security project
DESCRIPTION
TRANSCRIPT
IT Security Analysis – MARPOSS INDIA PVT LTD
Ayush Sharma – 10IT-012Karan Sood – 10IT-014
Mohammed Sazid – 10IT-003S.K Chakravarthy – 10DM-129
MARPOSS SpA, Italy
• Gauges, grinders, sensors, automatic inspection and measurement systems are some products
• 1952 – Established in Bologna by Mr. Mario Possati (1922-1990)
• 1962 – Opened its first abroad office in Germany• 1970 – 18 years into the business, Marposs entered the
Asian Market through Japan• 2000 – Began acquisitions of soled, well-structured
companies, supplying top quality product in its field• Network of agents and distributors in many countries
MARPOSS INDIA
• Marposs India Pvt Ltd incorporated in July, 2007• Sale and After Sales services of its products in
India• 25 years with Machine Tools India (MTI) as its
sole agent• Regional offices in Manesar, Pune, Bangalore,
Chennai and Jamshedpur• Sales Team of around 50 people across India• Annual Revenue of €48m
MARPOSS India, Manesar Regional Offices, India
PROCESSES at MARPOSS
MIPL
Sales Services
OEM•Standard Product direct from Inventory
Customized Solutions•Understanding requirements•Quotation to Customer•Manufactured in Italy
Spare Parts In-house Repair
Onsite Repair
G
E
R
M
A
N
Y
INDIA
Employees
Products
Customers
InventoryLocal
Inventory
Types of Sales OEM CustomizedOther Partnerships
Services Spares Inventory Service
Order Processing System Invoice Report Generation
InventoryReport Generation Service Report Invoice
ERP - MII
Customer Order Placement
ERP(Sales interface)
OrderProcessing
Delivery to Customer
ERP (service interface)
ERP (inventory interface)
Invoice
Security Threats
• Access to Customer Data• Pricing data Available over
emails• Quotations not password
protected• Incoming purchase order
visibility • No Data backup
Data Threats
• Access to VPN through a single password
• No SecureID usage• Data base access to all
employees
Programming Threats
Security Controls
• Internal Security Audits once a year
• Business continuity plan in place• IT team to handle the security
issues• Inherent security controls with
the ERP implementation
Existing Controls
• Having a database backup• Adopting the ISO 27001 – ISMS
standards• Separate dedicated Security
Committee/ team
Possible Extensions