Security Audit Services
MAP_IT is empanelled as an IT Security Audit Organization with CERT-In (Indian Computer Emergency Response Team). It is the first organization in Madhya Pradesh and 3rd Government body in the country to have the CERT-In Empanelment.
Indian Computer Emergency Response Team (CERT-In) is the Government organization under Ministry of Electronics and Information Technology and is the national nodal agency for responding to computer security incidents as and when they occur.
Why Security Testing?
Web applications and Web sites have been favorite targets of hackers because they have access to valuable information and they are relatively easy to exploit. A successful attack can result in a variety of devastating consequences including financial loss, damage to brand reputation, and loss of customer trust. Because web applications must be available 24/7 and offer data access to customers, employees, suppliers and others, they are frequently the weak link in organization security. When hackers gain access to web applications, they often have direct access to confidential back-end data on customers and the company. For this reason, testing web application security is a high priority for the organization today.
Thus the prime objective of security testing is to find out how vulnerable a system may be and to determine whether its data and resources are protected from potential intruders. With advancement of digitization in State and all most all important services being offered via online means it becomes necessary to protect applications from threats,Security testing is performed with the intention of revealing flaws in security mechanisms and finding the vulnerabilities or weaknesses of software applications
Security Audit Process
- Security Audit Request is Submitted Online by Auditee organization or Department on Security Audit Portal
- Application Assessment by COE security audit team/Management and the Organizations is informed about the Security Audit Request Status.
- The Auditee Dept. or organization reverts back with Security Audit Details & signed NDA.
- MAP_IT shares the Audit Plan with relevant stakeholders in audit and auditee organizations.
- Security Assessment is conducted by COE, MAPIT for Level 1 Testing Report.
- Concern Department is communicated for Level 1 bug fixation and identification.
- Steps 5 & 6 are repeated for Level 2 & Level 3 Testing until 100% vulnerabilities are fixed.
- On Completion of Security Audit Process,Security Certificate and Final Report is issued.
- Security Certificate is valid for One Year OR any Change in the Source Code whichever is earlier from the date of issues. In case of expiry of the certificate whole process shall be initiated again
Statistics, how many security audits are conducted till date.
Till date MAPIT has audited around 200 web applications and 125 Security Audit Certificates have been issued till date(January 2019).