IHIL

Fihil Company Profile

IHIL Services Pvt. Ltd
www.fihil.com
 IHIL
Company Profile

Multi Disciplinary BUSINESS RISK

Practices spans assurance services, consulting MANAGEEMNT
services and information risk management

Large Client Base

Covers banking, financial services, telecom,
manufacturing and insurance services
INFORMATION RISK
MANAGEMENT
Thought Leadership
Ahead of curve with thought leadership
Our
efforts in BFSI / telecom industry Verticals
CONSULTING &
Experience COMPLIANCE
Our team has over 60 man years of serviing
experience across industries

Team
TECHNOLOGY
Experts comprising of Bankers, IT Specialists,
MBAs, engineers and lawyers

Confidential @ Fihil Services Pvt Ltd www.fihil.com 2

 IHIL
Business Risk Management Offerings
Technology Advisory
Advisory on technology and business
integrations

Technology Advisory
Internal Audit
Internal Audit
Check and continuous improvement
framework for management

Process Reviews
Governance controls reviews for the smooth
operations and sustenance
Fraud Risk Management Process Reviews
Technology Assurance
Technology review for the management and
compliance assurance

Technology Assurance Fraud Risk Management

Evaluation and Assessment of the fraud and
its impacts

Confidential @ Fihil Services Pvt Ltd www.fihil.com 3

 IHIL
Information Risk Management Offerings

IT Governance Controls System Audits Mobile Audit Source Code Audit Vulnerability Tests
Governance review for technology System audits for applications, and Mobile Application Security Review of the source code for security Assessment of the security posture of
including systems, networks, infrastrucute Assessment loopholes the infrastructure / systems
application

Data Center Audit Business Continuity Plan Disaster Recovery Security Operation Forensic Investigation
Data Center review for benchmarks Review of existing business continuity Disaster Recovery Readiness Center
Security Operations in compliance with Forensic Investigation for frauds
and internal controls plan Assessment industry standards

Confidential @ Fihil Services Pvt Ltd www.fihil.com 4

 IHIL
Consulting & Compliance Offerings

Technology Regulatory
Consulting Compliance ISO Compliances
Technology evaluation, cloud RBI, IRDA, TRAI, SEBI, SOX, ISO 27001,, ISO 22301, ISO

services, hybrid operations HIPAA Implementation and 20000-1, ISO 27701, ISO
Assurance 27018, ISO 27032, ISO 9001,

ISO

Cyber Compliance
Assistance in implementation
Process Consulting Industrial and assurance for cyber
Governance controls, Policies, Compliances compliance
Procedures, Realignment PCI DSS, PA DSS,,

consulting and assistance

Confidential @ Fihil Services Pvt Ltd www.fihil.com

 IHIL
IT Audits

Application Security Cloud Security

Geplis dipsam volorib vendian debist Geplis dipsam volorib vendian debist
lignist quantium temab lignist quantium temab

Implementation Assurance
Geplis dipsam volorib vendian debist
Network Security
lignist quantium temab
Geplis dipsam volorib vendian debist
lignist quantium temab

Compliance Audit
Geplis dipsam volorib vendian debist
System Security lignist quantium temab
Geplis dipsam volorib vendian debist
lignist quantium temab
IT
Security

Confidential @ Fihil Services Pvt Ltd www.fihil.com 6

 IHIL
Cyber Security Services

IDENTIFY

Cyber Security deliverables I We can help you pinpoint and identify the
necessary assets
Our team of experts can assist your
PROTECT
team to create the robust and
compliant cyber security framework P Our experts can help you to design the
appropriate level of controls around your assets
for your management and compliance
needs, DETECT

Our programs are custom tailored to

D Our expert team can help you to design and
implement best practices for smooth operations
address your specific needs.
RESPOND

R We can help you to design a proper response

mechanism around your cyber security incidents

RECOVER

C Our experts can help you to design and test

your recovery mechanism in record time

Confidential @ Fihil Services Pvt Ltd www.fihil.com 7

 IHIL
Security Audits
Vulnerability Assessment and Penetration Testing Services

APPLICATION
SECURITY
Web and Standalone Application
SECURITY AUDIT & ASSURANCE
security services
SERVICES
Our team of experts having latest update on the
IOT & DEVICES SECURITY
MOBILE SECURITY applicable security for your systems can assist you for
Security of the IoT devices and
Android, iOS application and the identification of your security baseline.
systems
transaction security services
Our experts in addition to security experience carry
various certifications like CEH, CISSP, OSCP, CISA,
CIPP,

NETWORK
Our team will provide you the assistance to
SCADA SECURITY SECURITY
Geplis dipsam volorib vendian
identify your security baseline. Our experts
Robotic and Automation devices debist lignist quantium
can pinpoint the exact applicable solution
security services
instead of regular recommendations.
API SECURITY
Your API gateway security
assessment services

Confidential @ Fihil Services Pvt Ltd www.fihil.com 8

 IHIL

Our Compliance Portfolio

Implementation, Assessment and Trainings

Our team can assist you in any of the above compliances. To demonstrate your
strength and assurance for the regulatory and non regulatory requirements.

