Security Risk Analysis
- Security Risk Analysis (SRA) will be performed aligming with
- Authentication, Authorization,
- Data Protection,
- User Access Entitlements,
- Logging and Monitoring,
- Key & Certificate Management,
- Data Resiliency,
- Technology Stack - Framework,
- OSS - Open Source Software & libraries
- Risk Assessment Report Creation
- Risk Remediation Strategies
- Risk Acceptence & Risk Exception process workflows
Threat modelling
Security Architecture
- Application design review and validation
- Network Security design review
- Endpoint security Architect review and
- Design Baseline documents
Attack surface Management
- Secure code design and Review (Manual)
- SSLDC
- SAST
- DAST
- Pentest
- Vulnerability assessment
- OSS-open source software
Security awareness training
- Cybersecurity training for all employees
- Promote awareness of phishing and social engineering attacks
- Technology for SSDLC training.
- SME’s- Security champion training.
- Compliance training for focused audience
Third-Part Security
- Security baseline Documents will be defined for all services
- Control Testing for all defined end points and the process
- Security Policies and Procedures
- Process will be defined and will train SME’s