TCS eSecurity Practice Completes First Security Health Check for Grange Insurance; Growing Practice Offers Multiple Tools to Help Companies Assess Vulnerabilities and Secure Networks

Business Wire, Jan 13, 2003

Business Editors

NEW YORK--(BUSINESS WIRE)--Jan. 13, 2003

Tata Consultancy Services (TCS), one of the world's largest and fastest growing software and IT services firms, announced today that it has completed its first Security Health Check assessment on behalf of the Grange Insurance Group.

"Developing an enterprise-wide security solution is fundamental to the long-term health of our business," said Grange Insurance CIO & Vice President Ralph Carlile. "Having our Web site or our network go down even for just a few hours can cost us thousands of dollars. We knew we needed the most accurate representation of where our needs were and a detailed roadmap on how to address those needs. Working with TCS gave us both."

TCS' eSecurity team completed the project in approximately four weeks, providing Seattle-based Grange Insurance a complete evaluation of its current security system, specific recommendations on how to address the system's weaknesses, and expert guidance for implementing a strategic security plan. According to Carlile, the TCS eSecurity team's reputation for comprehensiveness and attention to detail in eSecurity were deciding factors in the decision to work with TCS.

"The eSecurity methodology and the breadth of their assessment tools really set TCS apart from other companies," Carlile said. "They were extremely thorough in their analysis and that gave us a lot of confidence that we were seeing the entire picture of our security needs."

All Security Health Check engagements provided by TCS are conducted in four phases:

-- Phase 1: Penetration Study ("Black Box" Approach): TCS professionals working in India assess a customer's network by performing a "friendly attack" on the system from the outside in much the same way a hacker would.

-- Phase 2: Network Security Assessment ("White Box" Approach): In conjunction with the penetration study, onsite TCS professionals audit the customer's network security and vulnerabilities through interviews and analyses of company documentation.

-- Phase 3: Security Scorecard: Using the data gathered in phase one and two, TCS provides the customer with a detailed and graphical standards-based rating of its network security, highlighting system strengths and weaknesses.

-- Phase 4: Security Training & Workshop: The engagement culminates with a two-day onsite debriefing conducted by TCS professionals designed to provide training and to help the customer develop a prioritized agreed action plan and security strategy based on the Health Check's findings.

TCS methodology adheres to quality standards set by the International Standards Organization (ISO 17799) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as the INFOSEC Assessment Capability Maturity Model sponsored by the NSA and used by the Department of Defense.

These standards are used together with the TCS Security Process Maturity Model, which can be customized to each individual engagement, to examine the basics of the customer's security strategy in a top-down fashion. The data that is collected is then mapped against these quality standards, the customer's business model, and TCS' security risk profile to identify gaps and establish a sensible security baseline.

"Security is not a product, it is the ever-evolving integration of solutions and processes based upon industry standards, proven methodology, and best practices," said TCS' eSecurity Practice Director Nigel Willson. "Security breaches are on the rise, and computer hackers are growing increasingly more sophisticated and more aggressive. The TCS eSecurity practice offers Fortune 1000 companies unparalleled expertise to fix today's security weaknesses and the strategic leadership to meet tomorrow's challenges."

TCS' growing eSecurity practice also offers other services, which build upon the Security Health Check. These services include:

-- Security Remedy (Level 2): TCS eSecurity professionals

implement the recommendations and improvements provided in the

Security Health Check.

-- Security Roadmap (Level 3): TCS eSecurity professionals

develop, validate, or update security architecture and

lifecycle strategy to create a comprehensive roadmap and

security program aligned to the customer's business

objectives.

-- Security Advisor (Level 4): TCS eSecurity professionals

complement the customer's IT staff as a virtual team member

working on various projects on a retainer basis to guide the

customer's security needs.

As the eSecurity practice continues to expand, TCS is actively seeking partnership opportunities with companies that provide many of the tools and services essential to performing a Health Check assessment.

About TCS

Tata Consultancy Services (TCS), India and Asia's largest IT software and services company, provides information technology and management consulting services to organizations in 55 countries across the globe. With 20,140 employees (18,835 consultants) and revenues of $880 million, TCS has more than 150 offices worldwide.

In North America, TCS has more than 50 offices and is headquartered in New York City. Its clients include companies and organizations, such as American Express, AIG, Bank of America, Best Buy, Boeing, the Canadian Depository for Securities, Charleston County (South Carolina), ChevronTexaco, Citibank, Cummins Company, Dell Computer Corporation, US Department of Defense, The Gap, General Electric, Hewlett-Packard, IBM, ING America, Kellogg's, Lucent Technologies, McGraw-Hill, Microsoft, Nacco, NASDAQ, Nike, The State of Pennsylvania, The State of New Mexico, Pratt & Whitney, Prudential Financial, Rockwell, Qwest, SBC Communications Inc., the Target Corporation, USAA, Verizon, Xerox, and Zimmer.