-
a. MELBOURNE (Suite 2, Level 3 West Tower,608 St Kilda Rd,Melbourne, Victoria, 3004)
b.SYDNEY (Level 8, Avaya House, 123 Epping Rd, NorthRyde, NSW, 2113)
B. PHILIPPINES: - (AGC Networks Philippines, Inc., AnEssar Enterprise 4th Floor, Jaka Building,
6780 Ayala Avenue, Makati City – 1226)
C. SAUDI ARABIA: - (Building no.113, Al Narjes Complex, Abu Bakr Road, Riyadh, KSA)
D. KENYA: - The Oval, 2nd Floor, Westlands | Nairobi | Kenya
E. NEW ZEALAND: -Floor 17, 120 Albert Street, Auckland Central, Auckland 1010, New Zealand
F. UAE:-
a. DUBAI (Emaar Business Park, Building No. 4, Office # 508, PO Box 58569, Sheikh Zayed
Road, Dubai, United Arab Emirates)
b. ABU DHABI (AGC Networks L.L.C. Al Nayadi Building 115, Office No. 701 Sheikh Rashid
Bin Saeed Street (Airport Road) Abu Dhabi, United Arab Emirates)
G.USA:-
a. DALLAS (222 W Las Colinas Blvd, Suite 200 North Tower, Irving, Texas, 75039, Texas,
USA)
b. FLORIDA (7970 Bayberry Rd, Suite 5, Jacksonville, Florida 32256)
c. MINNESOTA (10050 Crosstown Circle, Suite 600 Eden Prairie, MN 55344)
d. MINNESOTA (9155 Cottonwood Lane N Maple Grove, MN 55369)
H. SINGAPORE: - (AGC Networks Pte Limited 50 Raffles Place, # 32-01 Singapore Land Tower
Singapore 048623)
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : <15>
PSU : <2>
Private : <19>
Total Nos. of Information Security Audits done : 36
6. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
8. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
Along with project value.
Locations covered: Mumbai (2 locations), Pune (2 locations), Chennai (2 locations) and Gurgaon (1
location)
Scope: ISMS Compliance Audits on daily basis for a year, Handling U.S. Clients audits at locations,
imparting training sessions to employees in reference to Information Security at regular Intervals,
Doing Risk Assessment at annual basis, Transition done from ISO 27001:2005 to ISO 27001:2013, DR
and BCP drills for each account.
Commercial:
• Burp Suite Pro
Freeware:
• Nmap
• Nikto
• Metasploit
• OpenVas
• Wireshark
• Crowbar
• Nessus
• Webscarab
• Paros
• Wapiti
• Nemesis
• NetCat
• Brutus
• GrendeIscan
• Havij
• Hydra
• Httprint
• Hydra
• W3af
12. Whether organization has any Foreign Tie-Ups? If yes, give details : No
13. Whether organization is a subsidiary of any foreign based organization? : No
If yes, give details
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
M/s KPMG
KPMG
DLF Building No. 10, 4th Floor, Tower B DLF Cyber City,
Phase 2 Gurgaon 122002
Govt. : 3 -4
PSU : 15 – 20
Private : 20 -30
Total Nos. of Information Security Audits done : 100
CISSPs : 6+
BS7799 / ISO27001 Las : 25+
CISAs : 15+
CEH : 60+
CCSK/ OSCP : 12+
CCNA/ CCNP/ CCIE : 15+
CHFI/SANS GIAC / GCFE : 5+
Total Nos. of Technical Personnel : 350+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Qualifications related to
No. KPMG
Information Security Information security
1 Sony Anthony 17yrs 23yrs ISO 27001, ISO 22301,
ISO 20000
2 Manish Tembhurkar 5yrs 16yrs CEH, CCNA, CISA, ISO
22301
3 Urmimala Dasgupta 8yrs 12yrs CEH, ISMS-
27001:2013, ITIL,
QualysGuard
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Commercial
• Acunetix,
• Burp,
• Nessus
• AppScan
• WebInspect
Proprietary
• KRaptor,
• KPMG Digital Signals Insights Platform,
• KPMG SABA,
• K-Risk-Intel Tool
• KPMG Vulnerability Management Platform
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 20
PSU : 10
Private : 69
Total Nos. of Information Security Audits done : 99
CISSPs : 0
BS7799 / ISO27001 LAs : 17
CISAs : 3
DISAs / ISAs : 0
Any other information security qualification (CISM, CEH, CND) : 15
Total Nos. of Technical Personnel : 32
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Information
Total
Security
experience
related
Working with in
qualifications
Technical Place of the organisation information
S. No. (CISSP/ISMS
Personnel’s Name Posting since (month & security
LA / CISM/
year) related
CISA/ ISA
activities
etc., state as
(years)
applicable)
ISO 27001
LA, ISO
27001 LI, ISO
1 Shailesh Srivastava Mumbai 05-2008 22301 LA, 16.7
CISM
ISO 27001
LA:2013; ISO
22301 LA;
28 Prathik Shanbhag Mumbai 01-2019 CEH; CISA 5.9
29 Vaibhav Chavan Mumbai 03-2019 CEH 7.5
30 Dipali Bhanushali Mumbai 03-2019 ISO 27001 LA 6.5
31 Tushar Rasam Mumbai 04-2019 CEH 2.10
32 Shweta Walhekar Mumbai 06-2019 CEH 3.8
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Union Bank of India - Consulting For ISO 27001 and ISO 22301
• Crisil - Consulting for ISO 27001, IS Audit, VA PT( Network and application)
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt : 6
PSU : 0
Private : 2110
Total Nos. of Information Security Audits done : Around 2000
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:OSCP, CEH, Internal Certifications
Total Nos. of Technical Personnel : 60
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
One of the Red Teaming, Complex business Onsite and INR 2.5MN
Insurance consulting, mobile applications and remote
companies in and web red teaming locations in
India application assignments Bangalore
assessments
One of the Web Applications, High complex Onsite at client INR 6.5MN
Software Architecture risk business location in
products analysis and applications Bangalore
company based Advanced Pen
in Bangalore testing
One of the Network Testing Internal and Remote location INR 1.5MN
Global IT external in Bangalore
Services and
Support
company
focused on
Financial
Services market
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
CISSPs : 5
BS7799 / ISO27001 LAs : 25 LAs
CISAs : 10
CISMs : 5
DISAs / ISAs : <number of>
Star Certified (Cloud Security) : 10+
OSCP : 2
Any other information security qualification:5 CEH, 10 ISO 22301 LAs, OEM
Certifications (Skybox, Qualys, RSA, Checkpoint, CISCO, Juniper Certified)
Total Nos. of Technical Personnel : 35+ resources
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 5
PSU : 3
Private : 300+
Total Nos. of Information Security Audits done : 45+
CISSPs : 0
BS7799 / ISO27001 LAs : 1
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : OSCP, LCEH, MCP
Total Nos. of Technical Personnel : 40+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
● Burp Suite
● OWASP Zap
● Skipfish
● CheckMarx
● Arachini
● MS CAT
● Xenotix
● FxCop ● Nmap
● BeeF
● OWASP SWAAT ● Nessus
● Tilde Scanner
● RIPS ● OpenVAS
● Nikto
● LAPSE+ ● Metasploit
● SQL Map
● Visual Studio and
● W3af
other IDE
● Dirb
● Nessus (for Web App
Scanning)
Govt. : 50+
PSU : 5+
Private : 2
Total Nos. of Information Security Audits done : 50+
CISSPs : 0
BS7799 / ISO27001 Las : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 2
Total Nos. of Technical Personnel : 3
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Nmap Freeware
Nikto Freeware
Sqlmap Freeware
W3af Freeware
HTTrack Freeware
Nessus Commercial
Metasploit Freeware
Nexpose Freeware
Brutus Freeware
MBSA Freeware
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
VISTA InfoSec,
001, North Wing, 2nd Floor, Neoshine House,
Opp. Monginis Factory, Link Road, Andheri (West),
Mumbai, Maharashtra, India.
Govt. : 30+
PSU : 45+
Private : 140+
Total Nos. of Information Security Audits done : 220+
CISSPs : 4
BS7799 / ISO27001 LAs : 8
CISAs : 3
DISAs / ISAs : 1
Any other information security qualification:PCI QSA, CRISC, CEH, OSCP
Total Nos. of Technical Personnel : 61
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience
Duration with
in Qualifications related
Sr.No. Name of Employee VISTA
Information to Information security
InfoSec
Security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Parkar Consulting End to End Regulatory A prominent data Pune, India &
compliance analytics company USA
o Rapid7 NeXpose
o IBM Rational AppScan
o NESSUS
o GFI Languard.
o Acunetix WVS.
o QualysGuard.
o BurpSuite.
o MetaPacktPublishingoit.
o Nikto.
o Wikto.
o BackTrack Security Distro.
o Paros Proxy.
o Nmap.
o Exploits DB from “astalavista”, “packetstormsecurity”, “exploitdb” etc.
o Google Hack DataBase.
o Inhouse customized Scripts.
o Zero Day Scripts / Exploits.
o Other Tools (As when required by the type of work).
10. Outsourcing of Project to External Information Security Auditors / Experts: No (If yes,
kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 1
PSU : 1
Private : 11
Total Nos. of Information Security Audits done : 13
CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 4
(CEH)
Total Nos. of Technical Personnel : 5
(2 associates holding dual certifications)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
A Sify technology is headquartered in Chennai with sales offices Pan India, USA, UK,
Dubai and Singapore.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 40
PSU : 02
Private : 12
Total Nos. of Information Security Audits done :
CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : NIL
DISAs / ISAs : NIL
Any other information security qualification : 12
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Nmap
Superscan
Metasploit & Securityforest - Penetration Testing
Process explorer, Sigcheck, Kproccheck - Windows Kernel & malware
detection
Netstumbler & Kismet – WLAN Auditing
Nikto - Web server vulnerability scanner
SQLMap – SQL Injections
Wireshark – Protocol Analyzer
BackTrack tools
Burp Proxy
Nessus
• Govt. : 680
• PSU : 571
• Private : 62
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
• CISSPs : 03
• BS7799 / ISO27001 LAs : 26
• CISAs : 16
• DISAs / ISAs : 01
• Any other information security qualification :
• CEH / CHFI : 38
• BCMS/Las : 05
• CISM : 05
• CRISC : 03
• OSCP : 01
• OSCE : 01
• OSWP : 01
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• CBS Data Migration Audits of RBI across the Country from August 2011 to
2013.
• Vulnerability Assessment & Penetration Testing for RBI Network & Web
application. Value of order Rs. 68.70 Lacs + Rs. 1.20 Lacs.
• Reserve Bank of India, RTGS Application Data Migration Audit during 2015-
2016. Value of order Rs. 13.20 Lacs
7. ONGC, Govt. of India – Paperless Office Implementation – Third Party Auditor (TPA)
for L&T Infotech Ltd., for 2017-2018.
8. Odisha Power Transmission Corporation Limited (OPTCL), Govt. of Odisha,
Bhubaneswar.
IT Security Auditor including ISO 27001:2013 Implementation for
OPTCL/GRIDCO/SLDC Audit for 2017 – 2023. Value of Order Rs. 27.43 Lacs Approx.
11. Ministry of Finance & Economic Affairs, Government of The Gambia 2015 - 16
• ICT Audit covering Data Centre, Disaster Recovery Site, Audit of Epicore Core
Application, IS Audit of Nine Applications, Vulnerability Assessment and Penetration
Testing of the entire network covering all IT Assets. GapList of Information Security
Audit Tools used ( commercial/ freeware/proprietary): Assessment against COBIT
Version 5.0, Gap Assessment against ISO 27001:2013 Standard, detailed Risk
Assessments, Future Capacity Plan, Way Forward Initiatives for IT etc. Value of the
order Rs. 48 Lacs.
17. Wipro - Data Migration Audit of 803 Branches of RRBS of UCO Bank across India.
Value of order Rs. 32.12 Lacs.
1. Nessus Pro
2. FTK
3. N Case
4. Burp Suite Professional
1. Kali Linux
2. Nmap
3. Wireshark
4. OWASP ZAP
5. Paros
6. Web Scarab
7. coSARA
8. Network Stumbler
9.Aircrack suite
10. Nikto
11. Cain and Abel
12. MBSA
13. L0phtcrack: Password Cracker ver. 6.0
14. BackTrack
15. OpenVas
16. W3af
17. Directory Buster
18. SQL Map
19. SSL Strip
20. Tamper Data
21. FOCA
Back
Annexure
Details of technical manpower deployed for information security audits in Government and
Critical sector organizations
S. Name of the Working with Total experience Information Security related qualifications
No. Employee the orgization in information (CISSP/ISMS LA / CISM/ CISA/ ISA etc., state
since (month security related as applicable)
& year) activities (years
)
1. ISO 27001 ISMS L. A & ISO 22301 BCMS L. A,
Mr. Dinesh S. ISO 20001 ITSM L.A, CISA, CEH, CHFI, CISM,
Shastri 23 Years CSQA, COBIT Ver. 5.0 Certified, FCMA, FCS.
