top of page

Compliance Services

Compliance

CyberTAN offers several compliance focused services including POPIA, GDPR and PCI-DSS. Data privacy, confidential information, financial data, intellectual property and many other forms of sensitive data are targeted by cybercriminals. Implementing the necessary controls, policies and procedures goes along way to managing this risk but is not enough. We must test, validate, verify, and maintain this posture to really have an impact. Our services are designed to improve your existing posture and reduce risk by using either a product, service or both. The choice is yours.

THE PROTECTION OF PERSONAL INFORMATION ACT (POPIA)

The POPI Act enforces the right to privacy and includes a data subject's right to be protected against any unlawful collection, retention, dissemination and use of their personal information.

Companies are required to receive consent from individuals before they can obtain, retain and process personal information for communication or any other purpose. The definition of "Personal Information" includes contact details, demographic information, personal history (Financial, Medical etc), as well as communication records to mention a few.

A greater understanding of the manner in which personal information is stored and processed is highlighted by the Act.  This means that the systems, processes and how logical and physical access is maintained and managed for the systems and areas housing personal information all need to be considered.

Protection of Personal Information requires extra vigilance in all aspects of physical and information security.  The POPI Act requires that a set of streamlined processes and systems must be established that can easily identify where personal information is stored, understand how this information is processed physically and electronically, who has access to this information, as well as for what purpose it is required.

How can CyberTAN assist?

Clients have the option of choosing one of several elements depending on the immediate requirements. These include:

1. General POPIA/GDPR Consulting

2. Gap assessments and Workshops - Self Assessments, Facilitated assessments, Gap Analysis Workshops

3. Templates (96 to choose from for POPIA and 80 for GDPR) - Governance, Incident Management, Third Party, Policies, HR, Customer/Internal templates, Frameworks, Cyber Standards and Controls and much more.

4. Implementation Services - Audits, Programme Manager, Project Manager, Change Manager, Legal, Analyst or Privacy SME

5. POPIA Training - Executive, Management, Project Teams or Bespoke

6. Implementation Planning - Workshops, Plans, Documentations, Internal Risk and Issue Logs

7. Compliance ToolKit - Baseline (Cloud Security Anywhere and Security Awareness Training) + Add-on's

8. Cyber Liability Insurance from participating brokers - we can put you in touch
 

CyberTAN Compliance ToolKit - baseline tools to improve data security

The CyberTAN Compliance ToolKit© (otherwise referred to as the POPIA ToolKit©) aims at addressing data security in a non-intrusive, cost effective way, focused on Principle 7: of the POPI Act. By combining two services as a baseline minimum this kit provides you with a starting point to address what we believe is "reasonable".  Ideally suited to SMME's, although not limited to SMME's, this kit can scale to the size of your organisation, budget, is flexible and offers access to several add-on options. Additionally, we have included access to Cyber Liability Insurance to provide you with a safety net since there is no silver bullet in security.

Principle 7 of POPIA essentially states that a responsible party must secure the integrity and confidentiality of personal information under its control by taking appropriate, reasonable technical and organisational measures to prevent loss, damage, unauthorised destruction, and unauthorised access to or processing of personal information. To facilitate this, the responsible party must take reasonable measures to identify all reasonably foreseeable internal and external risks to personal information, establish and maintain appropriate safeguards against the identified risks, regularly verify that the safeguards are effectively implemented, and ensure that the safeguards are continually updated based on newly identified risks.

What’s considered reasonable for one organisation may not be reasonable for another. This is especially true for businesses who have a limited understanding of POPIA/GDPR and how it relates to their business.

Regarding Data Security have you considered:
  • Policies and Procedures
  • Data Classification
  • Data Sovereignty
  • Separation of Duties
  • Other industry regulation and compliance standards as it relates to your business
  • Security Testing
  • Security Awareness Training
  • Data Life Cycle Management
  • Maintaining the status quo once compliant
  • Management accountability
  • Incident Readiness and Response
  • Third Party Management

Service 1: MANAGED SECURITY FOR ANY ENVIRONMENT. ANYWHERE.

Armor Anywhere is a managed, scalable security solution that protects Servers or Virtual machine instances hosted on public, private, hybrid or on-premise cloud environments. Installed at the OS level, Armor Anywhere is powered by an Intelligent Security Model and fully managed by a highly experienced security operations team (SOC) – providing real-time visibility into your security program and actionable threat intelligence.

