Inspace offers various IT services and provides applications for business needs and growth through specially designed IT audit and infrastructure services that helps the client explore the power of technology.

1. INSPACE TECHNOLOGIES
IT audit(informationtechnologyaudit)
An IT audit is the examination and evaluation of an organization's information
technology infrastructure, policies and operations.
Information technology audits determine whether IT controls protect corporate
assets, ensure data integrity and are aligned with the business's overall goals.
IT auditors examine not only physical security controls, but also overall
business and financial controls that involve information technology systems.
Because operations at modern companies are increasingly computerized, IT
audits are used to
ensure information-
related controls and
processes are working
properly. The primary
objectives of an IT
audit include.
Evaluate
the systems and
processes in place that
secure company data.
Determine risks to a company's information assets, and help identify methods to
minimize those risks.
Ensure information management processes are in compliance with IT-specific
laws, policies and standards.
Determine inefficiencies in IT systems and associated management.

2. IT Infrastructure
IT infrastructure refers to the composite hardware, software, network resources
and services required for the existence, operation and management of an
enterprise IT environment. It allows an organization to deliver IT solutions and
services to its employees, partners and/or customers and is usually internal to an
organization and deployed within owned facilities.
Techopedia explains IT Infrastructure
IT infrastructure consists of all components that somehow play a role in overall
IT and IT-enabled operations. It can be used for internal business operations or
developing customer IT or business solutions.
Typically, a standard IT
infrastructure consists of the
following components:
Hardware: Servers, computers,
data centers, switches, hubs and
routers, and other equipment
Software: Enterprise resource
planning (ERP), customer
relationship management (CRM),
productivity applications and
more
Network: Network enablement,
internet connectivity, firewall and security
Meat ware: Human users, suchas network administrators (NA), developers,
designers and end users with access to any IT appliance or service are also part
of an IT infrastructure, specifically with the advent of user-centric IT service
development.

3. Network Auditing
Network auditing is a must for any organization. Networks are dynamic
entities; they grow, shrink, change and divide themselves continuously.
Network administrators cannot even assume this process is entirely under their
control. Users add devices and sometimes even new hardware to the network
infrastructure. Even worse, it is not the first time a user would install software
they need without informing the administrator. These activities can have drastic
repercussions on network security. To solve this, an administrator needs to
perform regular network auditing and monitor any changes to the preset
baseline.
Network auditing is a process
in which your network is
mapped both in terms of
software and hardware. The
process canbe daunting if
done manually, but luckily
some tools can help automate
a large part of the process.
The administrator needs to
know what machines and
devices are connected to the
network. He should also know what operating systems are running and to what
service pack/patchlevel. Another point on the checklist should be what user
accounts and groups are on each machine as well as what shares are available
and to whom. A good network audit will also include what hardware makes up
each machine, what policies affect that machine and whether it is a physical or a
virtual machine. The more detailed
the specification the better.
Once the machines running on our
network are mapped, the
administrator should then move to
audit what software is running on
each of the machines. This can be
done manually, through an
application, or simply asking each
machine owner to run a script that

4. would automatically catalogue applications and send the administrator an email
with a report of the software installed. After the software inventory is done, the
process canthen catalogue the services which are installed, which are running
and which are stopped. Theaudit for the machines can be finalized by noting
which ports each machine listens on
and what software is actually running
at the time of the audit.
Once the administrator concludes
auditing the computers on the network,
s/he can move on to cataloguing the
devices. These can include printers,
fax machines, routers, access points,
network storage and any other device
that has connectivity with the network.
Once this is done, the network audit
would be complete, but the data will
now need to be analyzed. Is any machine running unauthorized software or
hardware? Is any machine lacking necessary patches? After these and other
relevant questions to each specific network are addressed and machines that
weren’t up to standard are brought in line, the administrator now has an
effective security/inventory baseline for all machines on the network.
ERP Software Consulting Implementation Project Management
Inspace ERP & software orIT consulting and IPM service is a full-fledged
hand holding program which encompassesthe following:
Identifying the Product/vendor based on business need/budget
Creating a roadmap for implementation
Create a Project Management Office Team (PMO) to implement as per roadmap
Facilitate and train the users on the adoption of new technology through Change
Management process

