Cyber Security and Advanced Data Analytics Services

Do you spend money for a penetration testing service and get an ICT security review?

Don’t pay for a Toyota V8 and be given a Toyota Kikumi. Even if both cars can work, one has more advanced functionalities and security features than the other. When it comes to Cyber Security Risk Assessments, it is easy to get substandard work instead of what was agreed due to knowledge gaps. Below are common loss points, many Banks make and lose money.

Service requested and proposed Service actually delivered Loss to client in terms of substandard service
Black Box (external) Pentest to assess threats of external hackers. ICT general security review of website against OWASP standard. Public facing IPs and domains are not examined fully. No proof of exploit is provided. No proof of existing vulnerabilities is shown. Client gets ‘theoretical’ finding against ‘best practices even findings and recommendations are abstract
White box (internal) Pentest to assess threats of internal hackers. You want to assess extent insiders with privileges on your network can escalate their privileges and compromise security (confidentiality, integrity and availability) General ICT security review against ITIL/ ISO 27001/COBIT/ COSOII etc. You are given a generic report without clear specific exploitable vulnerability and practical fixes. Same as above

No practical internal domains and IPs are assessed from a hacker’s point of view. Includes data analytics to test adequancy of your financial controls in your core system.

Service requested and proposed Service actually delivered Loss to client in terms of substandard service
IT Governance reviews a 360 degree review of the state of your IT Governance to provide assurance to the key stakeholders of the state of your IT governance to drive strategy and deliver stakeholder value. Basic IT governance review covering few areas from ISO 27001/ ITIL? COSO II, They recommend improvements that are not practical and necessary which may require you to pay monthly to invest in areas that are not really value adding to the business.

You need a test that involves data analytics, IT governance review and regulations agreed upon procedures for Bank level security with clear IT to strategy alignment.

We recommend our clients to start with a black box (external) pen test where you (the client) only disclose to the pen tester your public IPs or website domain and other similar resources that are assessed publicly. That is all needed for a complete external professional with no knowledge about you to attempt to compromise your system in a secure manner.

Download the  Project Frontlines Report for your review. To talk to us call Ojilong Ronald on +256776070487 or email ojilong@summitcl.com.

 

Leave a Comment