2. Content
Background
Your requirements
Our Promise
About Afrik Santa Cruz
Our differentiating factors
Our key clients
Team experiences
Quality assured
Clear and continuous communication
Our team and affiliates
Contact details
Annexure I – Our methodology
Annexure II – Why you need cybersecurity
Annexure III – Service Catalogue
3. Afrik Santa Cruz is an indigenous engineering
service company with affiliates in Africa, Americas
and Asia. It offers wide range of services in the
petroleum, housing and IT sectors.
It is managed by highly experienced professionals
focused on tailored engineering solutions for
optimum customer satisfaction.
About us
Highly practical and advanced hybrid delivery
model.
Strong delivery capability to take on any complex
project as far as it is cybersecurity related.
We prefer holding hands to shaking hands.
Cybersecurity solution is our main focus.
Theory of change
We are a true local company but with our global
reach, we offer a very high level practical
experience, know-how, contacts, and
confidentiality.
Reasonably priced fees commensurate with high
quality delivery.
Professional delivery as would be expected of a
large multinational.
Value proposition
Our goal is to change the engineering landscape in
the Sub-Region by bringing, well-thought-out,
innovative and expert driven solutions to our
clients.
ASC aims to be an emerging market leader in
engineering services. This is evident in its strategic
alliance with top firms like, Alphabet Energy
International and WaterFX, Tectonas Softsolutions
etc.
Mission
Background… know us better…
4. Your requirements
You require a firm with not only demonstrable skills and experience in your sector,
but also the ability to deliver seamless information security system and business
support services that match your development plans;
You also want a solution provider that operates on a professional and personal level
resulting in solutions tailored to your needs. While we operate in an environment
that demands honed technical ability and a degree of formality, arising from the
professional standards we observe, we regard ourselves as a flexible and responsive
team that has client relationships at its heart; and
You need cybersecurity solution relevant for tomorrow's environment
You want experts who know their trade/specialty and are sincere about projects that
do not fall within the bounds of their capabilities.
5. Our Promise
Our professionalism is demonstrated in our;
Commitment; our management and staff are absolutely committed to client
satisfaction. We are dedicated to the provision of unique, quality and distinguished
client services. We do this by channeling our best resources to meet clients’ needs.
Understanding; our approach to services is driven largely by our ability to obtain a
clear understanding of our clients’ specific needs. Our philosophy is to provide only
services beneficial to our clients.
Support; our unique strength lies in drawing on a pool of specialists worldwide to
supplement skills unavailable at specific locations to ensure total client satisfaction.
Efficiency; we provide services by riding on efficiency in a co-operative environment.
6. About Afrik Santa Cruz Ltd (ASC)
ASC is a Ghanaian company that provides expert services by localizing international engineering solutions…
To make life easier, it is a well-documented fact that humans are altering the usual ways of communicating
at all scales and unprecedented rate. For this reason, everyone is a major stakeholder in the cyberspace.
Enterprises rely on IT infrastructure to expand operations and enhance productivity. The increasing reliance
on IT systems brings about many challenges from sophisticated IT support system requirement to
increasing IT spending. To tackle these problems ASC adopts an innovative and no-nonsense engineering
centered approach to solving problems.
IT security can be defined as data breach/loss or reduced information system workflow that can adversely
affect the achievement of organisation’s objectives.
IT security issue can be both internally and externally generated. Unlike time past, security issues these days
are fueled by economic reasons. When greed overtakes need, it spells trouble. These can stem from corrupt
employees to shady investors seeking ways to exploit information systems for their advantage.
7. About Afrik Santa Cruz (cont…)
Increased dependence on IT will only enhance the risks of doing business. In today’s world, IT security
risks are not few. The reason companies so often fail to systematically manage these risks is rooted in the
way they define and manage them.
