Sisa Information Security Private Limited

Digital forensics is the method of covering the investigation and recovery of things that are found in digital devices to identify and recover any criminal or hacking activity. Digital forensics and incident response are two of the most crucial domains of information security, given that there have been an astounding number of testified violations in the last few years.

Any organziation today must have the capability to quickly and efficiently respond to cyber-attacks. However, looking at historical data it turns out that most companies do not have skilled IT staff who can efficiently handle security breaches. Effective tackling of such incidents needs special training in several highly technical fields including file systems, host attack vectors, operating system designs and intelligence of possible networks.

In the current scenario, there is a crucial need for every company to have a policy set for incident response in case there is a breach of data in the company.

We have strong expertise in Digital Forensics and Incident Response.We are an approved PFI (PCI Forensic Investigator) and also a CERT Empanelled company.Our team of forensic experts can help you investigate and manage any incident related to breach of information security.

We cover a wide range of services within forensics:

• SISA Forensics AIR:SISA forensics AIR is designed specially to concentrate on Incident response. The business steadiness phase at SISA helps our clients to restore and recover the delicate system securely at their company.  This also fulfils the purpose of minimizing the downtime.
• Malware Forensics: At SISA, our forensics team reverse engineer the recognised malware. This helps them understand the working of the malware, and they are able to enumerate the risk associated with the identified malware infection.
• Data Recovery: At SISA, we use world class tools and technologies for data recovery. Our methodologies help recover lost and deleted data and files very quickly.
• Advanced Forensics Infrastructure:We have the edge over our competitors because of our technology infrastructure and cutting edge tools. This is the reason behind our efficient forensic analysis. The cutting edge tools and technology infrastructure combined with our security know-how and proficiency, we deliver the best-in-class forensics analysis to our customers.
• Research and Innovation: We have an active research and innovation team who work in the field of Digital Forensics.
• Forensic Advisory:Consulting the organization for making policies & procedures to investigate fraudulent activities, and secure assets includeExpertise Analysis on the evidence discovered post fraud.
• Electronic Litigation and Expert Witness:  The SISA Forensics team provides expert witness service in order to support legal proceedings. We work closely with law enforcement authorities and follow the best legal practices.
• Confidentiality: Keeping up with the privacy standards of our clients is our primary concern. Safeguarding the confidentiality of customer data is in SISA’s DNA. We take extra caution to keep our clients’ data confidential by guaranteeing confidentiality in our forensic projects.

We offer personalized services to meet our customers’ requirements. From legal proceedings support to data recovery and protection, at SISA we offer very efficient forensic evaluation and support.

Application Penetration Testing is the methodology of assessing the security position of an application infrastructure by simulating malicious user behaviour. Vulnerabilities in a application can result in leaking of intellectual property data, client data and other crucial intellectual and financial data. Application penetration testing identifies exploitable susceptibilities in software and applications before any hacker discovers and exploits them.

This kind of evaluation is an attack simulation performed by highly skilled and proficient security team in order to:

• Find the application security flaws present in the settings
• Comprehend the level of risk for your company
• Help in addressing and fixing the identified flaws in applications

SISA’s application penetration testing reveals vulnerabilities that allow unauthorized access to critical and sensitive data. With the help of its proprietary testing methods, internationally trained security services team and hi-tech application penetration testing laboratories (TSS labs), SISA helps its clients avoid a breach of data.

Our Technical Security Services provide high-quality support and services. By classifying, assessing and ranking remediation to diminish the risks, SISA empowers organizations all over the world to protect them against cyber hackers and fraudsters. SISA has offered its expertise and solutions to banking and financial entities, E-commerce companies, government entities, technology services providers, and other companies across domains. Our expertise in application penetration testing helps secure our clients’ application infrastructure.

Because of our advanced penetration tests, our clients will be able to view their applications through the perspective of a hacker and also a skilled developer.  We help you identify the key areas which you can improve upon to maintain your security position. Our skilled consultants yield answers and results in written reports. They also provide our clients with guidance which is essential to effectively remediate any problems that are found during the tests.

SISA’s application penetration testing services follow a risk-based and all-inclusive approach to classify the crucial application-centric vulnerabilities and susceptibilities that are present in all the in-scope applications.

Our Testing procedure includes following steps:

1. Requirement Analysis
2. Threat Identification
3. Vulnerability Evaluation
4. Exploitation
5. Post-Exploitation
6. Reporting

SISA follows this industry-standard approach to come up with a comprehensive methodology which takes care of all the industry best security standards.

SISA uses many commercial tools to perform a thorough real-world evaluation. Besides these commercial tools, we also use many tools that hackers utilize for every evaluation. Several internally developed tools are used too. Our main objective is to evaluate systems by replicating a real-world data breach. To perform this task, we utilize the tools we have at our service.

