IT Department Roadmap | National Management Olympiad Season 4
Company_Profile_Updated_17032016
1.
2. Overview
Company History
An ambitious, hard-working consulting
firm, established in 2012, we hit the ground
running with our direct approach to finding
success. We specialize in providing turnkey
solutions for Telecoms, IT and IT Security sector.
We also provide spectrum auction solutions and
consultancy. Our approach of going the extra
mile for our customers has enabled us to
develop a clientele in numerous countries.
3. What we do
Telsec is a different type of consulting service. We have some of the best
industry experts and offer unique access to specialist expertise and
analytical tools. Our consultants have over $250 million of projects under
their belt. These projects have been executed across the globe.their belt. These projects have been executed across the globe.
Our solutions are innovative and brave, while at the same time being
based on industry knowledge and key marketing strategies.
4. Vision & Values
Vision statement
To be number one in providing IT Security, Cloud Computing
and Telecom consultancy and products. We pride ourselves in
going the extra mile and providing an un-beatable customer
service.service.
Values
Integrity: Maintaining a very high level of honesty
Sky is the limit: We go extra mile for our customers
Forthright: We do what we say.
5. Growth strategy
Telsec growth strategy is developed
around building up strategic plans in line
with project requirements to deliver shortwith project requirements to deliver short
and long term solutions with optimal
productivity.
6. PRODUCTS
Sharp Eye System:
A data intelligence system build around
the technologies of Hyper Spectral
Imaging to detect targets on the
PRODUCTS
Imaging to detect targets on the
ground like oil spills, floods etc. Our
products niche is that it does not use
probabilistic analysis rather target
acquisition is done through signatures
which give much higher accuracy.
7. PRODUCTS
Crypto Phone
A system that provides end to
end security on the mobile
phone. This would disable any
adversary entity or private
The product comes with
standard encryption
algorithm (AES) but we
also provide the
functionality to our
PRODUCTS
adversary entity or private
person to eavesdrop on
communication. Crypto Phone
provides the functionality to
mobile phone users to encrypt
the conversation they have
with other mobile phone users
functionality to our
customers to use custom
algorithm for encryption.
This adds another layer of
protection which makes
the product battle ready.
8. Two of our main products
are listed in detail:
SharpEye System SharpEye System
Crypto Phone
11. SharpEye System Purpose
Border area mapping
Mapping of possible battle fields for better strategic placement of forces
Detection of nuclear fall out
Detection of key enemy installationDetection of key enemy installation
Digital Elevation Mapping
Military units detection and identification
Tanks, SAMs, aircrafts, vessels etc
Intelligence, foreign army unit mapping (count, geolocation, tracking)
Camouflage detection
13. Fully customizable software & algorithm is only one of the advantages
that we provide
•Layer as a Service (LaaS) is a way to write high quality code (same as
OUR SOLUTIONS WILL BE
SEAMLESS & SECURE
•Layer as a Service (LaaS) is a way to write high quality code (same as
XaaS).
•The philosophy gave customers the opportunity to have a scalable &
cloud aware software, making the transition seamless from the legacy
system to the new one.
14. ENGINEERING
We can provide and test new
state of the art encryption
algorithms using the
SOFTWARE
Every client is handled as a new case.
The software follows the customer
constraints & reflects the vision & needs
that are provided. Each extra authen-
PRODUCTION CAPABILITIES
algorithms using the
methodology of the Crypto-
Maker.
COMMUNICATION
Each layer in
communication model could
be guaranteed and secured
that are provided. Each extra authen-
tication technique that could be in
cooperation with the system that already
exists, could be added to make the
transition smoother.
More features could be added to the
application like Crypto-Message or even
Crypto-Answering-Machine.
15. PRODUCTSMobile Payment System:
Mobile payment system that would enable a telecom provider to provide its
customers to make payment through mobile phones. The product enables
different mobile operators to seamlessly integrate payment platforms. Our
product sits at the switch level and requires minimum integration time.
The product was developed using the industry standards for encryption and
access control.
Web Content Filtering/ Internet Censorship:
A customised system developed to ensure the censorship of internet as per
the requirements of a company or a country. The system is developed to
PRODUCTS
the requirements of a company or a country. The system is developed to
ensure compliance at the same time providing value added services like web
threat management, access management and zero hours network protection
against evolving threats.
Cloud Learning/Computing:
A portal designed for students enabling them to learn and facilitate by
getting access to world class education system. The portal enables the
students to interact with teachers, study online, get career advice etc.
This system also caters for the needs of the teachers.
16. SERVICESIT Security:
World class IT Security services are
provided to enable companies to protect
data, computer and networks. The services
include, penetration testing, Security Audit,
Security Standards etc.
Telecom:
We provide services in the area of
Spectrum Auction
We provide complete solution for Spectrum
auctions to maximize revenue by applying
the modern strategic auction approaches.
