Home Training Consulting NewsContact SACfIS  

Home | About SACfIS | Services | Training | Consulting | Intelligence | Events | Contact us | Career

Data has become the new currency of business. It moves across organisational and international boundaries and is exchanged for value. Imagine this data landing in the wrong hands and the massive information security breach that would occur in your company if it did. In overhauling the company’s data protection strategy, many managers ask the question, Should I invest information security dollars in buying new technology, in hiring a chief information security officer (CISO), or in administering awareness training for employees?

Information security is the methodology that is used to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. It pertains to the confidentiality, integrity, and availability of data in various forms (i.e., print, electronic, or other forms) and can be applied by any type of organization (i.e., corporations, financial institutions, hospitals, military, and governments).

We believe that the purely technical aspects of security are no longer the most important factor. Too many businesses thought they were protected just because they installed technical devices (firewall, IDS, IPS and etc…), which ended up being bypassed all together.

The key to security is elsewhere. "25 % of security is technical, 50 % is internal organisation, and 25 % is regulatory and legal.

It's like a three-legged stool, we need all three.

Businesses, then, need to make their employees aware of computer security and train them on the subject; employees are ‘vulnerable points.’ Companies need to set clearly defined IT/information security rules. Security managers need to be in close contact with general management. A company must also remember to keep its existing security procedures up to date.

SACFiS is information security advisory, research and executive skills development organisation established to provide optimal support in any possible situation of information security by implementing high level management-related solutions and protecting your important information assets from various emerging threats in cyber space. We are at the forefront of a war on cyber crime.


Many organisations do not know whether they are secure or not. They also do not know the valuable information they lose due to the lack of policy, procedure and guidelines as far as information security is concerned. CIS is committed to help you protect your valuable information assets. 
View our consulting services...

78% of security compromise is caused by human error. CIS is committed to empower your human resources through awareness, training and education to protect your organisations' valuable assets which is information.  Policy and technology we recommend are based on education.
View our comprehensive list of training programmes.

SACFiS is committed to extend its experts, experiences and resources with the community at various levels. Home users will be able to use our knowledge base section to be security conscious and protect their valuable information and their information systems.
We will also start cyber victim counseling services. If you are a victim of cyber crime email us. Some of you are calling and sharing your experience. We feel your agony and sometimes when you cry as victims we share your pain. We will fight back together....

Web are commited to continuous research of improving our capacity to help you protect your valuable information assets.




South African Centre for Information Security has the capability and expertise to provide the following services:

Programmes you could request for your inhouse training events:

- Information security awareness executive brief

- Implementing information security governance - holistic approach

- Information security training for your staff

- Cybercrime prevention strategies

- Developing information security wareness strategies

- Developing information security programme

- Mitigating insider threats to information and information systems

- Information warfare : towards corporate offensive defense

- Web application security testing

- Cyber crime economy - Local and global perspective

- Incident response and handling

- Business continuity planning

- Cloud computing security planning and implementation

- Information security risk management planning.

Executive talks...

  • Executive brief on current cyber crime business models, trends, intrusion and attacks
  • Wikileaks phenomena – perfect cyber crime model in the making and how to protect your organisation from getting wikileaked.
  • Cyber crime against Cloud computing and defense strategies. – make or break for adopting the cloud.
  • Detect and mitigate Malicious insiders’ threat to business - case of various sectors
  • Social networking as playground of cyber criminals – how to securely deploy the social media for business.
  • The growing threat of cyber espionage targeting nations’ and companies trade secrets.
  • Digital convergence and the escalation of social engineering attack vectors: Defending the banking sector from phishing, vishing and smishing attacks
  • Attack on human: Executive brief on emerging phishing, vishing and smishing attacks.
  • Legislative and jurisdiction challenges of cyber crime in South Africa
  • Offensive information warfare: Lesson from Shaka Zulu
  • Executive brief on Information Warfare-Clear & Present danger to Business
  • Executive management brief on emerging cyber and high tech crimes
  • The rise of malicious insider in the finiancial sector – Sector centred strategy for defending, detecting and mitigating the insider threat.
  • How secure is your Internet Storefront? Auditing Techniques for optimum Web Server Security
  • Information security governance – crystal clear guide for establishing governance.
  • Strengthening the weakest link in information security defense - Developing effective information security awareness campaigns for enterprise.
  • Who got my information - Planning and developing information access policy.
  • Baking security into the networking infrastructure
  • Strategic approach to basic Network Access Control
  • Data Loss Prevention
  • Data breaches and its consequences in South Africa (with the coming of POPI)
  • Why try to hack through someone’s security system when you can get a user to open the door for you? Social engineering perspective.



We provide our clients a phased approach to implement an organisational information security capability that is both business-driven and standards-based. Our methodology ensures that current industry best practices and best-of-breed solutions are used to develop a solid foundation for managing and delivering information security controls and activities within the enterprise.


Sound information security is the cornerstone of sensible corporate governance.



  info[at]sacfis.co.za | Home |Send Feedback