Services Overview

Security Consulting

Dimension Data is a global technology services company, assisting its customers in planning, building and supporting their IT infrastructures. Dimension Data combines its expertise in networking, security, operating environments, storage, and contact centre technologies with its unique skills in consulting, integration and provision of managed services to create customised client solutions. Dimension Data believes it is the appropriate independent partner to assist its customers in meeting current and future needs.

Furthermore, Dimension Data is a leading partner in the area of IT Security with a long and successful relationship with its customers in the field of information security governance, compliance and risk assessment services. Dimension Data has proven its ability to deliver high quality service, flexibility and commitment.

1. Company BackgroundDimension Data is a specialist IT services and solutions provider that helps clients Plan, Build, Support and Manage their IT infrastructures.

• Founded 1983

• 15,000 employees

•Operating in 51 countries

• 78% of the Global Fortune 100 and 62% of the Global Fortune

• 500 are Dimension Data clients

• 2012 revenues of $5.84 billion

•Owned 100% by Nippon Telegraph and Telephone Corporation (NTT)

•Wholly-owned subsidiary of the NTT Group

Dimension Data has proven its ability to deliver high level quality service, flexibility and commitment.Dimension Data was started in South Africa in 1983 at the inception of the move towards networked communications. Using our knowledge and expertise in networking, Dimension Data has grown into a progressive and

dynamic IT services and solutions provider. Our grasp of technology and the optimum business value that technology can create has driven our remarkable success story. We were founded over 25 years ago, by three young, ambitious South Africans who had a simple vision of wanting to do great things. Today, our vision has evolved into becoming the world leaders in the provision and management of specialist IT infrastructure solutions that help our clients achieve their business goals. Present in 51 countries around the world, Dimension Data is a world-class organisation that delivers technology-based business solutions to more than 6,000 clients.

Dimension Data’s primary listing is on the London Stock Exchange, and we are also listed on the Johannesburg Stock Exchange.

To help our clients achieve competitive advantage Dimension Data provides flexible IT infrastructure solutions by:

• Planning, building and supporting solutions to help our clients achieve competitive advantage

•Offering a range of solutions that address business issues around reducing operating costs, increasing revenue and managing risk

Security Consulting

03

Security Consulting

Figure 1: Dimension Data and Preferred Partner Geographical Capability

Dimension Data

Preferred partners

No coverage

Dimension Data operates globally and has grown steadily from inception in 1983.

Dimension Data operates across five key geographies: Middle East & Africa, Americas (North and South), Europe, Asia and Australia. Each of these regional business units operates under the umbrella of the Dimension Data Group Head Office located at The Campus, in Bryanston, Johannesburg.

For further financial or organisational details please visit our website http://www.dimensiondata.com or ask your account manager for the latest Annual Report and “Dimension Data at a Glance” documents.

•Design

•Network Segmentation

•Build

Once the plan has been completed our clients are ready to move into an architecture focused solutions phase where we can support them with a redesign of the network to support their security objectives. In the solutions phase the most suitable security technologies are deployed to meet the organisation’s current and future needs.

In the operations management phase we provide ongoing maintenance for the deployed technologies, assisting our clients in determining whether to outsource the management of some, or the entire security environment.

Because of the evolving nature of risk, and a view of IT security as a process and not a result, once the operations management phase has been considered, we can assist our clients with the implementation of a security and risk management process or framework which includes regular assessment and compliance analysis to assure control.

3. Security Consulting – Service PortfolioDimension Data security consultants are experts in organisational and management level security consultancy and assessments, as well as in technical vulnerability assessment services. The following are some example areas in which we frequently assist our clients.

Further details on the content and deliverables of the abovementioned phases can be obtained on request.

3.1. Governance, Risk and Compliance Assessments

• Strategic Security Management Consultancy

• ISO 27001 Compliance Assessment

• PCI Readiness Assessment & Certification

• Business Impact Analysis

• Threat and Risk Assessment

•Dimension Data branded “GRC Assessment” service

• Policies & Procedures

3.2. Vulnerability Assessment Services

• Internet Footprint Assessment

•Vulnerability Assessment / Management

• Infrastructure, System and Client-side (Desktop) Penetration Test

•Wireless Infrastructure and Client Penetration Test

•RAS Infrastructure and Client Penetration Test

•Application Penetration Test

• Secure Development Coaching/Workshops

Security Consulting

Figure 3: Dimension Data – Our Approach to IT Security Projects

2. Dimension Data’s Security PracticeDimension Data’s vision is to support organisations through the whole lifecycle of managing IT security risks – from assessment to ongoing management. In order to do this we take a cyclical approach to assisting customers – but organisations can engage with us at any stage of the cycle.

In the assessment and compliance phase we assist organisations in identifying risk within different parts of their IT environment. Depending on the maturity of their own IT risk management approach this may start with a risk assessment or a gap analysis, or it may be more specifically focused on an area of risk, involving a network or application vulnerability assessment, a requirements analysis or other consultative investigation.