ASC has strong alliance with companies in the US and India to meet IT infrastructure problems. Together
with its affiliate partners, ASC has a team of more than 130 dedicated and highly trained systems
engineers who work on Kernel level modules, Mini Filter drivers, File Systems Drivers, Network drivers to
deliver easy to use and highly secure systems.
We are staffed with qualified professionals viz. BSc, CA, ACCA, CS, CISCO, CISSP, CISA, CRISC, and MSc etc.
8. About Afrik Santa Cruz (cont…)
Products & Services
Our product portfolio encompasses the following broad services;
Under the above broad services, we proffer more than 25 specific cyber security related services. These
explicit solutions are tailored suit clients’ environments.
Our comprehensive service catalogue which spells out service deliverables is available upon request
(Refer to appendix II for the abridged version).
• Secure Remote
Management
• Data Leak Protection
• Forensic and Security
• Patch Management
• Vulnerability assessment
• IT Infrastructure
Management
• Desktop Monitoring
• Asset Management
• Change Management
• Green Management
• Firewall
• IPS
• Anti-Virus
• Content Filtering
• Surveillance System
Management
9. Our Differentiating Factors
• Value for Money
• Strengths in relation to Business Model and Objectives – Track Record of Ethical Practice
• Unique combination of international, senior, hands on industry experience, across all areas of
requirement
• Building enduring relationships with all our clients as trusted business partner
• Strengths in relations to requirements – Track Record in geographical, Professional and Business
areas
• Adding value to client and protection their business is paramount
• Strength in relation to Implementation Plan – Track Record in geographical, Professional areas
Our highly analytical team will help:
• Protect applications implemented on your IT systems
• Protect your data or system’s ability to function
• Enable safe collection and usage of data
• Safeguard technology assets in use
12. Quality Assurance
Quality control and quality management is of paramount importance
Our team is sufficiently resourced through our rigorous ethical values to develop and deliver quality
services to our clients. Criminal background checks are conducted on employees by the Criminal
Investigation Department of Ghana Police Service.
Personnel adhere to standards of Integrity, Independence, Confidentiality and Objectivity.
Our professionals are required to attend business specific continuing education courses, internal and
external industry trainings.
CONTINUOUS IMPROVEMENT
Quality
culture
Analysis
&
Planning
Our operating policies are based upon and are fully
compliant with International Standards.
In addition, there is a Quality Review Programme which
ensures that our review process is in compliance with
documented policies and procedures.
Quality performance reviews are an integral component
of our system of quality control.
Delivery
Measure
Results
HRM
Processes
Order
13. Clear Continuous Communication
We are well aware of your confidentiality requirements hence we are committed to maintaining strict
code of confidentiality.
Our firm policy requires that affairs of clients be confidentially kept at all times.
At ASC, open and honest communication is a Core Value. Our experience leaves us in no doubt that a
successful relationship is based on trust and candid, proactive communication.
Regular and open two-way communication is fundamental to all aspects of our services. As an initial
priority, we will agree with you the Communication Plan for all our key meetings. This will help ensure
there are formal and informal opportunities for all key stakeholders to be kept informed on issues of
importance.
14. Our Team Credentials
BradleyPate
International Director – Afrik Santa Cruz
Accomplished Petroleum Engineer and a businessman.
More than 33 years Project Management and Petroleum Engineering
More than 25 international experience in every continent except Australia and Asia.
Led Projects with budget exceeding US$700 million
JohnSelorm
Principal – Afrik Santa Cruz
Accomplished Chartered Accountant.
Strong IT background and worked with top accounting firms in the world on client systems.
Worked with clients in a wide variety of industries including trading, retail and consumer goods, NGO,
manufacturing and banking and finance. Major clients include banks, investment companies,
manufacturing organizations etc
15. Our Team Credentials
CharlesKane
Chief Information Officer – Afrik Santa Cruz
Highly experienced IT professional
Over 13 years in IT resource management experience
Managed Information System’s projects on oil fields in Ghana, Cote D’Ivoire, Sierra Leonne etc.
