South African Centre for Information Security: Leading Information Security Consulting Firm

We follow international best practices [USA's NIST framework and ISO standards] and generally accpeted industry principles and process to deliver our consulting solutions to secure your valuable information and information systems.

The security process we use to implement information security solutions are the recommended method an organisation uses to implement and achieve its security objectives. The process is designed to identify, measure, manage and control the risks to system and data availability, integrity, and confidentiality, and ensure accountability for system actions. Our international consultants are available to support your organisation throughout the process. The process includes five areas that serve as the framework for our "Total Solution"

1- Information Security Risk Assessment —A process we use to identify threats, vulnerabilities, attacks, probabilities of occurrence, and outcomes.

2 - Information Security Strategy —A plan to mitigate risk that integrates technology, policies, procedures and training. The plan should be reviewed and approved by the board of directors.

3 - Security Controls Implementation —The acquisition and operation of technology, the specific assignment of duties and responsibilities to managers and staff, the deployment of risk-appropriate controls, and assurance that management and staff understand their responsibilities and have the knowledge, skills, and motivation necessary to fulfill their duties.

4 - Security Testing —The use of various methodologies to gain assurance that risks are appropriately assessed and mitigated. These testing methodologies should verify that significant controls are effective and performing as intended.

5 - Monitoring and Updating —The process of continuously gathering and analyzing information regarding new threats and vulnerabilities, actual attacks on the institution or others combined with the effectiveness of the existing security controls. This information is used to update the risk assessment, strategy, and controls. Monitoring and updating makes the process continuous instead of a one-time event.

Security risk variables include threats, vulnerabilities, attack techniques, the expected frequency of attacks, financial institution operations and technology, and the financial institution’s defensive posture. All of these variables change constantly. Therefore, an institution’s management of the risks requires an ongoing process.

CIS helps organistions to continuously monitor and evaluate thier security policies, strategies and tools. Using the above process, we help organisations to

:: Draft and develop various types of security policies
eg... Internet policy, email policy, security policy, computer usage policy, network policy

:: Draft and develop procedures and guidelines to protect your information and information systems.

:: Help the authority tasked with developing standards to formulate information security standards for a specific country or region.

July 2010 - SACfIS to speak on 3rd Annual ITEX ICT Conference on Social Media and Security issues

May 2010 - SACfIS CEO to speak on 2nd Annual Kuwait ICT Security Forum in Kuwait City. He would present a key note on Offensive information cyberwarfare for business and government agencies.

July 2009 - SACfIS to partner with a prominent South African security consulting company Telspace. Telspace is a leader in penetration testing, web application and wireless hacking.

May 2009 - SACfIS CEO speaks at the annual IT WEB security summit. Beza presented a framework on offensive defensive strategy for engaging in information warfare.

February 2009 - SACfIS CEO speaks at 3rd Network and Endpoint security summit in Nairobi.

October 2009 - SACfIS CEO speaks at 2nd IT Governace and Audit summit in Nairobi, Kenya. Mr. Belayneh presented on current web application threats and key measures thta must be taken.

January 2009 - SACfIS CEO speaks on the need for ICT R & D capacity development in Brussels. He cited information security as a key area that requires support and strategic collaboration for increasing ICT uptake and trust in technology.