Security Risk Assessment

In today's business environment information is prolific and at the same time critical. Understanding the threat posed by people, processes, and technology that interact with sensitive information is vital for any information security program. Using strong IT governance as a backbone to ensure alignment with business strategies, eCube drives excellence through the IT infrastructure and into the supporting applications and data analytics. We also facilitate the selection of software, manage implementation, implement configurable controls and implement governance, risk and compliance (GRC) software applications. Our Risk Assessment helps ensure the suitability and robustness of the security controls required within the organization, allowing the organization to make informed risk management decisions. Since information ultimately drives security requirements for processes and assets, our risk management services not only help organizations understand the real risks to technology assets, but also the level of control necessary to reduce risk. Some of the services provided by eCube in the IT Risk Assessment category include:

• Control Policy and Procedures Development / Implementation
• Information Security Reviews
• Continuous Monitoring Framework /Tools
• Business Continuity Planning / Disaster Recovery
• Risk Framework Development
• Project Governance / SDLC evaluation
• IT Security Governance

Internal Audits

The definition of Internal Audit according to Institute of Internal Auditors (2009) is "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes." Whether you are looking to speed up the establishment of an Internal Audit function utilizing best practices or bolster an existing Internal Audit capability, eCube's highly experienced professionals can provide you with a practical solution that helps elevate your internal audit's strategic profile. Our auditors utilize a risk-based approach to help clients improve performance and operating efficiency. Common audit services may include preparing annual enterprise risk assessments; planning, scheduling, performing and reporting audit results; and presenting findings to Executive Management and Audit Committees. If necessary eCube's auditors will also represent your company with external auditors and work with the external auditors to ensure value add. The different modes under which we provide Internal Audit services include:

• Advisory
• Co-sourced
• Outsourced
• Internal Controls Audit

Regulatory Compliance

AML, GLBA, HIPAA, PCI, SOX. and the alphabet goes on. Don't think this affects IT, think again. As businesses differentiate themselves or become more efficient at utilizing IT, they find that aligning the IT strategy with the business strategy is critical in an era where IT can be a key competitive advantage. eCube can assist management in its endeavor to ensure that all IT risks from a regulatory standpoint have been identified, monitored and reported to senior management in a cost efficient manner.

Owing to several recent corporate and accounting scandals, the pressure from Federal Regulators looms large in all industries. Regulatory issues can be complex, confusing and time consuming. Non-compliance is not an option anymore, which makes this issue an overwhelming task for anyone. eCube has vast experience and expertise in dealing with regulations, the regulatory process, as well as regulators themselves. Some of the regulations that we can help your organization comply with by identifying gaps and correcting IT internal control flaws are:

1. Anti-Money Laundering / Bank Secrecy Act (AML / BSA)
2. Gramm-Leach-Bliley Act (GLBA)
3. Fair and Accurate Credit Transactions Act (FACTA)
4. Sarbanes-Oxley Act (SOX) and more

Our specific services include:

• Regulatory compliance project planning and management
• Documentation, evaluation, testing and remediation of risks and controls
• Improvement of internal controls and the quality of critical upstream business processes affecting financial reporting
• Automated tools implementation and support

Mergers and Acquisitions Due Diligence

When people talk about acquiring another firm, the term "due diligence" comes up sooner or later. Usually, legal definitions of due diligence say something such as:

Due diligence is a measure of prudence, activity or assiduity, as is properly to be expected from, and ordinarily exercised by, a reasonable and prudent person under the particular circumstances. It is not measured by any absolute standard but, nonetheless, depends on the relative facts of the special case.

In plain language, this definition means that due diligence helps in making sure that the acquirer of the goods gets what he/she paid for. Nonetheless, before information security can protect the new entity it has to understand the component parts. Hence, including information security and legal compliance issues in the due diligence process can give the new enterprise a head start. An information security and compliance survey of combined assets is required as a first step in devising security for the joined organizations. eCube's Mergers and Acquisitions (M&A) consultants partner with you in a M&A situation to manage due diligence prior to the merger, as well as integration once a merger has been agreed upon. eCube utilizes a set of Security metrics to help identify impediments to a potential merger due to differences in information systems, configurations and processes. Generally, information security and risk management require measurable security. Measurable security can be grouped into the following main areas:

• Threat
• Vulnerability
• Configuration management
• Asset management

Strategic Consulting

eCube's seasoned experts not only provide audit and regulatory compliance services but also IT advisory and performance improvement consulting services in order to help organizations achieve the best strategic business value from their existing IT investments. Our engagements are designed to help IT managers and executives improve performance, handle risk, trim down costs and exert more effective and efficient controls over the IT organization. The consulting is customized based on the size and strength of your individual IT department. Some of the services provided by our professionals in this arena include:

• Application Strategy and Planning
• Technology Assessments
• Business Process Assessments and Improvements
• Strategic planning
• Process, Procedures, People and Technology Assessments
• Cost Benefit Analysis and more

Trend Analysis

eCube's Enterprise Information Management professionals help management improve access to and the reliability of information for decision-making. Today companies are operating in a business environment that has become more complex and risky due to the blending of a global economy, sophisticated automation and a mounting assortment of regulatory requirements. In this context, it is very crucial than ever for senior management to have access to the right information immediately. Our Enterprise Information Management consultants understand that an organization's data is essential to its success. We help clients improve their entire information life cycle, including strategy, management and reporting, so decision-makers have the right information at the right time. eCube partners with several Data Analytics partner to bring you the best in Information Security Data analysis including:

• Defining security log thresholds
• Setting up of executive dashboards
• Defining reporting methodology and frequency
• Establish Analysis and Financial thresholds which aids the Audit / Compliance process
• Aiding in putting together infrastructure that would allow reports to be used for audit/compliance purposes as every regulation has specific requirements on how to produce, store and distribute reports and alerts
• Creating a more comprehensive compliance dashboard which would incorporate data from non-infrastructure components like custom programming and integration interfaces