Professional Documents
Culture Documents
Final Corporate Presentation
Final Corporate Presentation
Team
TECHNOLOGY
Experts comprising of Bankers, IT Specialists,
MBAs, engineers and lawyers
Technology Advisory
Internal Audit
Internal Audit
Check and continuous improvement
framework for management
Process Reviews
Governance controls reviews for the smooth
operations and sustenance
Fraud Risk Management Process Reviews
Technology Assurance
Technology review for the management and
compliance assurance
IT Governance Controls System Audits Mobile Audit Source Code Audit Vulnerability Tests
Governance review for technology System audits for applications, and Mobile Application Security Review of the source code for security Assessment of the security posture of
including systems, networks, infrastrucute Assessment loopholes the infrastructure / systems
application
Data Center Audit Business Continuity Plan Disaster Recovery Security Operation Forensic Investigation
Data Center review for benchmarks Review of existing business continuity Disaster Recovery Readiness Center
Security Operations in compliance with Forensic Investigation for frauds
and internal controls plan Assessment industry standards
Technology Regulatory
Consulting Compliance ISO Compliances
Technology evaluation, cloud RBI, IRDA, TRAI, SEBI, SOX, ISO 27001,, ISO 22301, ISO
services, hybrid operations HIPAA Implementation and 20000-1, ISO 27701, ISO
Assurance 27018, ISO 27032, ISO 9001,
ISO
Cyber Compliance
Assistance in implementation
Process Consulting Industrial and assurance for cyber
Governance controls, Policies, Compliances compliance
Procedures, Realignment PCI DSS, PA DSS,,
Implementation Assurance
Geplis dipsam volorib vendian debist
Network Security
lignist quantium temab
Geplis dipsam volorib vendian debist
lignist quantium temab
Compliance Audit
Geplis dipsam volorib vendian debist
System Security lignist quantium temab
Geplis dipsam volorib vendian debist
lignist quantium temab
IT
Security
IDENTIFY
Cyber Security deliverables I We can help you pinpoint and identify the
necessary assets
Our team of experts can assist your
PROTECT
team to create the robust and
compliant cyber security framework P Our experts can help you to design the
appropriate level of controls around your assets
for your management and compliance
needs, DETECT
RECOVER
APPLICATION
SECURITY
Web and Standalone Application
SECURITY AUDIT & ASSURANCE
security services
SERVICES
Our team of experts having latest update on the
IOT & DEVICES SECURITY
MOBILE SECURITY applicable security for your systems can assist you for
Security of the IoT devices and
Android, iOS application and the identification of your security baseline.
systems
transaction security services
Our experts in addition to security experience carry
various certifications like CEH, CISSP, OSCP, CISA,
CIPP,
NETWORK
Our team will provide you the assistance to
SCADA SECURITY SECURITY
Geplis dipsam volorib vendian
identify your security baseline. Our experts
Robotic and Automation devices debist lignist quantium
can pinpoint the exact applicable solution
security services
instead of regular recommendations.
API SECURITY
Your API gateway security
assessment services
Our team can assist you in any of the above compliances. To demonstrate your
strength and assurance for the regulatory and non regulatory requirements.
Root Cause
SECURITY OF INFRASTRUCTURE It was found that due to non configuration of the integrity verification, the
system is susceptible to the unauthorised bypass of the system
technology,, it is given a test run for testing attack is simulated though manual tools
purpose.
Correction
The integrity checks controls are implemented which has prevented the
bypass of the system
Prevention
Through security verification of implemented system the security loophole I
s closed.
Root Cause
SECURE PAYMENT DEVICES The communication from device to backed server is not encrypted
are designed with necessary security device and backed server was intercepted, it can be easily read and modified
leading to fraudulent transactions
requirements.
Correction
Communication channel is encrypted using the strong dynamic level of
encryption
Prevention
The fraudulent modification is prevented using this security testing
Root Cause
A cryptocurrency exchange wallet The security keys and wallet transaction token ID are not linked with each
other. These IDs are not validated for the transaction purpose
Correction
The security keys and transactions are validated before transaction for
verification through user
Prevention
Thus an identity impersonation attack was prevented on the cryptocurrency
wallet.
Root Cause
Digital Identity Provider The API gateway was vulnerable to identity impersonation checks because
of lack of two-way verification prior to onboarding
transactions were performed through the API franchisee and users along with the user data at server side before
processing the identity generation service
gateway. They wanted to test the solution for
security purposes. Correction
A two-way verification for user and franchisee was implemented for end
users and franchisee operators.
Prevention
Due to early detection, the end user identity impersonation fraud is
prevented
Root Cause
Global Multilocation Setup Due to recent acquisitions and setup integrations, the systems are not
defined a coordinated synchronised schedule
Server in Germany. The server was facing with network bandwidth data to identify the exact issue
Prevention
Thus the system is utilised in an effective way to manage the user identity
and access load across the globe
Training
Automobile Manufacturing Company We have trained the teams for their respective roles in Business Continuity
Operational Guidance
Alignment of Policies and Procedures. Testing and execution of Failure
Scenarios and Reporting
Root Cause
Unauthorised transactions The end user mobile was taken remote control by a malware application that
stole the transaction codes
unauthorised transactions performed in a user found that user was conned to install a remote malware software. The
software created a backdoor on mobile to read and write user data on mobile
account
Correction
The user is made aware about such transactions and mobile application is
updated to stop such interception of data through encryption and other
methods
Prevention
Such frauds are prevented by creating a user awareness campaigns and
through the application protection controls
Our domain experts that suit your need work Expert in technology implementation and operations
very closely with your team aim to identify your pain areas and suggest a most
suitable solution
o Day to day interaction with o Regular interaction with o Technical inputs and quality
process owners and onsite / offsite specialist team review of the deliverables
stakeholders o Exhaustive reviews of daily o Close looping of the exceptions
o Obtain understanding of activities and deliverables from a business perspective
system and processes o Time to time coordination with o Monthly onsite interaction with
o Extraction of data and data process owners and the team and Ooredoo
analytics stakeholders management
o Updation of standard operating o Monitoring of team activities o Quarterly meetings and
procedures o Reporting of daily / weekly / updates to senior management
o Cross departmental monthly dashboards and
coordination of revenue update meeting with
assurance activities stakeholders
o Prompt escalations for o Draft deliverable discussion
observations and project issues and inputs on leading practices
Thank You
Contact Person: Nikhil Firke
Email : nikhil.firke@fihil.com || Website: www.fihil.com || Phone: +91-8169697915
Address:
Head Office: 5, Girijeet Apartment, Lane 1-C, Badhan, Pune – 411021
Mumbai Office: Samarth Ashish, Lane 3, jai Hind Colony, Dombivali (W), Thane 421202
Email : info@fihil.com || Website: www.fihil.com || Phone: +91-8169697915