SISA is a global leader in security and assessments. We are authorized assessor for various security standards and are accredited as a PCI QSA, PA QSA, PCI ASV, P2PE-QSA, PFI and VISA Approved PCI PIN Security Assessor, allowing all to combine and leverage our experience in this domain. Here are some key features that help us stand out from competition:

EI3PA or Experian’s Independent 3rd Party Assessment is an annual assessment of a Third Party’s ability to protect the data provided by Experian, as it deals with sensitive consumer information involving credit history. Experian and its Third Parties are at huge risk if the consumer information is compromised. Hence, this assessment is designed to monitor and assess those systems and third parties that receive, transmit or store Experian data.

Created in 2009, EI3PA follows the latest data security guidelines of the industry, using PCI Data Security Standards (PCI DSS) as reference. While the PCI DSS defines the controls that should be there to safeguard card holder data, EI3PA aims to secure credit history information.

If your company is involved in storing or disseminating sensitive credit information, which is accessed via Experian, your systems are subjected to detailed assessment. EI3PA occurs annually and helps to increase the credibility of the third party processors.

EI3PA is of significance to any 3^rd party providers/resellers dealing with Experian’s credit data. Since Experian provides valuable data to lots of resellers, they have taken significant steps to maintain the quality and security of data transmission.  The magnitude of the protection offered by a reseller is analyzed and it determines the future of their partnership with Experian.

PCI-DSS deals with the protection of cardholder data, whereas, Experian only deals with the information they provide in this compliance. The reporting requirements of the merchants are analyzed and approved solely by Experian. The issuer of the card or the issuing bank has no control over this matter.

Experian has a simple policy and they qualify only those vendors for EI3PA, who have already performed PCI assessments. A double-layered security check happens here so that customers are more protected than ever. Only authorized Qualified Security Assessors (QSA’s) such as SISA, are required to carry out the process of assessment.

SISA is one of the pioneers in the space and has extensive experience helping companies across the globe with various compliances, including EI3PA. Much like the audits of PCI DSS, we help you meet the 12 requirements of EI3PA. We work with you to ensure that you are capable of safeguarding important credit history information and if there are any vulnerabilities, our assessment helps you in discovering them. SISA has helped a number of reputed organizations get this assessment done easily, given our expertise and familiarity with the audit requirements. Our QSAs assist you in this complex process and helps you in managing the requirements easily. We provide effective methodologies and offer helpful advice, which saves time and brings results quickly.

There are numerous reasons to choose SISA for the extremely crucial EI3PA Compliance.

• Deadlines hold tremendous importance here and we understand that very well.  We are focused on offering you professional help. We will help you get the compliance certification on time.
• We offer you a comprehensive solution that is powered by the latest tools and most effective processes. This helps you secure the sensitive data in the most efficient way.
• SISA has the most talented and efficient assessors, who are meticulous and professional. Our team is accessible round-the-clock, working with you as partners, helping you meet your compliance goals.
• We help you reduce costs significantly and improve the security standards. We analyze the various workflows and associated data paths to make efficient solutions. This helps to improve the data environment and omit unnecessary steps.

With the increasing reach of online transactions throughout the world today, possibilities are opening up for hackers, who are perpetually working towards penetrating the security measures taken by a company to secure its assets and that of its customers.

To ensure the safety of people from such serious and persistent threats, strict measures should be taken. Hence, it becomes the responsibility of the leaders and managers of the company to comprehend their current standing, identify the exposure points and manage any such security risks so as to protect themselves from harm.

A risk assessment is a formal process used by organizations to identify threats and vulnerabilities that could negatively impact the security of data.

Breach Risk Assessment on the other hand is proactive risk assessment rather a self-check activity performed considering breaches happened in similar industry in the past. In this activity we take knowledge from our payment forensic learnings and build risk scenarios based on the past breaches. The intention behind Breach Risk Scenario is to take a proactive step towards analyzing and protecting organization.

SISA has been the part of this process, right from its inception. SISA’s CEO proposed the topic of risk assessment in PCI Council SIG, and he was also the lead contributor at the SIG. We were the pioneers in launching PCI Risk Assessment tool which helped more than a hundred organizations worldwide to decrease their Risk Assessment effort and time by automating PCI risk management procedure. We also get to learn many threats and risk scenarios from our Payment Forensic investigations hence we have a vast knowledge and deep understanding of the business risks associated with a payment data environment.

Most times we ask this question, what if the breach incident has happened in our environment? Could we have stopped it from happening or are we as vulnerable as the breached organization.

SISA breach risk Assessment helps in giving a more scientific and thorough answer to this question. Using formal risk assessment methodologies and proprietary tools we are able to provide an independent breach risk assessment report to management.

And that is where SISA comes into the picture. We relieve you of the worries and troubles regarding the vulnerability management and security services so that you can pull all your focus towards the core objective of your business. Talk to us today!

The PA DSS is the standard by Payment Application Data Security Council (PCI SSC), for makers/developers and integrators of payment applications that use credit card information for payment authorization and settlement. To require PA DSS compliance these applications must be sold, distributed or licensed to third parties.

