FAQs

What is Information Assurance (IA)?

Information Assurance (IA) is the practice of managing information-related risks. IA auditors seek to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation. This applies to information whether it be in storage, processing, or transit, and whether threatened by malice or accident.

Computer Security Solutions are able to provide an IAS No 6 auditing team to assess compliance and provide advice regarding IA.

To find out how Computer Security Solutions can help you or to request a brochure

Back to the top of the page

What is PCI DSS?

PCI DSS stands for Payment Card Industry Data Security Standard. The PCI DSS was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc during 2004. Until this point the credit card companies had operated individual data security programs but determined that if they are to effectively tackle credit card fraud, hacking and other security incidents they need to join forces and create one source of governance, enforcement and knowledge.

To oversee that the PCI DSS are relevant, effective and enforceable the credit card companies created the PCI Security Standards Council (PCI SSC). The Council is an open global forum which allows the on-going development, enhancement, storage, dissemination and implementation of security standards.

To find out how Computer Security Solutions can help you or to request a brochure

Back to the top of the page

What is IT Auditing?

An IT audit is the process of collecting and analysing how an organisations information systems, practices and operations are conducted. By conducting an IT audit you are able to focus on deterring risks that are relevant to information assets.

Do you need an IT Audit? To contact us to discuss your requirements

Back to the top of the page

What is hacking?

Hacking is the term used to describe computer intrusions. Hacking is conducted by Hackers who are considered computer criminals. Although many Hackers will claim to conduct Hacking for moral, artistic or political ends they are often unconcerned about breaking the law to achieve their aims.

Hacking skills are used legitimately by IT Security firms across the globe in an attempt to ensure that Government and Private IT Systems are as secure as possible. In-line with developments with technology, Hackers are always improving and changing their modus operandi. It is advised that if you want to protect yourself from Hackers that you also continue to review, improve and when necessary change your IT Security operating procedures.

if you are concerned you could be a victim of hacking, and you want to contact us and take you first step in protecting your business.

Back to the top of the page

What are e-crimes?

E-crimes are when a computer or other electronic communication devices are used to commit a criminal offence, be the target of an offence or act as a storage device in an offence. Examples of e-crimes include:

In acknowledgment of the threat facing UK businesses the Home Office has established the Police Central e-crime Unit (PCeU). The PCeU warns that e-crime is a global menace and an estimated 80-90% of crime on the internet is believed to be fraud related. For further reading on e-crimes visit www.met.police.uk/pceu/index.htm

If you want Computer Security Solutions to help you in defending your organisation from e-crimes contact us to discuss your concerns and requirements.

To contact us

Back to the top of the page

What is CHECK?

CHECK is the name given to IT Health Checks conducted by CESG approved companies. CHECK was developed to enhance the availability and quality of the IT health check services that are provided to government in line with HMG policy. For further reading on CHECK please visit www.cesg.gov.uk/products_services/iacs/check/index.shtml

Back to the top of the page

What is Pentesting?

Pentesting, also known as Penetration Testing, Vulnerability Assessments, System Assessments and IT Health checks is a process of evaluating the security of a computer system or network. Pentesting is conducted from the position of a potential attacker and usually conducted with no disruption to daily business. Once the Pentest is complete a report containing identified security vulnerabilities is presented to the system owner.

It is advised that a Pentest should be conducted on any internet facing computer system before it is deployed.

To read more about vulnerability testing refer to
www.cesg.gov.uk/products_services/iacs/check/index.shtml
or www.vulnerabilityassessment.co.uk

Back to the top of the page

What does an IT Health Check involve?

"IT Health Checks identify vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system"
CESG

IT Health Checks are also known as; Vulnerability Assessments, Penetration Test and System Assessments.

IT Health Checks are a process of evaluating the security of a computer system or network. Our IT Health Checks can be conducted from the position of a potential attacker and causes no disruption to daily business.

If you want to arrange an IT Health Check contact us to discuss your requirements

To read more about vulnerability testing refer to
www.cesg.gov.uk/products_services/iacs/check/index.shtml
or www.vulnerabilityassessment.co.uk

Back to the top of the page

What is CLAS?

The CESG Listed Advisor Scheme (CLAS) aims to provide a pool of high quality consultants approved by the Communications-Electronics Security Group (CESG) to provide Information Assurance advice to Government Departments and other organisations who provide vital services for the United Kingdom.

CLAS consultants are approved to provide Information Assurance advice on systems processing protectively marked information up to and including SECRET.

Do you require the services of a CLAS consultant? To contact us to discuss your requirements.

For further reading on CLAS refer to www.cesg.gov.uk/products_services/iacs/clas/index.shtml

Back to the top of the page

What is ISO27001?

ISO27001 is the only auditable international standard which defines the requirements for an Information Security Management System. The standard is designed to ensure the selection of adequate and proportionate security controls.

ISO27001 is suitable and highly effective for any organisation, large or small in any sector or part of the world. The standard is particularly pertinent to the finance, health, public and IT sectors.

Do you need help ensuring that you are ISO27001 compliant? To contact us to discuss your requirements.

Back to the top of the page

What is BS7799?

BS7799 is the British Standard governing information security and management. It provides the industry approved model for an Information Security Management System and addresses the Confidentiality, Integrity and Availability of information within an organisation.

BS7799 helps organisations achieve compliance with legislation such as the Data Protection Act and Computer Misuse Act as well as the Health and Safety Act.

The standard was developed by industry for industry in response to growing security concerns.

If you require assistance with your Security Policies and Procedures then to contact us to discuss your requirements.

Back to the top of the page

What is JSP 440?

Joint Services Publication (JSP) 440 The Defence Manual of Security sets out the regulations that apply to both service and civilian staff employed by the Ministry of Defence.

Back to the top of the page

What is the HMG Security Policy?

The Security Policy Framework (SPF) represents a new and innovative approach to protective security and risk management in government. The new HMG Security Policy Framework replaces the Manual of Protective Security and the Counter-Terrorist Protective Security Manual. It sets out universal mandatory standards, as well as offering guidance on risk management and defining compliance and assurance arrangements.

If you require assistance with your Security Policies and Procedures then to contact us to discuss your requirements.

Back to the top of the page

What is the Data Protection Act and why does it affect me?

The Data Protection Act requires all parts of Government, Organisations, Clubs and Businesses (including sole traders) who handle personal information to comply with eight principles regarding privacy and disclosure. If you handle personal information you must ensure that the information is:

The Information Commissioners Office (ICO) has the legal powers to ensure that we all comply with the eight principles. Part of these powers includes the ability to prosecute those who commit criminal offences under the Act.

if you need assistance on ensuring that your IT systems are secure and not in breach of the Data Protection Act to contact us to discuss your requirements.

For more information on the Data Protection Act please visit www.ico.gov.uk

Back to the top of the page