Our focus is on improving our clients' understanding and management of risk in technology through designing and implementing effective controls over technology assets, assisting our clients to meet their IT compliance and governance obligations in a way that enhances their business objectives while helping our clients to manage cyber security and other technology and information risks in a more effective and efficient manner. It is our aim to design, implement and rationalize relevant controls that pontentially reduce technology risks.
Below are some of our core technology risk services:
Information System Audit solutions
Corporate information systems must constantly adapt to changes in regulations, environments, services, and markets. Information systems are also becoming increasingly complex and open, leaving companies exposed to new threats. In this context, organizations must regularly assess their level of exposure. Independently conducted audits are the best way to assess the effectiveness and efficiency of the solutions and processes in place to protect the company against risks.Encompassing both the functional and technical aspects of security, an audit allows management to identify the necessary improvement paths to meet the challenges of security and performance.
An information system (IS) audit or information technology(IT) audit is an examination of the controls within an entity's Information technology infrastructure. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. It is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations. Obtained evidence evaluation can ensure whether the organization's information systems safeguard assets, maintains data integrity, and are operating effectively and efficiently to achieve the organization's goals or objectives.
The identification of mission critical systems as part of threat analysis in developing a proper audit plan geared to address all the critical security issues within the current Network, Applications, Operating Systems and Databases; The Performance of a network security review evaluating existing network security systems including firewalls, intrusion detection systems, file integrity checkers antivirus systems and remote access systems among others systems within your local area network, wide area network and extranets; The carrying out of penetration testing to identify loopholes in gaining unauthorised access to current Network, Applications, Operating Systems and Databases;and Recommend action to be undertaken in addressing vulnerabilities identified. This will involve the design of an appropriate security framework to address current security threats.
Attack Penetration and Testing
We perform not only information systems audits but also technical information systems reviews including Attack and Penetration Testing.Our attack and penetration methodology involves:
For any enquiry on our attack and penetration testing, do not hesitate to get in touch with us through our Contacts.
ICT Strategic Planning Services
ICT Strategic Planning is a key specialty for us. We will work together with you to develop a comprehensive strategic plan in a series of 5 steps:
Business Continuity and Disaster Recovery Planning Service
Planning for the business continuity of an organization in the aftermath of a disaster or business disruption is a complex task. Preparation for, response to, and recovery from a disaster affecting the operations of an organization requires the cooperative efforts of all. In developing an effective BCP/DRP, we seek to achieve the following:
The developed plan generally:
For enquiries on how you can better prepare your organisation for business disruptions or disasters do contact us through our Contacts.
Computer Forensic Investigation
The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. Our Digital forensics professionals are called into action once a breach occurs, and work to identify the hack, understand the source, and recover any compromised data.
Forensic investigators typically follow a standard set of procedures: After physically isolating the device in question to make sure it cannot be accidentally contaminated, investigators make a digital copy of the device's storage media. Once the original media has been copied, it is locked in a safe or other secure facility to maintain its pristine condition. All investigation is done on the digital copy.
Investigators use a variety of techniques and forensic applications to examine the copy, searching hidden folders and unallocated disk space for copies of deleted, encrypted, or damaged files. Any evidence found on the digital copy is carefully documented in a "finding report" and verified with the original in preparation for legal proceedings that involve discovery, depositions, or actual litigation.