As an industry-leading Value Added Distributor, we provide our full attention to each of our Vendors and only partner with the very best.
A penetration test is a simulated attack on a computer system that looks for security weaknesses, potentially gaining access to the system’s features and data.
Penetration Tests are needed to test the security solutions in place and determine their effectiveness.
Red Teams are teams of hackers who with little information on the target asset attempt to mimic a real world attack on the asset. This provides valuable information on the asset as seen from an outside view.
NIST SP 800 – 115 framework. Section 5.2 is the section that addresses Penetration Testing.
This penetration testing framework is useful for determining the following:
Phases of Penetration Testing
These services benefit the view of the asset by:
Within the past few years, a number of new laws, regulations and standards have been created to ensure that organizations take responsibility for their information security.
Complying with these new rules can seem like a daunting task. If an organization gives compliance and proper information security enough thought, however, they will understand that what’s most important is embracing a strong methodology towards information security.
Once a strong methodology is developed and implemented, compliance becomes simply a task of mapping that methodology and its subsequent documentation to the expectations of the regulatory body focused on auditing the information technology infrastructure.
Technical compliance with South African and International Regulations
Regulatory consulting for possible solutions needed with respect to specific regulatory frameworks
Information Security Policy (ISP) is a set of rules enacted by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the prescriptions regarding the security of the company
We offer 5 main frameworks to our clients.
Each framework dictates the method through which each branch of security services and technologies are delivered. This ensures that all services are delivered adhering to business industry standards and that the best steps are taken to mitigate against a cyber security threat.
International Standards Organization and internationally most common
US National Institute of Standards , compulsory for all US government organs
Centre for Internet Security, focuses on controls
Resource for Information Security Training - large amount of controls
Web application framework, most common internationally
The CIS Critical Security Controls are a relatively small number of prioritized, well-vetted, and supported security actions that organizations can take to assess and improve their current security state.
CIS Critical Security Controls are informed by actual attacks and effective defenses and reflect the combined knowledge of experts from every part of the ecosystem