Confidential @ Fihil Services Pvt Ltd www.fihil.com 9

 IHIL
Case Study : Network Security in Trading Platform

Root Cause
SECURITY OF INFRASTRUCTURE It was found that due to non configuration of the integrity verification, the
system is susceptible to the unauthorised bypass of the system

Trading platform has implemented a new

network protocol as a part of infrastructure Detection
improvement. Before implementation of the During the security checks, it is found that the system can be bypassed. The

technology,, it is given a test run for testing attack is simulated though manual tools

purpose.
Correction
The integrity checks controls are implemented which has prevented the
bypass of the system

Prevention
Through security verification of implemented system the security loophole I
s closed.

Confidential @ Fihil Services Pvt Ltd www.fihil.com 10

 IHIL
Case Study : Device Security in Payment Platform

Root Cause
SECURE PAYMENT DEVICES The communication from device to backed server is not encrypted

A Bank was testing a new payment hardware

device. As a part of the new payment platform Detection
support through embedded devices the devices During security checks, it is found that if the communication between

are designed with necessary security device and backed server was intercepted, it can be easily read and modified
leading to fraudulent transactions
requirements.
Correction
Communication channel is encrypted using the strong dynamic level of
encryption

Prevention
The fraudulent modification is prevented using this security testing

Confidential @ Fihil Services Pvt Ltd www.fihil.com 11

 IHIL
Case Study : Application Security Mobile Platform

Root Cause
A cryptocurrency exchange wallet The security keys and wallet transaction token ID are not linked with each
other. These IDs are not validated for the transaction purpose

A mobile wallet is a frontend of an

cryptocurrency exchange platform. All the Detection
transactions were performed through the During the security testing we have found that bitcoin exchange addresses

mobile wallets are validated through integrity checks.

Correction
The security keys and transactions are validated before transaction for
verification through user

Prevention
Thus an identity impersonation attack was prevented on the cryptocurrency
wallet.

Confidential @ Fihil Services Pvt Ltd www.fihil.com 12

 IHIL
Case Study : API Security

Root Cause
Digital Identity Provider The API gateway was vulnerable to identity impersonation checks because
of lack of two-way verification prior to onboarding

A Digital Identity Provides is using the API

for franchise interfaces. All the franchisees Detection
were connected through API gateway. All the During the testing we observed that the server is not validating the

transactions were performed through the API franchisee and users along with the user data at server side before
processing the identity generation service
gateway. They wanted to test the solution for
security purposes. Correction
A two-way verification for user and franchisee was implemented for end
users and franchisee operators.

Prevention
Due to early detection, the end user identity impersonation fraud is
prevented

Confidential @ Fihil Services Pvt Ltd www.fihil.com 13

 IHIL
Case Study : Technology Performance Consulting

Root Cause
Global Multilocation Setup Due to recent acquisitions and setup integrations, the systems are not
defined a coordinated synchronised schedule

A testing laboratory has a setup across the

globe in various domain. They have a Detection
centralised Identity and Access Management The server load coming from multiple locations is extracted and correlated

Server in Germany. The server was facing with network bandwidth data to identify the exact issue

heavy utilization despite having recommended

hardwares Correction
The geographies are defined with a scheduled synchronization along with
trust configurations

Prevention
Thus the system is utilised in an effective way to manage the user identity
and access load across the globe

Confidential @ Fihil Services Pvt Ltd www.fihil.com 14

 IHIL
Case Study : Compliance Implementation Consulting

Training
Automobile Manufacturing Company We have trained the teams for their respective roles in Business Continuity

Business Continuity Management System.

