Tier 1
Triage
Read‑only access to triage paths. First line of human response.
Augmenta Cyber Security Ltd is a private cyber security firm headquartered in Gaborone, Botswana. We were founded on a single principle: that security claims must be backed by evidence a regulator can read.
The cyber security industry trades heavily on opaque assurance. We do not. Every control we operate is identity‑bound, every privileged action is logged with an attributable user, and every secret is short‑lived.
Our clients receive a service that is not only effective, but explainable - to their boards, their auditors and to the regulators in the markets they operate in.
Our Cyber Security Operations Centre runs on a dual‑tier identity model: one hierarchy for platform administration and a separate, parallel hierarchy for CSOC operations. Segregation of Duties is enforced by explicit deny rules - not by convention.
Read‑only access to triage paths. First line of human response.
Adds analyst‑scoped paths. Escalation review and case ownership.
Broad read, with responder and operator paths. Explicit deny on administrative scope.
Full lifecycle ownership of CSOC platforms and detections.
Read‑only over triage and analyst tiers. May not also hold an auditor role.
Metadata‑only access. Sees that something happened - never the secret itself.
Every privileged action across our estate is captured in an HMAC‑keyed audit stream and shipped to our SIEM. Reads and writes are attributable to a user, a source address, a request path and a request identifier.
We run a weekly Segregation‑of‑Duties audit and a quarterly manual rotation cycle for change‑controlled accounts. The list of accounts, the cycle and the responsible role are all written down - not memorised.
| Static credential rotation check | Weekly |
| Segregation‑of‑Duties audit | Weekly |
| Audit log shipping health | Continuous |
| Manual rotation cycle | Quarterly |
| Raft snapshots, off‑host | Nightly |
| Disaster recovery rehearsal | Bi‑annual |
No application reads a credential from a configuration file. Every application authenticates via AppRole and pulls a short‑lived token. Database access uses dynamic credentials issued by Vault.
There is no shared analyst account. Human access is mediated by LDAP against Active Directory; AD group membership determines policy, not convention.
Every privileged action is logged with attribution and shipped off‑host. If audit logging fails, the platform fails closed.
Triage, alerting, credential rotation, and configuration audit are automated. Analyst time is spent on judgement; not on chasing tasks that a machine can do reliably.
We will happily share our governance framework, role‑to‑policy mapping and a sanitised audit log under NDA.