In India, NTT DATA blazes a trail in cybersecurity advisory and assessment services

A prominent stock exchange in India faced a daunting cybersecurity challenge: to protect more than 350 web applications, a complex network infrastructure and over 1,500 application programming interfaces, which facilitated a high volume of financial transactions, they needed to conduct a thorough penetration test to proactively identify and address vulnerabilities.

They chose NTT DATA as their cybersecurity partner based on our consulting expertise, skill set and proprietary security-assessment tools.

We assessed their security posture in detail to identify vulnerabilities and presented our findings along with our recommendations on how to address these vulnerabilities most efficiently. Armed with such valuable and actionable insights, the stock exchange could fortify its defenses without any business disruptions.

Now, NTT DATA’s cybersecurity expertise has received an additional vote of confidence. We have been accredited by the Indian Computer Emergency Response Team (CERT-In) as an empaneled information-security auditing organization.

• ALSO READ → Strengthen your cyber resilience with Managed XDR from NTT DATA

What is CERT-In empanelment?

Empanelment is the procedure by which CERT-In — the national agency responsible for responding to cybersecurity incidents — grants service providers permission to conduct information-security assessment and audits to check whether an organization follows a set of cybersecurity standards and best practices. 

CERT-In empanelment means a service provider offers a high level of expertise in cybersecurity auditing and assessment. Their assessments are aligned with the latest threat intelligence and best practices, and you can rely on the accuracy and thoroughness of their audit reports.

Among the organizations in India that stand to benefit from working with a CERT-In–empaneled service provider like NTT DATA are:

• Companies in the closely regulated banking, financial services and insurance industries (the Reserve Bank of India and other financial regulators often recommend using qualified and experienced assessors, including CERT-In–empaneled entities)
• Suppliers of software, hardware or related services to the Indian government
• Organizations that use the government’s National Informatics Centre to host online applications or websites
• Companies that have to adhere to the security standards and regulations set by the Unique Identification Authority of India (UIDAI) for using their biometric and demographic data
• Government agencies and departments, which are increasingly prioritizing using CERT-In–empaneled companies to comply with government directives

What is a security assessment and why is it important?

A security assessment is a thorough review of your organization’s information-security controls and practices. It typically involves analyzing and evaluating the security policies, procedures and controls you have in place to spot vulnerabilities, and recommending remediation measures based on the outcomes of the analysis.

It’s a critical part of a robust cybersecurity strategy for the following reasons:

Compliance

Many regulations and industry standards — for example, ISO/IEC 27001:2022 (the broad standard for managing information security) and the Payment Card Industry Data Security Standard, commonly known as PCI DSS (the more specific standard for protecting payment card data) — require regular security assessments.

Managing risk appetite

Security assessments uncover weaknesses in your organization’s security posture, including outdated software, misconfigurations and inadequate access controls. These assessments allow you to manage risk either by investing in risk controls or by accepting risks based on the risk tolerance of your organization. Managing your risk appetite helps you to make informed business decisions regarding cyberthreats.

An enhanced security posture

Assessments provide valuable insights into your organization’s overall security health — insights you can use to strengthen your defenses. This includes preparing for and responding to cybersecurity incidents by identifying and documenting critical systems and data.

Establishing trust

Conducting regular assessments builds trust among stakeholders (such as customers, partners and regulatory bodies) because it shows your organization’s commitment to robust security practices.

• ALSO READ → Swiping right on banks: the quest for digital excellence in financial services

How we fortify your cybersecurity

When you work with NTT DATA to conduct regular security assessments in your organization, we draw on our worldwide expertise to help you develop and implement robust incident-response plans, including procedures for containment, eradication and recovery.

We use our own global consulting tool, the Cybersecurity Maturity Assessments Platform (CMAP), to perform gap analysis and deliver security advisory and assessment services benchmarked against best practices and global standards like ISO/IEC 27001:2022 and the frameworks set by the National Institute of Standards and Technology. This involves using advanced technologies such as intrusion-detection systems, security information and event management (SIEM) solutions and threat intelligence to proactively identify and respond to threats as we monitor your security infrastructure around the clock.

Alongside our cybersecurity consulting services, managed security services and digital forensics and incident-response services, we also provide comprehensive security-awareness training to keep your employees up to date with the latest cyberthreats.

If this sounds like the solution to your organization’s cybersecurity challenges, get in touch and let us help.