March, 2004
2. Mr. Subhash Rao P June, 2017 19 Years BE, MBA, Chief Software Architect, CEI, CEH,
CHFI, ISO 27001 LA
Mr. Ravi Saxena February, 16 Years CISA, CISSP, PMP, CISM, ISO 27001 LA
3. 2019
4. Mr. Narendra Rao T. February, 08 Years M.Tech, CEH, CHFI
J. 2015
5. Mr. M. L. August, 2015 16 Years CISA, CISM, CRISC, CGEIT, ISO 22301 BCMS
Venkataraman L. A
6. Mrs. Aparna Patil July, 2017 10 Years BE, CISA, CEH, CHFI, CCNA, CCNP, CCDP,
Cisco ASA, ITIL, Green Belt, ISO
27001:20103 LA.
7. Mr. March, 2005 13 Years CISA, FCA ISO 27001 Lead Auditor, Oracle
Chandrasekharaiah Data Base trained SAP Consultant.
T. G.
8. Mr. Natesh Rao B February, 12 Years DISA, ACA.
2009
9. Mr. Vishwas B. April, 2014 19 Years CISA, CEH, ISO 27001 L. A, ISO 22301 BCMS
Utekar L. A.
10. Mr. L. R. Kumar September, 16 Years CISA, MCA, CEH, CQA, PMP, ISO27001 LA.
2015
11. Mr. Suresh August, 2016 21 Years DCS, CISA.
Sundaram
12. Mr. Soundarajan S. December, 18 Years CISA, CISSP.
G. 2015
13. Mr. K. S. August, 2017 18 Years CISA, ISO 27001 LA.
Bhandarkar
14. Mr. Manjunath Babu April, 2016 18 Years CISA, ISO 27001 LA.
15. Mr. Jaiprakash J. L. April, 2014 18 Years ISO 27001 LA, CQA, PMP, 6 Sigma Green Belt,
ISO 22301 BCMS L. A.
16. Mr. Anil Thomas December, 08 Years CISA, CEH, ISO 27001:2013 ISMS LA, ITIL V3,
2015 SSAE, HIPAA, COSO, COBIT 5, NIST SP 800-
53.
17. Mr. Jayaprakasha September, 08 Years MBA, CEH, ISO 27001 LA, ITIL V3.
Gopal Reddy 2019
18. Mr. V. Gourishankar December, 22 Years BSC, MSC, CISA.
2017
19. Mr. Rajgopal November, 18 Years CISA, ISO 27001 LA, ISO 9001 LA, ISO 22301
Tholpadi S. 2013 BCMS L. A, 6 Sigma Green Belt, PMP.
20. Mr. H. P. March, 2004 18 Years ISO 27001 Lead Auditor.
Ramakrishna
21. Mrs. Padmashree S. August, 2014 16 Years CISA, CCNA.
22. Mr. Subramanya November, 11 Years CHFI, CAIIB, ISO 27001 Lead Auditor.
Tantri 2018
23. Mr. Patrick Oswald December, 16 Years PGDCA, CISA, CIA.
Pinto 2016
24. Mr. Sridhar December, 17 Years BE, CISA, CISSP, ITIL Expert, ISO 27001 LA.
Pulivarthy 2016
25. Mr. Pranab Jyoti August, 2017 7 Years MSc(CS), CEH, CHFI, CCSP, ECSA, CCNA,
Roy OSCP, OSCE, OSWP.
26. Mr. Dhanraj December, 05 Years MCA, CEH, ISO 27001 LA
Khandar 2018
27. Mr. Sagar Vilas July, 2019 05 Year B.Tech, CEH, ISO 27001 LA
Gedam
28. Mr. T. Ranjith February, 05 Years M. Tech, CEH
Kumar 2016
29. Mrs. Chitra November, 14 Years MA, PGDB – HR, ISO 27001 LA, ISO 9001 LA,
Srinivasan 2017 ISO 14001 LA.
30. Mr. Mohammed June, 2018 02 Years BE, CEH, ISO 27001 LA
Sohail Zende
31. Mr. Tousif N. Khazi Oct, 2018 03 Years BE, CEH, ISO 27001LA.
37. Mr. Saleem March, 2019 08 Years BE, CEH, ISO 27001 L.A.
Choudary
38. Mr. Javeed Sarkazi March, 2019 08 Years BE, CEH, ISO 27001 L.A.
50. Mr. Saurabhkumar June, 2019 01 Year B. Tech, CEH, ISO 27001 LA
Maurya
51. Mr. Tousif Sayyed June, 2019 06 Years BE, CEH, ISO 27001 LA
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 39
PSU : 11
Private : 55
Total Nos. of Information Security Audits done : 105
CISSPs : 1
BS7799 / ISO27001 Las : 8
CISAs : 2
DISAs / ISAs : NA
Any other information security qualification :
CEH : 2
CISM : 1
Total Nos. of Technical Personnel : 13
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
TALISMA Corporation Private Limited Rs 6,10000 (Rupees Six Lakhs Ten Thousand)
Commercial Tools
Nessus Pro A free, powerful, up-to-date and easy to use remote security
scanner.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 457
PSU : 561
Private : 531
Total Nos. of Information Security Audits done : 1549
CISSPs : 01
BS7799 / ISO27001 LAs : 26
CISAs : 06
Any other information security qualification:
CEH : 52
SANS: CCNA : 10
CCNP : 02
SCSA : 01
ECSA : 07
Total Nos. of Technical Personnel : 101
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience
S. Name of Duration with in Qualifications related to
No. Employee SecurEyes Information Information security
Security
1.
KK 13 Y 3 M 18.50 CISA, CEH, ISO 27001, GCIH,
2.
SKP 13y 3M 17.50 CISA , CEH, SANS, ISO 27001
3.
UP 10Y7M 15.00 CISA, ISO 27001
6.
IMHB 11M 12.00 ISO 27001
7.
SND 11Y 3 M 11.00 ISO 27001, CISA, SANS
10.
SS 4M 6.10 CCNA
Experience
S. Name of Duration with in Qualifications related to
No. Employee SecurEyes Information Information security
Security
11.
PKV 2Y3M 6.00 CEH V.10,CISC,CPH,CPFA
12.
KPT 3Y 8M 5.70 CEH,CISA, CAST 613-EC Council
13.
SKK 5M 5.00 CEH V10
14.
SD 3M 4.80 CEH V10
15.
AAN 7M 4.60 CEH
16.
AS 4Y 3M 4.40 ISO 27001
17.
NM 4Y 3M 4.40 ISO 27001
18.
ARVV 1Y7M 4.10 CEH V10
19.
TM 8M 4.10 CEH
20.
SK 4M 4.00 ECSA
21.
SJ 2M 4.00 ECSA
22.
MAL 1Y7M 3.90 CEH V.10
23.
KKO 8M 3.80 CEH V.9, CCNA
24.
APS 3Y 10 M 3.10 IS027001, CEH,CCC-NIELIT
25.
VS 7M 2.80 NO CERTIFICATIONS
26.
PSK 2 Y 10 M 2.10 IS027001, CEH
27.
VS 11 M 2.10 CEH V.10
28.
AP 2 Y 10 M 2.10 IS027001, CEH, ECSA
29.
VK 1Y8M 1.90 CEH
30.
DP 9M 1.70 CEH V.10, ECSA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
The largest project handled in last year, was an end-to-end Information security and business
continuity management review for one of our large financial sectorcustomer. The details of the
project are mentioned below:
Project Scope:
1. Assessment of Information Security & Business continuity Implementation from people,
process & technology perspective
2. Conduct a detailed review on effectiveness of the business continuity processes
3. Application security assessment for 25 large applications along with infrastructure review for
such applications (including financial, & non-financial applications)
4. External/Internal vulnerability assessment
5. Social Engineering test to determine the IS awareness level among the employees.
6. Advanced Persistent Treat (APT) resilience test to determine the adequacy of the APT solution.
7. Network Penetration testing of Internal and External Internet facing infrastructure
8. Vulnerability assessment covering production infrastructure including multiple Operating
Systems, Web Servers, Databases, Mail Servers
9. Conducting user access control review for all platforms for critical production infrastructure
10. Assessment of Security Operation Centre (SOC) including review of coverage scope for SOC
monitoring, adequacy of rules defined for monitoring, implementation review of the SIEM
solution and review of policies, procedures and standards pertaining to the SOC operation.
11. Assessment of Incident Management (IM) including review of policies, procedures and
standards pertaining to the IM operation; determining the adequacy of incident detection
controls by conducting mock incidents under controlled environment; evaluating the incident
response under various scenarios; evaluating the maturity of the incident response team.
12. Assessment of the network architecture, topology, network communication with third parties
and regulators.
13. Assessment of remote connectivity including VPN access.
14. Assessment of security appliances & solutions
15. Secure configuration review of firewalls, routers, switches, operating systems and databases
being used within the Organization.
16. Assessment of the Data Center and Disaster Recovery Sites.
17. Review of the process and monitoring adequacy of the Organization to comply with all local
and global regulatory requirements.
Project Complexity:
This was a project for a financial sector client having large IT setup. The project covers a
detailed assessment of technology, processes and people components for this critical sector
organization. Large number of applications, infrastructure systems and networks were in the
scope of the security assessment. The assessment included review of third-party interfaces
which were implemented to enable business across multiple interested parties. The project
required the assessment team to perform its review against local and international best
practices, compliance requirements and regulatory standards. This was an approximately 33-
man month project with the team carrying out assessments across locations.
Locations:
Middle-East
Project Value:
Rs. ~1.75 Crores
i. Commercial Tools
1. Nessus (Commercial Professional Version)
2. Burp Suite Professional
3. Checkmarx
4. Accunetix
5. Nexpose
6. And many more licensed or subscription based commercial tools
ii. Freeware Tools
1. Google Search
2. SamSpade
3. Tcp traceroute
4. Nmap
5. Sparta
6. hping2
7. Protos
8. XProbe
9. P0f
10. Nmap-cronos
11. Httprint
12. Smtpscan
13. SinFP
14. Metasploit Framework
15. Nikto
16. Cain & Cable
17. SQL Map
…. And many other open source tools
iii. Proprietary Tools
1. SecurEyes Centralized Vulnerability Management System
2. SecurEyes Advance Social Engineering Test System
3. SecurEyes Advanced Penetration Testing Toolkit
4. SeInfo_Grabber
(Tool used for application security reconnaissance)
5. SEWindowsXP_VA
(Tool for VA of windows XP)
6. SEWindows2003_VA
(Tool for VA of windows 2003)
7. SEWindows2008_VA
(Tool for VA of windows 2008)
8. SEWindows7_VA
(Tool for VA of windows 7)
9. SERedHat_VA
(Tool for VA of RedHat Linux)
10. SEAIX_VA
(Tool for VA of AIX)
11. SESolaris_VA
(Tool for VA of Solaris)
12. SEDB_VA
(Tool for VA of MS-SQL, MySQL, Oracle, PostGRE SQL)
13. SENW_VA
(Tool used for VA of network devices including switches, routers, Firewalls)
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
SecurEyes LLC
Desk No. 023, Business Centre, Abu Dhabi Airports Free Zone, PO Box: 2313,
Abu Dhabi, United Arab Emirates
SecurEyes KSA
6379, Al Ulaya, Al OlayaDist,
Riyadh, 12221-2713, KSA
SecurEyes INC
310, Alder Road, P.O.Box: 841,
Dover, DE – 19904, USA
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : Approximately 15
BS7799 / ISO27001 LAs : Approximately 25
CISAs : Approximately 70
DISAs / ISAs : Approximately 10
Any other information security qualification : Approximately 70
Total Nos. of Technical Personnel:We have approximately 140 technical personnel. The
names listed in Annexure A is illustrative list of professionals involved in critical
infrastructure support for Public Sector.
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Commercial Tools:
1. Nessus
2. Acunetix
3. Nipper
4. Burp-Suite
5. Netsparker
Freeware Tools:
a. Xprobe
b. Dnssecwalker
c. Tcpdump/tcpshow
d. Dsniff
e. Ettercap
f. Ethereal
g. Fping/ Hping
h. Queso
i. Nmap
j. SuperScan
k. Netwag
l. Firewalk
m. Q-Tip
n. SQLMap
o. Jack the Ripper
p. Crack 5.0a
q. NGS SQLCrack
r. HydraCain and Abel
s. Metasploit
The above list of tools is indicative.