Armed with the knowledge from the Assessment and Compliance phase we assist our clients moving into the Planning phase to develop a plan addressing the risks that were uncovered or explored in the first phase. Typically, this involves the development of a security roadmap or framework that sets out the security goals of the client and the supporting projects that must be completed to achieve those goals in a given time period. Depending on maturity of the client’s security organisation this may involve development of security policies, procedures and guidelines.

5. O

pera

tions

man

agem

ent

3. Architectu

re

4. Solutions

2. Planning

1. Assessment

•Governance Risk and Compliance Assessment

•Technology Lifecycle Management Assessment for Security

•Firewall Assurance Assessment

•Regional Security Assessments

•Penetration Testing

•Gap Analysis

•Workshops

•Evaluations

•Proof of Concept

•Policies and Procedures

•Intergration

•Implementation

•Maintenance

•Support

•Multi-Vendor Support Aggregation

•Managed Secure Infrastructure Services

•Managed Vulnerability

Client

05

•Automated and Manual Application Source Code Review

•VoIP Penetration Test

•Database Penetration Test

•Mobile Technologies Assessment

•Hardware hacking/engineering

• Reverse Engineering (Commercial Off-The-Shelf & Custom)

• Social Engineering

4. Competencies and Capabilities

4.1.Global

Dimension Data’s global security practices consist of more than 500 professionals. Our global security assessment practice counts over 50 dedicated and full-time experts with coverage in the following regions: Europe, AsiaPac, Americas, Africa and Middle East.

4.2. In Europe

Our security consultants in Europe involved in security consulting and assessments are

experts in assessing large and complex environments. They have extensive background in designing and implementing large high-end IT infrastructures, as well as expertise in testing multiple environments covering a variety of potential attack vectors.

Our assessment services have benefitted clients in Europe, AsiaPac, Americas, Africa and the Middle-East.

Dimension Data has local security consultancy capabilities throughout the region supported for the most complex subject matters by a large competence centre based in Belgium. Due to the sensitive nature of security, we do not utilise third parties to conduct our engagements – we employ experts to assist your organisation to deploy effective Threat Management.

4.2.1. Capabilities

Our security consultants master various infrastructure, system and application technologies and frameworks including HTML, PHP, ASP/ ASP.Net, JSP, Servlets, J2EE, WebSphere, WebLogic, Tomcat,

Microsoft® SharePoint , SOAP & XML Web services; Oracle, Microsoft® SQL Server, MySQL, reverse proxies, various middleware and CMS systems. Knowledge of programming languages include: C/C++, VB, Java, Perl, Python, C#.

For example, Dimension Data has experience in assessing:

•Multiple application technologies such as HTML, PHP, ASP, JSP, Servlets, .NET, J2EE, WebSphere, WebLogic, Tomcat, SOAP & XML Web services;

•Multiple types of applications and application infrastructure components such as databases, Oracle, Microsoft® SQL Server, MySQL, reverse proxies, various middleware and CMS systems; and

• Programming languages such as C/C++, VB, Java, Perl, Python, C#.

4.2.2. Certifications

Certifications held by our consultants include: ISC², CISSP, ISACA CISA, ISACA CISM, PCI QSA, SANS GIAC GCIH/GPEN/

Security Consulting

•Workshops

•Evaluations

•Proof of Concept

•Policies and Procedures

GWAPT/ GAWN, ISO 27001 Lead Auditor, Check Point, McAfee, Qualys, F5, Juniper, Cisco, and Microsoft.

4.2.3. Knowledge Management

Our security experts maintain their level of knowledge through training, Dimension Data’s Research and Development program, as well as participation in internal and third party security conferences and events.

With Dimension Data, security consultants spend 15% to 20% of their time on maintaining their skills through training and researching the security threatscape.

Through our R&D program our experts continuously analyse threats and new attack vectors targeting today’s complex IT environments. Our R&D program results in mastering a wide spectrum of technologies and the results of our investments are show-cased on multiple internal workshops per year, shared in client sessions, and contribute to market awareness.

5. References

5.1. Key Reference Cases

•Dimension Data has an impressive track record for delivering Security Consulting in IT Security Governance, Risk and Compliance in different markets all over the world:

• Large Financial Institutions

• Large Industry Organisations

• ISP’s and Mobile Phone Operators

•Government Institutions

•Military

5.1.1. Case: Large European financial clearing house

Client: The client is the world’s leading provider of domestic and cross-border settlement and related services for bond, equity, fund and derivative transactions.

Location: Belgium, France, UK

Services: Dimension Data is the partner of choice to perform regular engagements in IT Security Audit, Penetration Testing of systems and applications, Vulnerability Assessments, etc., for multiple departments. Involved in Periodic, Acceptance and Change/Incident testing.

Period: Since 2003 and ongoing.

Most significant project:

Penetration testing of new data centre infrastructure spread over three physical sites in two countries.

