Ringus | Case Studies

Case Studies

Ringus has delivered services across 14 countries with more than 50 clients.
Here are some of our featured cases.

Security Services

Security
Services

01 - ISO Consultation

02 - IT Audit & Assessment

03 - Technical Assessment

04 - Security Awareness Training

04 - Security Awareness
Training

05 - IT Consultation

06 - Regulatory Audit

07 - Total Solution

Case Study: A multinational financial institute with head office in Hong Kong, providing professional financial services worldwide

Size200+ Employees

ServiceISO 27001 Certification Consultation Services

ChallengeSet up information security management system in a MNC with over 200 employees distributed worldwide and leading client’s management to participate in the improvement cycle.

As a global financial institute, our client globally runs several real-time trading systems at any one time. Our mission is to set up our client’s security management framework and information security level, base on ISO27001 standard to reduce information security risks. At the same time, to provide our technical recommendations for our client and lead them to grant the ISO27001 certification and more importantly, an continual improvement model for their information security.

Case Study 1 : A cross boarder toy firm with head-office in Hong Kong and factory in China

Size3000+ Employees
ServiceIT Audit and Assessment with Follow-up Services

ChallengeIn recent years, with the aggressive growth of China’s economy and businesses, many are struggling to cope with oversea management and security. Our client is no other. An out-dated ERP and a handicapped HR system have cost our client direct money lose. An IT team that are too busy fixing endless users’ daily problems, managers find it almost impossible to communicate and express their business directions and objectives. Internal hacking activities with data and network security issues are present. With a continuous reminder from the news of data leakage and loss, managers have turned to our IT audit and service scheme to evaluate in both technical and business aspects.

SolutionIdentify numerous network security holes and provide technical recommendations. Evaluation of mission critical ERP on technical architectural analysis specifying potential risks and possible automation strategy. Enhance the network control and monitoring with the consolidation of IT management and policies.

ResultWith the submission of the management report of our findings, impacts, severity levels and recommendations, a meeting is held with the management team to run through each finding, some includes:
- Identification of security holes within their multi-sites setup in both network and application aspects.
- Core business ERP system running a 2-tier hierarchy, any users may delete all system data under a press of the delete button.
- Insufficient and ineffective configurations of firewall causing managers’ personal desktops and servers vulnerable to hackers.

Follow-upReduce potential security holes with an up-to-date centralized monitoring and administration system. Temporary work around method to protect data. Awareness of new options in ERP systems with pertinent professional advice. Establishment of new policies and procedures in protection of the company.

Our team thereafter, proposes a range of IT services providing a one stop solution of our client. Some of our services include:
•    Immediate handling of high severity objects to minimize risks including firewall configurations and ERP data protection.
•    In-place a centralized administration and network monitoring systems to govern and simplify IT administration.
•    Sources different options of ERP’s providing pertinent professional advice.
•    Establishment of new policies and procedures in protection of the company.

BenefitAfter the running of our IT Audit and Services Scheme, the workload is centralized and eased by the new establishment of administration and network monitoring systems. The management team has much of a better overview of IT and the current environment in both security and business growth aspects. With the establishment of policies and procedures, a clear guideline is defined and a regular communication channel between management and IT is established.

Case Study 2 : One of the market leading travel agencies in Hong Kong

Size100+ Employees

ServiceIT Audit and Technical Assessment Service

ChallengeUnder the revolutionary technologies change in the recent decade, our client is one of the many in such industry, which undergo a transformation from manual operation to machine based operation for specific repetitive tasks. The automated programs are functioning 24 hours a day, 7 days a week nonstop. With the existing infrastructure set up, transiting and hosting such huge amount of automated programme would raise both management and security issues.

To tackle any serious incidents before it happens, the IT management has turned to our IT Audit and Technical Assessment service for evaluating existing vulnerabilities and risks within the system, infrastructure and daily operations.

Result and Follow-upRSEL provided IT audit and technical assessment service towards the client’s IT infrastructure and daily operation focusing on information security. The auditing area of assessment are mainly focused on the information security aspect on:
•    IT Structure
•    IT Operation
•    System Infrastructure and Architecture
•    Network Infrastructure and Architecture.

Together with the audit assessment, a vulnerability scan assessment is also conducted towards the official webpage so as to determine if an eternal hacker can penetrate the system and network infrastructure.