10. Outsourcing of Project to External Information Security Auditors / Experts: Yes/No (If yes,
kindly indicate mode of arrangement (MoU, contract etc.))
Not Applicable
*Information as provided by Deloitte Touche Tohmatsu India Limited Liability Partnership on 27-
march-2017
Back
Annexure A:
Details of technical manpower deployed for information security audits in Government and Critical
sector organizations:
Duration Experience in
S. Qualifications related to
Name of Employee with Deloitte Information
No. Information security
(Years) Security (Years)
CEH, ISO 27001 LA_LI, ITIL
1 Achal Gangwani 5.9 13.86
Foundation, CCNA
CISM, CISSP, ISSAP, ISO 22301
2 Anand Venkatraman 5.8 16.78
LI, COBIT5
OSCP, Certified Ethical Hacker
3 Abhijeet Jayaraj 2.6 3.63
(CEH v8)
4 Ashish Arora 0.7 10.72 CISSP, ITILV3, CNAP, RHCE, CWSE
5 Ashutosh Jain 1.2 5.22 CISA, CEH
6 Chinkle Umrania 2.3 6.00 CCNA, ISMS Internal Auditor, CISA
Certified Ethical Hacker (CEH V7),
ISO/IEC 27001:2005 Lead Auditor
7 Anand Kishore Pandey 3.2 6.10 from ISC, ISO/IEC 27001:2005
Lead Implementer from BSI, BS
25999:2007 Lead Auditor from ISC
8 Divin Proothi 2.0 10.96 CISA, SAP GRC 5.2
9 Gautam Kapoor 6.7 16.70 CISA, CISSP, ISO 27001 LA_LI
ITIL v3, ISO 27001, CEH V7,
10 Kapil Dev Sharma 1.3 10.83 PRINCE2 (Foundation), PRINCE2
(Practitioner)
11 Kartikeya Raman 4.0 7.48 ITIL v3, CISA
12 Maninder Pal Singh 1.1 12.78 Lead Auditor, CISSP, CISA, CEH
CCSK, CISM, CPISI, COBIT 5
FOUNDATION, ISMS, BCMS , QMS
13 Navaneethan M 1.2 6.22 ,DSCI, CEH, ITIL Version 3, RHCE,
CCSA, CCSE, CCNA, SCSA PART-1
& SCSA PART-II, SCNA
Certified Information Systems
Auditor (CISA).
ISO 27001:2005 ISMS Lead
Implementer
EC - Council Certified Ethical
14 Pawan Kumar 4.9 10.68 Hacker (CEH v6)
ITIL v3 Foundation certified.
Cisco Certified Network Associate
(640-802)
Deploying ASA Firewall -CCNP
Security (642-617
CEH, ISO 27001 LI, BCM - 400,
15 Preetam Hazarika 2.0 11.23
ArcSight ESM
CISA, ECSA LPT, CISSP, ITIL v3,
16 Reena Ulhas Pradhan 2.1 7.02 CEH, Cyber Crime investigator
certificate
CISA, ITIL V3 Foundation, ISO
17 Rohit Rane 1.8 12.10 27001 LI, ISO 27001 LA, ISO 2000
LA, BS25999 LA, A+, N+, CCNA,
ISO 27001 LI, ISO 25999 LI, BCM
Implementation, ISO 31000
18 Santosh Kumar Jinugu 4.0 12.46
Internal Auditor, CEH, SAP
Security
CEH, Qualys Guard Vulnerability
19 Shashank Gupta 0.8 4.26 Management Certified, Nexpose
Certified Administrator, Java
Professional
ISO 9001:2000 ; BS7799 LI ; ISO
27001 LA ; CISA ; CISM ; CISSP,
PMP, CEH, BS7799 LA, Info.
Security/ BS7799 LA, Info.
Security/ BS7799 LI, BS7799 to
ISO27001 Transition Certified,
20 Vikas Garg 6.7 13.34 BCP/ DR Certified, BS 15000 RCB
Auditor Examination (itSMF
Certified), ITSM/ BS15000
Certified LA, ITSM/ BS15000
Certified LI, QMS/ ISO 9001:2000
Certified Lead Auditor, DSCI - lead
assessor for privacy
21 Vivek Patil 0.8 5.81 CEH v8, PCISI, CISO, ITIL
22 Arshdeep Singh 5.5 5.5 ISO 27001 LI, CCNA
Program in Information security
23 Mahesh Kumar Heda 5.6 8.6
management
CISM, CRISC, COBIT, ITIL
24 Praveen Sasidharan 6.3 15.3 Foundation, BCCS, ISO 27001 LI,
BS25999 LI & CSPFA, CBCP
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 5+>
PSU : 5+
Private : 200+
Total Nos. of Information Security Audits done : 200+
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
CSSP : 2+
CEH : 25+
Any other information security qualification :
10+Total Nos. of Technical Personnel
: 50+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
One of the largest BFSI: 200+ Mobile Applications, 100+ Web Applications, 200+ Network
Devices,Source Code Review, Configuration Review, and Risk Advisory.
Value of the Project was approx90Lacs.
Network VAPT:
1.) Nessus
2.) Nipper freeware
3.) Manual review
Red-Team:
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 3
PSU : 8
Private : 175
Total Nos. of Information Security Audits done : 186
CISSPs : 6
BS7799 / ISO27001 LAs : 9
CISAs : 4
DISAs / ISAs :
Any other information security qualification:CEH,GCIA, GCIH,CISM,CHFI
Total Nos. of Technical Personnel : 150+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Network security Audit for of one of the largest Airline logistics company covering data center
locations in US and UK. The total deal value is INR 1,65,00,000 for Network and Security
audit.
• Nessus
• Qualys Guard
• Burp Suite
• NMAP
• Kali Linux – Armitage
• Metasploit Framework
• SQL MAP
• FireEye Ax
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 5
PSU : 2
Private : 47
Total Nos. of Information Security Audits done : 54
CISSPs : 0
BS7799 / ISO27001 LAs : 2
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 17
Total Nos. of Technical Personnel : 31
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Web Applications, Network Audit and Software Audit including Configuration & Database Audit
for one of the clothing and retail chain in Asia-Pacific Region with scope of 50 servers, 15
switches, 1 Firewall, 1 IDS, 124 Routers, 180 Laptops, 406 Workstations, 419 POS Devices,
460 iPhone/iPad and 6 Web Applications including CMS and Intranet
Commercial:
• Burp Suite
• Acunetix
Freeware:
• Wireshak
• RIPS
• NexPose
• Nmap
• Metasploit scanner
• Sparta
• OWASP ZAP
• Cookie Manager
• W3AF
• Netstumbler
• Kismet
• Hydra
• Cain & Abel
• Tamper Data
• Net Sparker
• Nikto
• DirSearch
• Hamster
• Sqlmap
• SET
• Ettercap
• .Net Reflector
• NetStumbler
• Brutus
• BackTrack OS
• Kali Linux OS
Proprietary:
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : None
PSU : None
Private : 65
Total Nos. of Information Security Audits done : 0
CISSPs : 0
BS7799 / ISO27001 LAs : 1
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification :
( CISM : 1 and CEH : 8)
Total Nos. of Technical Personnel : 50
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Govt. : 32+
PSU : 0
Private : 22+
Total Nos. of Information Security Audits done : 54+
CISSPs : 1
BS7799 / ISO27001 Las : 6
CISAs : 1
OSCP : 1
CEH : 40
(CSA/CISC/CISE) : 17
Others : 46
Total Nos. of Technical Personnel : 112
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required).
Experience
Duration
S. in Qualifications related to
Name of Employees with
No Information Information security
Qseap
Security
1 Praveen Singh 8 11 B. Tech IT
EMBA,
2 Sunil Kapri 8 11
BE in IT
OSCP
3 Abhijit Ashok Doke 7 9 CSIC
MBA in IT
4 Mohsin Mahmood Khan 3+ 3
BE. Computer Engineer
CEH
5 Kalyani Vishwas Mali 3 4
BE. In IT
BSs. In IT
Awdhesh Chintamani
6 2+ 3 CEH
Yadav
CCNA
Varun
7 2+ 2 BSc in Computer Science
JeewansinghKarayat
ISO 27001 LA
PCIDSS Implementer
8 Ajita Haridas Gawai 2+ 6
MSc in Network Systems
Engineering
Siddhant Suresh CCNA
9 2+ 2
Ughade B.E (EXTC)
CEH
CND
NinadRajeshbhai
10 2+ 2.5 CCNA
Gandhi
B.E in Electronics and
Communications
Ethical Hacking Traning
11 Khushboo Uday Saw 2+ 2 Diploma in .Net
B.E in Computer Science
CEH
12 Darshan Sagwekar 2+ 2 CND v1
B.E (ELECTRONIC)
13 Vandana Yadav 2+ 2 BTech. In IT
CEH
CND
14 Brijesh Suresh Yadav 2+ 2+
CCNA
B.E (EXTC)
15 Priya Ratndeo Jha 2+ 2 MSc in IT
Hitesh CEPTN
16 2 2+
DinkarChandansire BE in EXTC
CEH
17 Mandar Lingayat 2 2
BE EXTC
- Certified Network
Associate Security
-Certified Associate Routing
18 Vivek Yadav 2 2
and Switching
-BE in EXTC
19 GibinReji 2 2 BE EXTC
ISO 27001 LA
Professional Software
20 Onkar Ghadge 2 2+
Testing Specialist
BE in IT
CISEH
21 Vishnu s. Chandran 2 2
BE in IT
CCNA
22 Tanveer Shaikh 2 2+ ECSA.v10
BE in EXTC
23 Sandeep Pandey 2 2+ BSc. IT
JAVA
24 Zeeshan Khan 2 2 SQL
BE in Electrical
CEH
25 Ashish Jogi 2 2.5
BCA
ISO 27001 LA
CISEH
26 Karan Sawant 2 2+
CPTE
BE in EXTC
ESCA
27 Faizan Ansari 2 2+
BE EXTC
CEH
28 Aditya Nagarkar 2 2
BE in EXTC
CISEH
29 Vaibhav koli 2 2+ CPTE
BSc. Computer Science
ISO 27001 LA
CPTE
30 Varun Thorat 2 2
CISEH
BEEXTC
CCNA
31 Shahnawaz Shaikh 2 2 CCNP
BE EXTC
CEH
32 AkshayChavare 1 1+
BE EXTC
CISEH
CPTE
33 AshleshaJadahv 1 2+
CCNA
BE Computer Engineering
CEH
34 Neha Raut 2 2
BE in IT
CEH
35 PrathmeshVaze 1 1.5
BE in IT
Aditya Deepak
36 1.9 2 BE in Electrical
Vyawahare
CDAC-PG DITISS (IT
infrastructure System and
37 Chaitali Shivaji Bande 1.9 2
Security)
BE in Electronics
38 Shital Vijay Patil 1.9 2 BE in IT
CEH
39 Rahul Subhash Ahire 1.9 2 CDAC
BE in Computers
MSc in Computer
Application-IT
40 Ramsingh Verma 1.8 3+ MS. NET
ECSA
CCNA
Sandeep Ramdas
48 1.5 1.5 CCP – Routing and S/w
Yadav
BE EXTC
MSc in I.T
49 Subodh vishe 1.5 1.5
BSC-IT
50 Mandar Joshi 1.3 1.2 B.E in Computer
CEH
51 Tusahar Singh 1.3 1.2
B.E in EXTC
CEH
52 Priyanka Malusare 1.3 1.2
BE in IT
CEH
CCNP
53 Shweta Songaonkar 1.3 1.2 Certified Network Associate
Router and S/w
BE in EXTC
CEH
54 Rubina Shaikh 1.3 1.2
BSC in IT
CEH
MSc. in IT
55 Apoorva Satish Phatak 1.3 1.2
BSc. In IT
10
74 Vinit Yashwantrao 1.5 BSc inComputer Science
Months
MCA -Master of Computer
Application,
10
75 ShyamDhuriya 3+ ProgrammingBCA -
Months
Bachelor of Computer
Application, Programming
10
76 Rashmi Bhatt 1+ MCA in computer science
Months
CISC
10
77 Zain Ahmed 1+ CPFA
Months
BE EXTC
10 BE in Computer Science &
78 Darshana pund 2
Months Engineering
10 B.E in Computer
79 Rahul Singh 1+
Months Engineering
CEH
10 Cyber Protection and
80 Prem Singhot 1.5
Months Security Course
BCA
CISSP
CISA
CISM
ISO 27001 LS
81 Jaya Bharathi Mala 7 Months 25+
CEH
CAIIB
MCA – Computer
Application
Nitesh Janardhan CEH
82 7 Months 3+
Chaturvedi BE in EXTC
83 Apurva Badave 6 Months 2 BE in IT
CEH
84 Rohan Unde 6 Months 2
BE in EXTC
85 SajanDhakate 6 Months 1.5 BE in Computers
CSA – Cyber Security
86 Ajay Kori 6 Months 3 Analyst
BE in Mechanical
Cloud Computing
87 Prachi Jadhav 6 Months 1
BE in Computers
88 Alisha Koli 6 Months 3+ BE in IT
BE in Computer Science
and Technology
89 Sanjana Mahadeshwar 6 Months 6 Months PG Diploma in IT
Infrastructure, Systems and
Security
CCNA
90 Vaibhav Mohite 6 Months 1.8
BE in Electronics
91 Ankita Desai 6 Months 2.5 BE in EXTC
BE in IT
PG Diploma in IT
92 Aakash Shukla 6 Months 3
Infrastructure, Systems and
Security.
