Zimbani supported the Internal Audit function of our client, to provide assurance over the enterprise information security/cyber-security control environment. We worked collaboratively with Internal Audit resources to provide deep information security expertise to validate the information security maturity, information security risk posture and strategic alignment.
The outcome resulted in a comprehensive set of actions and recommendations to uplift and improve our clients efforts in the effective management of the Information Security function and Risk posture.
Zimbani performed discovery and baseline of our clients Identity & Access Management environment. We produced the IAM Strategy, IAM Reference Architecture and IAM Business Architecture. Zimbani performed design and implementation enhancements to the Identity & Access Management stack as system integrator.
Financial Services – Major Retail Bank
Zimbani provided Security Domain expertise and steerage for Analysis and Design Phases of Data Security and Threat & Vulnerability Management outcomes for the Security transformation Program of work.
Deliverables include security architecture responsibility across:
- Executive and Board Portal
- Secure Third Party Information Exchange
- Application Communication Hardening
- Data Declassification
- Data Loss Protection
- Internal Certificate Authorities
- Key Management & Encryption
- Advance Malware Protection
- Perimeter Email
- Security Information & Event Management
- Encrypted Information Monitoring
Zimbani initially produced a base line discovery report focused on the identity and access management space; from this work Zimbani have also produced the reference architecture refresh, business architecture and test automation strategy. This work all aimed at providing cost effective platform stability and scalability. Zimbani is now actively engaged in uplifting parts of the IAM platform services, and have deployed an IAM environment manager to spread the usage of automated deployment and testing to each non-prod environment.
National Insurance Company
Zimbani was engaged to assist our customer to streamline the internal project consulting capability. Zimbani developed project SDLC process documents, a series of repeatable patterns for projects to consume and a standardized project engagement tool that provided projects with estimates of security effort required on projects and a dynamic set of project security requirements.
National Energy Company
Zimbani provided independent penetration testing services. These include testing the security configuration of a new SaaS HR application, SuccessFactors, conduct a baseline security assessment for the Billing Application and its supporting infrastructure and LPG market public website, to name a few. The Zimbani testing approach, using a variety of specialist commercial and open source tools (automated), combined with years of experience within crossdomain security disciplines, and practical methodologies (manual) allowed us to provide real, tangible and usable information to secure their systems.
Our client needed a way to automatically administer and protect their privileged accounts and administrator passwords for two of their core business applications. The University wanted a way to not only protect the identities against unauthorised use, but streamline the process of issuing and revoking special privileges and rights. Zimbani was engaged to design and implement CyberArk’s Privileged Access Management solution to deliver this capability.
In its implementation, Zimbani helped refine and create a common definition of privileged identities as well as augmenting the University’s processes for utilising CyberArk as the enterprise platform for securing, managing, automating password changes and logging of activities associated with privileged accounts. Zimbani also facilitated the articulation of monitoring use cases for their security.
Event monitoring platform which resulted in the identification of 200+ logging events to form a complete audit trail of privileged activities for the two key business systems, including requests, accesses, retrievals, policy application, and reset processes.
As part of the growing EA function, Zimbani provided security architecture and solution expertise to meet the objectives of enterprise architecture, information security maturity and strategic transformation. Working closely with the other EA domains, security operations and the greater IT services body, Zimbani resources developed information security strategy, reference architectures and technology roadmaps for the university’s information security platforms.
The solution architectures of several new security platforms were developed by Zimbani resources. In addition to enterprise and solution architecture functions, Zimbani resources provided on-going controls advisory and security risk assessment to delivery projects, accelerated by a newly-developed security architecture engagement tool. Zimbani also provided internal education & awareness of privacy and data protection obligations particular to the education industry.