Harvard college trained with diverse IT skills and professional qualification including; CISA, Red hat os/mail,
web, satellite operation and installation, Cisco CCNA etc.
PerryGreene
Principal Consultant – Santa Cruz Energy
Highly accomplished IT security professional with experience across various industries in USA.
More than 11 years information security and compliance experience
Strong in vendor audits on ISO27001 and 27002 control and other compliance frameworks like COSO,
COBIT, NIST, ISO etc.
Professional trainings include; six sigma, Cisco CCNA, CISSP, CISA, VMWare, Qualys, Archer, Qradar, CRISC,
MCP, Arcserv, SAP PCI HIPAA SOX etc.
16. Our Team Credentials
ShrutiPundalik
Chief Consultant – Santa Cruz Energy
Accomplished IT security professional with experience in India and USA across various industries.
Designed and implemented effective and efficient projects similar to Uber booking systems
Conducted architecture and interface design on the admission system for University of Baltimore, Maryland
and other projects such as Bitcoin.
Professional trainings include; Matlab, Keil Uvision, Verilog, Khazama, CodeVisionAVR, C++, C, PL/SQL, Eagle
5.6, Multisim etc.
ManaChuri
Chief Consultant – Santa Cruz Energy
Highly experienced IT security specialist with experience in India and USA across many industries.
Worked with Dell on security system projects including managing and mentoring different teams.
Worked as an engineer at CISC Source responsible for remote on-site engineers etc.
Professional skills include; Kerberos, SSL, IPSec, IDS, IPS, Firewalls, Application Proxy, Wireless Security,
Cisco CCNA, CCNP Routing & Switching, DHCP, DNS, Cisco CCNA, CCNP Routing & Switching, DHCP, DNS,
C++, C, Python etc.
17. Partners Credentials
JoachimNessere
Chief Consultant – Afrik Santa Cruz
Highly skilled IT security trainer and consultant.
Served as the IT security training consultant for GIMPA, IPMC, Zentech Ghana etc.
Designed and implemented advanced server infrastructure across different systems
Professional accreditations include: Novell Certified Linux Administrator , Net IQ Identity, security etc.
expert, MSPRP member, IAMCT Member etc.
RajeshTripathy
CEO/COO – Tectonas Softsolution
Accomplished IT security engineer and a businessman.
Established and run IT security company in India for the past 17 years
Executed large IT security infrastructure solutions across Asia, Africa and the United States.
Developed IT security software across key industries in India, Asia etc.
18. Contacts
Afrik Santa Cruz
2nd Fl00r Chataeu Dieu,
Adenta, Estate
Accra, Ghana
Phone: +233 208 703 344
john.selorm@afriksantacruz.com
Santa Cruz Energy
124 Dickens Dr
Coppell, Texas 75019-2104
United States
Phone: +128 170 019 139
Bradley.pate@santacruzenergy.com
Afrik Santa Cruz
Abidjan, Cote d’Ivoire
Phone: +255 045 728 04
Charles.kane@afriksantacruz.com
info@afriksantacruz.com
www.afriksantacruz.com
THANKS
20. Our Methodology
Our methodology is comprehensive and systematic which focuses on meeting
clients’ organisational objectives. We fully recognise the need to provide
assurance on your system stability.
The key benefits of our approach are:
o Comprehensive & systematic;
o Focus on areas considered as potentially & most likely to lead to breach in
data or system malfunction;
o Our procedures are based on project planning techniques, including the use
of automated processes and document templates, and the agreement of
objectives, timetables, responsibilities and careful resource planning;
o The focus of our reports are to generate constructive and value added
advice; and
o Identifies performance improvement and cost reduction opportunities
Understanding
Your Business
Risk
Assessment
Planning
Field Work
Critical Issues
Reporting/
Implementation
21. Our Methodology (Cont..)
UNDERSTANDING THE BUSINESS
Our top-down risk-based approach ensures that the focus is on the issues that are of greatest importance
to you and that we are in the most appropriate position to respond to them. Our system audit starts with
a detailed understanding of your industry and business.