CEH
93 Viraj Kishor Mota 5 Months 1.5
BSc. IT
CCNA
94 Bala Jagath 4 Months 2
BTech in Computer Science
ISO 27001 LA
95 Chetna Omeya Shinde 4 Months 1+ Software Testing
BE in IT
CISEH
96 Suraj Kalamkar 4 Months 1.5 CPTE
BSc in IT
Shubhangi Vijay CEH
97 4 Months 2+
Dawkhar BSc in Computer Science
Krutika Santosh CEH
98 4 Months 2
Haldankar BSc in IT
99 Sanket Yadav 4 Months 1.8 BSc in IT
MTech. In Instrumentations
Vijaya
100 4 Months 2 and control system
BashkarAithepalli
Engineering
101 Shashikumar Reddy 4 Months 1 BE in Mechanical
CISEH
102 Ankita Mohan Lavande 4 Months 2 CCNA
BE in Electronics
103 Tejaswi Sagi 4 Months 4 Months BE in Computer Science
104 Muthu Krishnan 4 Months 4 Months BE in Computer Science
BTech in Electronics and
105 SaishabareeshRegisetti 4 Months 4 Months
Communications
BTech in Electronics and
106 Thimmaiah Mangiri 4 Months 4 Months
Communications
CEH
107 Mohan Thakur 4 Months 1
BE in EXTC
BTech in Electronics and
108 TejakumarAnanthapur 4 Months 4 Months
Communication Engineering
BTech in Computer Science
109 Ravi Pennampalli 4 Months 4 Months
Engineering
CEH
110 Harsh Savla 4 Months 1.8 ECSA
BTech in Computer Science
Engineering
CISC
111 Ryan Nisar Pathan 4 Months 2+ CEH
BE in EXTC
CEH
112 UzaifKotmire 3 Months 2+ CISC
BE in EXTC
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
17 web Applications
Goa related to different
1 Web Application PT Goa
Website government
departments
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary): Burbsuit, Nessus,
Nmap,
11. Whether organization has any Foreign Tie-Ups? If yes, give details : YES
i. Versos (UAE)
ii. Paramount LLC (UAE)
For VAPT, Appsec service lines
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 31
PSU : 17
Private : 47
Total Nos. of Information Security Audits done : 95
5. Number of audits in last 12 months ,category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 6
BS 10012 : 9
BS25999 : 1
LA-QMS-ISO 9001:2015 : 1
LA-BCMS-ISO 22301:2012 : 1
LA-ITSM-ISO/IEC 20000-1:2011 : 1
CISAs : 14
DISAs / ISAs : 2
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required) : As per Annexure-1
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
IT Security Audit for one of the leading Banks in India
1. Scope inclusive of
1. Nessus(Commercial)
2. Burpsuite(Commercial)
3. Nmap
4. Nikto
5. Sqlmap
6. John the Ripper
7. Wireshark
8. Hping3
9. SNMP Walk
10. Metasploit
11. W3af
12. Netcat
13. Pdump
14. THC Hydra
15. Acunetix Free Web Application Scanner
16. Dirbuster
17. ZAP
18. PW Dump
19. OWASP Xenotix
20. SEToolikit
21. Aircrack-ng
10. Outsourcing of Project to External Information Security Auditors / Experts(If yes, kindly
indicate mode of arrangement (MoU, contract etc.) : No
11. Whether organisation has foreign Tie – Ups? If yes, given details : No
Back
Annexure-1
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 100+
PSU : 300
Private : 500+
Total Nos. of Information Security Audits done : 1000+
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 2
OSCP, 8 ECSA, 21 CEH, 1 OSWP, 3 CHFI, 2 CCNA
Total Nos. of Technical Personnel : 33
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
1. Indusind Bank - 500 Man days PO, which contain Web App, Mobile app
and API audits. Location is Mumbai
2. NSDL – 2 full time resource PO, which contain WebApp and Mobile Apps.
Location is Vadodara and Mumbai
2. AppTrana – Proprietary
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 16
Total Nos. of Information Security Audits done : 16
(Work in progress for 2 private entities)
CISSPs : 0
BS7799 / ISO27001 LAs : 3
CISAs : 5
DISAs / ISAs : 2
Any other information security qualification : 5
Total Nos. of KeyTechnical Personnel : 9
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 43
Security Audits Completed , 38 Security Audits in Progress
PSU : 0
Private : 0
Total Nos. of Information Security Audits done : 81
CISSPs : 0
BS7799 / ISO27001 LAs : 5
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:
CEH (Certified Ethical Hacker) : 3
Total Nos. of Technical Personnel : 7
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Commercial Tools:
Freeware Tools:
Kali Linux Framework
OWASP-ZAP
Nmap, Nikto, Metasploit,Vega ,Nessus
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Govt. : 7
PSU : 0
Private : 160
Total Nos. of Information Security Audits done : 167
CISSPs : 1
BS7799 / ISO27001 LAs : 22
CISAs : 17
DISAs / ISAs : 1
CISM : 1
CRISC : 1
IS22301 : 18
CEH : 8
Total Nos. of Technical Personnel : 36
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
1 Freeware • Nmap
• Snmp Walk
• Metasploit
• Cookie Editor
• Echo Mirage
• Winhex
• Kali Linux Framework
• Wireshark
• APK Analyser
• SQLMAP
• Dirbuster
• OWASPZAP
• VAMT
2 Commercial • Nessus Professional
• Burp Suite Professional
• ARSIM
• Lansweeper - License Compliance Auditing Software
3 Proprietary • Scripts for Oracle, Linux, AIX, Solaris, Windows
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 5 Approximately
PSU : 10 Approximately
Private : 20 Approximately
Total Nos. of Information Security Audits done : 40 Approximately
5. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)
CISSPs : 0
BS7799 / ISO27001 Las : 7+
CISAs : 5
DISAs / ISAs : 5+
Any other information security qualification : 10
Total Nos. of Technical Personnel : 50+
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
S. Name of Employee Duration with Experience in Qualifications
No. BDO India LLP Information related to
Security Information security
1 Ashish Gangrade 1.7 Years 15 Years PMP, ITILv3, CDCP,
CCSA,CCNA
2 Saumil G Shah 1.2 Years 15 Years CPA, CISA
3 Saloni Verma 2.7 Years* 16 Years CISA, CBCP, Certified
ISMS Professional
(STQC), Certified
Ethical Hacking (CEH),
DSCI Certified Privacy
Professional, ISO
22301 LA
4 Saurabh Mehendale 0.3 Years 8 Years LA ISO
27001:2013(BSI), LA
ISO 9001:2015(BSI),
CISA, CEH, CHFI,
MCTS
5 Abhijeet Barve 0.3 Years 6 Years LA ISO 27001:2013,
CEH
6 Sagar Saraph 0.3 Years 6 Years CEH
7 Sujaan Masani 2.4 Years 3 Years LA ISO 27001:2013
8 Salman Syed 0.3 Years 2 Years Offensive Security
Certified Professional
(OSCP), CEH, CISEH
9 Rohit Ponnapalli 1.2 Years 7 Years ISO 27001 LA
10 Haerd Joshi 0.5 Years 3 Years CEH, ACE
11 Keyur 0.5 Years 2 Years CEH
12 Vishnu Pavithran 0.3 Years 2.5 Years NASSCOM analyst
application security
13 Dhananjay Deo 0.6 Years 15 Years CISA, CEH, ISO27001
14 Ankur Gupta 0.8 Years 10 Years ACE, CEH, CHFI
15 Kalpesh Mehta 0.9 Years 9 Years ISO 27001 LA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
a) Client is the governing civic body of the capital city of a leading State in India.
Client is a leading Public Sector Organization - As part of the scope, BDO provided following services-
15. Netcat The swiss army knife of network tools. A simple utility which
reads and writes data across network connections, using
TCP or UDP protocol
16. NMAP The best-known port scanner around
17. p0f Passive OS Fingerprinting: A tool that listens on the network
and tries to identify the OS versions from the information in
the packets.
18. Pwdump Tools that grab the hashes out of the SAM database, to use
with a brute-forcer like L0phtcrack or John
19. SamSpade and Graphical tool that allows to perform different network
Dnsstuff queries: ping, nslookup, whois, IP block whois, dig, traceroute,
finger, SMTP VRFY, web browser keep-alive, DNS zone transfer,
SMTP relay check, etc.
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes/No
BDO India LLP, a limited liability partnership, is a member of BDO International Limited, a UK
company limited by guarantee, and forms part of the International BDO Network of independent
member firms. BDO has member firms across 167 Countries and, each member entity in
respective country is a separate legal entity.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
CMS IT Services Pvt. Ltd. (236,92/1A, Konappa Agrahara, Benkataadri Tech Park, Electronic
City, Phase I, Bengaluru, Karnataka 560100)
Govt. : 1
PSU : 3
Private : 8
Total Nos. of Information Security Audits done : 12
CISSPs : 0
BS7799 / ISO27001 LAs : 3
CISAs : 2
DISAs / ISAs : <0>
Any other information security qualification : 15+
Total Nos. of Technical Personnel : 20+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
CISA/ITIL
Manager/CGEIT/CRISC?Iso
9001/ISO 27001
3. Sachin Kumar October 2016 5 years CEH
4. Sanjay Singh April 2007 7 years CEH
5. Pranav Jadhav 1.8 Years 1.8 years ISO 27001 LA
6. Tariq Syed Aug 2004 5 years ISO 27001 LA
7. Xavier Naidu Aug 2000 5 years ISO 27001 LA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
ONGC is our Managed services contracts where CMS IT is providing the AMC and FMS Support
services PAN India (35+) Locations. Assets covered under the contract are more than 40,000
Nos. which includes network devices, servers, PC, peripherals etc.. More than 400 Nos. of FMS
engineers have been deployed to deliver onsite service operations. In this, managed services
contact we are doing VA/PT for all network devices, servers and applications. Security audit,
being a part of contract, there is no additional commercial value associated or mentioned in
purchase order.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Branch Office:
BANGALORE:143, 3rd Floor, 10th Cross, Indira Nagar 1st Stage,
Bangalore – 560038
MUMBAI:Plot C-59, Bandra Kurla Complex, Bandra East, Mumbai- 400051
Govt. : 5+
PSU : 5+
Private : 50+
Total Nos. of Information Security Audits done : 50 +
CISSPs : <1>
BS7799 / ISO27001 LAs : <3>
CISAs : <1>
OSCP : <2>
DISAs / ISAs : <>
Any other information security qualification:
CEH : <20+>
PCI QSA : <1>
CHFI : <1>
CDFE : <1>
CTIA : <1>
ECIH : <1>
Others : <20+>
Total Nos. of Technical Personnel : 60+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Metasploit
• Nexpose
• Nessus
• Nipper
• Netsparker
• Checkmarx
• Burp Suite
• Nmap
• Wireshark
• Immunity Canvas
• Immunity Silica
• Hak5 (Pineapple Wifi)
• Social Engineering Toolkit
• Kali Linux
• Aircrack-ng
• Cisco Global Exploiter
• Ettercap
• John the Ripper
• Kismet
• Maltego
• Cuckoo
• Volatility
• sslstrip
• hping3
• dnswalk
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Yes, eSecForte Technologies is partner with multiple OEM Companies such as Tenable,
AccessData, Cato Networks, Tufin, BeyondTrust etc. for Information Security and Forensic
Products.
eSec Forte acts as Value Added Partner for these companies and is involved in Pre-Sales,
Implementation and Post-Sales activities.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 01
PSU : 01
Private : 13
Total Nos. of Information Security Audits done : 15
CISSPs : 00
BS7799 / ISO27001 LAs : 02
CISAs : 00
DISAs / ISAs : 00
Any other information security qualification -CEH : 05
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Commercial
• Nessus
• WebInspect
• Acunetix
• Burp
Freeware
• Paros
• W3af
• nmap
• SQLMap
• Kismet
• Kali Linux
• Fiddler
• Wireshark
• BeEF
• Nikto
• Metasploit framework
• John the ripper
*Information as provided by Finest Minds Infotech Pvt Ltd on 03rd December 2017
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
• Govt.:<number of> - 7
• PSU:<number of> - 8
• Private:<number of> - 23
• Total Nos. of Information Security Audits done : 38
• CISSPs:<number of> - 0
• BS7799 / ISO27001 LAs:<number of> - 3
• CISAs:<number of> - 2
• DISAs / ISAs:<number of> - 0
• Any other information security qualification:<number of> - 2
(Masters in InfoSec, BSc (IT) & Diploma InfoSec)
• Total Nos. of Technical Personnel : 5
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes/No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : Nil
PSU : Nil
Private : 30+
Total Nos. of Information Security Audits done : 30+
CISSPs : Nil
BS7799 / ISO27001 LAs : 5
CISAs : 9
DISAs / ISAs : 2
Any other information security qualification : Nil
Total Nos. of Technical Personnel : 12
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Scope of Work:
Sr. Activities
Reviewing and carry out necessary changes of Standard Operating Procedure (SOP) for all the
1.
departments of the organization as per latest ISO 27001:2013 standards for its improvement.
