Assurance that your organisation is protected
Traditionally, assurance has been associated only with IT products and systems composed of hardware or software and referred to as “product assurance” or “system assurance.” It is now recognised that to address a wider range of risks, there is a need for assurance of other security objectives such as a security service, process, personnel, organisation or other environmental factors.
Assurance may be sought by the stakeholders of IT systems who have assets at risk in IT systems. Therefore, the determination of an acceptable assurance method and level of assurance may be required/and or influenced by the stakeholders. No two organisations are alike, meaning there is no standard template to follow. You have to understand the business needs of your organisation, define and map security requirements based on the business needs, collect relevant metrics, and measure your success.
Our Assurance Offering
PCI FORENSICS
(PFI & PFI LITE)
Risk X conducts post-incident cyber forensic investigations for compromised payment organisations – to improve intelligence, ensure containment and advise on remediation to prevent re-occurrence. Risk X is amongst a handful of companies authorised by the PCI SSC and the Payment Brands to investigate breaches of payment card data across South Africa.
CYBER INCIDENT RESPONSE
Our Cyber Incident Response service minimises the impact of a cyber incident on your organisation by reducing downtime and losses – operationally, financially and to your organisation’s reputation and brand. Our service is offered on a 24/7 basis and underwritten by a service level agreement appropriate to the size, geographical location and complexity of your organisation.
PENETRATION TESTING
Risk X follows a customised testing framework aligned with the NIST-SP 800-115, The Open-Source Security Testing Methodology Manual (OSSTMM) and OWASP penetration testing frameworks.
DATA FORENSICS
Risk X provide data forensic service for the identification, preservation, analysis and documentation of electronic data for judicial purposes while maintaining data integrity of our client.
