Andhra Bank is in search of a consultancy firm to advise it on IT security-related issues. The bank has a comprehensive security setup, which consists of firewalls, HIPS, NIPS, vulnerability manager, SIEM solution etc. It wants to strengthen information security posture, various physical controls, technical controls and administrative level controls and the selected consultancy will be required to assess the various security products deployed and make recommendations on improving the system. At present, IBM is the vendor for implementation of security tools and maintenance of cyber SOC. The consultant will be expected to conduct audit of SOC, SOC processes, review of the implementation of the tools and systems in line with the bank’s requirements, industry best practices and RBI requirements. The consultant would also identify gaps in the implementation of CSOC along with recommendations. Besides, it will also require assistance to maintain ISO 27001 accreditation for DC, DR & DIT. The bank also wants to develop a detailed Information Security Management System (ISMS) which is focused on the on-going management of information security requirements.