We monitor customer environments for anomalies 24/7/365 by inspecting inbound and outbound traffic and responding to potential points of compromise. Offering an impressive 15 min notice to an Indication of Compromise and a free 2hr remediation support SLA.

Armor Anywhere is delivered through a light weight self-service package. Installing the virtual machine agent is quick, easy, scalable and delivers the service directly to your cloud infrastructure of choice.  Once installed, we provide managed security services by analysing every event and action through our threat analytics platform and in turn, we deliver actionable, validated security activity  through the management portal directly to you.

Intrusion Detection

Inspects anomalous traffic against predefined policies – detecting attacks like generic SQL injections, generic XSS attacks, DoS and generic web app effect

Continuous Threat Hunting

Proactive hunting within our data lake identifies threat actor activity not alerted to by our SIEM leveraging the research and expertise of Armor’s TRU team as well as threat intel from a variety of sources

Single-Pane-of-Glass Command and Control for Cloud and Hybrid IT Security

Provides seamless access and control through an easy-to-use platform that deploys in minutes, and delivers self-service capabilities, automation and Cloud Management API to eliminate security blind spots

Vulnerability Monitoring

Monitors external connection in the cloud to identify vulnerabilities gathered from intelligence of threat activity against specific ports and protocols

Brand and Reputation Monitoring

Monitors public and dark web for threat activity against our Armor customer base using a mix of automation and targeted threat research

Log Collection & Management

Captures, documents, analyzes and reports on all activity log events to determine validity and severity. View up to 13 months of log events for regulatory requirements

File Integrity Monitoring

Monitor critical OS files for changes that may indicate threat actor activity in your environment. By zeroing in on the changes that shouldn’t be occurring in your OS files, Armor makes it difficult for hackers to hide in your environment.

Vulnerability Scanning

Identifies risks to reduce your threat vectors and build a remediation plan based on vulnerabilities identified in the weekly audit report.

Malware Protection

Protects your environment from harmful malware and botnets deployed to capture your data, monitor your activity or leverage your servers for illicit activity

Patch Monitoring

Provides visibility into your environment to identify critical OS-level patches

Service 2: Security Awareness Training (SAT)

 

Create A Fully Mature Security Awareness Training Program

Effective security awareness training is hard. Today’s security awareness teams don’t have the support, time, or resources they need to be successful and/or are missing the skills and experience to effectively engage and train their entire organisation. 

Our solution is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform with thousands of active enterprise accounts. You finally have a platform to better manage the urgent IT security problems of social engineering, spear-phishing, and ransomware attacks and at the same time stay compliant with industry regulation like GDPR, POPIA, and PCI. 

With world-class, user-friendly, new-school Security Awareness Training, we give you self-service enrolment, and both pre-and post-training phishing security tests that show you the percentage of end-users that are Phish-prone. CyberTAN’s highly effective, frequent, "double-random" Phishing Security Tests provide several remedial options in case an employee falls for a simulated phishing attack.

Peers have rated our solution, 4.8 out of 5.0 at Gartner's PeerInsights.

Baseline Testing
We provide baseline testing to assess the Phish-prone percentage of your users through a simulated phishing, vishing or smishing attack. Test our platform yourself for 30 days.

Train Your Users
The world's largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.

Phish Your Users
Best-in-class, fully automated simulated phishing, vishing and smishing attacks, hundreds of templates with unlimited usage, and community phishing templates. 

See The Results
Enterprise-strength reporting. Both high-level and granular stats and graphs ready for management reports. We even have a personal timeline for each user.

“57% of organizations report that finding and recruiting skilled IT security personnel is a “significant” or a “major” challenge”.
Source: Money, Minds and the Masses: A Study of Cybersecurity Resource Limitations ”

3CT TBYC Hack 2880x1800_3.png
Download this free wallpaper

“The average cost per record breached is $141 (ZAR1,833) and $3.62million per breach (ZAR47mill).”
Source: 2017 Ponemon Institute Cost of a Data Breach Study

Optional Add-On Modules include:

  • Security GAP/Risk Assessment

  • File and Message Encryption

  • Anti-Fraud and Web Application Firewall

  • Incident Response Services

  • Endpoint Protection & Application Control

  • Security Testing & Vulnerability Management

Special Cyber Liability Insurance coverage.

Contact CyberTAN directly so that we can put you in touch with participating brokers.

bottom of page