Cyber security, or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.
It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures. It is no longer a question of whether an organisation is hacked, but of how bad it is. Most experts agree that everyone is constantly being attacked, if only by automated ‘bots’ that infiltrate systems looking for weaknesses to exploit.
Most of the hacks and threats are not from detailed technical attacks, but from basic vulnerabilities, like users sharing passwords, social engineering, bad management of sensitive passwords, and other basic mistakes.
At EGRA, we assume that your organisation has anti-virus solutions, firewalls, and other mechanisms to stop attacks. What we focus on is to start with an overview of the organisation’s cyber security environment, which will give an indication to the directorate as to the overall status of their cyber security readiness.
A big and growing concern for organisations is the existence of something called ‘Shadow IT’. This is a term often used to describe information technology systems and solutions built and used inside organisations without explicit organisational approval. It is also used, along with the term ‘Stealth IT’, to describe solutions specified and deployed by departments other than the IT department. Because these systems are not managed by the IT department, and sometimes have access to the normal IT systems, potential hackers can exploit a number of security vulnerabilities. The identification, existence and management of such systems should be of high priority for any cyber security exercise. We can assist an organisation to identify these systems and ensure that the management of it is returned to the formal IT department.
At EGRA we provide a service of evaluating an organisation’s exposure and IT security vulnerability. A formal review can be conducted to determine the extent of a possible weakness in your organisation’s environment.
Reviews are based the ISO 27K series.
082 887 1770