Protection of Personal Information (POPI) Act 4 of 2013
King IV Report on Corporate Governance
Pentest (Penetration Testing)

A penetration test, colloquially known as a pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data,[1][2] as well as strengths,[3] enabling a full risk assessment to be completed.

The process typically identifies the target systems and a particular goal—then reviews available information and undertakes various means to attain the goal. A penetration test target may be a white box (which provides background and system information) or black box(which provides only basic or no information except the company name). A penetration test can help determine whether a system is vulnerable to attack if the defenses were sufficient, and which defenses (if any) the test defeated.[4][3]

Security issues that the penetration test uncovers should be reported to the system owner.[5] Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce risk.[5]

The goals of a penetration test vary depending on the type of approved activity for any given engagement with the primary goal focused on finding vulnerabilities that could be exploited by a nefarious actor and informing the client of those vulnerabilities along with recommended mitigation strategies.[6]

Penetration tests are a component of a full security audit. For example, the Payment Card Industry Data Security Standard requires penetration testing on a regular schedule, and after system changes.[7]

Flaw hypothesis methodology is a systems analysis and penetration prediction technique where a list of hypothesized flaws in a software system are compiled through analysis of the specifications and documentation for the system. The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw actually exists, and on the ease of exploiting it to the extent of control or compromise. The prioritized list is used to direct the actual testing of the system.

 

Source : WikiPedia

Ethical Hacking

The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.[1] Ethical hacking is a term meant to imply a broader category than just penetration testing.[2][3] Contrasted with black hat, a malicious hacker, the name comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively.[4]

White-hat hackers may also work in teams called "sneakers",[5] red teams, or tiger teams.[6]

 

Source : WikiPedia

Information Regulator

THE INFORMATION REGULATOR (SOUTH AFRICA) IS AN INDEPENDENT BODY ESTABLISHED IN TERMS OF SECTION 39 OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013. IT IS SUBJECT ONLY TO THE LAW AND THE CONSTITUTION AND IT IS ACCOUNTABLE TO THE NATIONAL ASSEMBLY.Â

THE INFORMATION REGULATOR IS, AMONG OTHERS, EMPOWERED TO MONITOR AND ENFORCE COMPLIANCE BY PUBLIC AND PRIVATE BODIES WITH THE PROVISIONS OF THE PROMOTION OF ACCESS TO INFORMATION ACT, 2000 (ACT 2 OF 2000), AND THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT 4 OF 2013).

Source : South Africa

IR Strategic Plan
POPI Guideline

 

Source : ESET

Measuring Financial Impact of IT Security on Businesses

 

Source : Kaspersky

CyberCrime

Cybercrime.org.za is an awareness portal intended for informational purposes. The site provides access to relevant and trusted local and international resources aimed at educating individuals at all levels. The site also features help for reporting suspected activities. Cybercrime.org.za is part of an independent, non-commercial initiative borne out of the needs identified over this past decade for pooling resources to address the criminal exploitation of ICT in South Africa and Africa at large... ISC AFRICA

Source : Cybercrime.org.za

Mobile Security Report 2018

 

Source : iPass

General Data Protection Regulation (GDPR)

After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 - at which time those organizations in non-compliance may face heavy fines.

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site.

 

Source : EU GDPR

GDPR Checklist

 

Source : AlienVault

ePrivacy
ePrivacy - EU