Applying Thought   
About Wipro
Newsroom
Investors
Careers
  
   
Wipro Technologies Consulting IT Services Product Design Business Process Outsourcing CONTACT US
 
Ideas
 
Search
Government Home
Electronic Document Management
'Government to Employee' portal
Web Security
CRM
Data Warehousing & Business Intelligence
E-Business
ERP
E-Procurement
IT Infrastructure Security
Reusable Frameworks
SCM
Technology Infrastructure
 
Global Sourcing Lounge
 
 
 
Government
Case Study
Public Sector Experience in Software development
Application Security Audit for a Leading Insurance Company
 
 
The Customer

The client is a leading general insurer providing products in commercial, household motor fleet and aviation areas. The client is focused on utilizing information technology to service its nation wide client base in the best possible way. In order to provide desired service level to the end user and comfort level to its own employees, client has deployed and developed industry standard applications.

 
Background

Wipro reviewed the following aspects of security.

Application Security
The client's set up consists of variety of applications on different operating systems. Application types include client server & web-based applications and major operating system type includes Windows NT/2000 and OS/400 operating systems.

Following are the types of applications deployed at the client's site:

Application for image scanning purposes [Ascent Capture application]
Application for processing insurance claims [Colossus Application]
Application for project management [Aldon CMS (Change Management System)]
Lotus Notes/Domino application for GroupWare activities
Content management application [CM-400] etc

The data handled by these applications and operating systems is related to health insurance policies, property insurance policies, guarantee policies (Insurance on logical bonds like company contracts), important postal documents converted in electronic format, critical data transfer between Lotus Domino and Notes Client, etc. Thus data flow between various components is relatively critical data and needs appropriate protection in order to achieve appropriate level of security.

AS/400 Security:
The client has their major claim handling application and telemarketing application, which are customized applications on AS/400 platform. The client was interested in improving the overall security level on OS/400.

Employee Security Policy:
Employee Security Policy plays an important role in providing the guidelines on protocols to be followed when dealing with the information assets provided by the company. Hence the client was interested in forming Industry standard employee security policy.

 
Business Challenges

The client has invited Wipro technologies to do security audit on the existing applications, employee security policy & architecture and provide a comprehensive technical document as well as evaluate the existing employee security policy, deployment of applications & network architecture and recommend the future security roadmap.
 
Wipro's Solution

Wipro has provided recommendations on application security, AS/400 security and employee security policy.

Application Security:
Wipro consultants have considered client's requirement, studied the application functionality and various architectural components, considered the type of data flowing between various components and completed the audit on various components of application. Based on this information our consultants have discussed the risks and recommended the best of the breed security solutions to achieve desired level of data security.

AS/400 Security:
In order to improve the overall security level on AS/400 systems hosting applications like claim handling applications and telemarketing applications, our consultants have provided the guideline and project plan for upgrading the security level from Level 30 to Level 40.

Employee Security Policy:
Wipro consultants have created a standard employee security policy by considering client's requirements through a set of discussions with the client and followed various international standards like security policy guidelines from SANS and other sources. The employee security policy document includes policies for
Physical security policy
Computers/systems security policy
Electronic mail and Internet usage policy
Virus/ Network worm protection policy
Information classification policy
And Incident handling policy
 
Benefits
The client has got the following benefits out of this audit exercise.
Enhancement in security level for business critical applications.
Improvement in AS/400 security level.
Evaluation and Standardization of Employee Security Policy.
 
  Send us an email
 Request proposal for services
 Subscribe to our monthly newsletter
  CASE STUDIES
Designing and managing a Secure Internet Community portal
Implementing an Intrusion Detection System for a global IT Services company
MPLS-IPSEC Based VPN solution for an Application Service Provider
Secure solution for remote access and web access
  More case studies

 
Contact us Terms of use Privacy Sitemap