Audit Report and Vulnerability Assessment Report submitted to the management includes the findings of vulnerability and risk, impact of related risk, priority of improvement and practical recommendations. With the road map and action plan included according to the seriousness of the observation found, our client could be able to include the follow up action needed in their IT year plan to tackle the corresponding risk.

ResultWith the submission of the management report of our findings, impacts, severity levels and recommendations, a meeting is held with the management team to run through each finding, some includes:
•    Identification of security holes within their multi-sites setup in both network and application aspects.
•    Core business ERP system running a 2-tier hierarchy, any users may delete all system data under a press of the delete button.
•    Insufficient and ineffective configurations of firewall causing managers’ personal desktops and servers vulnerable to hackers.

Follow-upReduce potential security holes with an up-to-date centralized monitoring and administration system. Temporary work around method to protect data. Awareness of new options in ERP systems with pertinent professional advice. Establishment of new policies and procedures in protection of the company.

Our team thereafter, proposes a range of IT services providing a one stop solution of our client. Some of our services include:
•    Immediate handling of high severity objects to minimize risks including firewall configurations and ERP data protection.
•    In-place a centralized administration and network monitoring systems to govern and simplify IT administration.
•    Sources different options of ERP’s providing pertinent professional advice.
•    Establishment of new policies and procedures in protection of the company.

BenefitAfter the running of our IT Audit and Services Scheme, the workload is centralized and eased by the new establishment of administration and network monitoring systems. The management team has much of a better overview of IT and the current environment in both security and business growth aspects. With the establishment of policies and procedures, a clear guideline is defined and a regular communication channel between management and IT is established.

Case Study 3 : A hospital providing holistic healthcare to patients in Hong Kong

Size200 staffs
ServiceIT Audit and Assessment with Follow-up Services
ChallengeWith a number of 100+ hospitals and clinics in diverse locations, the company has been struggling for many years to centrally manage the information security and to standardize the operation procedures. Due to the lack of resource, hardly can the company spot out the potential vulnerability without regular review mechanism. Therefore, Ringus engaged to perform an one-off and in-depth assessment, and pinpoint improvement areas within the information system.

After the on-site assessment, Ringus identified large amount of security vulnerabilities and operational deficiencies, in which IT Team might not have sufficient resource to fix the problem in the short run.

Case Study: A company with core business of real estate, construction, tourism, mining and financial investment which head quarter is located in Hong Kong with multiple sites in Mainland China

Size500+ Employees

ServiceVulnerability Assessment and Penetration Test

ChallengeOrganization is getting more concerns in information security as there is a significant increase in cyber security attack nowadays. However, limited review and regular technical assessment in this organization causes the system and network vulnerabilities have been accumulated throughout the years. Given with this scenario and the scale of the technical assessment which has to be conducted across different sites, our technical specialist and pentesters have to put extra effort in evaluating the security and risk level in order to define the baseline security level and controls that are being implemented in the organization. Furthermore, it is also critical to provide practical recommendation as to resolve the issues identified in this technical assessment.

SolutionOur certified OSCP, OSWP and GPEN conducted network and web application penetration test to simulate hacker’s activities as to prevent external attack. Internal vulnerabilities assessment is also performed to discover the unmanaged asset. Identify the vulnerabilities with technical tools and manual validation with risk level provided.

ResultOur security specialists have issued a penetration test and vulnerabilities assessment report on the security findings with different level of severity. Critical vulnerabilities and system deficiencies are identified such as SQL injection, missing security patches and remote code execution are identified through exploitation and privilege escalation that are putting company asset at risk. Technical recommendations and advisories are provided according to the existing industrial standard. Latest security protection methods and tools were also suggested for future improvement.

The technical assessment report including:
•    Prioritized list of vulnerabilities
•    Specific information about the vulnerabilities exploited
•    The risk level of the vulnerabilities
•    The description and evidence of the vulnerabilities
•    Potential impact
•    Technical recommendations

Follow-upAfter our assessment and in-depth analysis of the security testing, Ringus has provided a detailed report documenting each security issue with a set of security recommendations (methods and tools) and corrective action plans. Findings walkthrough session is also conducted to ensure our client understand the issues and able to implement those plans accordingly. Ringus has also provided follow-up services for the remediation works to verify that the remedial activities had been successful.

