Security
Statement
In iSpyCyber, we safeguarding the digital space and culture
At iSpyCyber, we are committed to providing top-notch cybersecurity services, specializing in Vulnerability Assessment and Penetration Testing (VAPT). Our primary goal is to safeguard our clients' digital assets and infrastructure from potential threats and vulnerabilities. We adhere to industry best practices and employ cutting-edge techniques to ensure the highest level of security for our clients.
Cybersecurity Practices : Objectives
1.Providing best cybersecurity Practices
2. Tailored Security Solutions
3. Proactively identify threats in the Application
4.Exceptional Customer Support
iSpycyber Compliance
Data Security
We prioritize the security and confidentiality of our clients' data. We implement robust encryption protocols, access controls, and data protection measures to safeguard sensitive information from unauthorized access, disclosure, or tampering.
Data Center
Our Application and customers' data are hosted on the cloud hosting service, Amazon Web Services (AWS).
Application and customers’ data can be hosted on any of the supported AWS regions worldwide. As a customer, when you sign up for C-Suite Application, you are essentially allocated a tenant. As part of this process, you can select a region where the application data is stored. There are different types of data collected, processed, and managed by C-Suite Application.
Data in transit
iSpyCyber encrypts the customers’ data in transit over public networks using TLS 1.3 to protect it from unauthorized disclosure or modification.
Data at rest
iSpyCyber encrypts the customers’ data at rest using the AES 256-bit AWS KMS key.
Key Management
iSpyCyber uses AWS Key Management Service (KMS) for storing encryption keys. We allow our customers to provide their own AWS KMS key, and in such cases, the key generation and management access will completely be with the customer.
Securing Aplication
Our C-Suite and Cyber Nexis portal is designed with security as a top priority. We implement multi-factor authentication, encryption, and continuous monitoring to ensure the integrity and confidentiality of data accessed through the portal.
Secure Coding Practices
We at iSpyCyber Securities, Inc. follow a rigorous, industry best practice approach to secure our software development. We endeavor to provide a secure product with a continuous process of security testing and review. Our secure coding practice includes OWASP TOP 10 and NIST framework
Vulnerability Assessment & Penetration Testing
We perform continuous SAST and DAST scans of the product as a part of our DevSecOps practices. Any vulnerabilities found during these scans or other vulnerability discovery activities are patched with the highest priority before the product's final release. In addition, our internal security team performs the manual and automated testing of the application for the business logic flaws before each release.
Production Infrastructure Security
The AWS production environment where iSpyCyber is deployed undergoes continuous security assessment. Some key activities include: 1.Configuration assessment of all PaaS services 2.Daily Vulnerability Assessment scans 3.Continuous logs and alerts monitoring 4.Periodic patch management and access review
Following industry Cyber Security practices
Securing applications by following industry cyber security practices is critical for protecting sensitive data, maintaining user trust, and ensuring compliance with regulations Secure Coding Standards:OWASP TOP 10,SANS CWE Top 25 to mitigate common vulnerabilities.Code Reviews,SAST and DAST and Secure Libraries and Frameworks.
Third-Party Assessment
We conduct regular assessments of our third-party vendors and partners to ensure they meet our stringent security standards. This includes evaluating their security practices, compliance with regulations, and potential risks they may pose to our clients' data and infrastructure.
In addition, we perform Third-party Vendor Risk assessment for each third party using the iSpyCyber. The assessment includes digital attack surface discovery based on their domain name, assessment via 100+ automated Outside-In assessment controls for Email Security, Network Security, DNS security, System Security, Application Security, Malware Servers, Breach Exposure, and more
Employee Training and Awareness on Security
We invest in comprehensive training programs to educate our employees about the latest cybersecurity threats, best practices, and compliance requirements. By fostering a culture of security awareness, we ensure that every team member is equipped to handle security challenges effectively and contribute to maintaining the highest standards of security for our clients.
Security awareness training
Cybersecurity is in our DNA. We have implemented security awareness and secure coding practice training campaigns continuously to ensure that security is top of mind' and not 'an afterthought.'
Background verification of new recruits
We perform the background verification for all new recruits, according to local laws.
Reporting Security Issues
We have implemented an easy process to report any bug or security issues found in our system. If you find any security issues, please write to us at bugs@ispycyber.com with all the related information.