Case Study 1 : A cross boarder toy firm with head-office in Hong Kong and factory in China
3000+ Employees
IT Audit and Assessment with Follow-up Services
In recent years, with the aggressive growth of China’s economy and businesses, many are struggling to cope with oversea management and security. Our client is no other. An out-dated ERP and a handicapped HR system have cost our client direct money lose. An IT team that are too busy fixing endless users’ daily problems, managers find it almost impossible to communicate and express their business directions and objectives. Internal hacking activities with data and network security issues are present. With a continuous reminder from the news of data leakage and loss, managers have turned to our IT audit and service scheme to evaluate in both technical and business aspects.
Identify numerous network security holes and provide technical recommendations. Evaluation of mission critical ERP on technical architectural analysis specifying potential risks and possible automation strategy. Enhance the network control and monitoring with the consolidation of IT management and policies.
With the submission of the management report of our findings, impacts, severity levels and recommendations, a meeting is held with the management team to run through each finding, some includes:
- Identification of security holes within their multi-sites setup in both network and application aspects.
- Core business ERP system running a 2-tier hierarchy, any users may delete all system data under a press of the delete button.
- Insufficient and ineffective configurations of firewall causing managers’ personal desktops and servers vulnerable to hackers.
Reduce potential security holes with an up-to-date centralized monitoring and administration system. Temporary work around method to protect data. Awareness of new options in ERP systems with pertinent professional advice. Establishment of new policies and procedures in protection of the company.
Our team thereafter, proposes a range of IT services providing a one stop solution of our client. Some of our services include:
• Immediate handling of high severity objects to minimize risks including firewall configurations and ERP data protection.
• In-place a centralized administration and network monitoring systems to govern and simplify IT administration.
• Sources different options of ERP’s providing pertinent professional advice.
• Establishment of new policies and procedures in protection of the company.
After the running of our IT Audit and Services Scheme, the workload is centralized and eased by the new establishment of administration and network monitoring systems. The management team has much of a better overview of IT and the current environment in both security and business growth aspects. With the establishment of policies and procedures, a clear guideline is defined and a regular communication channel between management and IT is established.
Case Study 2 : One of the market leading travel agencies in Hong Kong
100+ Employees
IT Audit and Technical Assessment Service
Under the revolutionary technologies change in the recent decade, our client is one of the many in such industry, which undergo a transformation from manual operation to machine based operation for specific repetitive tasks. The automated programs are functioning 24 hours a day, 7 days a week nonstop. With the existing infrastructure set up, transiting and hosting such huge amount of automated programme would raise both management and security issues.
To tackle any serious incidents before it happens, the IT management has turned to our IT Audit and Technical Assessment service for evaluating existing vulnerabilities and risks within the system, infrastructure and daily operations.
RSEL provided IT audit and technical assessment service towards the client’s IT infrastructure and daily operation focusing on information security. The auditing area of assessment are mainly focused on the information security aspect on:
• IT Structure
• IT Operation
• System Infrastructure and Architecture
• Network Infrastructure and Architecture.
Together with the audit assessment, a vulnerability scan assessment is also conducted towards the official webpage so as to determine if an eternal hacker can penetrate the system and network infrastructure.
Audit Report and Vulnerability Assessment Report submitted to the management includes the findings of vulnerability and risk, impact of related risk, priority of improvement and practical recommendations. With the road map and action plan included according to the seriousness of the observation found, our client could be able to include the follow up action needed in their IT year plan to tackle the corresponding risk.
With the submission of the management report of our findings, impacts, severity levels and recommendations, a meeting is held with the management team to run through each finding, some includes:
• Identification of security holes within their multi-sites setup in both network and application aspects.
• Core business ERP system running a 2-tier hierarchy, any users may delete all system data under a press of the delete button.
• Insufficient and ineffective configurations of firewall causing managers’ personal desktops and servers vulnerable to hackers.
Reduce potential security holes with an up-to-date centralized monitoring and administration system. Temporary work around method to protect data. Awareness of new options in ERP systems with pertinent professional advice. Establishment of new policies and procedures in protection of the company.
Our team thereafter, proposes a range of IT services providing a one stop solution of our client. Some of our services include:
• Immediate handling of high severity objects to minimize risks including firewall configurations and ERP data protection.
• In-place a centralized administration and network monitoring systems to govern and simplify IT administration.
• Sources different options of ERP’s providing pertinent professional advice.
• Establishment of new policies and procedures in protection of the company.
After the running of our IT Audit and Services Scheme, the workload is centralized and eased by the new establishment of administration and network monitoring systems. The management team has much of a better overview of IT and the current environment in both security and business growth aspects. With the establishment of policies and procedures, a clear guideline is defined and a regular communication channel between management and IT is established.
Case Study 3 : A hospital providing holistic healthcare to patients in Hong Kong
200 staffs
IT Audit and Assessment with Follow-up Services
With a number of 100+ hospitals and clinics in diverse locations, the company has been struggling for many years to centrally manage the information security and to standardize the operation procedures. Due to the lack of resource, hardly can the company spot out the potential vulnerability without regular review mechanism. Therefore, Ringus engaged to perform an one-off and in-depth assessment, and pinpoint improvement areas within the information system.
After the on-site assessment, Ringus identified large amount of security vulnerabilities and operational deficiencies, in which IT Team might not have sufficient resource to fix the problem in the short run.
- Identified network security vulnerabilities and provided technical recommendations
- Evaluated and commenced internal and external security controls
- Provided one-year implementation plan: Document Management System and Workflow System enhancement
- Provided project management consultation, including project progress, budget, and timeframe.
Through a series of on-site interviews, our security experts have tailor-made a one-year step-by-step implementation plan for the company to perform remediation actions, along with continuous advisory from Ringus. High-priority risk items have been addressed with appropriate corrective actions to prevent the company from security risk exposure in the short run.
In the long run, to reduce the workload of the IT Team, Ringus not only provided suggestions and alternatives for the companies to consider, but also helped integrate the Information Security Management System into the operational workflow in diverse locations.
After the assessment, Ringus has consistently updated the remediation process with the company and continually provide implementation advisory mentioned in the assessment report.
An introduction of the standardized policies and procedures has been brought to ensure appropriate security level of information handling in the daily operation.
The one-year implementation roadmap is embedded in the assessment report in a manner that our client can easily follow the remediation plan according to the severity level assigned.
Our team continues to work closely with our client, providing the best managerial and technical implementations advisory that are in line with client’s missions and visions.