2. Information Security
Security and Privacy
Identity and Access Enterprise Application Security Risk
Management, Security Strategy Security Strategy , Assessment,
Identity Lifecycle , and Roadmap, Secure Policy, Security Audit,
SOA Security Security Guidelines and Regularity and
and Architecture Procedure Compliance
Cloud Security Blueprint , Design
and Governance
3. Engagement Lifecycle
Assessment, Secure Secure Package Manage
Planning and
Strategy and Architecture Implementation Security and
Budgeting
Roadmap and Design and Deployment Educate
1. Infrastructure
1. Platform and
1. Sit with CXOs and 1. Architectural readiness
1. Define Governance environment
detailing business blueprint 2. Deployment at
Model readiness
vision ,strategy, 2. Architectural Preprod , Preview and
2. High level Plan, 2. SW and Hardware
direction and Governance and Production
estimation and licensing an d
roadmap Design Authority 3. UAT
budgeting procurement
2. Develop strategic 3. Best practice and 4. Security Testing
3. Define delivery gate 3. Implementation
Goal, benefit and guidelines , 5. Operational Readiness
4. Vendor selection Identity life Cycle
ROI technology feasibility 6. Go-Live
and strategic 4. Develop custom
3. Build trust and and vendor selection 7. ITSM lifecycle
alignment code
assess customer’s based on best fit 8. En User Training
5. Detailed program 5. Integration
security posture scorecard 9. Security Awareness
plan ,resource 6. Static , Dynamic
4. Evaluate existing 4. Develop policies, Training
,ownership and and interactive
security policies, milestone . standard and security testing
processes and 6. Risk and Mitigation process 7. Secure Code review
standards, and plan 5. Architectural ,penetration testing
security architecture Decision 8. EIT, SIT
5. Establish security 6. SAD [ Software 9. Audit, reporting ,
baseline and define Architecture and Management
strategic security Design] dashboard
roadmap 7. HLSD [ High Level
6. Identify the Risk Solution Design ]
Associated with 8. LLSD [Low Level
Enterprise, i.e. both solution Design]
business and 9. Test Plan and Test
technical risk Strategy.
10. Application Security
Guidelines and
Strategy
11. App and Web
Security checklist
4. Service Offering ‐ Artifacts
Assurance, Managed
Identity , Account Lifecycle and Application
Risk, Governance, Security and
Cloud Security Security
Regularity Compliance Infra Security
1. Application Security
1. Develop Identity Life cycle strategy and Roadmap, Strategy and 1. Vulnerability
1. Management Security
Roadmap Guidelines Management &
Dashboard
2. IAM Risk assessment , Gap analysis and 2. Secure process Incident Response
2. Information Security
Federation readiness. development through out 2. Emergency Response
Assessment and Audits
3. Product Evolution, Licensing strategy and SDLC and Forensic
3. Outsourcing and Third-
scorecard based product recommendation 3. E2E Security Testing [ Investigation
party security checks and
4. Cloud and API Gateway Security solution [ Static , Dynamic , 3. BCP/ DRP – Business
audits
OAUTH2.0, OpenID, SAML2.0]. Interactive and Glass box Impact Analysis, DR
4. Risk Assessment, Gap
5. IAM Architecture design and technical testing] Strategy & Testing
Analysis, Control Design
blueprint 4. Secure policies, 4. ITSM - Continuous
& Test of Operating
6. Identity Data Modeling , Migration plan guidelines and standard Application
Effectiveness
7. Identity Lifecycle , Directory Services and [OWASP TOP 10, SANS Maintenance Services
5. Standards and
Access Management installation, and Industry best 5. IDS, IPS, Firewall
Regulatory Compliance
configuration and customization practice] policy and Rule
Strategy
8. Account life cycle such as User 5. Secure Code review, configuration
• Sarbanes Oxley (SOX)
provisioning , de-provisioning, self service coding standard and 6. Secure network design
• Gramm-Leach-Bliley Act
and password Management guidelines [F5, BigIP]
(GLBA)
9. Federated Identity Management , Trusted 6. Design and Architecture
• HIPAA
Identity Solution review
• Payment Card Industry
10. RBAC, Role Mapping 7. Code scanning through
(PCI) standards
11. Authorization ,Policy Manager , runtime Static scanning, Website
• Basel II
authorization and Entitlement testing and Webservice
• SAS-70
12. SOA Security, Web Service Security Testing through dynamic
• ISO 27001 Readiness
13. Public Key Infrastructure (PKI) scanning
review and Pre
14. Smart Cards management Solution, 8. Application Vulnerability
certification services
2Factor /Multifactor Authentication Assessment , Threat
15. Single Sign on , Web Single Sign On, modeling and
Single Sign Off/ Logout and Enterprise Penetration Testing
Single On , Secure Token Services 9. Database security
16. Integration, custom adapter/connector Assessment and security
development checklist for Non
17. Testing Plan and Strategy [UAT, SIT and Standard Applications
E2E Functional Testing and Performance 10. Training and awareness
Testing]
5. Technology Enabler
Assurance, Managed
Identity , Account Lifecycle and Application
Risk, Governance, Security and
Cloud Security Security
Regularity Compliance Infra Security
Tivoli Identity Manager (TIM)
Tivoli Access Manager (TAM) Rational Appscan for Source Security Information &
Tivoli Access Manager For eBusiness Edition [Static] Event Management
(TAMESSO)
(SIEM) IBM ISS Siteprotector
Tivoli Federated Identity Manager (TFIM , STS) Rational Appscan Enterprise
Tivoli Directory Server (TDS) & Directory Edition [Interactive and IDS, IPS
Tivoli Security Operations
Integrator (TDI) Dynamic]
Manager & Consul InSight
Tivoli Security Policy Manager
Rational Appscan Standard
Oracle Identity Manager (OIM) ArcSight Enterprise Security
Edition [ Dynamic and
Oracle Access Manager (OAM) Manager
Glassbox]
Oracle Entitlement Server (OES)
Oracle Identity Directory and Oracle Virtual NetIQ Security Manager
Directory (OID, OVD) CA Security Command Center
CA Identity Manager / Access control / Single
Fortify Software
sign-on
SPI Dynamics Vulnerability & Threat
CA SiteMinder, CA SSO, CA Identity
Novell NSure Identity Manager, Access Management
Manager and Federation Solution
IBM Internet Scanner Software
RSA Access Manager
RSA Federated Identity Manager
IBM Proventia Network
Microsoft ILM, UAM, TMG Enterprise Scanner
Microsoft ADFS
Ping Identity and Federation Service IBM Proventia Management
SiteProtector
Web Sphere Data power CA Vulnerability Manager
Apigee Gateway Appliance
Layer 7