FAQs

Firewall Management

What is the lifespan of a firewall?

It is recommended to refresh your firewalls every 3 – 5 years. This allows you to benefit from new features and optimise performance, all while staying secure.

What firewall and network services are on offer through Data Connect?

We offer end to end cyber security services, which are delivered to you by our team of network and security specialists. Some of the services include:

Firewall Management
Cloud Network and Security Design
Secure Network Design
Network Segmentation
Health Checks

Why should I choose to work with Data Connect?

At Data Connect, we have an experienced security team that are also network specialists to help aid you with any challenges related to firewalls and network infrastructure. This allows us to offer a comprehensive suite of services that can either be a point in time project or the start of a long-term partnership. Cyber security is our core focus, which means we can provide you with not just optimal network performance but with security assurance.

Cyber Essentials

Is there a Cyber Essentials Register?

On the IASME website there is a tool that acts as a directory giving you the function to check up on your own certification and any other business. For example, you could check which businesses in your supply chain have the certification or use it to assess the level of risk and how seriously they take cyber security when starting a new partnership. Access the Cyber Essentials Certificate Search here.

What are the differences between Cyber Essentials and Cyber Essentials Plus?

Very briefly there are two flavours of the certification you may be aware of, Cyber Essentials and Cyber Essentials Plus. The requirements for both are the same. Cyber Essentials can be self assessed by filling in a questionnaire and Cyber Essentials Plus is a 3rd party audit by a certification body such as Data Connect. A Cyber Essentials Plus auditor runs various tools to to ratify some of the controls and attestations within the submitted Cyber Essentials questionnaire.

Where can I find the Cyber Essentials Questionnaire?

You will be able to access this through the vSOC Connect Console and also the IASME website.

Are bring your own devices (BYOD) included in the Cyber Essentials scope?

BYOD are in scope unless they are only used for voice calls, text message or MFA apps. Unfortunately, there has always been some misconception around this. To clarify, if a BYOD device accesses any organisational data or service, it is in scope.

Why choose Cyber Essentials Plus Over Cyber Essentials?

Watch on YouTube - Why Choose Cyber Essentials Plus?

Is Cyber Essentials internationally recognised?

Yes, we see a lot of international organisations currently achieving Cyber Essentials.

Vulnerability Management

What does CVSS mean in vulnerability management?

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities.

CVSS is owned and managed by FIRST.Org, a US-based non-profit organization, whose mission is to help security incident response teams. Vulnerabilities are scored using this system and scoring is based on some simple metrics which derive a value of between 1-10. Vulnerabilities that score 10 are those considered the most critical and a score of 1 is vulnerabilities to be considered the least critical according to CVSS.

There are actually two version of the CVSS score. CVSS v3 is the latest iteration and takes into account additional metrics that CVSS v1 didn't. The score is based on various metrics such as attack vector, attack complexity and privileges required.

For standards such as PCI and Cyber Essentials these values are taken into account to decide on compliance. Cyber Essentials for example require that an organisation has no critical vulnerabilities over 14 days old for which a patch has been released. Critical generally means a CVSS v3 score of between 7 and 10, but they also consider the metrics.

What is important for a vulnerability management tool to have?

An effective tool really needs to be twofold, it needs to have a huge database of all known vulnerabilities that is updated regularly. It also needs to have the all important coverage, in terms of the types of systems it can assess.

Security Awareness Training

What is pretexting?

An early stage of more complex social engineering attacks in which the con artist gains a victim’s trust, typically by creating a backstory that makes them sound trustworthy.

Popular Searches

Your Results