Governance, privacy and trust
We serve as the government’s strategic partner in research, development and innovation, ensuring legal and regulatory compliance in managing the country's cyber risks. We take a holistic approach and provide a range of specialised governance, risk and compliance services.
Contact information:
Highlights
The National Cybersecurity Hub addresses cybersecurity threats in South Africa
The Cybersecurity Hub is now able to take down phishing websites, whether hosted locally or internationally, that violate the privacy rights of South African citizens. This follows the Hub obtaining membership of the Forum of Incident Response and Security Teams (FIRST) in 2022. FIRST is an international organisation that fosters cooperation and coordination in incident prevention and stimulates rapid response to incidents. The membership facilitates collaboration with other local and international computer security incident response teams to coordinate and tackle complex cybercrimes, which have traditionally been challenging. The Cybersecurity Hub was established by government at the CSIR in 2015 to address cybersecurity threats.
Legislated personal information management made easier
The CSIR has developed a compliance assessment tool to assist companies in determining their current state of compliance with the Protection of Personal Information (PoPI) Act, 2013 (Act of 4 of 2013), which regulates the collection, processing, storage and use of personal information by organisations in South Africa. The tool is web-based and provides simplified compliance requirements and includes a multi-level quality assurance process. It also provides regulatory compliance maturity rating and can generate executive summary reports of compliance, including benchmarking against organisations in the same sector.
Our capabilities
Our capabilities and services cover a range of advisory services, products and skills development. These include:
Cybersecurity strategy development – Ensuring clients have future-proof strategies aligned with industry standards and best practices
Governance oversight – Establishing governance structures and committees to provide strategic oversight on the cybersecurity programme
Data governance – Ensuring clients have customised data governance strategies and fit-for-purpose data governance frameworks aligned with modern data governance principles
Policy audits and compliance – Developing policies, operating procedures and guidelines based on research and evidence, aligned with industry standards and best practices
Data protection, privacy and trust – Safeguarding sensitive information while preserving privacy, trust and compliance in data-centric operations
Cyber risk and threat assessment – Performing assessments of risk and threat exposure to identify the current state, target state, gaps and provide expert recommendations
Cybersecurity maturity and posture assessment – Assessing and determining the maturity of defence capabilities and overall cybersecurity posture
Audits and assessments – Conducting risk-based cybersecurity audits, including privacy impact assessments and data protection impact assessments
Security education, training and awareness – Designing and delivering cybersecurity education, training and awareness programmes to improve the profile of cybersecurity teams and enhance employee cyber hygiene
Architecture and engineering – Designing cybersecurity capabilities and processes, tailored to various verticals and sectors, including the interconnected environments of information technology and operational technology within organisations
The Cybersecurity Learning Factory – A modular, customisable, self-service cloud-based education platform for upskilling cybersecurity professionals
Cloud security readiness assessment toolkit – A web-based solution providing self-assessment capabilities to measure an organisation’s readiness to move operations or workloads to the cloud safely and securely