Everything is connected,
The first line of Cyber Defense is YOU, So ask Yourself, Are You Ready?
Cyber Defence Centre
Our Vision
We have a purpose-driven strategy that is to enable Private and Public Sector Organisations of Africa to become part of the world’s top leaders in the Adoption of Level 1 Cyber Defence Technology and Services. In addition, we provide training that unearths talent with actual hands-on Cyber Defence skills with the world’s top Practical Professional Learning Programs.
What Drives Us
We are a team of Information Security and ICT Experts with over 100 years combined experience in Business, Technical, and Skills Enablement backgrounds, brought together by a single vision, to enable Africa become world contenders in Cyber Defence within the Fourth Industrial Revolution.
Expertise
Our accomplished team enables us, at ACEC, to demonstrate a vast and in-depth knowledge of industry standards, benchmarks, and best practices that ensure the best solution is offered to our clients. Each consultant is a noted and published expert in their respective fields. Information security and operational risk consulting, advisory and skills enablement are the key focus areas of our practice.
ACEC SOC Consulting and Advisory Services
Business Continuity Management/ Disaster Recovery Plan
Business Continuity Management (or a Disaster Recovery Plan) is a set of frameworks governing the operation of the business management requirements and regulatory processes. In case of an emergency, an organization is able to respond quickly to ensure that critical business functions continue without disruption. Organizations are highly dependent on the Internet and networking, thus, traditional backup and recovery plans can no longer guarantee continuity of business operations. A business continuity plan is created based on business processes, thereby helping an organization to establish a more coordinated safety management system. Business continuity plans help organizations deal with risk and adjust automatically to ensure continuous business operation.
Forensic services
Computer Forensics is a technique to examine, analyze, extract, and preserve evidence to determine or identify suspicious/fraudulent events from a digital storage device that can be presented in a court of law. ACEC helps clients to understand how an intrusion took place and who should be responsible for the intrusion by utilizing admissible evidence found in computers or any digital storage media that pertains to the case. Cybercrimes have increased rapidly due to the evolution of computers and mobile phones. Forensics services are highly recommended and, quite honestly, necessary after an intrusion event takes place.
It allows the organization to learn how the intrusion occurred, what the damage is, and who the intruder might be. ACEC has a ready and fully prepared forensics team able to perform an investigation based on the victim organization’s needs including (but not limited to) mobile forensics, computer forensics, and digital forensics.
Security Incident and Event Management (SIEM)
Security Incident and Event Management (SIEM) & Security Operations (SOC)
Revenue Assurance
Revenue assurance as a service is often undertaken by the telecommunications sector to improve profits by analyzing the data quality and improving the process:
- We understand that the client is experiencing revenue leakage as a result of Telecom fraud and revenues will be impacted at increasing levels.
- The client’s board, audit committee, and senior management would like to address these issues immediately.
- The client would like to engage a partner to evaluate possible risks and fraud schemes (such as international call bypass, SIM card cloning, and other operational areas) and implement remediation actions.
- ACEC provides the client with a highly qualified team of telecommunications and fraud experts.
Software license compliance
Software license compliance is a process to identify and audit software and software licensing that is installed within an organization in order to assure that all of them are compliant and genuine. Managing software assets within an organization can be difficult due to the increasing sophistication of software licensing agreements and also a lack of software license management guidelines and standards. Most organizations are unaware of what software is installed in their machine and this can lead to multiple layers of exposure.
This is especially true for large organizations that have hundreds of machines in their organization; it is very hard for these organizations to keep track of the updates for their software and licenses. Software Asset Management or Software License Compliance provides a single, integrated view of installed software in order to allow a one-to-one reconciliation between usage and purchase/license records. A software licensing audit is an efficient and cost-effective approach to improve software or software license distribution in an organization; at the same time, it protects an organization from copyright issues (from a software company).
Cloud Security
Cloud computing is a technology that provides storage on a computer’s hard drive, which allows a user to access or process the data anytime, anywhere, and on any machine. This technology became ubiquitous because it is simple to use and provided a convenient way to share information. Cloud-computing security refers to the methodologies and frameworks to secure the data, applications, and infrastructure of cloud computing.