BenefitOur recommendations have provided our client with an up-to-date defense against known vulnerabilities and global hackers, allowing our client to estimate and justify the cost of equipments whenever appropriate in scaling up its security level, providing a continual improvement model. With our comprehensive report, professional recommendations and direct assistance, our client was able to get a realistic idea on the existing security level of their setup. Our work helped the client avert a potential reputational crisis and allowed the company to operate their systems in a confident and secure way.

Case Study: One of Asia’s largest listed catering groups based in Hong Kong with factories and branches in Mainland China

Size5000+ Employees
ServiceInformation Security Awareness Training

ChallengeAs a listed company, our client has put a lot of effort on training their employees to prevent security incidents such as information leakage and system hacking from happening. Therefore, our mission is to deliver practical and easy-to-understand training material to our client as to maximize the effectiveness of the Security Awareness Training. Also, to instill security awareness concept to a large group of the employees in different positions and with different levels of IT knowledge.

Case Study: An international firm that provides land planning, civil engineering and landscape architecture services

Size600+ Employees
ServiceIT Consultation Service
ChallengeMajor turnover in IT department. Room for improvement in policies, procedures and guidelines for IT governance and internal controls. Projects delayed. Highly concern on data security. Many outsourcing vendors for different IT services.

Our client has been reviewing their IT governance and has urged us to secure their company’s productivity in case of any turnovers. Our customized scope targets not only on IT policies and guidelines, we have also targeted on internal and external network monitoring, budget planning and IT project management.

SolutionIdentified network security vulnerabilities and provided technical recommendations. Evaluated and commenced internal and external controls security devices. Assess ongoing projects including Document Management System and Workflow System to provide project management’s consultation advisory, including project progress, budget, and timeframe.

ResultThrough a series of interviews and onsite visits, our audit team together with our technical specialists issued a technical report on our findings with both short-term and long-term solutions on higher priority issues, such as network security. Our client was able to imply our short term solutions as a precaution immediately.

Furthermore, acknowledging the operation and positioning of their IT department, an IT handbook was constructed containing IT policies, guidelines and standards, including:
•    IT Management Policies (including Jobs Functions and Segregation of Duties)
•    IT Security Policies
•    End User Guidelines
•    Vendor Management and Outsourcing Guidelines, etc.

Follow-upAfter our assessment and in-depth analysis of the operation procedures, Ringus provides a customized quarterly IT audit package including continuous consultations and ongoing IT assessments.

Moreover, as an independent IT consultancy, our team evaluated the costs of IT projects with the ever-changing market prices and provided a budget report evaluation.

BenefitA management report concerning all the related IT issues was produced in a way that the management of our client can easily understand the content. Then they can based on the report and make appropriate decisions to improve the situations.

On the other hand, a customized IT handbook containing policies and guidelines was established in order to help our client to achieve a result of better utilizing resources, securing data and network in compliance with IT governance.

Our client was also provided with a budget report evaluation that revealed the costs of IT project in comparison of current market prices for their management proceedings on ROI analysis.

Case Study: A financial institute in Hong Kong

Size100+ Employees
ServiceIT Audit and assessment based on Hong Kong SFC Ordinance.

ChallengeMajor turnover in IT department. Room for improvement in policies, procedures and guidelines for IT governance and internal controls. Projects delayed. Highly concern on data security. Many outsourcing vendors for different IT services.

Our client has been reviewing their IT governance and has urged us to secure their company’s productivity in case of any turnovers. Our customized scope targets not only on IT policies and guidelines, we have also targeted on internal and external network monitoring, budget planning and IT project management.

Case Study: A multinational financial institute with head office in Hong Kong, providing professional financial services worldwide

Size200+ Employees
ServiceIT Audit and Assessment
IT Security Consultation
System Development and Support Services

ChallengeMany overseas offices with different mission critical trading systems. Such systems have to be in compliance with different regulatory in different countries. Some offices without IT personnel or IT team.

To begin with, our client is a multinational finance house with over 200 employees distributed worldwide. As a global financial institute, our client globally runs over 6 different real-time trading systems at any one time. These mission critical systems run non-stop 24 hours a day and 5 days a week. Our challenge, is not only to mitigate system down time and maintain a healthy network, but also to run regular IT audit checks in compliance with different regulatory in different countries and reinforce data security. Any incidental failure may cause our client a direct money loss impact.

Our client has the head office in Hong Kong and limited resources for IT personnel for oversea branches. Our role is to centralize their IT management in Hong Kong and introduce systematic IT governance throughout to all oversea branches.

Site Map