CASE STUDies

I.T. Audit Case
A cross boarder toy firm with head-office in Hong Kong and factory in People’s Republic of China

Size 3000+ Employees
Services IT Audit and Follow-up Services
Challenge Mission critical ERP used across the borders, multi-sites management, data and network security and integrity becomes a major concern. Internal hacking activities present.
Results Identified numerous network security holes and technical recommendations. Evaluation of mission critical ERP on technical architectural analysis specifying potential risks and possible automation strategy. Enhancing network control and monitor with the consolidation of IT management and policies.
Follow - up Reduces potential security holes with an up-to-date centralized monitor and administration system. Temporary work around method to protect data. Awareness of new options in ERP systems with pertinent professional advice. Establishment of new policies and procedures in protection of the company.

Challenge
In recent years, with the aggressive growth of PRC’s economy and businesses, many are struggling to cope with oversea management and security. Our client is no other. An out-dated ERP and a handicapped HR system have cost our client direct money lose. An I.T. team that are too busy fixing endless users’ daily problems, managers find it almost impossible to communicate and express their business directions and objectives. With a continuous reminder from the news of data leakage and loss, managers have turned to our IT audit and service scheme to evaluate in both technical and business aspects.

Results
With the submission of the management report of our findings, impacts, severity levels and recommendations, a meeting is held with the management team to run through each finding, some includes:
  • Identification of security holes within their multi-sites setup in both network and application aspects.
  • Core business ERP system running a 2-tier hierarchy, any users may delete all system data under a press ofthe delete button.
  • Insufficient and ineffective configurations of firewall causing managers’ personal desktops and servers vulnerable to hackers. etc.

  • Follow-Up
    With the identifications of different potential security holes, the management team elects on different handling methods to each finding accordingly. Our team thereafter, according to these requests, proposes a range of IT services providing a one stop solution of our client. Some of our services include:
  • Immediate handling of high severity objects to minimize risks including firewall configurations and ERP dataprotection.
  • In-place a centralized administration and network monitoring systems to govern and simplify IT administration.
  • Sources different options of ERP’s providing pertinent professional advice.
  • Establishment of new policies and procedures in protection of the company.

  • Impacts
    After the running of our IT Audit and Services Scheme, the workload is centralized and eased by the new establishment of administration and network monitoring systems. The management team has much of a better overview of I.T. and the current environment in both security and business growth aspects. With the establishment of policies and procedures, a clear guideline is defined and a regular communication channel between management and I.T. is established.

     
    I.T. Audit and Assessment
    I.T. Consultation
    ISO 27001 Consultation
    Vulnerability Assessment and Penetration Test Vulnerability Assessment and Penetration Test Vulnerability Assessment and Penetration Test