Secure Software Development Lifecycle
A programmer usually follows a software development lifecycle to create software. The secure software development lifecycle is a structured way of taking security into account during each development phase while building software. Preventing security flaws from the beginning of the development stage is important in order to ensure a software application is well developed. Secure development entails the utilization of several processes, including the implementation of a Security Development Lifecycle (SDL) and secure coding. We provide a risk measurement method for software security vulnerabilities and integrate it into a client organization’s risk management program. A client organization will be prepared to react adequately to emerging internal and external threats; guidelines will be provided for customized mitigation solution prioritization.
Secure Code Review
Critical business applications are often in an attacker’s crosshairs as an attack vector. A client’s business applications store and manage a lot of valuable information. Secure code review is the process of finding weak security gaps in the source code of an application and remediating them. Client business applications store and manage a host of valuable information. By performing secure code reviews, security flaws can be identified and remediated. From a compliance perspective (such as PCI-DSS), it is mandatory to perform a source code review before launching the product. We adopt a tailored approach to extensively review a client’s business application to ensure that requisite security controls are deployed and tested.
Vulnerability Assessment and Penetration Testing
Vulnerability assessment and penetration testing is a technique to protect your organization against external and internal threats by identifying the security threats. It is an on-demand activity, and we offer a broad range of network infrastructure, web applications, and mobile application security assessment services designed to detect and gauge security vulnerabilities. We have a unique, flexible approach that can be tailored to fit into the client’s operating environment and goals most effectively and efficiently.
Data Privacy
Data-privacy regulatory compliance is one of the most challenging issues faced by an organization. We have identified that data privacy and security concerns are involved in the information-security management lifecycle. Personal identifiable information and the confidential data of an organization are the most valuable and risky assets for any business. In a fast-changing environment, keeping up with the data-protection laws and increasing security breaches is vitally important. IT departments, boards of directors, and management are more focused on securing data. We can help in developing, maintaining, and communicating the data-privacy strategies to ensure their data is complaint in most effective manner possible.
Identity Access Management
In a constantly changing information technology environment and with the rapid adoption of business models (such as SaaS, PaaS, Cloud, BYOD, etc.), major security challenges in an organization about whether the right users have access to intellectual property, networks, or resources of a company have emerged. We provide identity and access management services to ensure that the right personnel gets the right resources the right way and for the right reason. Enterprise IT infrastructure has become relatively commonplace as the role of IT systems has become increasingly important. Moreover, when an organization implements a bring-your-own-device (BYOD) policy in the workplace, each of the employees may have more than one device; this makes managing the services and devices more difficult for administrators. Effective identity and access management systems can help the organization to manage all devices, as well as mitigate security risks posed to an organization and ensure that the organization stays compliant.
ISO 27001 Advisory
In today’s businesses, information systems play a pivotal role in their operations. With that comes a variety of information security risks that may impact an organization’s ability to compete. The Information Security Management System (ISMS) is a structured approach to maintain confidentiality, integrity, and availability of an organization’s information assets. The ISO 27001:2013 standard is the world’s leading standard adopted by organizations for the implementation of ISMS. ISO 27001 is a comprehensive and structured set of standards and guidelines for organizations that not only helps to ensure the business security risks are managed cost-effectively but also helps to establish, implement, operate, monitor, review, maintain, and promote the organization’s information security management system. This also gives partner organizations and customers greater confidence to present your business.
Managed Security Services
Managed security services refer to a service to outsource and manage security issues of network devices and systems such as firewalls, intrusion detection systems, intrusion prevention systems, antivirus software, virtual private networks, and so on. Threats for an organization are increasing rapidly. The right skills to mitigate risks are expensive, budgets are inflexible, and business operations can create risks if the security is not properly handled. ACEC can help in solving the challenges faced by an organization. Every organization’s risk management functions are stretched thin or are not fully equipped for today’s challenges. This impacts businesses from a financial, customer, regulatory, and brand standpoint. In order to get ahead, organizations need to restructure their risk management program and align them with the organization’s vision.
Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standards are a set of policies and standards used to protect and secure business involving online banking transactions––thus preventing online fraud and loss of a cardholder’s sensitive personal information. We help clients to understand and implement standards to protect their payment system from data breaches. Online payment is getting more and more common as enterprises utilize online payment systems, which bring convenience to the public and to the online consumer market. By providing secure online payment to customers, enterprises must implement security controls to protect cardholder and payment information. If payment information is leaked, it can create a huge loss for the cardholder as well as the organization’s reputation, brand, and image. We can help by providing a PCI data-security audit to ensure that your organization’s payment system is secure––thus garnering trust from customers with their sensitive payment card information.
Training
We provide security training to employees in a client organization. Human error has always been the primary reason or main contributing factor in disasters or accidents. By conducting security training, security awareness can be increased simultaneously. End users are often the weakest link and the last line of defense in preventing information security incidents. Insider threats are the most dangerous as they have privileged access to internal systems. Training and security awareness programs tend to be reactive in order to address the key organizational risks. Training and security awareness programs are one of the best ways to mitigate human error in regard to information security (which is costly). This can help employees understand information asset protection, information security best practices, and how to be a secure computer user.
IT Risk Assessment
Information Technology Risk Assessment is a methodology that reviews the possible threats and risks posed to your organization. Organizations perform IT risk assessments to identify, assess, and change their security posture to enhance their operations and fend off attackers. The main priority is the security of critical data. Risks and threats to an organization increase daily. To ensure the security of all the sensitive data is protected, IT risk assessment helps in evaluating the areas of weakness, loopholes in the system, and the necessary steps that should be taken by an organization to safeguard themselves. We combine the best practices and standards (along with our methodology used globally) to identify assess, evaluate, and manage the risks.
Cyber Security Posture Assessment
Cyber-security posture assessment refers to a methodology that transforms and enhances an organization’s risk management capabilities. By performing a cyber-security posture assessment, a client organization will have a clear view of the security status and possible security threats within the organization can be identified. The majority of organizations are highly dependent on the Internet and networks to run their daily business. However, most of them are unaware of the security issues that might result in an attack (from outside or from within). Customer information, the organization’s private and confidential data, intellectual property, and information assets might leak out to the public––thereby resulting in huge financial losses and damage to the organization’s reputation. In order to measure the overall cyber-security maturity of the organization, an independent expert assessment of the current state of its information security environment is conducted against global standards and leading industry practices. It is followed by remediation of the identified gaps and the development of a roadmap for transformation.
Security Strategy and Transformation
Security strategy and transformation refers to the establishment of a security strategy based on the client’s business strategy, which ensures that the information systems within the client organization are safe and secure from any intrusion that would cause damages to the organization. Security strategy and transformation will be built to meet the client organization’s cyber-security vision. Security strategies involve both cyber security and information security merged with organizational controls. Cyber-security strategy is always aligned with business strategy not only to maximize the revenue but also to protect the organization’s assets as well as its reputation. Employees may bring their own devices (such as a smartphone, tablet, or laptop) to the workplace and connect to the Internet. New complicated threats and attackers emerge every day. With security strategy and transformation, your organization’s software assets and intellectual property will be protected alongside your reputation.
IT Governance
IT governance emphasizes Information Technology Systems, their risk management, and its performance. It ensures that the investments made on IT yield fruitful results, which mitigate IT-associated risks and threats. We can help an organization to align IT governance with the business strategy to achieve maximum efficiency out of Information Technology Systems by implementing strategic goals. Business transformation is the key to new business models in both sectors (public and private). With an evolving business strategy, IT design must also evolve, creating the potential for risks that could lead to the disruption of an organization’s operations. IT governance helps in balancing the risks and the adoption of the industry’s best practices in order to have more control over ensuring regulatory compliance.
Our solutions are tailored to integrate with any infrastructure
We‘re on a mission to reduce the risk of cyber threats and make digital life safer.
Our team of cybersecurity experts monitors the threat landscape to intricately understand the latest adversary tactics.