INFORMATION SECURITY & RISK CONSULTING
EJCKonsult (Pty) Ltd (2019/512500/07) is a consulting and managed services company specialising in bespoke information security services, with the aim to assist small to medium enterprises determining and improving their security posture.
RISK ASSESSMENTS
Vulnerability assessments and penetration testing
SECURITY ARCHITECTURE
Services related to the design of security policies, standards and patterns
MANAGED SECURITY SERVICES
Continuous vulnerability scanning, threat intelligence and indicator of compromise monitoring
TRAINING
Information security training to technical and C-level audiences
SECURITY ARCHITECTURE
Security architecture services include both the design of security frameworks, and security solutions, to enable a security capability.
​
It also includes cloud security architecture review and optimisation. Cloud platforms provide many possibilities to expedite the rollout of a service to customers, but the cloud is not secure by default. It still requires careful design considerations, and we can assist where these issues are concerned.
RISK ASSESSMENTS
Risk assessments can be divided into two areas: Penetration testing / Vulnerability Assessments, and ISO27001/NIST type cyber maturity assessments.
​
Penetration Testing
We can perform non-exploitive vulnerability assessments, or a classic penetration test (ethical hack, white-hat assessment) to simulate the actions hackers would take to attempt to bypass security measures and defences.
Penetration testing include web application assessments as well as infrastructure assessments including remote access devices, perimeter security appliances and social engineering.These services can also be offered on a continuous basis.
​
Cyber maturity assessments
Utilising frameworks as provided by NIST, ENISA and BSI(ISO27001), it is possible to determine if your organisation has the foundational capabilities to prepare and defend the organisation against cyber related threats. The assessment is usually a desktop walkthrough of capabilities, taking into account the type of business and associated threat models.
​
MANAGED SERVICES
Security vulnerabilities often get exploited due to operational failings. Unnecessary open ports, outdated software, easily guessable passwords and unused but active Internet facing devices, still contribute greatly to successful attacks taking place.
​
To tackle this problem, clients can sign up by means of a monthly retainer where the client's Internet facing end-points and domains are monitored for vulnerabilities, and then brought under the attention of management. This will include remediation advise or risk mitigation recommendations.
​
Attack surface reconnaissance
This plays a big part in this service. We continuously assess your IP and domain space for new hosts, or typo-squats or similar. The basic premise here is that if you don't know what you have, how can you protect it?
TRAINING
Cyber security training is tailored to either speak to a management level audience, or technical role players.
​
Training topics include:
​
1. Conventional / current cyber security concerns (and not the type evangelised by vendors) which are seen by the industry as the actual threats companies should be concerning themselves with.
​
2. Day to day security management tasks IT system administrators can perform to identify security vulnerabilities in their environment.
​
3. OSINT training - open source intelligence utilisation is a low effort but highly effective method to either predict a possible attack on an environment, or to identify possible areas of weakness. Teams will be trained in how to search for evidence of interest and put the results to good use when consuming OSINT sources.