GRCBizassurance has a proven track record with our clients. Our customers are blue chips in South Africa in the telecommunications sector, financial sector and public sector.
Our major projects:
Major Telco 2015
Security programme assurance: Provide guidance to this major telco’s Security Function on the 2015/2016 Security Projects to be rolled out the telco’s Africa operations i.e. identity and access management, database security, security reporting, network security, application security
Security architecture assurance: Oversee that the Architecture Designs are in compliant to this major telco’s security policies, and sound security architecture and controls
Security readiness assurance: Provide independent security readiness sign off of systems to go live based on the telco’s Africa operations rollout plans for 2015/2016
Security framework assurance: Track ISO27001/2 Capability Maturity
Vulnerability management programme: Maintain a scheduled, standardized, repeatable Vulnerability Management Programme
Policy compliance assurance: Automate standardized, repeatable Policy Compliance across this major telco’s systems rollout. This is key to monitoring this major telco’s security posture and policy compliance of systems that are in the Production Cluster (FIX, Pre-Prod, Prod and DR)
Security reporting: Provide scheduled, and standardized, repeatable Security Reports, Vendor Compliance Reports, and Policy Compliance Reports based on defined security KPIs (e.g. Top 20 critical security controls, ISO27001, NIST 800-53, Center for Internet Security, COBIT)
Security incident assurance: Oversee security incidents and events in this major telco
Audit preparation: Provide guidance and oversight on this major telco’s preparation for internal and external audits e.g. IT General Controls based on COBIT 5
Major Telco 2014/2015
Assisted this major telco on their global shared services programme in these areas: Information Security Function Accountability for this major telco’s Security function accountability; Implementation of Security Incident & Event Management, Intrusion Detection & Prevention, Firewall Analysis, Identity and Access Management, Database Encryption, Database Audit/Activity Monitoring
Major Metropolitan Municipality 2014/2015
Designed the enterprise perimeter and network security architecture, and the enterprise application security architecture, and enterprise data security architecture to be implemented. Provided oversight on the implementation of these end-to-end security architecture designs.
Major IT Service Provider to the South African Retail Sector 2014/2015
Penetration Testing and QualysGuard PCI vulnerability assessment of the In Scope PCI Systems in major IT Service Provider to the South African retail sector. Oversight of the use of QualysGuard PCI vulnerability assessment as the PCI Approved Scanning Vendor. This ensured that this major IT Service Provider to the South African retail sector could be PCI certified by their QSA.
Online Business 2014
Web application and malware security assessment of specific government web sites managed by this major online business, using QualysGuard.
Major Telco 2014
Assisted this major telco on their global shared services programme in these areas: Master Data Management and Data Migration using Oracle E-Business Suite
Major Telco 2014
Assisted this major telco on their global shared services programme in these areas: Service Delivery Management and Organisational Change
Major Telco 2014
Assisted this major telco on their global shared services programme in these areas: Project Management of UAT, BI, Data Warehousing, and Enterprise Asset Management using Oracle E-Business Suite
Major Metropolitan Municipality 2013/2014
Assisted the IT Infrastructure team to optimize the IT Network Operations Centre. Provided technical oversight and assurance of the implementation of the technical security Policies across all security tools, and technical oversight and assurance of the implementation of network operations management and security tools, as well as provides technical oversight and assurance on IT threat and vulnerability management, and technical policy controls, and technical oversight and assurance on Disaster Recovery Plans and Tests.
Major IT Service Provider to the South African Retail Sector 2013
PCI Gap Analysis of this major IT Service Provider to the South African retail sector.
Retailer’s Online Business 2013
Review of the treasury and switching systems using QualysGuard in this retailer’s online business operations.
Major Metropolitan Municipality 2012
Assisted to raise the information security practices, and successfully assist the IT Department in this client to address the majority of the Auditor-General audit findings in this period. Assist on several areas in stabilising and optimizing the IT systems environment, such as disaster recovery, firewall rules, internet services, Active Directory, Exchange and security tools. Assisted the IT Infrastructure team with their IT reporting, and IT service management capabilities. Conducted with a detailed security assessment of this Major Metropolitan Systems Environment, using QualysGuard.
Major Telco 2012
Technical IT risk review of this major telco’s Trade Partner IN Business Systems environment using QualysGuard. In this exercise, the QualysGuard outputs on the information and systems security risks, threats and vulnerabilities served as input into this major telco’s Enterprise Risk Framework. The key deliverable was a Business Risk and Impact Report on the Trade Partner IN Business Systems environment, and recommendations to maintain and effectively manage the IN Business Systems.
Broadband Service Provider 2012
Detailed architectural design of security architecture for connectivity, voice, and data centres services. Detailed implementation, quality assurance and security architecture design.
Broadband Service Provider 2011/2012
Security and governance review of their IPv6 broadband network. Security Framework design using ISO27001/2. Ongoing technical security assessment using QualysGuard.
Major Manufacturer 2011
Plant control and manufacturing execution systems security review and improvement plan.