Information security

A Mobius service line

The Mobius Consulting approach to Information security aims to ensure that organisations manage the following aspects of their information:

  • Confidentiality – ensuring that information is not disclosed to unauthorised individuals or systems.
  • Integrity – ensuring that data is complete, accurate and valid and cannot be modified without detection.
  • Availability – ensuring that the information is available when needed.

Mobius Consulting utilises best practice frameworks such as ISO27000, COBIT, and National Institute of Standards and Technology (NIST) as well custom-developed Mobius frameworks, methodologies and tools to contextualise any risks that the organisation may be facing and to enable us to develop holistic solutions incorporating the governance, management, people, and technical aspects of information security.

Our focus is on building information security governance that is fit-for-purpose and information security processes that include the appropriate artefacts and technology in order to be efficient, effective, and sustainable.

Our core information security services include:

  • Information security gap assessment and remediation roadmap development
  • Information security governance design
  • Information security policy and procedure design
  • Vulnerability governance
  • Structured and unstructured data discovery
  • Provision of outsourced information security management and personnel
  • Information security training and awareness

Read our fact sheets:

Mobius Information Security gap assessment and roadmap v4.0

Mobius approach to security awareness v1.0

Cybersecurity testing and improvement service

Given that new vulnerabilities are discovered on a daily basis it is essential that organisations have an adequate technical vulnerability testing capability to test web sites and web applications on a frequent basis. Once identified, an effective vulnerability management capability is required to ensure that vulnerabilities are remediated and root causes (such as insecure coding practices or an ineffective patch management process, among others) are addressed. Failing to address vulnerabilities in a timeous manner allows an attacker a window of opportunity to exploit vulnerabilities, resulting in an increased risk of the information systems being compromised. The Mobius service incorporates both the technology and people aspects of cybersecurity and aims to test and improve organisational cybersecurity capability.

Read-our fact sheet here: Mobius CyberSecurity Testing and Improvement v1.0

The Mobius Approach to Vulnerability Governance

A vulnerability is a weakness in an IT system or network that could allow an attacker to exploit the system to compromise the integrity, availability, or confidentiality of the environment and data. These vulnerabilities are the source of constant scrutiny given the exponential increase in breaches, which can be associated with poor vulnerability management on the part of organisations. One of the key focus areas of vulnerability management is conducting vulnerability assessments by running vulnerability scans and performing penetration tests against the organisations key applications, databases, operating systems and networks.

Read our fact sheets:

Mobius approach to vulnerability governance v1.0

Mobius approach to Web application penetration testing training v1.0

Cyber Security – Where should you start?

Cybersecurity is increasingly in the spotlight with daily media reports of organisations that have been hacked by cyber criminals. Not only is the number of hacking incidents increasing, but the net effects on organisations are worsening. A report by the Centre for Strategic & International Studies estimates that cybercrime in South Africa is costing the country approximately R5.8 billion a year.
No organisation can afford to ignore these risks any longer. Organisations must be in a position to not only understand the risks, but to also muster the knowledge and resources required to protect the organisation against cyber-related threats. Management and business leaders must understand the concept of cybersecurity, the associated risks, and how to effectively protect against cyber-related threats.

Download and read our white-paper: Mobius Cybersecurity whitepaper v1.0

Data discovery

The adoption of King III, compliance with the Payment Card Industry (PCI) standards and pending Protection of Personal Information (PoPI) Act have created further need for organisations to know where their data is stored (discovery), what type of data they process (classification) and ensuring that all data is adequately secured.

Organisations are dependent on their data for decision-making and operations and hence need to ensure that data is protected from risks such as theft, digital extortion and leakage.

Mobius Consulting follows a structured and phased approach for data discovery, while remaining flexible to specific client requirements.

Read our fact sheet: Mobius approach to Data discovery v1.0

The Mobius Approach to Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard aimed at the protection of credit and debit card data. The data stored on credit and debit cards, commonly referred to as cardholder data, can be used to perform fraudulent card transactions in the event it is disclosed to cybercriminals. The Mobius Consulting approach to PCI-DSS Compliance is focused on helping clients understand how to become compliant, preparing for compliance, understanding changes required, understanding the costs involved and implementing sustainable solutions for ongoing compliance.

Read our fact sheetMobius approach to PCI-DSS compliance V1.0

Mobius Incident Management: A Focus on information security and privacy incidents 

The need for appropriate management of information security and privacy incidents (“incidents”) has not been clearly articulated in organisations, leading to inability to identify and manage incidents as effectively as possible. Mobius recognises the need for alignment of this specialised form of incident management to existing processes within the organisation and has defined a lifecycle that caters to this need.

Read our fact sheet: Information Security and Privacy Incident Management v1.0