Review and carry out necessary changes of Information Security Policies / procedures / Plans /
2.
Risk Management report / Guidelines etc. and its implementation.
Carry out Internal audit for each department and effectiveness of controls implemented based
3.
on scope defined on ISO 27001:2013 standards
4. Review implementation of Cyber security policy and implementation of SEBI guidelines
5. Vulnerability Assessment and Penetration Testing (VA & PT).
Reviewing and updating BCP, DRP for new changes, if any and Provide BCM training to all
6.
employees.
Meeting each department for review of BIA and carry out changes in BIA as per the
7.
requirement.
Carry out Internal audit for each department and effectiveness of controls implemented as per
8. TOR of SEBI circular CIR/CDMRD/DEICE/01/2015 dated November 16, 2015, excluding VA &
PT.
Review of observations reported during audit reports (ISO 27001:2013 and Annual System
9.
Audit), and actions taken for the recommendation, if any and submit closure report.
Presentation of audit findings with recommendations to the Management along with its
10.
compliance status.
• Freeware Tools
o Nmap, Superscan and Fport - Port Scanners
o Metasploit framework, Netcat, BeEF , Cain & able, Hydra, John the ripper - Penetration
Testing & Password cracking
o Process explorer, Sigcheck - Windows Kernel & malware detection
o Netstumbler , Aircrack-ng suite & Kismet – WLAN Auditing
o OpenVas, W3af, Nikto - Vulnerability scanner
o Wireshark – Packet Analyser
o SQL Map
o Kali Linux and all tools inbuilt into it.
• Commercial Tools
o Nessus – Vulnerability Scanner
o Burp Suite, Acunetix - Web application auditing
o Passware: Password Cracking
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 10+
PSU : 0
Private : 62+
Total Nos. of Information Security Audits done : 72+
CISSPs : 2
BS7799 / ISO27001 LAs : 7
CISAs : 2
DISAs / ISAs : 0
OSCP : 1
CEH : 24
CHFI : 2
CCNP and CCNA : 11
PCI DSS v3.2 Implementation : 1
CRISC : 1
OEM vendor certified professionals : 13+
Total Nos. of Technical Personnel : 170+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Leading Insurance Web and Mobile Business critical Remotely USD 65K
company in Apps Insurance (Mumbai)
Europe applications
used by end
users
One of the leading Banking Test in-line with Onsite from USD 16k
bank in middle application PCI standard client location
east (Middle East)
Commercial: IBM Appscan, IBM Source, Acunetix, Nessus, Burp Suite Pro, Checkmarx,
QualyGuard, HP Fortify
Freeware: WireShark, Nmap, Kali Linux, Metasloit, OpenVas, THC Hydra, John The Ripper,
SamSpade, Netcat, Nikto, Fiddler, Dirbuster, SQLMap, CSRFtester, SSLscan, Fiddler, Eco
Mirage etc.
*Information as provided by Larsen & Toubro Infotech Limited on 4th Dec 2017
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 18
PSU : 3
Private : 60
Total Nos. of Information Security Audits done : 81
CISSPs : 1
BS7799 / ISO27001 LAs : 1
CISAs : 1
Core Security Certifications : 10
Any other information security qualification : 6
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Done the largest Infrastructure Security Audit and Assessment more than 5000
machines plus Enterprise UTM/IDS/IPS/SIEM/ Routers and other related IP based
devices etc...for an US Based company and Kerala State Government SECWAN
• Done The Security Testing for World's 3rd largest image and video content portal for
an UK based Enterprise. Its owned and stock more than 100 millions video and image
contents.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 5
PSU : 5
Private : 250+
Total Nos. of Information Security Audits done : 260+
CISSPs : 1
BS7799 / ISO27001 Las : 8
CISAs : 3
DISAs / ISAs : 0
CEH/OSCP/ECSA/CCNA : 8
Any other information security qualification : 15
Total Nos. of Technical Personnel : 35+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Duration Experience in
SL. Qualifications related to
LIST OF EMPLOYEES with Information
NO. Information security
Panacea Security
1 A Kaushik 7 years 13+ years B.Tech., PCI QSA, CISSP, ASV
2 Y Shivde 4 years 15+ years CISA, CISM, PCI QSA, ITIL
3 V Arya 1 year 8+ years LA-ISO27001
5.2 years
4 J Khanna 12 + years LA-ISO27001, PCI QSA
months
CISM, CISA, CCNA, CCNA(S),
5 Sammy N 2+ years 10+ years
PCI QSA
B.Tech., MSCLIS, Certified In
6 M SWARUP 2.7 year 7+ years defend (DLP), Juniper
Network Security SPIRING
7 JS RAJPUT 2.6 Years 2+ years MSCLIS
B.Tech., MSCLIS, CEH, OSCP,
8 C Mishra 2.5 Years 9 years
ASV
B.Tech, CEH, PGDA in
9 J Kumar 1.3 years 5+ years
Wireless
10 V Shah 3 months 4+ years CEH, ECSA, CND
PCI QSA, LA 27K:2013, LA
11 SF HUSSAIN 2 years 14+ years 25999, MCSE+I, MCA, M.Sc.
in computer science
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
License
Tool Purpose
Type
Burp Suite Pro Licensed Application Security Testing
Nessus 5 Pro Licensed Vulnerability Assessment
Qualys Guard Licensed Network and Application VA
AppUse 4.3 Open source Mobile Application Pen Test
MobSF Open source Mobile Application Pen Test
Echo Mirage Open source Network Proxy
Kali Linux Rolling Edition Open Source VAPT
Nipper Open Source Network Configuration File
SonarQube Open source Static Code Analysis
Nmap Freeware Port Scanner
SoapUI Freeware Web Services
Helix3 Freeware Computer Forensics
Oxygen Forensic Suit Commercial Mobile forensic
ProDiscover Forensic Commercial Computer Forensics
Rapid 7 Metasploit Community N/W and Application Pen Test
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Govt. :
PSU / Semi-government : ~3
Private : ~ 126
Total Nos. of Information Security Audits done : 129
Certifications Counts
ISO 9K LA 3
ISO 27K LA/LI 23
ISO 22301 LA/LI or BSI LA 25999 4
Certifications Counts
CHFI 2
EC-Council Certified Incident Handler 1
CB Defence Associate Analyst Exam 1
ECSA 3
Python 1
InsightVM(Rapid7) 2
Carbon Black CB-Defence Associate
Analyst 2
PG Diploma in Big Data Analytics
CDAC 1
Splunk Enterprise Certified Architect
v7. 1
Splunk Architecture Certified 1
Splunk Admin Certified 1
Splunk Power User Certified 1
Palo alto ACE networks OS V8 1
Red Hat Automation 1
Qualys Vulnerability Management. 1
CCSA 2
CIA 1
Certified Security Specialist 1
SAP -FI certified 1
Total 125
7. Any other information security qualification:The details of all the qualifications are provided in
the annexure embedded for point 8 and the summary provided in point 6
Total Nos. of Technical Personnel : 120
8. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Technology
Consulting Team_30
The certification details are attached:
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Client The client is one of the largest multinational conglomerate corporation headquartered
in Tokyo. Its diversified business includes consumer and professional electronics, gaming,
entertainment and financial services.
Work performed: Have been assisting the client in performing IT audits covering various
domains over the last 5 years. The work has been performed in India, US and multiple other
countries/cities. Detailed IT control testing covering test of design and effectiveness have been
performed for client’s various functions.
1. Acunetix
2. Nessus
3. Nmap
4. Wireshark
5. OpenVAS
6. Nikto
7. Metasploit
8. Burpsuite
9. Beef
10. W3AF
11. SQLMap
12. Kali Linux
13. Dradis
framework
14. VoundIntella
Pro
15. X-ways
forensics
16. Magnet
Axiom
17. MobSF
18. Fiddler
19. Custom
Scripts
20. Genny
Motion
21. Echo Mirage
22. Checkmarx
23. EnCase
24. FTK
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
We have alliance partners for tools and technologies that help us deliver the information /
cyber security audits and projects. Some of our alliance partners are :Flexera, Kaspersky etc.
Further, we have a network where in our global offices assist in providing support from a global
technology alliance perspective
The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is
Independent Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the
Protiviti Inc. Protiviti Inc. is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in
1948, Robert Half is a member of the S&P 500 index.
The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is
Independent Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the
Protiviti Inc. Protiviti Inc. is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in
1948, Robert Half is a member of the S&P 500 index. Offices of Protiviti Inc and the member
firms are spread across 75+ offices across 27 countries.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt : 15
PSU :
Private : 12
Total Nos. of Information Security Audits done : 27
5. Number of audits in last 12months, category-wise (Organization can add categories based
on project handled by them)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
IT Security Audiof Application Penetration Testing, Network devices and Source Code Analysis.
Value of the project is
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
• Burp Suite
• Nmap
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : Nil
PSU : 1 (one)
Private : 5 (Five)
Total Nos. of Information Security Audits done : 6 (six)
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : Nil
BS7799 / ISO27001 Las : 3
CISAs : 1
DISAs / ISAs : Nil
Any other information security qualification :
1 (CSSP), OSCP (1), CEH (2)
Total Nos. of Technical Personnel : 7
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Nessus
• ISO 27001 control checklist
• CSA control Checklist
We have 1 (one) external Information Security Auditor, with who we have a signed
Master Service Agreement in place covering all Business terms & conditions,
accountability, confidentiality and other important clauses.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
TÜV SÜD Group is a Global organizations and it has multiple tie-ups across the globe at a
Group level.
India Cybersecurity team only has foreign tie-ups with TÜV SÜD global entities where
India team supports on delivery.
TÜV SÜD South Asia is a wholly owned subsidiary of TÜV SÜD Group.
TÜV SÜD AG
Westendstr. 199
80686 Munich
Germany
*Information as provided by TÜV SÜD South Asia Pvt. Ltd on 23 Dec 2019
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 500+
PSU : 50+
Private : 500+
Total Nos. of Information Security Audits done : 1000+
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 5
BS7799 / ISO27001 LAs : 7
CISAs : 4
CISMs : 2
DISAs / ISAs : 1
Any other information security qualifications - : Yes, Many More.
SANS GIAC Certified Professionals : 5
OSCP / OSCE : 4
CEH : 4
ECSA : 2
CDFE : 3
Tenable Certified : 1
MCSE : 3
ITIL V3 : 2
PCI DSS 3.2 : 3
Sourcefire Certified : 2
Total Nos. of Technical Personnel : 27
(Cyber & Information Security - 21, Other – 6)
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
2 Data Center Security (DC) ➢ One of the Largest Telecom Operator in Malaysia
Audits,Telecom Architecture ➢ Foremost & biggest Two ISPs in Bangladesh
Security Review,NMS, Application ➢ Three of the Government State Banks
Security Testing,Wireless Security, ➢ Two of the Government National Level Data Centers
Business Continuity Management &
Disaster Recovery (BCP & DRP),
Cyber Security Trainings
3 ISMS & BCM, Security Review, Data ➢ A Leading Automobile & Manufacturing Company in
Protection Implementations & Europe
Compliance Auditing for ISO 27001 ➢ Key Defense Units with GIGW Guidelines
with Security Testing & Patching, ➢ World Bank Funded Govt Project & Programs with GIGW
Identity & Access Mgmt. (IAM), E- Guidelines
Mail Security
4 Burp Suite Scanner Commercial Burp is a java based application developed with advanced
Professional scanning techniques for penetration testers to find out
security vulnerabilities in the application.