The company was looking for a consultant Framework Implementation
who can assist them in alignment towards the Alignment of the processes, Impact Assessment, Risk Prioritizations,

ISO 22301 framework. Operational Processes alignment, Implementation Roamap

Operational Guidance
Alignment of Policies and Procedures. Testing and execution of Failure
Scenarios and Reporting

Internal & External Assessment

Internal Review through independent auditor. And Certification through the
Certifying Agency

Confidential @ Fihil Services Pvt Ltd www.fihil.com 15

 IHIL
Case Study : Breach Investigation in Banking Platform

Root Cause
Unauthorised transactions The end user mobile was taken remote control by a malware application that
stole the transaction codes

Unauthorised transactions has been performed

through mobile banking. During the daily Detection
review it has been noticed that there are During the review of the user account, applications, networks, it has been

unauthorised transactions performed in a user found that user was conned to install a remote malware software. The
software created a backdoor on mobile to read and write user data on mobile
account

Correction
The user is made aware about such transactions and mobile application is
updated to stop such interception of data through encryption and other
methods
Prevention
Such frauds are prevented by creating a user awareness campaigns and
through the application protection controls

Confidential @ Fihil Services Pvt Ltd www.fihil.com 16

 IHIL
Our Approach

DOMAIN EXPERTS TECHNOLOGY EXPERTS

Our domain experts that suit your need work Expert in technology implementation and operations

very closely with your team aim to identify your pain areas and suggest a most
suitable solution

INDUSTRIAL CONSULTANTS GOVERNANCE EXPERTS

Expert opinion across the globe are

People who are expert in people management and
used to give you’re the best
process work closely with you to achieve the results
achievable result
in defined time

Confidential @ Fihil Services Pvt Ltd www.fihil.com 17

 IHIL

Our Leadership Team

Expert Team for your one stop solution

Name Experience Sector

Nikhil Firke 12 Assurance, Technology, Compliance

Kishor Mohite 25 Governance, Process, Compliance
Sameer Sawant 25 Technology, Process
Sanjay Gore 40 Governance, Process, Technology, Compliance
Vinayak N 18 Technology, Compliance
Shirish D 28 Process, Technology, Assurance
Sujit Varma 16 Technology
Shruti S 20 Financial Assurance
Shruti P 10 Training

Confidential @ Fihil Services Pvt Ltd www.fihil.com 18

 IHIL
Project Governance

Objective Project Governance

Fihil Team Client Team
Feedback and ENGAGEMENT MANAGEMENT LEAD
Corrections
DIRECTOR PROJECT MANAGER
Benchmarking
Review Meeting
ENGAGEMENT
MANAGER
Regular Review ENGAGEMENT PROJECT MANAGER
Issues and Action Plan
MANAGER TEAM LEAD
ENGAGEMENT LEAD Team Reporting and Review

Day to Day Issues ENGAGEMENT LEAD TEAM LEAD

ENGAGEMENT TEAM
Day to Day Interaction
Escalation Matrix

Escalation Level Engagement Lead Engagement Manager Engagement Director

Issue Unresolved For 1 day 3 days 5 days

Confidential @ Fihil Services Pvt Ltd www.fihil.com


ENGAGEMENT TEAM
o Day to day interaction with
process owners and
stakeholders
o Obtain understanding of
system and processes
o Extraction of data and data
analytics
o Updation of standard operating
procedures
o Cross departmental
coordination of revenue
assurance activities
o Prompt escalations for
observations and project issues
Confidential @ Fihil Services Pvt Ltd
Roles and Responsibilities
MANAGER
o Regular interaction with
onsite / offsite specialist team
o Exhaustive reviews of daily
activities and deliverables
o Time to time coordination with
process owners and
stakeholders
o Monitoring of team activities
o Reporting of daily / weekly /
monthly dashboards and
update meeting with
stakeholders
o Draft deliverable discussion
and inputs on leading practices
IHIL
DIRECTOR VALUE ADDS
o Technical inputs and quality
review of the deliverables
o Close looping of the exceptions
from a business perspective
o Monthly onsite interaction with
the team and Ooredoo
management
o Quarterly meetings and
updates to senior management
www.fihil.com
 IHIL
Our Clientele

Confidential @ Fihil Services Pvt Ltd www.fihil.com

 IHIL

Thank You
Contact Person: Nikhil Firke
Email : nikhil.firke@fihil.com || Website: www.fihil.com || Phone: +91-8169697915
Address:
Head Office: 5, Girijeet Apartment, Lane 1-C, Badhan, Pune – 411021
Mumbai Office: Samarth Ashish, Lane 3, jai Hind Colony, Dombivali (W), Thane 421202
Email : info@fihil.com || Website: www.fihil.com || Phone: +91-8169697915

Confidential @ Fihil Services Pvt Ltd www.fihil.com