In other words, if you create your own payment application for use in your own organization, you require only PCI DSS compliance. However, if yousell, distribute or license these applications (off-the-shelf solutions) to different customers, then the application must meet the PA DSS compliance.

To achieve PA DSS compliance, a software provider must have the corresponding application audited by a PA DSS qualified security assessor.

• SISA is the pioneer at payments security space with the presence in more than 35 countries and we host services for wide range of 2,000+ customers on a global scale
• We are not just a Qualified Security Assessor (QSA), but are also an authorized assessor for various payments standards and are listed as a PCI QSA, PA QSA, PCI ASV, P2PE-QSA, PFI and VISA Approved PCI PIN Security Assessor, enabling us to offer a single window for all your compliance solutions.
• Our technical team includes the best of industry professionals who work within a plethora of services targeted towards vulnerability assessment and penetration testing. We also provide round the clock monitoring of the technology infrastructure for finding any loopholes and other vulnerabilities during Vulnerability Assessments.

PA DSS compliance requires you to follow a set of guidelines to ensure the security of account data. For example, you must not retain full magnetic stripe, card validation code or value, or PIN block data, you must have secure password features, you must have detailed activity logs, have additional security for wireless transmissions, use secure remote access applications, use data encryption and so on. In addition, you must test applications on a regular basis for identifying threats and vulnerabilities, and also maintain detailed documentation for all your stakeholders.

SISA will help you implement the best practices and processes, educate you on how to implement applications in a PA DSS compliant manner, create detailed documentation, and will support you with the compliance process end-to-end. If done properly, PA DSS compliance can result in saving of huge amount of money that can potentially be lost in online theft, and reputational loss for your business.

SISA comes fully equipped with an advanced set of features that are dedicated towards high quality PA DSS compliance services. These are primarily observed in the following detailed below:

• We maintain a detailed agenda for the PA DSS audit system.
• We conduct a rigorous payment application testing services so that every compliance requirement for your application is met.
• We are the pioneers of performing detailed assessments on the payment application keeping in mind the total compliance with the security assessment procedures and the PA QSA validation requirements respectively.
• We also provide in-depth consultation solutions to the developers on the PA DSS compliance requirements.
• SISA also provides detailed documentation within the report on validation (ROV) to demonstrate the compliance of the payment application with the established PA DSS standards.
• SISA will also submit the PA DSS compliance report on validation (ROV) to the PCI SSC for listing purposes based on its eligibility criteria.

Vulnerability assessment is the process of identifying and quantifying security vulnerabilities in an environment. It is an in-depth evaluation of your information security posture, indicating weaknesses as well as providing the appropriate mitigation procedures required to either eliminate those weaknesses or reduce them to an acceptable level of risk.Vulnerability Assessment identifies any flaw in your internal or external system. If these flaws are exposed to outside threats, it may lead to an attack from any unauthorized party. This situation may lead to loss of important data, system closures and attack on devices.

Sensitive data is always prone to security threats and infringement, which makes taking strict steps to prevent the security breach importantspecifically for the companies relying on internet based data transmission.

SISA is an authorized Qualified Security Assessor (QSA) by PCI SSC that provides security and Vulnerability Assessment solutions that are multi-faceted and highly effective for application security and change management. SISA’s vulnerability solutions are swift, secure and stable as they work in congruence with SISA Cloud Testing norms, SISA SecureScan®. The VA solutions provided by SISA are known for their non-intrusive and comprehensive nature in ASV scans.

SISA SecureScan® works as a remedy for organizations world overin identifying IT system security threats and breachesand meets requirement 11.2.2 of PCI DSS. Not only does it offer prioritized remediation plans facilitating the customer to reduce identified vulnerabilities and to help attain full PCI compliance, but it also employs Artificial Intelligence (AI) to combine and strengthen individual parts to eventually fuse them with other components to create a secure information database.

SecureScan works by running checks on a given computer, testing to see if any of these attacks could be used to break into the computer or otherwise harm it. It raises an alert if it discovers any vulnerability that malicious hackers could use to gain access to any computer you have connected to a network.

From automated solution to detect vulnerabilities in your system, to helping you with your complete security strategy and comprehensive security solution, SISA offers you expertise and services across the spectrum.

SISA evaluates the security vulnerabilities of internet dependent devices and gives solutions to successfully solve these problems.SISA’s vulnerability assessment as a service is highly competent in providing a higher magnitude of protection to the valuable data shared with various resellers. Employment of AI and VA techniques helps to meet client requirements where data is analyzed and approved for its integrity. Added benefits of working with SISA are:

• The core value that SISA works on is the important adherence to the deadlines. Our entire focus is specifically streamlined to provide you professional help in obtaining your compliance certification for you.
• Our solutions are powered by the latest tools to help you secure your data in the most efficient way.
• At SISA we provide you with the most meticulous assessors that partner with you to achieve your compliance goals.
• We help you reduce costs significantly and improve the security standards. We analyze the various workflows and associated data paths to make efficient solutions. This helps to improve the data environment and omit unnecessary steps.