5. What is ERP Consulting ?
Inspace selects a few ERP products and
solutions that are available in the market,
suitable for the clients business needs and
evaluate them to be used by the client,
based on the technological environment.
Process
The IT infrastructure is studied and the
business process oftheclient is understood
before implementation. Requirements are
analysed and documented. The project scopeis defined. Then different products
and solutions are analysed meticulously and the process for the chosen products
goes through several steps before implementation. The basic functionality of the
product and the technology on which the product is based are considered.
The vendor who supplies the product/solution is minutely scanned and checked
for efficiency and reliability of productdelivery. The prices of different products
and solutions are also examined in great detail and the best deal is obtained for
the clients for implementation.
Technology Audit
What is Technology Audit?
Technology Audit which is an auditing service
done to understand the present technology
utilization level of an organization. This is very
similar to an Accounting Audit that is conducted
in almost every company. It provides a
benchmark for, where the business is now, in
terms of technology. The audit can help identify
strengths and weaknesses. It's really a snapshot
of the organization's technology infrastructure. The evaluation of the collected
evidence determines if the information technology is operating effectively and
efficiently to achieve the organization's business goals or objectives.

6. Why we need to do Technology Audit?
The Technology Audit for organizations from any domain is a MUST to ensure
optimum performance in the day to day operations and decision making. It helps
the organization to understand and
utilize technology MORE
EFFECTIVELY. The success of
this Audit is that it does not
recommend investing more; rather
it helps to get more out of existing
technology investments.
Our Technology Audit includes
various components and addresses
the critical and major pain points of
different IT areas as detailed
below:
Power Infrastructure Audit
 Sudden power failure of UPS
 Over-utilisation and under-
utilisation of UPS capacity
 UPS power cabling issues
 Battery backup for the load
applied
 Climate controlmeasures taken
up for the UPS and Battery
placement
 Fire Hazards that posea potential threat to the environment.

7. Audit Recommendations
 Safe and Climate
controlled placement of
UPS & Batteries
 Overloading or Under
loading of UPS
 Possible resolution of
UPS issues
Network Infrastructure Audit
 Network speed drops
 Sudden connectivity failure with
devices
 Wireless signal strength issues
 Network architecture and design
 Cable routing and type of cables
being utilised
 Active and passive network
components
Audit Recommendations:
 Network architecture &design as per bestpractices
 Cabling standards and routing
 Network equipment safe placement & environment
 Active & Passive (wired & wireless) components maintenance
 High-availability setup for minimal downtime
 Possible resolution of network performance issues

8. Internet/Intranet Connectivity Audit
 Internet connectivity speed drops
 Failover and load-balancing setup
 Bandwidth utilisation
 Unauthorised usage of internet services
 Content filtering to avoid certain categories of websites
 Firewall setup (policies for
allowing/disallowing the users access to
websites)
 Email services (unauthorised sending of
emails, blocking of attachments,
controlling size or type of attachments).
Audit Recommendations:
 Internet bandwidth usage & requirements
 Restriction of Unauthorised bandwidth
usage
 Load balancing& failover configuration
 Email filtering for data monitoring
 Firewall policies for optimal security
Server, Storage & Backup Infrastructure Audit
 Increased downtime of servers,
 Recovery from crash (both physical and
virtual),
 Storage space management,
 Operating system compatibility issues,
 Automated backup and restoration of the
backed-up data
 Performance of server, storage and backup
equipment for optimum operations
Audit Recommendations:
 Optimal configuration for servers based on the user load
 Storage technology and space based on usage and forecast

9.  Best practices Backup and Restoration process
 Maintenance of Server equipment for minimal downtime
 Possible resolution of server, storage and backup issues
Desktop, Laptop & Thin Clients Audit
 Recovery from crashes and minimising the downtime
 Repair / replacement and upgrade spares availability
 Standard hardware configuration across the organisation
 End-to-end audit or sampling audit
can be scoped as required.
Audit Recommendations:
 Optimal configuration for
desktops/laptops based on the usage
parameters
 Maintenance of desktop/laptop
including spares as per bestpractices
 Asset tagging & maintenance
 Possible resolution of desktop/laptop issues.
Core Application (ERP / SW) Audit
 Using MS Excel to take reports after
investing in ERP,
 Utilisation levels of the Application by
users (module-wise)
 Scope for improvement areas
 Functional audit on the mapping the
business requirement with the
functionality
 Technical audit on the coding (coding
standards and best practices).
Audit Recommendations:

