Gainful Information SecuritySolutions Presentation

www.gis.co.zw

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

Your Partner for Secure, Cost Effective & Efficient information Lifecycle 2

Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.

We Offer Customised:

Intro

3

An event that could have a detrimental effect on an asset

A conduit that could be exploited by a threat

An item of value

The effect on a business of a risk being realised

BUSINESS IMPACT

Asset

Threats Vulnerability

Risks

Information Security Business Case

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

4

How your information is attacked

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

5

Web Defacements

Software Bugs

Buffer Overflows

Backdoors

Viruses

Denial of Service

Worms“SneakerNe

t”

Corporate Spies Script Kiddies

Employee Error

War Drivers

Trojans

Password Crackers

“Blended Threats”

What's attacking your Information

Rogue Insiders

Network vulnerabilities

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

6

Natural Disasters

SecurityControls &Policies

Vulnerabilities

Good security controls can stopcertain attacks

Poor SecurityPolicies couldLet an attackthrough

NO security policies orcontrols could be disastrous

MaliciousThreats

Non-MaliciousThreats

Motivesand Goals

MethodsandTools

MethodsandTools

MethodsandTools

ASS

ETS

Threat + Motive + Method + Vulnerability = ATTACK!

Attack Methodology

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

7 Your Partner for Secure, Cost Effective & Efficient information

Lifecycle

8

Information Assets

Threats Vulnerabilities Risks=

Existing Controls

Risky Current Position

!!!!!!=+

Are You Secure ????

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

9

We partner with you to mitigate your information riskThrough our project based service package of:

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

10

Penetration TestingVulnerability AssessmentWireless Penetration Testing Security Test and EvaluationInformation System AuditingWeb-Based Application testing Procedure-Policy Gap-Analysis Risk Assessment is the first process in the information-centric methodology. We use risk assessment to determine the extent of the potential threat and risk associated with an IT system throughout its SDLC, system development life cycle. The output of this process helps to identify appropriate controls to mitigate or militate risk during the risk mitigation process.

We partner with you to assess your risk through:

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

11

Risk Mitigation is the second process of risk management involves prioritizing, evaluating, and implementing the appropriate risk-reducing controls recommended from the risk assessment process. Because the elimination of all risk is usually impractical or close to impossible, it is the responsibility of senior management and functional and business managers to use the least-cost approach and implement the most appropriate controls to decrease mission risk to an acceptable level, with minimal adverse impact on organizational resources & mission

Content Security ProductsNetwork Security ProductsAccess Control & BiometricsSecurity Standards Compliance Information security governanceCyber-Intelligence and ForensicsIn-house Training and AwarenessComputer Crime Expert Witness

RISK MITIGATION SOLUTIONS

We partner with you to mitigate your risk through

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

12

You Get a

Secure

Cost-Effective

& Efficient

Life-Cycle

Policy

Firewalls

Intrusion Detection Event

Management

Network Security

Pen Test

AC&IM

Training

SDl

AV

Audit

What we aim for :

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

13

Ecommerce Site

Data Storage

Business Interfaces

IT/IS/Developme

ntAnti-Virus

Firewalls

Encryption

Security in SDLC

Threat Modelling

Build Standards

Information Security Policies

Legislative Compliance

Configuration Reviews

Patch Management

Access Control Reviews

Application Testing

Penetration Testing

Intrusion Detection

Vulnerability Assessment

Vetting / ReferencesDisciplinary Procedure

Awareness Training

We provide a comprehensive security package:

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

14

Sign a NDA with us

Risk Assessment

Risk Mitigation

HolisticSecurityProgramImplementation

The way forward:

Your Partner for Secure, Cost Effective & Efficient information Lifecycle

15

Partner with us to protect your information Contact us on:

Add: 4th floor Exploration Hse Cnr 145 R.G Mugabe/5th St Harare , Zimbabwe

Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117

Eml: info@gis.co.zw cade@gis.co.zw

Web: www.gis.co.zw Your Partner for Secure, Cost Effective & Efficient information

Lifecycle