5 Acunetix Web Commercial Acunetix is leading web vulnerability scanner used by
Vulnerability penetration testers which include the most advanced SQL
Scanner Injection, and XSS black box scanning technologies. It
automatically crawls applications and performs black box
and grey box hacking techniques which find security
vulnerabilities.
6 Checkmarx Commercial Checkmarx is an application security solution designed for
Application Security Testing and Static Code Analysis to
identify known coding level vulnerabilities.
7 Holm Security Commercial VA, WA, PT, AWS Security Auditing Tools
8 Metasploit Commercial Metasploit is an exploitation framework that enables a
Framework penetration tester to find, validate and exploit
vulnerabilities over network infrastructure. Framework
includes auxiliary modules, exploits, shellcode, encoders
etc.
9 Shodan Commercial Shodan is a search engine that lets the user find specific
types of computers connected to the internet using a
variety of filters. Shodan collects data mostly on web
servers (HTTP/HTTPS - port 80, 8080, 443, 8443), as well
as FTP (port 21), SSH (port 22), Telnet (port 23) etc
10 OllyDbg Commercial Debugger used for reverse engineering
11 Nexpose Commercial Nexpose, Rapid7’s on-premises option for vulnerability
management software, monitors exposures in real-time
and adapts to new threats with fresh data, ensuring you
can always act at the moment of impact.
12 tCell By Rapid7 Commercial tCell By Rapid7: The next-gen cloud WAF and RASP tool
that gives you complete visibility for application monitoring
and protection.
13 Cain & Abel Commercial Cain & Abel is a password cracking tool. It allows easy
recovery of various kinds of passwords by sniffing the
network, cracking encrypted passwords using Dictionary.
ARP feature enables sniffing on switched LANs and Man in-
the-Middle attacks.
14 Core Impact Commercial Integrated VAPT Suite with versatile exploitation
capabilities.
15 Kali Linux Open Source An advanced Penetration Testing Linux distribution used
for Penetration Testing, Ethical Hacking and network
security assessments.
16 Cisco - Torch Open Source Cisco Torch is a mass scanning, fingerprinting and
exploitation tool to find the flaws in cisco devices and
exploit vulnerabilities.
17 Power Sploit Open Source PowerSploit is a group of Microsoft PowerShell scripts that
can be used in post-exploitation scenarios during
authorized penetration tests.
18 CryptCat Open Source CryptCat is a Unix utility which reads and writes data
across network connections, using TCP or UDP protocol
while encrypting the data being transmitted.
19 OpenVas Freeware OpenVas is a framework of several services and tools
offering a comprehensive and powerful vulnerability
scanning and vulnerability management solution.
20 Fierce Open Source Fierce is a reconnaissance tool (PERL script) that quickly
scans domains using several tactics.
21 Scapy Open Source Scapy is a powerful interactive network packet
manipulation program.
22 Nmap Freeware Nmap is a free security scanner which will provides a
number of features for probing computer networks,
including host discovery and service and operating system
direction. These features are extensible by scripts that
provide more advanced service detection, vulnerability
detection, and other features.
23 NetCat Freeware Netcat is a networking utility which reads and writes data
across network connections, using the TCP/IP protocol.
24 Ettercap Open Source/ Ettercap is an open source network security tool for man-
Freeware in-the-middle attacks. It can be used for computer
network protocol analysis and security auditing.
25 THC-IPV6 Open Source THC-IPV6 is a penetration testing tool which will exploit
the protocol weaknesses of IPV6 and ICMP6 and includes
an easy to use packet factory library.
26 Zed Attack Open Source Proxy (ZAP) The OWASP Zed Attack Proxy (ZAP) is an
open source proxy/vulnerability scanner which will
automatically discover security vulnerabilities in the
applications
27 Nikto Open Source Nikto is an Open Source (GPL) web server scanner which
performs comprehensive tests against web servers for
multiple items, including over 3500 potentially dangerous
files/CGIs, versions on over 900 servers, and version
specific problems on over 250 servers.
28 W3af Open Source w3af is a web application attack and audit framework
which aims to identify and exploit all web application
vulnerabilities
29 SQLMap Open Source SQLMAP is an penetration testing tool that automates the
process of detecting and exploiting SQL injection flaws and
taking over of database servers.
39 SoapUI Open Source SoapUI is a most advanced web service testing application
for service-oriented architectures and representational
state transfers.
40 Apk Tool Open Source A tool for reverse engineering Android .apk files
47 Echo Mirage Freeware Echo Mirage is a tool that hooks into an application’s
process and enables us to monitor the network
interactions being done. This process can be done with a
running process, or it can run the application on the user’s
behalf. It is an efficient tool for performing Thick Client
Application Security Testing
48 ILSpy Freeware ILSpy is the open-source .NET assembly browser and
decompiler; it is used for extracting the source of
executable and dynamic link libraries in a readable format.
It is an efficient tool used for performing Thick Client
Application Security Testing.
49 Windows Enabler Freeware Windows Enabler allows user to enable disabled fields and
controls such as buttons & tick boxes in a window from.
It’s very efficient tool used for performing Thick Client
Application Security Testing.
50 APK Analyzer Freeware APK Analyzer provides a developer mode for analyzing and
manipulating insecure activities in an android application.
51 dex2jar Freeware Dex2jar is a command line tool used for converting the
“.dex” file of an android application into “.jar” file, post
extraction, the source code of an android application is
accessible in a readable format.
52 OpenSSL Open Source OpenSSL contains an open-source implementation of the
SSL and TLS protocols. It is used for determining the
strength of various SSL and TLS protocols.
53 Cycript Freeware Cycript allows for useful runtime analysis of a program
(such as for instance getting the complete view hierarchy,
or checking out the properties of an object), and it allows
for easy prototyping of a tweak (by hooking methods with
a Substrate bridge, changing objects freely and calling
functions, etc.)
54 Winhex Freeware WinHex is a universal hexadecimal editor, used for
extracting information from the local memory (RAM, ROM,
etc) of a client machine.
55 Android Studio Commercial Android Studio is a GUI based development bundle which
consists of tools used for developing and analyzing Android
applications. It consists of android debug bridge which can
be used as a command line tool to communicate with
connected Android devices.
56 iOS App Auditor Commercial iOS Application Simulator & Security Testing Suite with
License exploitation capabilities and vulnerability bug-reporting.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : NO
15. Has your organization have completed all projects in due requested time? : Yes, Always.
We have all the project completion certificates from all the clients with their outmost satisfaction.
*Information as provided by - ' M/s Code Decode Labs Pvt. Ltd.' on 25/04/2020.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 34
PSU : 9
Private : 13
Total Nos. of Information Security Audits done : 56
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 7
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification : 3
Total Nos. of Technical Personnel : 12
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
ClientName ProjectValue
UnitedBank ofIndia INR 62,00,000/-
CapitalSmallFinanceBank INR 7,45,000/-
NHPCLtd. INR 5,23,920/-
DGQA(9Departments) INR- 3,36,000/-
ERLDC INR 17,35,000/-
SREI INR 24,80,000/-
Labvantage SolutionsPvt.Ltd. INR 2,25,000/-
BBMB INR 2,30,100/-
BSESRajdhaniPowerLtd. INR 2,76,080/-
BSESYamunaPowerLtd. INR 1,88,800/-
IBPS INR 3,72,880/-
Chhattisgarh State INR 62,540/-
BangiyaGraminVikashBank INR 60,000/-
EDCON INR 2,50,000/-
Globsyn3rdLifePvt.Ltd. INR 2,36,000/-
IndiaPower INR 4,54,300/-
CoresonantSystemsPvt.Ltd. INR 3,54,000/-
1. Recon-NG
2. Metasploit
3. Exploit-Pack Commercial
4. Nessus
5. InsightVM
6. Sparta
7. Namp
8. Nikto
9. BurpSuit
12. Netsparker
13. Mobsf
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
• Govt. : 0
• PSU : 1
• Private : 5
• Total Nos. of Information Security Audits done : 6
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 5
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification:
1. CRISK : 1
2. Master’s Degree in Computer Management : 1
Total Nos. of Technical Personnel : 2
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
At Energy InfoTech Centre (a division of Chattisgarh State Power Distribution Company Ltd.), a state
government enterprise
Commercial Tools: Burp Suite, Nessus, Qualis ( On demand), Acunetix ( Cloud version)
Freeware tools: Kali Linux and applications, OWASP-ZAP, Open Vas, SQLMAP, Zenmap, Vega, Nikto,
Wire shark
please find attached the Confidentiality Agreement signed by Satish Meda, Ajay Mathur and
Sudhanwa Joglekar
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : NIL
PSU : NIL
Private : 15
Total Nos. of Information Security Audits done : 15
5. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)
CISSPs : 4
BS7799 / ISO27001 LAs : 4
CISAs : 4
DISAs / ISAs : NIL
Any other information security qualification : CEH, CISM etc. 4
Total Nos. of Technical Personnel : 6
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
Reliance Jio Data Centers covering Mumbai, Jamnagar and Nagpur for SSAE 18 SOC Audit
Currently No but in case we need to we will have proper due diligence, NDA, MOU and project will
be supervised and managed by one of our team members.
11. Whether organization has any Foreign Tie-Ups? If yes, give details Yes/No : Yes
Association with Accedere Inc USA for SSAE 18, SOC Attest Reports
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 48
Total Nos. of Information Security Audits done : 48
5. Number of audits in last 12 months, category-wise (Organization can add categories based on
project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 13
CISAs : 9
DISAs / ISAs : 0
Any other information security qualification : 2 CCNA,
1 CHFI,
1 CCSA,
2 ISO 22301,
1 CISM,
2 SAP,
2 OSCP,
1 RHCE,
3 ITI
Total Nos. of Technical Personnel : 52
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required) Please refer to Annexure - 1
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Commercial Tools:
• Nessus
• Nipper
• Burpsuite
Freeware Tools:
• Metasploit
• Wireshark
• NMAP
• SQLMap
• Nikto
• MobiSF
• Metasploit
• Hydra
• Cain and Abel
• John The Ripper
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Yes, Grant Thornton India is part of the GT Member Firm network which is spread across the globe
in 130+ countries.
Back
Annexure – I
3. Lalit Vazirani January 2018 • ISO 27001 LA, ISO 22301, 15+ years
Symantec DLP certified, Qualys
Guard certified
7. Shweta Pawar November 2015 • ISO 27001: 2013 Lead Auditor 9 years
(ISMS)
• ITIL V3 Foundation
10. Krishna Jere October 2017 CCNA, CCSA, ISO 27001 LA 13+ Years
11. Dhananjay Deo April 2017 CISA, ISO 27001, COBIT 20+ Years
13. Sandeep Sharma April 2013 • Microsoft SAM 673, and 74-678 5+ years
• SCJP
• ITIL Foundation Certified
16. Umesh Jain February 2016 • ISO 27001:2013 Lead Auditor 6+ years
• CEH (Certified Ethical Hacker)
17. Bhavna Nakra August 2017 ISO 27001:2013 Lead Auditor 3+ years
19. Aditya Tiwari May 2017 ISO 27001:2013 Lead Auditor 6+ months
S. Name of Employee Duration with Grant Qualifications related to Experience in Information
No. Thornton India Information security Security
LLP
24. Charu Lata April 2017 Sap (SD,FI) Trained 1.5 Years
26. Lalit Sharma July 2012 • DCPP (DSCI Certified Privacy 4+ years
Protection Certificate)
• ITIL Foundation Certified
• Certificate Program in Cyber Law
(SYMBIOSIS)
27. Makarand Ramesh June 2017 • Lead Audit ISO 27001:2013 - 8 years
Kadave Information Security
Management System
• Diploma in Information Security
& Ethical Hacking
28. Muralikrishna Joshi February 2016 ITIL Foundation Certified 1.8 years
36. Sagar Gajara November 2017 • CEH, CCI, Diploma in Cyber 4+ Years
forensics
37. Amit Bedwa December 2017 • ISO 27001 LA, ISO 22301 LA, 2 years
ITSM
43. Arvind Kumar April 2018 • ISO 27001 LA, ISO 27001 LI, 4+ years
ERM
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : None
PSU : None
Private : 20
Total Nos. of Information Security Audits done : 20
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : None
BS7799 / ISO27001 LAs : 4
CISAs : 2
DISAs / ISAs : 5
Any other information security qualification : CEH- 5
Total Nos. of Technical Personnel : 12
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
IT management project (renewed annually) for a client based in India.Project includes secure IT
operations, Web application testing, network security management, continuous vulnerability and
patch management, data center security and Disaster recovery management. The annual
revenue is over INR 1.1Cr
KALI Linux, Nslookup, Dnsmap, Nmap, Firewalk, Hping, Nessus, Nikto, John the ripper, Sqldict,
Firewall Analysers
Vulnerability Scanning:
Burp suite, Paros, Wireshark, Accunetix, Netsparker, Metasploit framework, SQL Map,
customized python scripts
Social Engineering
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 20
PSU : 1
Private : 2407
Total Nos. of Information Security Audits done : 2428
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : 11
BS7799 / ISO27001 LAs : 20
CISAs : 10
DISAs / ISAs : 0
CEH : 85
CISM : 02
Total Nos. of Technical Personnel : 128
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Commercial:
Qualys Guard, IBM App Scan, Burp Suite Pro, Web Inspect, Checkmarx, HP Fortify, ISF
Security Health Check, ISF Benchmarking, Algosec.
