Overview

Organizations are embracing diverse methods to reach their customers and make their experience richer.  In doing so they risk increasing exposure to cyber security threats, legal regulatory pressures and transformational risks.  

Aujas Risk Advisory practice helps by designing, deploying, and management of information security programs, including the underlying Governance, Risk and Compliance Management frameworks. 

Read More

Aujas Services

GRC Framework & Strategy
Policies, programs and frameworks development for governance risk & compliance management

read more

Organizations today must manage multiple, complex compliance requirements ranging from each country’s laws and regulations to internal contracts and standards.  To ensure IT/IS departments are able to function optimally in todays rapidly changing environment while demonstrating compliance requires a radically new approach.

We work with our clients to design security and risk management programs that combine governance processes with risk assessment and mitigation, compliance identification, control design, assessments and remediation. We also help our customers with specific framework development such as Incident Management, Security Operations Centers, Data Protection, and more.

Our approach allows our customers to select controls that are aligned to both their business risks and compliance requirements. These frameworks also allow for better compliance management and audit response as the controls can be traced back to the source compliance requirement as well as risk findings.


RSA Archer Consulting
Designing and planning for Archer implementation and integration

read more

Information security programs are all about effectively managing governance, risk and compliance. To enable organizations to effectively and efficiently manage their security programs, automating GRC management is the obvious next step. RSA Archer is a powerful market leading eGRC automation technology. As information risk management specialists, we understand the power and capability of RSA Archer and provide services that allow our clients to get the most value from the eGRC suite.

Our RSA Archer Consulting brings together our experienced, certified RSA Archer professionals, efficient delivery methodologies, a state-of-the-art delivery center, and well-defined processes. Archer consulting with Aujas specialists will provide ‘conceptualizing’ and ‘blueprinting’ your eGRC initiatives. Our consultants will work with the CISO and their team to brainstorm and determine the best way forward.  Read our Archer Consulting Solution Brief

Our enhancements team provides advanced customization capabilities around ODA (On Demand Application) development; Archer API and data feed integration with external point technologies such as HRMS, ERP, threat management systems, asset management systems, SIEM, and etc


Data Protection
Develop strategy and framework for enterprise wide data protection

read more

At Aujas, we take a comprehensive view of your organization’s critical data. We analyze and identify the risks in data ownership, creation, use, and movement, and then we factor in trends including Bring Your Own Device (BYOD), Cloud, Mobility, and more.

 

You get a comprehensive data protection strategy and framework that includes:

  • Classification policy and guidelines
  • Governance framework with roles and responsibilities
  • Technology selection and deployment strategy
  • Incident management strategy

We can also integrate your company’s existing privacy programs, allowing you to more easily safeguard both intellectual property and regulated information.  Our specialists use an innovative methodology that includes workshops and purpose-built data flow assessments to evaluate your business processes and units. This enables us to gain insights into the most critical data from key departments and then identify breach and leakage risks in the shortest possible time.  To accelerate the process further, our methodology uses game theory to capture the 20% of data that can cause 80% of the impact.

We also help deploy the designed architecture and make it operational with the rules identified during the data leakage risk assessment.  We have the expertise to deploy most of the market-leading products for structured and unstructured data such as DLP (RSA, Forcepoint, Symantec, McAfee, Websense), ERM (Microsoft, Seclore) and DAM/encryption (IBM Gardium).  Aujas’s SAVP DPS solution enables us to automate the DLRA processes and also the incident prioritization and management.


Third Party Vendor Risk Management
Create, operate vendor risk management programs and perform third party vendor risk assessments

read more

Managing vendor risks is not only a prudent strategy; it can also be a legal and regulatory requirement, depending on the country.  Most organizations use at least few vendors or service providers, and share sensitive and regulated data with them. It is absolutely essential that organizations ensure vendors and service providers secure data to same degree as done internally.

Aujas offers end-to-end vendor risk management services, from developing an effective vendor risk management program to performing third party vendor risk assessments. Our services are supported by Vendor Assure, our vendor risk management solution. We help clients:

  • Design a vendor risk management program that allows for risk-based vendor categorization based on location, volume of data shared, type of service, regulation requirements, etc.
  • Manage the program to ensure all the vendors are addressed based on their risk categorization, including self-certification management, vendor risk assessments, tracking and follow-up on risk mitigations and closure of findings.
  • Conduct third party risk assessments in accordance with your vendor risk assessment requirements.

We customize our vendor risk management program in accordance with the client’s assessment framework. We are also a SharedAssessment member, and we align closely with their AUP and SIG/SIG Lite frameworks and tools.  The team can leverage customers Third Party Vendor Risk Management tools or  leverage Aujas’ SAVP TPA solution.