10.  Fitment of the existing application vis-à-vis the business process
 Utilisation levels of existing application department/module-wise
 Module-wise recommendations for optimal usage
 Technical architecture & design as per best practices
 Coding methodology as per best practices
SW License Compliance Audit
 Unauthorised usage of software by staff
 Legal compliance issue due to pirated
applications
 Find actual gaps in the license
 Identify open source alternatives to reduce
investments
Audit Recommendations:
 Identification of unlicensed software and gap
in available licenses
 Recommendation on open source / freeware alternatives
IT Data Security Audit
 Vulnerable network
 USB / Email data leakage
 Physical security (entry/exit
registering, CCTV surveillance)
 End-to-end Logical security
(including VA-PT audits)
 Data and equipment theft

11. Audit Recommendations:
 Recommendation for mitigating VA-PT Gaps
 Harden Server environment for robust security
 Firewall policy and monitoring
 Recommendations for physical security as per best practices
Key User Audit
 Collective view of the key users driving the
organisation
 Understand training requirements
 Identify the key expectations of majority
stake holders.
Audit Recommendations:
 Key User’s knowledge level for utilising
technology investment of company
 Recommendation for areas of training required by key users.
Vulnerability Assessment & Penetration Testing
Vulnerability Assessment services are a series of tests performed on a system to
identify the vulnerability of the system. This is a Security Assessmentconducted
to understand the vulnerabilities and by this process the vulnerabilities are
identified and exposed to the security experts who in turn are able to quantify and
prioritise such vulnerabilities.
Basically a vulnerability of a system refers to the inability of the system to

12. withstand a hostile threat to its environment and the effects that may be caused
by this hostile attack.
Vulnerability assessment has many things in
common with risk assessment. Wikistatesthat
assessmentsare typicallyperformedaccording
to the following steps:
 Cataloguing assets and capabilities (resources)
in a system
 Assigning quantifiable value (or at least rank
order) and importance to those resources
 Identifying the vulnerabilities or potential threats
to each resource
 Mitigating or eliminating the most serious
vulnerabilities for the most valuable resources
Penetration Test (PT)
Penetration Tests are different from
vulnerability assessment services, in that
they simulate an actual attack on a
computer system or network as it would
have been from an external or internal
threat. By this method we are able to
evaluate the computer or network's security
levels based on the defined objective of the
test. Thus a vulnerability penetration test
can help determine whether a system is
vulnerable to attack, if the defences were
sufficient and which defences (if any) were defeated in the penetration
test.

13. Why VA-PT is required?
As new technologies emerge and change the IT scenarios, newer audit security
challenges are given to be faced by corporates. Thus the business that do
transaction over the internet are at high risk, though other companies are also at
risk when being exposed to external networks. Thus many unforeseen traps with
multiple vulnerabilities and numerous threats do manifest themselves in the
least expected time and at the least
expected place. Thus in order to
take-up such challenges and
address then, a robustsystem with
appropriate security policies,
adequate controls, periodic review
and monitoring are to be in place
to protect the organisation's
information assets. Hence it is
highly recommended to carry out
an indepth Network Assessment
comprising of VA-PT audits in a
periodic manner to ensure software
compliance to controls established
and the policies set in the
organisation and further to evaluate whether they are adequate to address all the
threats.
What Do We Gain by VA-PT?
 In-depth testing of IT infrastructure leads
to understanding of the effectiveness of
security systems in place
 Testing the ability of network defenders to
successfully detect and respond to the
attacks
 Enables planned investment to secure the
IT setup resulting in better ROI
 Helps to identify the security gaps and
secure them
 Focus and prioritise high-risk and threats
rather than false encounters

14.  Optional Software Assessment to understand the vulnerabilities within
 Process and policy in place helps to run regular and periodic tests
 Assessing the magnitude of potential business and operational impacts of
successfulattacks