Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
2. Intro
Gainful Information Security is an information security and
systems development firm established in Harare, Zimbabwe in
2007 to partner with African private and public sectors for a
secure, efficient and cost-effective information lifecycle.
We Offer
Customised:
2
3. Information Security Business Case
An event that
A conduit that could
could have a
Threats Vulnerability be exploited by a
detrimental effect
threat
on an asset
An item of
Asset
value
The effect on a business of a
Risks risk being realised
BUSINESS IMPACT
3
5. What's attacking your Information
Viruses Employee Error
Rogue Insiders Software Bugs
Corporate Spies Script Kiddies
Web Defacements Password
Network vulnerabilities Crackers
Denial of Service
“SneakerNet” War Drivers
Backdoors
Worms Trojans
Buffer Overflows “Blended Threats”
5
6. Attack Methodology
Threat + Motive + Method + Vulnerability = ATTACK!
Good security Security
controls can stop Controls &
certain attacks Policies
Non-
Malicious
Threats
Methods Poor Security
and Policies could
Tools Let an attack
through
ASSETS
Motives Methods
Malicious and and
Threats Goals Tools
Vulnerabilities
Methods
and
Tools
NO security policies or
controls could be disastrous
Natural
Disasters
6
8. Are You Secure ????
Information
Assets
Risky
Current
Threats + Vulnerabilities = Risks = Position
!!!!!!
Existing
Controls
8
9. We partner with you to mitigate your information risk
Through our project based service package of:
9
10. We partner with you to assess your risk through:
Penetration Testing
Vulnerability Assessment
Wireless Penetration Testing
Security Test and Evaluation
Information System Auditing
Web-Based Application testing
Procedure-Policy Gap-Analysis
Risk Assessment is the first process in the
information-centric methodology. We use
risk assessment to determine the extent of
the potential threat and risk associated with
an IT system throughout its SDLC, system
development life cycle. The output of this
process helps to identify appropriate
controls to mitigate or militate risk during
the risk mitigation process.
10
11. We partner with you to mitigate your risk through
RISK MITIGATION SOLUTIONS Risk Mitigation is the second process of risk
management involves
Content Security Products prioritizing, evaluating, and implementing the
Network Security Products appropriate risk-reducing controls recommended
from the risk assessment process. Because the
Access Control & Biometrics
elimination of all risk is usually impractical or
Security Standards Compliance close to impossible, it is the responsibility of
Information security governance senior management and functional and
business managers to use the least-cost
Cyber-Intelligence and Forensics
approach and implement the most
In-house Training and Awareness appropriate controls to decrease mission risk to
Computer Crime Expert Witness an acceptable level, with minimal adverse impact
on organizational resources & mission
11
12. What we aim for :
Policy
You Get a
SDl Firewalls
Secure Intrusion
Detection
Event
Cost-Effective Audit Management
Network
Security
& Efficient
Train
Pen Test
ing
Life-Cycle AC&IM AV
12
13. We provide a comprehensive security package:
Vetting /
References Business Information
Disciplinary Interfaces Security Policies
Procedure
Build Standards
Awareness
Training
IT/IS/
Threat Modelling
Anti-Virus Development
Patch Security in SDLC
Management
Application
Vulnerability
Assessment
Data Storage Testing
Penetration
Configuration Testing
Reviews
Access Control
Encryption Ecommerce Reviews
Site
Firewalls Legislative
Compliance
Intrusion
Detection
13