Our approach is based on a top-down examination of the key drivers and system workflow of your
business. The output is a balanced picture of how the company interacts with customers and external
industry forces. We consider the implications of this analysis and use it to identify significant risks.
We use industry specific business models to gain information on:
• industry background including major players, regulatory changes and trends,
• risks and drivers,
• geographic issues,
• descriptions of business processes,
• benchmarks and best practice and
• system risks.
22. Our Methodology (Cont..)
RISK ASSESSMENT
In order to run your business, you develop processes in IT systems to manage the factors that drive performance and
help meet your objectives. We focus on those processes and systems to help yield meaningful results. This phase of
our work enables us to obtain information on the processes supporting the achievement of the company’s goals.
STRATEGY AND PLANNING
Based on the understanding of a client’s business we devise a strategy. We then develop detailed programs to
improve and guard your systems.
FIELD WORK
The work flows from strategic planning and risk assessment. The key element is to review and test the high level
controls embedded in your processes, as significant weaknesses in your key processes could cost, both in terms of
data loss and reputational damage.
REPORTING AND IMPLEMENTATION
We identify and discuss all critical issues with management. We then determine whether the Company’s system
stability meet our expectations. We provide report and any other deliverables to management.
23. Our Methodology (Cont..)
Our focused IT audit methodologies and tools also help to evaluate and test whether the Company’s
information systems are configured for data integrity, are secure and are effectively managing the
business needs. Our highly skilled business and IT personnel help identify aspects of IT that pose the
highest risk to the Company.
We then conduct a systematic, detailed review of those areas in which we:
o identify appropriate IT control objectives that map to key business processes;
o identify relevant IT policies and procedures and/or industry IT standards; and
o evaluate the design of controls and test whether they are in place and operating effectively.
24. Our Methodology (Cont..)
METHODOLOGIES
• Continuity management
• System capabilities & availability
• Back and recovery
• Data storage
• Network penetration testing
• Information security assessment
• Enterprise security architecture &
integration
• Ongoing monitoring
• Process documentation
• Control risk analysis
• Control & design implementation
• Project risk assessment
• Quality assurance
• Project management methodology
• Programme management processes
25. Our Methodology (Cont..)
INTELLIGENT USE OF TECHNOLOGY
Technology is only one component of an integrated approach that combines methodology, knowledge and
technology into our tailored service to you. We deliver our system audit services using a fully automated
audit software. This software is designed specifically to integrate knowledge management into the audit
process. Technology can never be a substitute for face-to-face communications and we continue to rely on
meetings with management to identify, resolve and communicate issues.
Technology
Knowledge
Methodology
27. Why you need cybersecurity
In today’s global, digital world, data rule. Many of our daily activities involves data paths. Safeguarding
intellectual property, financial information, and your company’s reputation is a crucial part of business
strategy.
Cybercrime has become a big business. Cybercrime is costing the global economy up to $450 billion
annually and it is expected to exceed 1 Trillion by 2020 (Report by Hamilton Place Strategies).
The report also warns that “if you’re in business today, it’s nearly a guarantee you’ll be hacked at some
point over the next couple of years”, which makes these findings all the more significant.
The TRUTH IS, YOUR DATA HAS PROBABLY BEEN BREACHED WITHOUT YOUR KNOWLEDGE…you will only
be confronted with the consequences in the future.
IT security is about defense in depth. Providing such a security involves physical security as well as a well-
designed network, control over the users and processes on the host itself, and regular maintenance.
