Q. Why information security? What is the motivation to buy security services?
A. The mass media are full of news about security breaches and data leakages. Security processes and solutions are required by the regulations, such as PCI DSS and HITECH/HIPAA. The incompliance can lead to serious sanctions. Even if the company is not subject to a security regulation or standard, the security compliance and best practices are competitive advantages. Cyber-health is analogous to physical health, so it is always better to prevent a disease than to heal it.
Q. What is the motivation to buy a technical security assessment service?
A. Technical security assessment is the best way to find out the current security status of customer's infrastructure. Technical security assessment is useful for risk assessment. Risk assessment is extremely important for clarifying and substantiating the security budgets and activities. The internal personnel cannot perform the independent security assessment objectively, so a competent third party is the best choice. Finally, the security assessment service is a security service, so you can also use the previous answer.
Q. What is the difference between information security audit, review, assessment, and penetration testing?
A. Penetration testing is an assessment of technical and/or socio-technical security. In our context,
security assessment are synonyms.
Security assessment is a more official term. Security audit or review usually cover more strategic layer, such as process compliance, and can include the technical security assessment part. Sometimes,
security audit is used as a synonym for
security assessment. In some cases,
audit means security event logging.
Q. Is hacking legitimate?
A. The term
hacking is ambiguous. The terms
computer crime and
security assessment are more accurate.
The difference and the key point is the customer's permission.
If the owner of the target object gives the written permission, it is legitimate to make security assessments.
Q. Why should we trust you?
A. Our certifications require only legitimate actions and ethical behaviour. You can verify our certifications at the respective independent international certification organizations. Read more about us because this is important.
Q. Who are your clients?
A. Our clients are e-commerce, industrial, pharmaceutical, telecommunication, retail, IT and insurance companies, as well as banks and governmental organizations. Any company that values its information, online services, compliance, privacy and business continuity is our potential client.
Q. Who in a client company is usualy responsible for security? Who should be contacted to promote security?
A. You can talk to the company's owner, director, CEO (Chief Executive Officer), CIO (Chief Information Officer), CSO (Chief Security Officer), CISO (Chief Information Security Officer), CAE (Chief Audit Executive), CFO (Chief Financial Officer), IT and security specialists, or similar roles.
Q. If security is an intangible asset, then how will a customer know what they pay for?
A. Together with a commercial proposal, we provide a detailed project plan developed individually for the customer. To create such plan, we find out all needs, prerequisites and conditions of the customer. Security requirements, threat models, testing modes, scope specifications and several dozen other parameters are described in the plan. Development of the project plan is a part of pre-engagement stage and is free of charge.