Control Remediation
Assist organization design and deploy controls to remediate compliance gaps

read more

Organizations struggle with control decisions and designs as a part of their compliance initiatives or those that are derived from compliance assessment exercises. Our risk management framework services also include designing, testing, integrating, implementing and sustaining controls and technology solutions:

  • We help design and implement controls as a part of remediation exercises for standards, regulations and requirements including PCI DSS, SOX (IT GC), SSAE 16, and others.
  • Our control design work covers all security domains such as governance, risk, compliance, identity and access, data leakage, application security, vulnerability and threat management, security incident management, user awareness, etc.

We go beyond pure consulting to ensure our customers can implement the controls designs and operationalize them into their environment.


Virtual Security Office
Assist organizations in managing their security office using a unique combination of skills, projects and hybrid delivery models

read more

Managing information security must be a continuous effort and many tasks have to be performed daily, such as responding to security incidents. The information security teams must also manage the security framework; support and conduct risk assessments and audits; track risk treatment plans; and communicate with the business operations.

Many tasks are routine and can be handled by fairly experienced information security professionals. However, to adapt to the changing risk landscape, an organization needs a support eco-system that allows for ongoing guidance from subject matter experts and ensures that constant supervision is maintained to align initiatives with security practices. The Aujas Virtual Security Office (VSO) addresses this need.

Our VSO team consists of trained, certified and experienced individuals who have been involved in all aspects of information security initiatives across multiple domains and industry verticals. Our consistent service methodologies provide our team with a comprehensive, repeatable delivery framework and standardized practices that help us deliver optimum value to our clients.

VSO is flexible and can be tailored to suit both full-time and part-time requirements, and onsite and offsite delivery. Our VSO team utilizes our standardized delivery framework that consists of predefined delivery, project management and reporting templates, assessment methodologies, and frameworks.

Case Studies

Risk-Compliance-Advisory

Risk Management & Automation for a Leading US Bank

Aujas was engaged by a leading bank in US with retail as well as commercial operations for creating a risk management framework and its automation. 

Aujas started by conducting a detailed strategic planning and solution design initiative to identify quick wins and to establish the long term roadmap for managing access risk.

read more

Retail Giant Eliminates Data Leakage Threats

Our client is the world’s third largest retailer with a turnover of $115 billion (£72 billion), a presence in 12 countries with a market leader position in six. With over half a million employees, 6,600 stores, and a strong online business, this retailer is known for bringing best value, choice and service to millions of customers. The company also operates an extensive loyalty program that has operations similar to a bank.

read more

Our Methodology Provides the Insurance for an Effective DLP Implementation

Information security was a big concern for large insurance company, which had units specializing in auto, health, and property and casualty insurance. To safeguard information and meet regulatory compliance requirements, the company had implemented ISO27001:2005 controls and achieved certification for compliance.

read more

Turning a Bank’s DLP from a Liability to an Asset

Our client is a large international bank with a global network of branches, remittance centers, and ATM kiosks. Over the past three decades, the bank has expanded and now provides a full range of banking products and services to its retail and corporate customers. It also offers home financing and heavy equipment leasing services.

read more

Archer eGRC Automation for a Large Telecom Client

Today’s information security experts are wise to focus on cybercrime detection and prevention. Cyber criminals are using very sophisticated attack vectors such as advanced persistent threat (APT), zero-day attacks, and spear-phishing to compromise systems and steal data. Multiple point technologies have emerged to help organizations detect and prevent these attacks. What many companies lack, however, is a structured, cohesive and integrated program to leverage security intelligence from all tools to improve cyber defense, and prevent and manage security incidents consistently.

read more

IT Governance, Risk & Compliance Framework Implementation for a National Identity Program

A National Identity Program collects the personal information of a country’s residents and issues a unique identification number to every resident. The information authenticates citizens for benefits disbursal under various public welfare programs. The system also authenticates citizens for banks, financial services, and other consumer uses.

read more

Information Security Incident Management Framework for a Large Oil & Gas Client

Our client is the world’s third largest retailer with a turnover of $115 billion (£72 billion), a presence in 12 countries with a market leader position in six. With over half a million employees, 6,600 stores, and a strong online business, this retailer is known for bringing best value, choice and service to millions of customers. The company also operates an extensive loyalty program that has operations similar to a bank.

read more

Data Protection Program Implementation for One of the World’s Largest Banks

Privacy and data protection have recently become the prime focus for many organizations worldwide. An increasing number of data breaches have eroded customer and consumer trust, forcing countries to establish privacy and data protection rules and regulations. While organizations are moving towards implementing enterprise-wide data protection programs, the proliferation of technology, advent of new data sharing channels and dependency on cross-border data transfers have made the undertaking complex.

read more