Data security and analytics

Data security and analytics

Our experts prevent, detect and respond to cyber threats and attacks. In addition to a monitoring role, we support clients with incident response and disaster recovery. 

Data security and analytics

Contact information:

Muyowa Mutemwa
Research Group Leader
@email

Tendani Malumedzha
Business Development and Commercialisation
@email

Highlights

ID Systems on a mobile device

A security operation centre for the City of Johannesburg

The CSIR built an on-site, turnkey security operations centre for the City of Johannesburg to help proactively protect its assets and respond to cybersecurity incidents. The organisation has also assisted the city in strengthening its information and communication technology (ICT) environment against cyber threats. Since its establishment, the city has been able to detect and investigate thousands of malicious activities targeting its ICT infrastructure and networks, ranging from attempted logins attempts to deliberate attacks. The security operations centre has successfully investigated numerous digital forensic cases at the city's request and provided recommendations.

Our capabilities

We follow the United States National Institute of Standards and Technology (NIST) framework as a guideline for our cybersecurity approach. This framework focuses on identifying, protecting, predicting, detecting, responding and recovering from threats. Our policies are based on the NIST SP 800-137 for security operations centres and NIST SP 800-1 for incident management frameworks. 

Organisations that suffer a cybersecurity breach can call on our computer security incidents response team. The team helps organisations quickly understand the breach, contain the incident and recover. In the longer term, the team supports organisations in building cyber resilience.  

We have also established our Virtual Cybersecurity Operations Centre (VSOC), a remote facility that monitors, prevents and manages critical cybersecurity threats in real-time, 24/7.  Our VSOC team has developed methods and techniques to automate security monitoring using the latest technologies. Team members hold certifications from Microsoft, Splunk, Fortinet, EC-Council, CompTIA, (ISC)2, ISACA and others. 

Our capabilities include:  

  • Governance, risk and compliance: Governance policies, gap analysis​, standard operating procedures​, tabletop exercises, cyber resilience planning and cloud strategy reviews

  • Cybersecurity awareness: Training for executives and senior managers, cybersecurity awareness workshops​, CSIR-developed training tools (EduCyber)​, screensavers​, newsletters​ and general awareness activities

  • Security management services: Configuration, deployment and maintenance of firewalls, internet proxies, email gateway​s, endpoint detection response, extended detection and response, security orchestration, automation and security information and event management tools

  • Digital forensic investigations: Investigations involving network infrastructure, security infrastructure, computers, emails, mobile devices and internet-of-things systems

  • Risk assessments​: Using our home-grown tools and techniques

 

Our team of cybersecurity specialists includes analysts in the cybersecurity operations centre, digital forensic experts, systems engineers and cybersecurity auditors who perform risk assessments. They also provide disaster recovery and business continuity advisory services.