One of the market leading travel agencies in Hong Kong

Size
100+ Employees

Service
IT Audit and Technical Assessment Service

Challenge
Under the revolutionary technologies change in the recent decade, our client is one of the many in such industry, which undergo a transformation from manual operation to machine based operation for specific repetitive tasks.  The automated programs are functioning 24 hours a day, 7 days a week nonstop.  With the existing infrastructure set up, transiting and hosting such huge amount of automated programme would raise both management and security issues. 

To tackle any serious incidents before it happens, the IT management has turned to our IT Audit and Technical Assessment service for evaluating existing vulnerabilities and risks within the system, infrastructure and daily operations.
 

Result and Follow-up
RSEL provided IT audit and technical assessment service towards the client’s IT infrastructure and daily operation focusing on information security.  The auditing area of assessment are mainly focused on the information security aspect on:
 •    IT Structure
 •    IT Operation
 •    System Infrastructure and Architecture
 •    Network Infrastructure and Architecture.

Together with the audit assessment, a vulnerability scan assessment is also conducted towards the official webpage so as to determine if an eternal hacker can penetrate the system and network infrastructure.

Audit Report and Vulnerability Assessment Report submitted to the management includes the findings of vulnerability and risk, impact of related risk, priority of improvement and practical recommendations.  With the road map and action plan included according to the seriousness of the observation found, our client could be able to include the follow up action needed in their IT year plan to tackle the corresponding risk.

Result
With the submission of the management report of our findings, impacts, severity levels and recommendations, a meeting is held with the management team to run through each finding, some includes:
 •    Identification of security holes within their multi-sites setup in both network and application aspects.
 •    Core business ERP system running a 2-tier hierarchy, any users may delete all system data under a press of the delete button.
 •    Insufficient and ineffective configurations of firewall causing managers’ personal desktops and servers vulnerable to hackers.
 
Follow-up
Reduce potential security holes with an up-to-date centralized monitoring and administration system. Temporary work around method to protect data. Awareness of new options in ERP systems with pertinent professional advice. Establishment of new policies and procedures in protection of the company.

Our team thereafter, proposes a range of IT services providing a one stop solution of our client. Some of our services include:
 •    Immediate handling of high severity objects to minimize risks including firewall configurations and ERP data protection.
 •    In-place a centralized administration and network monitoring systems to govern and simplify IT administration.
 •    Sources different options of ERP’s providing pertinent professional advice.
 •    Establishment of new policies and procedures in protection of the company.
 
Benefit
After the running of our IT Audit and Services Scheme, the workload is centralized and eased by the new establishment of administration and network monitoring systems. The management team has much of a better overview of IT and the current environment in both security and business growth aspects. With the establishment of policies and procedures, a clear guideline is defined and a regular communication channel between management and IT is established.