Freeware:
NMap, Metasploit, SSL Digger, SSL Scan, SQL Map, MOB-SF, Quark, Drozer, SOAP
UI,Owasp Zap.
Third party ISAE 3402 audit has been outsourced to E&Y since 2015. This was a client
requirement. (Attached here for ready reference). As TechM has implemented, hence the
auditing was provided to third Party (E&Y)
Jakarta
China
Nanjing
Shanghai
Shenzhen
Hong Kong
Japan
Kanagawa
Tech Mahindra Ltd.
Fujitsu Atsugi Technical Center, 3065, 3rd floor
Okada, Kanagawa, Tokyo, Japan
Phone:+ 81 5038040928
Tokyo
Malaysia
Cyberjaya
Philippines
Cebu
Manila
Singapore
South Korea
Seoul
Taiwan
Taipei
Thailand
Bangkok
Vietnam
Hanoi
Americas
Argentina
Buenos Aires
Bolivia
Santa Cruz
Brazil
Alphaville
Rio de Janeiro
Sao Paulo
Canada
New Brunswick
Ontario
Vancouver
Colombia
Bogotá
Costa Rica
San Jose
Ecuador
Guayaquil
Quito
Guatemala
Phone:+502-2334-3421
Fax:+502-2334-2648
Mexico
Mexico City
Panama
Peru
Lima
California
Connecticut
Florida
Tech Mahindra
501 Brickell Key Drive,
Suite 200, Miami,
Florida, 33131
Georgia
Illinois
Kansas
Tech Mahindra
12980 Foster South Creek Building 1,
Suite 190, Overland Park,
Kansas 66213
Kentucky
Michigan
Nebraska
Nevada
New Jersey
New York
Tech Mahindra
Equinix NY9, 111 8th Avenue,
New York 10011
North Dakota
Ohio
Pennsylvania
Texas
Washington
Australia
Brisbane, Queensland
Canberra, ACT
Chatswood, NSW
Melbourne, Victoria
New Zealand
Auckland
Austria
Vienna
Belgium
Brussels
Charleroi
Bulgaria
Sofia
Czech Republic
MladaBoleslav
Ostrava(Virtual Office)
Denmark
Copenhagen
Finland
Helsinki
France
Paris
Phone:+33 01 44 43 47 20
Toulouse
Germany
Berlin
Dresden
Düsseldorf
Hamburg
Muenchen
Wiesbaden
Wolfsburg
Hungary
Budapest
Ireland
Dublin
Northern Ireland
Waterford
Italy
Milano
Latvia
Riga
Luxembourg
Senningberg
Netherlands
The Hague
Norway
Oslo
Romania
Bucharest
Spain
Madrid
Sweden
Gothenburg
Stockholm
Switzerland
Basel
Geneva
Zurich
Bristol
Crewe
Ipswich
London
Manchester
Milton Keynes
Norfolk
Bahrain
Manama
Qatar
Doha
Saudi Arabia
Al-Khobar
Abu Dhabi
Dubai
Africa
Chad
Ndjamena
Tech Mahindra Ltd
Quartier Béguinage, Rue 1029, BP 324,
Ndjamena, Tchad.
Phone:+235 600-100-10
Congo(B)
Pointe-Noire
Kinshasa
Ethiopia
Gabon
Libreville
Ghana
Accra
Kenya
Nairobi
Malawi
Lilongwe
Nigeria
Abeokuta
Tech Mahindra Ltd.
3rd to 6th Floor, Opic Towers, Oke–Ilewo
Abeokuta - Ogun State
Phone:+234 8066792757
Lagos
Rwanda
Kigali
South Africa
Cape Town
Johannesburg
Uganda
Kampala
Zambia
Lusaka
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : NA
PSU : NA
Private : 25+
Total Nos. of Information Security Audits done : 25+
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : NA
BS7799 / ISO27001 LAs : 1
CISAs : 2
DISAs / ISAs : NA
Any other information security qualification : 4 CEH,
2 OSCP,
5 ECIH,
3 ECSA,
1 ECSP .net
Total Nos. of Technical Personnel : 20
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
10. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 1
PSU : 2
Private : 42
Total Nos. of Information Security Audits done : 45
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
CISSPs : -
BS7799 / ISO27001 LAs : 3
CISAs : 4
DISAs / ISAs : 1
Any other information security qualification : 3
Total Nos. of Technical Personnel : 7
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
- NW Security audit / Web App Security audit / ERP - SAP security audit - One of the top Indian
MNC - multiple manufacturing plants in India and abroad - worldwide spread computer network with
data centre and DRS sites in India - Multiple user domains - about 15000 employees.
- SAP - GRC Access Controls Review / Audit - top Indian MNC - Pharmaceutical mfg. industry - N/W
size & complexity - 100+ servers, 600+ nodes
Commercial :
- Nessus
- Burp
- Acunetix
- AppScan
- Core Impact
- Net Sparker
- Web Inspect
- Nipper
- EnCase Forensics from Guidance Software
- IDEA data analytics
- Check Marx
- Immunity Canvas
Proprietary :
- SAP-GRC SoD conflict resolution tool
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based on
project handled by them)
Sl No Description Count
Sl No Description Count
1 CISSP 1
2 CISA 2
3 DISA/ISA'S 1
7 Total No Employees 15
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
Sl. Name of Duration with Experience in Qualifications related
No. Employee <organizati Information Security to Information
on> security
1 DawoodAnsar 2 years & 5 3 years & 5 months CEH & ECSA
months
2 Jerry Louis 1 Year & 2 1 Year & 8 Months CEH
Months
3 Alex Daniel Raj 1 Year & 7 1 Year & 7 Months CEH
Months
4 Dinesh C 2 Years & 10 3 years & 5 months ----
months
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : NO
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 100
Total Nos. of Information Security Audits done : 100
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 2
BS7799 / ISO27001 LAs : 5
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification :
C.E.H - 4
PCI – 5
PA - 1
ECSA - 1
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
13 Server Locations, 300 + IP addresses that includes DC, Network devices and POS locations.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 1
Private :
(Etyacol, Fincare, Samasta, ITC Infotech, Zeotap, Firstsource, DTDC,
Mphasis, Marlabs, Market Xpander, Axis Cades, Rang De, BeMore)
Total Nos. of Information Security Audits done:
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 1
CISAs :
DISAs / ISAs :
Any other information security qualification :
CEH (2),
CISM (1),
CBCP (1),
PCI DSS QSA (1)
Total Nos. of Technical Personnel : 14
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Tool Detail
Nessus Professional Infrastructure Scanning
Qualys Web Application Scanning
Fortify Web Inspect Web Application Scanning
Burp Suite Penetration Testing
Metasploit Penetration Testing
NMAP Infrastructure Scanning
Wireshark Infrastructure Scanning
Charles Infrastructure Scanning
Nikto Penetration Testing
SQLmap Penetration Testing
Compliance Audits
LogicGate
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : None
PSU : None
Private :
Delhivery Pvt Ltd , Audio Magick, Fairfax , Risq Group
Total Nos. of Information Security Audits done : 5
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : none
BS7799 / ISO27001 LAs : 3
CISAs : none
DISAs / ISAs : none
Any other information security qualification :
EC Council Certified Ethical Hacker( CEH), ISO20000 , ISO 9001 2000 LA
Total Nos. of Technical Personnel : 7
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value – Delhivery Private Ltd (Implemented ISO 27001 : 2013 for their
organization, Carried our surveillance audit) , Annual Review of ISMS & Implementation of
controls for ISO 27017 (Security controls for cloud services) . Project Scope was their corporate
office in Gurgaon. Total Project value Approx – 5.5 L
Freeware -Zed Attack Proxy (ZAP), Vega, SQLMap Burpsuite OWASP SQLi
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Dubai
SAIF ZONE , Q1-06-141/C
PO Box – 124932
Sharjah Airport Free Zone
Singapore
Regus Vision Exchange
2 Venture Drive
Level #24-01 - #24-32
Singapore 608526
+65 87308006
Sri Lanka
32 Uswatte Road,
EtulKotte,Kotte,
Sri Lanka
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 3
PSU : 3
Private : 8
Total Nos. of Information Security Audits done : 100 plus
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs :
BS7799 / ISO27001 LAs : 1
CISAs :
CEH : 4
ECSA : 1
Total Nos. of Technical Personnel : 8
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Microsoft Certified
Professional (MCP)
Khushboo Sharma 0.7 yrs 11 yrs
Mittal Amrutbhai 2.3 yrs 3 yrs
Patel
Sagar Karan 2.9 yrs 16 yrs Cambridge Certified
Security Associate
Cambridge Certified
Internet Associate
International Associate
– Association Of
Certified Fraud
Examiners
CEH – Certified Ethical
Hacker
CIW Security Analyst
International Associate
– Association Of
Certified Fraud
Examiners.
Vidula Tendolkar 0.5 yrs 3.2 yrs ECSA
Sayed Abbas Raza 0.4 yrs 1.10 yrs CEH
Sneha Kawadgave 1.1 yrs 1.1 yrs CEH
Bhavesh Patil 0.3 yrs 3 yrs CEH, ISO 27001 LA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value. Cyber Security Architecture and Configuration review for a
payment gateway in India. 55 lacs
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 1
PSU : 0
Private : 20+
Total Nos. of Information Security Audits done : 21+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 2
CISAs : 2
DISAs / ISAs : 1
Any other information security qualification:
OSCP : 2
OSWP : 1
CISM : 1
ITIL : 2
CEH : 2
Total Nos. of Technical Personnel : 20
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
1. Conducted Network Security & Web Security Audit for complete internet facing
infrastructure of an Oil and Energy Company in Africa.
2. Conducted Malware Incident Response along with Network Security Audit and Network
Sanitization for M/s MFI, Kenya
Freeware
1. Nmap - Port Scanner
2. Maltego - Recon
3. OWASP ZAP - Proxy
4. Nikto – Vulnerability Scanner
5. Xsser – Vulnerability Scanner
6. Dirb/Dirbuster – File/Directory Enumeration tool
7. Empire – Post Exploitation Framework
8. Koadic – Command & Control (C2)
9. DNSscan – DNS Recon
10. Metasploit Framework – Exploitation
11. OpenVAS – Vulnerability Scanner
12. BurpSuite Community Edition – Vulnerability Scanner
13. Dirsearch
14. Veil-Evasion
15. Shellter
16. Immunity Debugger
17. WinDBG
18. MobSF Mobile Security Framework
19. Hping – TCP ping utility
20. Wireshark – Network Packet Capture
21. SQLMAP – SQL Injection Exploitation tool
22. John (Johnny) – Password cracking tool
23. Hashcat – Password cracking tool
24. NetCat – Network Swiss Army Knife
25. WafW00f – WAF Evasion tool
26. SET – Social Engineering Toolkit
27. CredSniper – Phishing Exploitation tool
28. Aircrack-ng – Wireless Exploitation Toolkit
29. Fiddler – Man-In-The-Middle Proxy
30. Sys-Internal Toolkit – Windows System Analysis & Malware Detection
Commercial
31. Metasploit Pro
32. Nessus Professional
33. BurpSuite
34. Shellter Pro
35. IDA Pro
36. Nipper
37. Accessdata FTK
38. VoundIntella
39. NetSparker
Propriety
• Custom Python Exploitation Scripts
• Siege Exploit Builder
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
*Information as provided by Pyramid Cyber Security & Forensic Pvt Ltd on 08-02-2019
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 180+
Total Nos. of Information Security Audits done : 180+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 12
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification:
(CEH , DSCI LA , CPISI etc.) : 17
Total Nos. of Technical Personnel : 17
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
1. Commercial
2. Freeware
1. Nmap
2. Nikto
3. Netcat
4. Wireshark
5. Kali
6. Metasploit
7. Mozilla Firefox security Addons
8. Firewalk
9. HPing
10. HTTrack
11. OWASP ZAP
12. OWASP Mantra
13. Xenotix
14. John The Ripper
15. Paros
16. Wikto
17. Ethereal
18. Brutus
19. Rips
20. IronWasp
21. Fiddler
22. Tamper Data
23. OpenVas
24. W3af
25. Exploit Database
26. SQL Map
27. Hydra
28. Android Debug Bridge
29. AndroBugs Framework
30. Apktool
31. ByteCode Viewer
32. Drozer
33. Dex2Jar
34. Jd-Gui
35. SQLite Database Monitor
36. Pidcat
3. Proprietary
1. Own developed Scripts for XSS, OS, AWS, and Database Security Audits
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Accreditation bodies like PECB, PeopleCERT, Gaming Works and
partnership with multiple organization in Middle East
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Zulon Consulting,
2/203,Vahatuk Nagar, Amboli,
Andheri(W) Mumbai- 400058.
