Security Policy

Introduction

I, Gavin Dennis, commit to ensuring the highest standards of security on my website(s).

This Security Policy outlines the measures I take to protect users and any data submitted through my website(s).

This policy is compliant with various cyber security frameworks, including the National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), Payment Card Industry Data Security Standard (PCI DSS), and other relevant standards.

Security Measures

1. Data Encryption
  • In Transit: All data transmitted between users and my website(s) is encrypted using Transport Layer Security (TLS) to protect the data from interception and tampering.
  • At Rest: Sensitive data stored on my servers is encrypted using Advanced Encryption Standard (AES) with a key size of at least 256 bits.
2. Access Control
  • User Authentication: Access to sensitive areas of my website is protected by robust user authentication mechanisms, including multi-factor authentication (MFA) where applicable.
  • Role-Based Access Control (RBAC): Access to data and administrative functions is restricted based on the role and necessity of the user.
3. Network Security
  • Firewalls: Firewalls are implemented to protect the network from unauthorized access and threats.
  • Intrusion Detection and Prevention Systems (IDPS): IDPS are used to monitor and block suspicious activities and potential intrusions.
4. Vulnerability Management
  • Regular Scans: Regular vulnerability scans and penetration tests are conducted to identify and remediate security weaknesses.
  • Patch Management: Timely updates and patches are applied to all systems and software to protect against known vulnerabilities.
5. Data Protection and Backup
  • Regular Backups: Data is regularly backed up and stored securely to ensure recovery in the event of data loss or breach.
  • Backup Encryption: Backups are encrypted to prevent unauthorized access.
6. Security Monitoring
  • Continuous Monitoring: Continuous monitoring of systems and networks are conducted to detect and respond to security incidents promptly.
  • Security Information and Event Management: Systems are used to collect and analyze security-related data from across the network.
7. Incident Response
  • Incident Response Plan: A comprehensive incident response plan is in place to address and mitigate security incidents.
  • Reporting and Notification: Users will be notified of any data breaches or security incidents that may affect their personal data within the legally required timeframe.
8. Physical Security
  • Server Security: Physical access to servers and data centers is restricted to authorized personnel only and is protected by security controls such as biometric access and surveillance.
9. Employee Training and Awareness
  • Security Training: Regular training myself is done to ensure I am aware I stay up to date with security best practices.

Data Handling as a Consultant

As a cyber security consultant, I handle sensitive data with the serious care and in compliance with relevant cyber security standards:

1. Confidentiality Agreements
  • Non-Disclosure Agreements (NDA): Where needed I sign NDAs with third-parties to help ensure the confidentiality of their data and information.
2. Secure Data Transfer
  • Encrypted Communication: All communications and data transfers between myself and third-parties are conducted over encrypted channels.
3. Data Storage and Access
  • Data Storage: Data is stored securely with access restricted to authorized personnel only.
  • Data Access Logs: Access to data is logged and monitored to ensure accountability and traceability.
4. Data Retention and Disposal
  • Retention Policy: Data is retained only for as long as necessary to fulfill the purposes for which it was collected.
  • Secure Disposal: Data is securely disposed of when no longer needed, using methods such as data wiping and shredding.

Compliance with cyber security Frameworks

This security policy is designed to comply with the following cyber security frameworks:

  • NIST Cybersecurity Framework (CSF)
  • ISO/IEC 27001
  • PCI DSS
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)

Review and Updates

This Security Policy was last updated on July 28, 2024. I reserve the right to update or change my Privacy Policy at any time.

Contact Information

For any questions or concerns regarding this Security Policy, please contact me at:

By using any of my website(s), you consent to this Security Policy and agree to its terms and conditions.

View Privacy Policy
Submit an opportunity
Help Desk
Contact me

Ready to Secure Your Business?

Contact me and let's discuss how I can improve cyber security at your enterprise.

Email me More options

Let's talk

Send me an email
[email protected]

Please share details.

WhatsApp (Msgs Only)
+1 876 306 2644

If urgent, please state.

Telegram (Msgs Only)
@hackinggavin

If urgent, please state.