It is recommended to refresh your firewalls every 3 – 5 years. This allows you to benefit from new features and optimise performance, all while staying secure.
We offer end to end cyber security services, which are delivered to you by our team of network and security specialists. Some of the services include:
- Firewall Management
- Cloud Network and Security Design
- Secure Network Design
- Network Segmentation
- Health Checks
At Data Connect, we have an experienced security team that are also network specialists to help aid you with any challenges related to firewalls and network infrastructure. This allows us to offer a comprehensive suite of services that can either be a point in time project or the start of a long-term partnership. Cyber security is our core focus, which means we can provide you with not just optimal network performance but with security assurance.
Very briefly there are two flavours of the certification you may be aware of, Cyber Essentials and Cyber Essentials Plus. The requirements for both are the same. Cyber Essentials can be self assessed by filling in a questionnaire and Cyber Essentials Plus is a 3rd party audit by a certification body such as Data Connect. A Cyber Essentials Plus auditor runs various tools to to ratify some of the controls and attestations within the submitted Cyber Essentials questionnaire.
You will be able to access this through the vSOC Connect Console and also the IASME website.
BYOD are in scope unless they are only used for voice calls, text message or MFA apps. Unfortunately, there has always been some misconception around this. To clarify, if a BYOD device accesses any organisational data or service, it is in scope.
Yes, we see a lot of international organisations currently achieving Cyber Essentials.
The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities.
CVSS is owned and managed by FIRST.Org, a US-based non-profit organization, whose mission is to help security incident response teams. Vulnerabilities are scored using this system and scoring is based on some simple metrics which derive a value of between 1-10. Vulnerabilities that score 10 are those considered the most critical and a score of 1 is vulnerabilities to be considered the least critical according to CVSS.
There are actually two version of the CVSS score. CVSS v3 is the latest iteration and takes into account additional metrics that CVSS v1 didn't. The score is based on various metrics such as attack vector, attack complexity and privileges required.
For standards such as PCI and Cyber Essentials these values are taken into account to decide on compliance. Cyber Essentials for example require that an organisation has no critical vulnerabilities over 14 days old for which a patch has been released. Critical generally means a CVSS v3 score of between 7 and 10, but they also consider the metrics.
An effective tool really needs to be twofold, it needs to have a huge database of all known vulnerabilities that is updated regularly. It also needs to have the all important coverage, in terms of the types of systems it can assess.