Gainful Information Security 2012 services


Published on

Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Gainful Information Security 2012 services

  1. 1. Gainful Information Security Solutions Presentation
  2. 2. IntroGainful Information Security is an information security andsystems development firm established in Harare, Zimbabwe in2007 to partner with African private and public sectors for asecure, efficient and cost-effective information lifecycle.We OfferCustomised: 2
  3. 3. Information Security Business CaseAn event that A conduit that couldcould have a Threats Vulnerability be exploited by adetrimental effect threaton an asset An item of Asset value The effect on a business of a Risks risk being realised BUSINESS IMPACT 3
  4. 4. How your information is attacked 4
  5. 5. Whats attacking your Information Viruses Employee ErrorRogue Insiders Software Bugs Corporate Spies Script Kiddies Web Defacements Password Network vulnerabilities CrackersDenial of Service “SneakerNet” War Drivers Backdoors Worms Trojans Buffer Overflows “Blended Threats” 5
  6. 6. Attack Methodology Threat + Motive + Method + Vulnerability = ATTACK! Good security Security controls can stop Controls & certain attacks PoliciesNon-MaliciousThreats Methods Poor Security and Policies could Tools Let an attack through ASSETS Motives MethodsMalicious and andThreats Goals Tools Vulnerabilities Methods and Tools NO security policies or controls could be disastrousNaturalDisasters 6
  7. 7. 7
  8. 8. Are You Secure ???? Information Assets Risky CurrentThreats + Vulnerabilities = Risks = Position !!!!!! Existing Controls 8
  9. 9. We partner with you to mitigate your information risk Through our project based service package of: 9
  10. 10. We partner with you to assess your risk through:Penetration TestingVulnerability AssessmentWireless Penetration TestingSecurity Test and EvaluationInformation System AuditingWeb-Based Application testingProcedure-Policy Gap-AnalysisRisk Assessment is the first process in theinformation-centric methodology. We userisk assessment to determine the extent ofthe potential threat and risk associated withan IT system throughout its SDLC, systemdevelopment life cycle. The output of thisprocess helps to identify appropriatecontrols to mitigate or militate risk duringthe risk mitigation process. 10
  11. 11. We partner with you to mitigate your risk throughRISK MITIGATION SOLUTIONS Risk Mitigation is the second process of risk management involvesContent Security Products prioritizing, evaluating, and implementing theNetwork Security Products appropriate risk-reducing controls recommended from the risk assessment process. Because theAccess Control & Biometrics elimination of all risk is usually impractical orSecurity Standards Compliance close to impossible, it is the responsibility ofInformation security governance senior management and functional and business managers to use the least-costCyber-Intelligence and Forensics approach and implement the mostIn-house Training and Awareness appropriate controls to decrease mission risk toComputer Crime Expert Witness an acceptable level, with minimal adverse impact on organizational resources & mission 11
  12. 12. What we aim for : PolicyYou Get a SDl FirewallsSecure Intrusion Detection EventCost-Effective Audit Management Network Security& Efficient Train Pen Test ingLife-Cycle AC&IM AV 12
  13. 13. We provide a comprehensive security package: Vetting / References Business InformationDisciplinary Interfaces Security PoliciesProcedure Build Standards Awareness Training IT/IS/ Threat Modelling Anti-Virus Development Patch Security in SDLCManagement ApplicationVulnerability Assessment Data Storage Testing PenetrationConfiguration Testing Reviews Access Control Encryption Ecommerce Reviews Site Firewalls Legislative Compliance Intrusion Detection 13
  14. 14. The way forward: Holistic Security Program Implementation 14
  15. 15. Partner with us to protect your information Contact us on: Add: 4th floor Exploration Hse Cnr 145 R.G Mugabe/5th St Harare , Zimbabwe Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117 Eml: Web: 15