Types of Auction models
• Simultaneous Multiple Round Auction
• Sequential Outcry Auction
SERVICES
We provide services in the area of
3G/4G network plan (topology, design
and frequency re-framing), Procurement
support, Vendor RFP, tender review
(technical and commercial), tender
comparison, 3G/4G launch management,
Customer experience management (to
manage real customer perception and
experience) and Expertise support
(technical resource, Certified PM).
• Sequential Outcry Auction
• Combinatorial Clock Auction
• Menu Auctions
17. SERVICES
Cloud Computing:
Providing consultancy to customers to
SERVICES
Providing consultancy to customers to
move to the cloud to save cost. We
cover all world class providers such
as Sales force, Azure and Amazon.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33. Hascol Case Study (Highlights)
BUSINESS NEEDS:
This work describes the initial steps taken towards the development of an
Information Security Management System for HASCOL Petroleum Limited. Telsec
Corp was engaged to perform “IT Security review” on HASCOL’S IT infrastructure.
The objective of the analysis was to assess HASCOL’s network against potential loop
holes and vulnerabilities, discover weak links and provide recommendations and
guidelines to vulnerable entities discovered during the test. Complete audit of the
servers, databases and operating systems was done. Future course of action was to
be presented in order to lay down the prospective IT Security Roadmap for
HASCOL.HASCOL.
This case study presents an extensive IT Security Roadmap for HASCOL, which if
traversed vigorously, shall ensure that an efficient and effective IT Security
Infrastructure shall be erected.
CHALLENGE:
Hackers are taking an advantage of the IT departments in order to steal the
confidential information of the company and this information is exposed to the
hacker due to the poor network design and poor deployment. The HASCOL also
find the same challenge and the TELSECCORP team performed the following two
process on-site:
Penetration Testing
Audit
34. SOLUTION:
At first to solve these challenges, HASCOL decided to perform a complete penetration testing of their
network devices, databases and operating systems from TELSECCORP team. The TELSECCORP team
started penetration testing and found out a number of vulnerabilities in their system. These
vulnerabilities were of HIGH risk, MEDIUM risk and LOW risks as well. Each of this vulnerability was
properly categorized and the impact of these vulnerabilities to the company assets was calculated, and
then proper mitigation techniques were recommended according to the best practices. In the
vulnerability assessment different vulnerabilities were found:
FAILED LOGIN ATTEMPT
UNLIMITED PASSWORD LIFE TIME
MAXIMUM PASSWORD REUSE SET TO UNLIMITED
PASSWORD LOCK TIME SET TO UNLIMITED
PASSWORD GRACE TIME WAS SET TO UNLIMITED
MISSING PATCHES
GUEST ACCOUNT ENABLED WITH ACCESS PRIVILEGES
VULNERABLE VERSION OF ADOBE ACROBAT INSTALLED
VULNERABLE VERSION OF ADOBE READER INSTALLED VULNERABLE VERSION OF ADOBE READER INSTALLED
VULNERABLE ACTIVEX CONTROL DETECTED
MISSING SECURITY PATCHES FOR MS OFFICE, PUBLISHER INSTALLATION
MISSING SECURITY PATCHES FOR MS OUTLOOK INSTALLATIO
WINRAR VULNERABLE INSTALLATION
MISSING SECURITY PATCHES FOR WINDOWS SERVER OPERATING SYSTEM
VULNERABLE RUNTIME ENVIRONMENT INSTALLATION DETECTED
VULNERABLE PROGRAMMING PLATFORM INSTALLATION DETECTED
VULNERABLE BROWSER PLUG-IN INSTALLATION DETECTED
FORBID AUXILIARY PORT
SSH TIMEOUT NOT CONFIGURED
All these above vulnerabilities are combined vulnerabilities found during assessment of network devices, databases and
operating system, these all are of HIGH risk to the company and can be easily exploited by an attacker. We also found
other vulnerabilities that were not that much critical, but can be exploited in some scenarios and can be harmful.
35. CONCLUSION
This case study shows that there are many issues to consider
when performing penetration testing and audit of an
organization because if a single issue is left without treating
it then it may cause a very negative impact on the company’s
critical assets. Each and every finding was properly
documented and then treated according to the best practices
in order to fill the gaps.in order to fill the gaps.
Detailed penetration testing report was shared with
HASCOL’S management and after that complete mitigation
process was carried out. A complete audit was proposed
based on ISO 27001 so that in future such loopholes can be
identified and treated according to the world best standards.
36. Directors
Petr Marchenko, VP Research &
Development
Managers
Farzan Ullah Khan, VP Finance
Nikos Tsagkarakis, Penetration Testing Lead
Murtaza S. Miabhoy, Senior Information Murtaza S. Miabhoy, Senior Information
Security Officer
Muhammad Salem, Associate Manager HR &
Commercials
Maham Khan, Consultant
Gohar Naseem, Information Security Officer
Mudassir Abbas Jr. Information Security
Officer
Sadiq Amin, Legal & Tax Partner
Mariam Kiran, Head of EU Projects
Haziq Ahmed, Manager Marketing
Waleed Muhammad, Research Associate