28. Why you need cybersecurity (Cont..)
Some cyber threats your organisation maybe exposed to without cybersecurity include:
Categories of Threat Examples
Deliberate software attacks Viruses, worms, macros, denial-of-service
Technical software failures or errors Bugs, code problems, unknown loopholes
Technological obsolescence Antiquated or outdated technologies
Deliberate acts of information extortion Blackmail of information disclosure
Deliberate acts of espionage or trespass Unauthorised access or data collection
Compromises of intellectual property Piracy, copyright infringement
Acts of human error or failure Accidents, employee mistakes
Forces of nature Fire, flood, earthquake, lightning
Deliberate acts of sabotage Destruction of system or information
Deliberate acts of theft Illegal confiscation of equipment or information
29. Why you need cybersecurity (Cont..)
Some attack replication vectors your organisation maybe exposed to without cybersecurity include:
Vector Description
Web browsing If an infected system has write access to any web page, it makes all web content files
(.html, .asp, .cgi, etc.) infectious, so that users who browse to those pages become
infected.
Simple Network
Management Protocol
Attacking program gaining control of a device due to widely known and common
password employed in early version of protocols.
Virus Infection through common executable files through virus code
Mass mail If an infected email runs through an address book, infected machine infects many
users. Subsequently, mail-reading programs also automatically run the program and
infect other systems.
Unprotected shares Using vulnerabilities in file systems and the way organisations share configure them,
the infected machine copies the viral component to all locations it can reach
IP scan and attack The infected system scans random or local range of IP addresses and targets any of
several vulnerabilities known to hacker from previous exploits such as Code Red,
Back Orifice, or PoizonBox.
31. Service Description When to be Proposed to
Customer/Client
Activity
Incident Tracking and Audit Customer has had a major cyber-security
incident where they may have had data
loss, data corruption or systems not
being available to the
users/customers/partners
Investigate incident and provide
Survey Reports for; affected
users and systems
Cyber Security Audit
Customer wants to implement Cyber
Security Policy as per their defined
Policies in the organization.
Survey of;
• End Points (PCs),
• Servers
• Network Equipment
• BOYD Patterns
• Shadow IT
• User Behaviour
Service catalogue
32. Service Description When to be Proposed to
Customer/Client
Activity
Cyber Security Policy Rollout Customer wants to implement Cyber
Security Policy as per their defined Policies
in the organization.
• IT Systems Survey
• End User Training
• Delivery of Audit Systems
Cyber Security Policy Creation
Customer has no Cyber Security Policy and
wants to start new.
• Detailed Survey of IT Systems
• Identify IT & User Control Points
• Identify Compliance Check
Points
Forensic Audit Customer has no idea of their current
Cyber Security Posture or if they are
compromised or not compromised.
• Log Analysis
• ID Presence of internal/external
malicious agents
• Forensic analysis to assess if IT
systems are compromised or IT
system availability analysis
Service catalogue (Cont…)
33. Service Description When to be Proposed to
Customer/Client
Activity
Cyber Defence Integration Customer has many cyber defense
systems like anti-virus, firewalls etc. And,
these systems are not working in an
integrated manner.
• Integrate disparate systems to single
Dashboard
• Identify Cyber Security Chock Points.
Firewall Induction.
Client does not have a firewall and wants
to implement a firewall.
• Identify make and model of Firewall that best
suits the Clients needs. Acquire, install and
commission the firewall.
Firewall Review and
Configuration
Client has an existing firewall and has
performance and security issues.
• Capacity/Performance of the firewall.
• Check firewall addresses i.e. security +
performance needs of the client.
• Upgrade, changes and recommission the
firewall.
Service catalogue (Cont…)
34. Service Description When to be Proposed to
Customer/Client
Activity
Intrusion Prevention
System (IPS) Induction.
Client does not have a IPS and wants to
implement a IPS.
• Identify make and model of IPS that best
suits the Clients needs. Acquire, install and
commission the IPS.
IPS Review and
Configuration.
Client has an existing IPS and has
performance and security issues.
• Identify make and model of Firewall that best
suits the Clients needs. Acquire, install and
commission the firewall.
Firewall Review and
Configuration
Client has an existing firewall and has
performance and security issues.
