Cyber security

Building confidence in your digital future.

How we can help

In the last two decades, the technology revolution has changed the way we all go about our business.

While offering opportunities for innovation and productivity, the Cyber era also presents new risks and challenges. Illustrated in the ecosystem to the right, from governments and their citizens to businesses and their employees and customers, we are all connected and affected by cyber risks.

The cyber supply chain has removed the traditional security perimeter as enterprises adopt cloud, mobile and social technologies, and invest in third party business relationships.

There’s no such thing as perfect security. An agile and commercially pragmatic approach is essential for the growth and innovation required to thrive in the new world.

The cyber ecosystem is complex and fast. While it’s necessary to invest in protection, incidents will occur. Rapid response is key to minimising brand damage and financial loss.

Protection, detection and response are interdependent. Leading practice needs a cohesive relationship between technology risk, information security, forensics and operational teams.

Our Cyber lifecycle

 

Our service offering

1. Strategy and policy

Strategy and policy is about…

  • Investing to enhance cyber resilience
  • Understanding and adapting to changes in the cyber risk environment
  • Defining security policy and the madatory requirements that your business users, and third parties must adhere to
  • Communicating security posture and risk decisions to drive a cyber aware culture

 

Considerations…

  • Is our cyber strategy and policy aligned to our business model and strategy?
  • Do we understand what information is most valuable, where it is located, and how it impacts the customer experience?
  • Does the strategy and policy consider the full scope of security and resilience risks:
    technical, physical, process, and people?
  • Have we assessed the full impact of business disruption, and do we understand our reliance on critical systems, service providers and suppliers?
  • Do employees understand their role in protecting information assets?

2. Protect

Protect is about…

  • Taking advantage of new technologies, safely
  • Cost effective, repeatable and scalable cyber resilience
  • Security, privacy and resilience by design
  • Controlling access to business critical information
  • Understanding the effectiveness of security and controls before going live

 

 

Considerations…

  • How is cyber resilience managed for new systems, projects or product launches? Is it cost effective?
  • Are your cyber resilience skills broad, scalable and flexible to deal with spikes in business demand?
  • Is cyber resilience seen as a hand brake or an enabler?

3. Operate

Operate is about…

  • Understanding your vulnerabilities, monitoring security events and maintaining operational performance
  • Understanding all cyber risks – Government agencies and industry peers sharing intelligence
  • Continually assessing risks and re-testing security and controls
  • Reporting cyber risks and status to the executive and board

 

 

Considerations…

  • Are your cyber operations cost effective? 
  • Is your security and control testing program risk based?
  • Is your monitoring capability flexible and scalable?
  • How do you know when you have a breach?
  • How do you know your service providers effectively manage cyber risks?

4. Respond

Respond is about…

  • Having people, systems and processes in place to respond immediately
  • Maintaining capability that is scalable and cost-effective
  • A proven approach to containing the incident and minimising damage
  • Teamwork between all stakeholders including outsourced service providers to minimise brand damage and financial loss

 

 

Considerations...

  • What would happen if you had a major systems outage or customer information breach? Are you prepared? Do you have a plan to respond? 
  • What are the protocols when responding to cyber threats or incidents?
  • Do you have a plan to manage external stakeholders, customers and regulators?

5. Remediate

Remediate is about...

  • Root cause analysis of cyber events to enhance your cyber strategy
  • Using intelligence, monitoring and testing results to improve cyber resilience
  • Understanding and communicating risks and cost effectively fixing problems
  • Training and sharing of lessons learnt

 

 

Considerations…

  • When you experience a cyber incident, how do you fix the problem so it won’t happen again?
  • Do you learn from other organisation’s issues? 
  • Do you regularly reassess your cyber risk appetite?
  • Do you have a culture of cyber resilience?
  • Are you leveraging analytics to understand incidents and identify systemic issues and root causes?

< Back

< Back
[+] Read More

Contact us

Sidriaan de Villiers
Partner - Oracle
Tel: +27 (0)11 797 5411
Email

Busi Mathe
Partner
Tel: +27 (0)11 797 4875
Email

Follow us