Training and Development
Training and Development is at the heart of organizational development. We provide consulting in Human Resource area to help your company make best ROI on your human intellectual capital. Our model for delivering T&D initiative is broadly divided into the following categories.

•  Personal Learning
•  Team Learning
•  Organizational Learning

Single most important factor in T&D is the approach for delivery. We use combination of the following avenues based on our assessment for each client's needs.

•  Lecture style (normally to a group with very little audio visual content)
•  Presentation (with balanced graphics, audio, visual content)
•  Leadership Workshop (uses various social techniques)
•  Teambuilding Workshop (uses various social techniques)
•  Hands-on (show and tell and role plays)
•  One-on-one (specific to individual learning)
•  Computer Based Training (guided training via computing devices)
•  Panel Discussion (enhance collective learning)
•  Product, Policy, Process Training
•  Sensitivity Training (corporate culture)

INFORMATION SYSTEMS SECURITY & AUDITING

Security Consulting Overview
Distributed computing has opened a new dimension to how the culture and technologies can bring benefits and also bring multitude of challenges related to Confidentiality, Integrity and Availability of information systems. To further complicate the situation…most of the banking and financial organizations have progressed in layered architecture model where Mainframes are still at the heart of the computing environment. However, middleware and n-tier architectures have given tremendous JUST-IN-TIME access to millions of end-users all over the globe. As a consequence, exposure from security aspects has grown exponentially and companies cannot survive the future computing environment if they do not put enough effort in understanding and bridging the security gaps that may be purely technical and or process related.

Perform audits of policies & processes, computer applications and of information technology infrastructure. We will test and evaluate the adequacy of application and information systems controls. Review and make recommendations to facilitate effective and efficient processing procedures. We help your organization develop systems controls, standards, policies and procedures.

Information Systems Security Policies, Methodologies, Processes, Standards

Our consulting practice is to advice clients on issues concerning security methodologies, policies, design, processes, procedures, requirements, guidelines, application security, operating system security and network security. Following is a list of methodologies, standards and guidelines that ITTCONSULTING use in the consulting engagements:

•  COBIT (Control Objectives for Information and Related Technology)
•  COSO (Committee of Sponsoring Organizations of the Treadway Commission)
•  IS Standards, Guidelines and Procedures by ISACA
•  ISMS (Information Security Management System ISO 17799 / BS 7799) Compliance
•  ITIL Service Management Framework
•  BSI-15000 IT Service Management Systems Compliance
•  ISO/IEC 18045 (Methodology for IT Security Evaluation)
•  ISO 21827 SSE-CMM (Systems Security Engineering–Capability Maturity Model)
•  OWASP (Open Web Application Security Project)
•  OSSTMM (Open Source Security Testing Methodology Manual)
•  ISC2-CBK (Common Body of Knowledge)
•  GAISP (Generally Accepted Information Security Principles)
•  CC (Common Criteria for Information Technology Security)

We help you assess the system security standards being employed in your area. Provide information on current industry standards being employed around system security. Our advice is based on CIA (Confidentiality, Integrity, and Availability) framework. The testing methods uncover situations to prevent proprietary information from being accessed and whether your system controls could withstand a hacker.

Below is a breakdown of security audit by logical segmentation:

IT Department Review

•  Review of Change Control Policies/Processes/Standards
•  Authorization Procedures (for new users)
•  Business Continuity (plan, policies, procuresses, testing)
•  Disaster Recovery (plan, policies, procuresses, testing)
•  Security Incident Handling
•  Process for Disabling Access (for terminated employees and any role change)
•  Asset Management (Inventory and software licensing procedures)
•  Service Levels Monitoring Reviews
•  Availability Management (policies, processes, methods)

Application Review

•  Access Controls Mechanism
•  User Management (Users of the applications)
•  Password Policies/Standards
•  Systems Monitoring
•  Backup and Recovery
•  Change Management Controls

LAN/WAN Network Review

•  Detailed Review of Network Management
•  Server Configurations (including hardening security parameters)
•  Routers and Firewalls (Access Control Lists)
•  User Management (Users of network resources)
•  Directory Structure and Protections
•  Event Logging and System Monitoring
•  Network Monitoring / Intrusion Detection / Communication of Alerts

Desk Top Management

•  Software inventory
•  Hardware inventory
•  Software license management
•  Desktop support (including agreements)

Specialized Services

•  TRA (Threat Risk Assessment)
•  Business Continuity (Planning and testing)
•  Disaster Recovery (Planning and testing)
•  IT assets (Hard/Soft) and strategic planning
•  Hacking and penetration testing
•  Firewalls implementation, monitoring, review and assessing the adequacy
•  Review of existing controls, policies and procedures, identification of risk and suggestions for cost effective controls
•  Review of security policies and systems, applications and network level
•  Assisting in formulating and implementation of IT security policy
•  Security policies & procedure review and evaluating the effectiveness
•  Applications systems access policies compliance and compatibility
•  Security administration on application and system level
•  Systems/Applications Release Review (Pre & Post-Implementation)
•  Asset Management
•  Asset Security Monitoring
•  Asset Management systems integration with 3 rd party systems
•  Real-time monitoring and reporting on incidents
•  Backup and Recovery mechanisms (retention policies, processes, compliance)
•  Security of Telecommunication (Data & Voice) Infrastructure (CPE & Non-CPE)
•  Security review at the overall ERP level (SAP, JD Edwards)
•  System's performance review and reporting
•  Audit report and executive summaries.
•  Risk Management
•  Assisting in formulating Internal Controls, evaluation and effectiveness.
•  Internal Audit, Operational Audit, Financial Audit and reporting

PROJECT MANAGEMENT

All our consulting services engagements leverage best practices from PMBOK (Project Management Body of Knowledge), PRINCE2 (Projects IN Controlled Environments) and IEEE Project Management (IEEE Std 1058-1998) standards.

Some of the key benefits we offer in project management consulting area are:
" Project Scope Negotiations
" Project Planning and Implementation
" Establishing control framework for project/program management
" Relationships Management with IT personals, lines of business and vendors

QUALITY ASSURANCE SERVICES

We provide customized methodology and process implementations for quality assurance (quality planning, quality improvements and quality control) services.

Our consulting services in enterprise organizational development areas focus on addressing the immediate needs of the clients and also building mechanisms for aligning future growth with strategic direction.

TELECOMMUNICATIONS

Your organization can benefit from the vast experience of our consultants in the following areas:

• CRM Environment
• Call Centre setup
• Video/Audio and Date Conferencing
• Converged Networks
• Unified Massaging
• Telecom Quality Assurance
• Planning, Design, Execution and Reporting
• Testing B2B and B2C e-commerce sites

BUSINESS PROCESS RE-ENGINEERING

Review and evaluate business processes and conduct assessments for the development of new business processes. Advise on aspects of policies, process enhancements and procedures to gain effectiveness, performance, internal control and ROI.

MANAGEMENT REVIEWS

A strategic and tactical level review of an area performed at the request of a department head or senior management. It is usually short term in nature and is intended to provide insight into the operations from a controls and/or efficiency perspective. The findings are communicated to the persons or person requesting and distribution of the report is also limited to a need to know as determined by the person/s requesting the review.