Simphiwe Security ConsultingBUSINESS DAY FOCUS 4.0
About Simphiwe Security Consulting
SIMPHIWE SECURITY CONSULTING (PTY) LTD. (SS-CONSULTING) is a Black-owned consultancy company based in South Africa that specialises in strategic and technical consultation in the field of Information Security, Governance, Risk and Compliance.
OUR COMPANY is built on the assumption that the enterprise technology landscape is forever changing and this presents challenges of ensuring that Security, Governance, Risk and Compliance is well entrenched within business processes, systems, products and infrastructure. When it comes to Information Security, Governance, Risk and Compliance; we believe that there is no single “silver bullet” approach to all company challenges.
All companies are unique in their own right, as such, we strive to acquire an in-depth understanding of our clients’ business objectives, goals and
vision in order to ensure that our solutions do not only support critical business initiatives, but are also an enabler to our clients’ business objectives.
SS-CONSULTING therefore provides customised on-site consulting services and assistance in the assessment of business risks, key business requirements for security and the development of security policies and processes. Our on-site consulting services include comprehensive security architecture assessments and design (including technology, business risks, technical risks and procedures).
IT GOVERNANCE, RISK AND COMPLIANCE (GRC) is often cited as one of the top 5 issues companies have to address. Due the complex nature of the industry and statutory regulations and the constantly changing threat landscape, most companies struggle to keep abreast with the regulatory landscape as well as dealing with the complexity of GRC.
This is further exacerbated by the shortage or lack of human resources to manage the GRC function. With SS-Consulting services, it is possible for companies to achieve their business objectives without sacrificing on their security and compliance requirements.
OUR SERVICE OFFERING is driven by an ethos to deliver proficient, pragmatic and practical solutions to our clients to meet their business needs and to ensure that the solutions are commensurate to our clients’ risk profile. Our consultancy services are aimed to secure our clients’ information and intellectual property from accidental leakage or theft by internal resources or cyber-attacks. Our services include:
SECURITY TRAINING AND AWARENESS
We offer security training and awareness in the following
security domains: Protection of Personal Information Act (POPIA)
Compliance; and PCI-DSS Compliance
SECURITY ASSESSMENTS AND AUDITS
- Conduct security audits on OS/390 and z/OS mainframe operating systems.
- Conduct security assessments on SCADA environments.
- Conduct security audits on SQL, Oracle DB, SAP HANA, SAP ERP, AS400, Windows and UNIX/AIX platforms.
- Conduct security assessments using ISO27001, COBIT5, NIST Framework, etc.
- IT General Controls Review (ITGC)
MANAGED VULNERABILITY SERVICES AND PENETRATION TESTS
This service includes monthly or quarterly vulnerability scans using PCIapproved scanners and reporting. Network penetration tests (goal-driven) and exploitation of vulnerabilities, including a report indicating possible security exposures and recommendations for improvements.
SECURITY ARCHITECTURE SERVICES
Assist clients with the design and architecture of a myriad of security solutions such as firewall systems, intrusion prevention systems (IPS), “breach detection” systems, web content filters as well as integration of various security central management solutions such as Anti-virus systems, data leakage prevention (DLP) systems, Virtual Private Networks (VPN), “Strong” (two-factor) authentication systems and Public Key Infrastructure (PKI), Trusted Endpoint Security Solution, Network Access Control (NAC) and Security Information and Event Management (SIEM).
Assist clients in achieving the following compliance requirements: PCI-DSS compliance and/or certification; ISO27001 compliance and/or certification; and PoPI Act compliance.
Using both the Azure and AWS platforms, we assist our clients with migration to cloud services, including DC Migration, Cloud Management, Office 365 and Microsoft 365 deployment. Various other Cloud services such as Cloud Backup are also offered.
INFORMATION SECURITY POLICY DESIGN
The design and documentation of risk-based information security policies and related operational procedures and secure configuration standards for each platform.
NETWORK INFRASTRUCTURE MANAGEMENT
SS-Consulting provides an array of IT infrastructure management products and services to help organisations to efficiently implement and manage next-generation IT solutions while leveraging legacy computing infrastructure investment.
Information is the currency of the 21st century. As the world’s economies become increasingly “digital”, companies of all sizes are becoming aware of the fact that to truly benefit from their investment in IT, organisations need to ultimately derive business information from their IT systems.
Such business information can be used to identify marketplace opportunities and facilitate better business decision-making. We, at SS-Consulting, understand the necessity of proficient deployment of IT solutions and make sure that our clients have what they need to run their businesses with maximum efficiency and reliability.