• Do a capacity + performance of the IPS, and
check whether the same IPS addresses the
security + performance needs of the client. If
yes, identify changes to IPS configuration.
Upgrade the changes and recommission the
IPS.
Service catalogue (Cont…)
35. Service Description When to be Proposed to
Customer/Client
Activity
Patch Management
Induction.
Client does not have a Patch
Management and wants to implement a
Patch Management.
• Identify make and model of Patch
Management that best suits the Clients
needs. Acquire, install and commission the
Patch Management.
Patch Management
Review and Configuration.
Client has an existing Patch Management
and has performance and security issues.
• Do a capacity + performance of the Patch
Management, and check whether the same
Patch Management addresses the security +
performance needs of the client. If yes,
identify changes to Patch Management
configuration. Upgrade the changes and
recommission the Patch Management.
Proxy Induction. Client does not have a Proxy and wants
to implement a Proxy.
• Identify make and model of Proxy that best
suits the Clients needs. Acquire, install and
commission the Proxy.
Service catalogue (Cont…)
36. Service Description When to be Proposed to
Customer/Client
Activity
Proxy Review and
Configuration
Client has an existing Proxy and has
performance and security issues.
• Do a capacity + performance of the Proxy,
and check whether the same Proxy addresses
the security + performance needs of the
client. If yes, identify changes to Proxy
configuration. Upgrade the changes and
recommission the Proxy.
Singly Sign-on (SSO)
Induction.
Client does not have a SSO and wants to
implement a SSO.
• Identify make and model of SSO that best
suits the Clients needs. Acquire, install and
commission the SSO.
SSO Review and
Configuration.
Client has an existing SSO and has
performance and security issues.
• Do a capacity + performance of the SSO, and
check whether the same SSO addresses the
security + performance needs of the client. If
yes, identify changes to SSO configuration.
Upgrade the changes and recommission the
SSO.
Service catalogue (Cont…)
37. Service Description When to be Proposed to
Customer/Client
Activity
Anti-Virus Induction. Client does not have a Anti-Virus and
wants to implement a Anti-Virus.
• Identify make and model of Anti-Virus that
best suits the Clients needs. Acquire, install
and commission the Anti-Virus.
Anti-Virus Review and
Configuration
Client has an existing Anti-Virus and has
performance and security issues.
• Do a capacity + performance of the Anti-
Virus, and check whether the same Anti-Virus
addresses the security + performance needs
of the client. If yes, identify changes to Anti-
Virus configuration. Upgrade the changes
and recommission the Anti-Virus.
Data Loss Prevention
(DLP) Induction.
Client does not have a DLP and wants to
implement a DLP.
• Identify make and model of DLP that best
suits the Clients needs. Acquire, install and
commission the DLP.
Service catalogue (Cont…)
38. Service Description When to be Proposed to
Customer/Client
Activity
Data Loss Prevention
(DLP) Review and
Configuration
Client has an existing DLP and has
performance and security issues.
• Do a capacity + performance of the DLP, and
check whether the same DLP addresses the
security + performance needs of the client. If
yes, identify changes to DLP configuration.
Upgrade the changes and recommission the
DLP.
Threat Intelligence
System.
Client has existing Security Policy and
Audit Framework and wants pro-active
Cyber Security Threat Information.
• Security Posture Study of the Organization
and Business Vertical.
• Complete capability assessment of Key Cyber
Security Team.
Ransomware Mitigation Client perceives that they can be
targeted or other peer organizations of
the client have been targeted using
Ransomware.
• IT Systems Survey
• User IT usage profile
• User Critical Data/Process Survey
Service catalogue (Cont…)
39. Service Description When to be Proposed to
Customer/Client
Activity
Vulnerability Assessment
and Penetration Testing
Client wants to have a regular
Vulnerability Assessment and Penetration
Testing done of their IT Infra-structure..
• IT Systems Survey.
• Network Survey
Service catalogue (Cont…)
Thanks