Objective: Provide the security staff and stakeholders with assurance that infrastructure components have been securely installed and configured following corporate guidelines and industry best practices. The penetration test findings serve as validation and assist them with the decision process for migrating to production environments.

Other: Web application penetration testing with Dimension Data is performed as part of their internal development cycle in close cooperation with Dimension Data. System changes are deployed and launched following validation by Dimension Data.

5.1.2. Case: Large International Financial Group (Global Fortune500)

Client: Client is a global financial services company of Dutch origin with 150 years of experience, providing a wide array of banking, insurance and asset management services in over 50 countries with 113,000 employees. Its customer base includes individuals, small businesses, large corporations, institutions and governments. Based on its market capitalisation, they are one of the 20 largest financial institutions worldwide and in the top-10 in Europe.

Location: Netherlands, Belgium (+ South-West Europe)

Services: After occasional security consulting performed in 2003 to 2005 a European three- year framework agreement was signed for Infrastructure and Application Penetration Testing services, including Code Review.

Period: End 2006 and ongoing.

Most significant project:

Penetration Testing services for ± 1,200 connections to external environments (e.g. Internet, Trusted Third Parties…).

Objective: Assist them with the evaluation of the security posture and facilitate and support to achieve compliance with regulatory requirements.

Dimension Data has an impressive track record for delivering Security Consulting in

IT Security Governance, Risk and Compliance in different markets all over the world.

Security Consulting

07

5.1.3. Case: Large International Financial Services Company (Investment Management)

Client: This institution is a banking group dedicated to institutional and corporate clients. They are an Investor Services Provider with strong global presence (Europe, Americas, Asia) operating in the world’s top 10 financial services providers, and number one on the French market, with over €2,000 billion in depository/trustee-custody and €975 billion in administrated funds.

Location: Luxembourg, France, Germany

Services: Three-year framework agreement for penetration testing services.

Period: 2009 and ongoing.

Project description: Vulnerability Assessment and Management as a Managed Service; Internet Footprint Assessment; Penetration Testing of Internet and Internal Infrastructures, Web Applications and Databases; User Laptop/Desktops and Wireless Infrastructures.

Objective: Assist the client to implement a security assurance programme consisting of Governance, Risk and Compliance, Security Assessment and Penetration Testing services.

5.1.4. Case: European Institution

Client: Department operating as a service provider for the entire organisation, 80.000+ active network connections.

Location: Belgium, Luxembourg

Services: Governance, Risk and Compliance, Security Policies and Procedures, ISO27001 Gap Analysis

Period: 2009 and ongoing.

Project description: The project includes Vulnerability Assessment, Penetration Testing, Governance, Risk and Compliance Assessment (ISO27001 compliance audit), Security Policies and Procedures review and writing.

Objective: Assist the client with a large security audit and design of a successful long term Security Roadmap

5.1.5. Case: Global Intergovernmental Military Alliance

Client: The organisation constitutes a system of collective defence for its member states. The departments Dimension Data collaborates with include HQ IT Department and the Procurement Office.

Location: Belgium, Luxembourg

Services Security Awareness sessions and live hacking demos and execution of Web Application Penetration Tests.

Period: 2005 and ongoing.

Project description: Delivery of security awareness and training projects for the IT security administrators including presentations on current security trends and threats and live hacking demonstrations on a subsection of the customer’s Internet infrastructure.Execution of Web Application PenetrationTests on external facing applications.

Objective: Create awareness and assure the security posture of the external facing applications and systems.

For further information visit: www.dimensiondata.com/solutionsCS / DDMS-1251 / 01/13 © Copyright Dimension Data 2013

Security Consulting

For contact details in your region please visit www.dimensiondata.com/globalpresence

MIDDLE EAST & AFRICA

ALGERIA · ANGOLA BOTSWANA · CONGO · BURUNDI

DEMOCRATIC REPUBLIC OF THE CONGO GABON · GHANA · KENYA

MALAWI · MAURITIUS · MOROCCO MOZAMBIQUE · NAMIBIA · NIGERIA

RWANDA · SAUDI ARABIA SOUTH AFRICA

TANZANIA · UGANDA UNITED ARAB EMIRATES · ZAMBIA

ASIA

CHINA · HONG KONG INDIA · INDONESIA · JAPAN

KOREA · MALAYSIA NEW ZEALAND · PHILIPPINES

SINGAPORE · TAIWAN THAILAND · VIETNAM

AUSTRALIA

AUSTRALIAN CAPITAL TERRITORY NEW SOUTH WALES · QUEENSLAND

SOUTH AUSTRALIA · VICTORIA WESTERN AUSTRALIA

EUROPE

BELGIUM · CZECH REPUBLIC FRANCE · GERMANY

ITALY · LUXEMBOURG NETHERLANDS · SPAIN

SWITZERLAND · UNITED KINGDOM

AMERICAS

BRAZIL · CANADA · CHILE MEXICO · UNITED STATES

www.dimensiondata.com