Govt. : 2+
PSU : 2+
Private : 30+
Total Nos. of Information Security Audits done : 40+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
Name: DK Gosavi
Email ID:
dkgosavi@kalyanjanata.in
Website: www.kalyanjanata.in/
Email ID:
pankajk@insolutionsglobal.com
Website: www.insolutionsglobal.com
Website:
www.tata.com/company/profile/Trent
Name: Sreeram GC
Phone Number:9962589935
Phone: 7045958873
CISSPs : 2
BS7799 / ISO27001 LAs : 6
CISAs : 2
DISAs / ISAs : 1
Any other information security qualification :
PCI QSA, CRISC, CEH, OSCP
Total Nos. of Technical Personnel : 15
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience
Duration with
S. in Qualifications related to
Name of Employee Zulon
No. Information Information security
Consulting
Security
1 Anshuman Dubey 16-Aug 7 ISO27001LA, ITIL.
ISO 27001 LA, ITIL
2 Hamza Qureshi 16-May 4
Foundation
3 Sharon Saldanha 16-Sep 4 CEH, CND, ESCA, CHFI
1. Rapid7 NeXpose
2. IBM Rational AppScan.
3. NESSUS.
4. GFI Languard.
5. Acunetix WVS.
6. QualysGuard.
7. BurpSuite.
8. MetaPacktPublishingoit.
9. Nikto.
10. Wikto.
11. BackTrack Security Distro.
12. Paros Proxy.
13. Nmap.
14. Exploits DB from “astalavista”, “packetstormsecurity”, “exploitdb” etc.
15. Google Hack DataBase.
16. Inhouse customized Scripts.
17. Zero Day Scripts / Exploits.
18. Other Tools (As when required by the type of work).
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt.:<number of>: 33
PSU:<number of>: 23
Private:<number of>: 48
Total Nos. of Information Security Audits done: 104
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
Network security audit: 14
Web-application security audit: 57
Wireless security audit: 01
Compliance audits (ISO 27001, PCI, etc.): 16
Mobile/API PT: 06
Data Migration Audit: 03
Cloud Security Audit 01
AUA KUA Audit 02
ITCR AUDIT 09
Software Licensing 01
Source Code Reviews 02
Special / other Audits 07
Concurrent Audit 18
TOTAL 137
6. Technical manpower deployed for informationsecurity audits:
CISSPs: 0
BS7799 / ISO27001 LAs: 5
CISAs: 6
DISAs / ISAs: 0
Any other information security qualification:
CISM,CISE, CCNA,CND CISC, CDAC (PG-DITISS),MSC
forensic science, Diploma in Cyber Law, CEH,CDAC
(ITSS),Networking, Win Ad & Linux, CHFI, ECSA,Internet
crime investigation.
Total Nos. of Technical Personnel: 23
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience in Qualifications related
Sr. Duration with
Name of Employee Information to Information
no. AQM
Security security
1 Madhav Bhadra 18 Years 18 Years CA,CISA, CISM
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
1. State level APEX &DCCBs (Single Tender)
1. Apex Bank – 1 No.
2. DCC Banks – 19 Nos.
2. Total Branches : 620 Branches
3. Scope of audits:
1. Application Audits (HO level)
2. Application Audits (Branches)
3. IT Control Review Audits
4. Network & Security Audits
5. Data Migration Audits
6. Risk Assessments
4. Project Value: ~ INR 17.7 million
Other Tools
Mobile application VAPT, Web Application VAPT, Server VAPT,
Kali Linux
Network + WiFI VAPT.
JD-GUI / DEX2JAR/
Mobile Application VAPT
APKTOOL/ Drozer/ MOBSF
POSTMAN Web services and API Testing automated tool
WireShark Network protocol analyzer
Metasploit Framework /
Exploit code development framework for Pentesting
Netcat
EchoMirage Thick Client VA & PT
11. Whether organization has any Foreign Tie-Ups? If yes, give details: No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Duration
Experience in
Sl. with Qualifications related to
Name of Employee Information
No. <BEL> in Information security
Security (in Years)
Years
M.Tech (Information
1. Kunal Mohan Sadalkar 8 7
Security)
M.Tech (Information
2. Neeraj Kumar 5 7
Security), CHFI V8, ACE
3. Jagan Mohan Rao B 20 8 PMP, Trained on CISSP
PMP, ISMS LA, CCNSP,
4. Shylaja K 20 15
Trained on CCISO & CISSP
M.Tech (Software
5. Bhagya Lakshmi A N 15 4 Systems), PMP, ISMS LA,
NPT, Trained on CISSP
M.Tech (Cyber Security),
6. Poornima M 10 2
CEH
7. Swathi M D 9 4 CEH
8. Antony Benedict Raja G 9 5 CEH
9. Tarun Jain 9 5 Trained on CISSP
10. Deepak D 7 3 NPT, CEH
M.Tech (Software
11. AnushreePriyadarshini 4 1
Engineering), CEH
12. Akshatha S 0.7 0.7 -
M.Tech (Cyber Security),
13. SandeepGadhvi 0.7 1
ISMS LA
M.Tech (Cyber Law &
14. Viplav 0.7 0.5
Information Security)
15. Vaman A Naik 33 5 ISMS LA
16. Praveen Kumar H T 18 13 ISMS LA, CCNSP
17. Madhavi M 15 2 PMP, ISMS LA
18. Mrityunjaya P Hegde 9 3 PMP, ISMS LA
19. Srinivas T 26 8 ISMS LA
20. DeeprajShukla 10 4 ISMS LA
21. Padmapriya T 8 1 PMP, ISMS LA
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with project value.
Information Systems Infrastructure Audit of BEL-IS Ghaziabad comprising of Antivirus Server,
DC, ADC, Radius, WSUS, Nagios, BEL_Sampark-Intranet Mail server,Web applications,
Switches/Routers and Firewall for both Intranet and Internetwork.
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 5
PSU : 25
Private : 20
Total Nos. of Information Security Audits done : 50
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 4
BS7799 / ISO27001 LAs : 10
CISAs : 5
DISAs / ISAs : 5
Any other information security qualification :
PhD (info Sec), GDPR, CSA-STAR, Certified Forensic Detectives, PIMS
Total Nos. of Technical Personnel : 24
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 3*
* We have some more projects, as we are under NDA, we cannot furnish at this
moment
Total Nos. of Information Security Audits done : 15+
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 6
BS7799 / ISO27001 LAs : 6
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : 350+
Total Nos. of Technical Personnel : India 500+
and Global 8000+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience in
S. Duration with Qualifications related to
Name of Employee Information
No. <organization> Information security
Security
1 Mreetyunjaya Daas 3 Years 9 Months 10 + Years CEH
2 DevdattaMulgund 1 Year 10 Months 7+ Years CISSP
3 Ravindra Singh Rathore 1 Year 8 Months 5+ Years CEH
4 SanketBhogale 1 Year 9 Months 10+ Years CISSP
5 Ankit Tripathi 1 Year 8 Months 4+ Years
1. CEH
6 Mohit Jain 4 Months 10 + Years 2. ISO 27001-2013
3. ECSA
Vulnerability Management for one of the largest Telco Network Operator in India
Project:
Vulnerability management for one of the largest Telco network operator (Client) in India with
approximately 160 million customers.IBM as an IT security service provider manages the
security Assessment and Vulnerability management lifecycle for Client Applications and Network
infrastructure components.
Service Offerings:
Key Activities:
Highlights:
1. Project team performed review of current set-up and validated the scope for
Security Assessment activities. It included Applications and network infrastructure
assets
2. Defined the periodicity or recurring activities and scope of non-periodic ad-hoc
activities
3. Performed security assessment of applications and network assets in scope.
4. Delivered the report to relevant recipients including development team and client
security team
5. Document and track the status of issues. Govern the application team for closure of
issues in defined timeframe. Conducted meetings and knowledge transfer sessions
with development team to guide them for issue closure
6. Re-test the closure of issues and certify them for go ahead
Freeware : 14
Commercial : 4
Proprietary : 5
Total Nos. of Audit Tools : 23
Freeware:
1. Metasploit: Penetration Testing Framework
2. NMAP : Port scanner
3. RAT : Router and firewall benchmarking
4. Wireshark - Protocol analyzer
5. MBSA : Windows security assessment
6. Nikto : Web Applications security
7. SNMPWalk : Router and network management
8. CAIN &Able : Traffic sniffing and Password cracking
9. Brutus : Password cracking
10. JohntheRipper : Password cracking
11. W3AF: Application auditing framework
12. Maltego: Intelligence and forensics application.
13. Unicornscan: Port Scanner and Information gathering.
14. Aircrack
Commercial:
1. Nessus : Network Vulnerability Assessment
2. IBM Appscan : Web Systems & Applications security
3. BurpsuiteProfessional : Web Systems & Applications security
4. Nipper Studio : Network Device Configuration Review
Proprietary Tools:
1. Windows server Security assessment scripts
2. Unix/Linux/AIX server security assessment scripts
3. Oracle security assessment scripts
4. MSSQL security assessment scripts
5. ASP and Java Scripts : Web application assessment
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York
10504-1722, United States
IBM Corporate Office Address: IBM Corporation, 1 New Orchard Road, Armonk, New York
10504-1722, United States
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 0
Private : 20+
Total Nos. of Information Security Audits done : 20+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 3
CISAs : 1
Any other information security qualification:
CEH : 8
CISE :
CHFI : 1
CIPR : 1
C-CTIA : 2
C-ATPA : 2
ECSA : 1
Total Nos. of Technical Personnel : 20+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
NMAP, BURSUITE, NESSUS, RAPID7 NEXPOSE, METASPLOIT, SQLMAP, KALI LINUX, SIFT
WORKSTATTION, ENCASE, FTK, W3AF, ACUNETIX, NETSPARKER, WIRESHARK, RAINBOW
TABLES, AIRCRACK-NG, NETCAT, SCUBA DB VA SCANNER, ELK, ONAPSIS, REDLINE, IDA,
SNORT, CAIN & ABLE, ZAP, TCPDUMP, CANVAS, SET KIT, SQLNINJA, BeEF, SYSINTERNALS,
OPENVAS, NAGIOS, ETTERCAP, MALTEGO.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 10
PSU : 45
Private : 320
Total Nos. of Information Security Audits done : 260
5. Number of audits in the last 12 months, category-wise (Organization can add categories
based on project handled by them)
CISSPs : 2
BS7799 / ISO27001 LAs : 0
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification : -
Total Nos. of Technical Personnel : 9
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required) - NOT APPLICABLE FOR US.
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations,
etc.) along with project value.
Unilever Mobile Application Security Testing
550 Mobile Applications VAPT.
Project Value - 1.5 Crore INR.
Location - Unilever Industries. Tower A. The Business Precinct. Prestige Shantiniketan,
Bangalore, India.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 85
PSU : 34
Total Nos. of Information Security Audits done : 199
5. Number of audits in the last 12 months, category-wise (Organization can add categories
based on project handled by them)
CISSPs : 2
BS7799 / ISO27001 LAs : 3
CISAs : 2
DISAs / ISAs : 0
Any other information security qualification CEH : -
Total Nos. of Technical Personnel : 16
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations,
etc.) along with project value.
SHARECHAT – VAPT, N/W Audit, ISO Certification, Bangalore – 36 Lakh.
Burp Suite, Nessus, Kali, Shortname scanner, DIRBuster, SQLMap, M/S Office etc.,
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
12. Whether organization is a subsidiary of any foreign based organization? : No
If yes, give details
Back
-Top-