FAQ

The most common questions

What’s the difference between finding clients online, versus locally?



Many people has the notion that enlightenment is one state. Many also believe that when it is attained, a person is forever in that state.For your necessary discernment. Thank you for reading.

How does SAASworld make money?



Many people has the notion that enlightenment is one state. Many also believe that when it is attained, a person is forever in that state.For your necessary discernment. Thank you for reading.

Can I sell already made solutions?



Many people has the notion that enlightenment is one state. Many also believe that when it is attained, a person is forever in that state.For your necessary discernment. Thank you for reading.

What is the Top Rated program?



Many people has the notion that enlightenment is one state. Many also believe that when it is attained, a person is forever in that state.For your necessary discernment. Thank you for reading.

Policy

What is an Acceptable Use Policy (AUP)?



An Acceptable Use Policy (AUP) is a formal document that outlines the guidelines and rules for the proper use of an organisation's systems, networks, and data.

It specifies permissible and prohibited activities to ensure that technology and resources are used securely and ethically, protecting the organisation from risks such as data breaches, legal liabilities, and operational disruptions.

Do I need an Acceptable Use Policy?



Yes, an Acceptable Use Policy is essential for organisations that provide employees, contractors, or third parties access to IT systems and data. It helps to:

Ensure: Compliance with legal, regulatory, and contractual requirements.
Protect: Organisational assets from misuse or malicious activities.

Define user responsibilities, creating a clear understanding of acceptable behaviour and consequences for violations.An AUP is especially critical for organisations seeking certifications like ISO 27001, as it supports the implementation of robust security management.

What should be in an Acceptable Use Policy?



An effective AUP typically includes:

Scope: Defines who the policy applies to, such as employees, contractors, and third parties.
Guidelines for Use: Acceptable and prohibited activities when using the organisation’s systems, including email, internet, and other IT resources.
Security Measures: Rules on maintaining confidentiality, using passwords, and avoiding unauthorised access.
Monitoring and Compliance: The organisation’s right to monitor activity and enforce the policy.
Consequences of Violations: Disciplinary actions for breaches of the policy.

References: Links to related policies, such as remote working, mobile device, or BYOD policies, for additional context.

Does ISO 27001 need a documented Acceptable Use Policy?



Yes, ISO 27001:2022 requires organisations to implement rules for the acceptable use of information and other associated assets.

Clause 5.10 of the standard specifies that these rules should be identified, documented, and implemented to ensure that information and associated assets are appropriately protected, used, and handled.
‍
While a standalone "Acceptable Use Policy" is not explicitly mandated, documenting such rules supports compliance with the standard's requirements for effective information security management.

General Security

What is ISO27001?



ISO 27001 is a globally recognised international standard for managing information security. It provides a framework for implementing and maintaining an effective Information Security Management System (ISMS) that is designed to protect the confidentiality, integrity, and availability of an organisation’s information assets.

What is Penetration Testing?



Penetration testing, also known as pen testing or ethical hacking, is a process of testing the security of a computer system, network, or web application by simulating an attack by an unauthorised user.

The goal of a penetration test is to identify vulnerabilities in the system before a real attacker can exploit them.

Passwords

What makes a good password?



A good password should be long, complex, unpredictable, and unique. This means it should have at least 12 characters and include a mix of upper and lower case letters, numbers, and special characters. Avoid using common words, predictable patterns, or personal information. Each account should have a different password to prevent multiple accounts from being compromised if one is breached.

What’s the difference between a password and a passphrase?



A password is typically shorter and more complex, which can make it harder to remember. For example, "P@ssw0rd123!" is a strong password but can be tricky to remember. A passphrase, on the other hand, is a longer sequence of random words, like "HorseBatteryStaple2024!". Passphrases are generally easier to remember and can be even more secure because of their length.

Are password managers safe to use?



Yes, password managers are generally safe and very useful. They help you create and store strong, unique passwords for all your accounts, reducing the risk of using weak or repeated passwords. They also automatically fill in login details, making it easier to manage multiple accounts.

However, it’s important to use a strong master password for your password manager and enable two-factor authentication if available. While there are some risks, such as the password manager being a single point of failure, the benefits often outweigh these risks.

Why is it important to use a different password for each account?



Using the same password across multiple accounts is like having the same key for all your locks – if someone gets hold of that key, they can access everything. If one of your accounts is compromised and your password is exposed, all your other accounts using the same password become vulnerable.

By using a unique password for each account, you limit the damage if one of your passwords is ever stolen or discovered. That way, only the compromised account is at risk, while your other accounts remain secure.

What are the pros and cons of using a password manager?



Password managers are software applications that securely store and manage all your passwords, so you don't have to remember them individually.
‍
The main pros of using a password manager are:

You only need to remember one master password to access all your other passwords.
Password managers can generate strong, random passwords for each account.
Your passwords are stored in an encrypted vault and can sync across all your devices.

However, the cons are:

If your master password is compromised or forgotten, you lose access to all your accounts.
You become dependent on the password manager software, and if it has issues or shuts down, you may lose access to your passwords.

So, while password managers offer convenience and security benefits, it's important to understand the potential risks and have a backup plan in case of any issues.

What is Multi-Factor Authentication (MFA)?



Multi-Factor Authentication (MFA) is a security method that requires more than just a password to log into an account or system. In addition to your password (something you know), MFA requires another form of authentication, such as a fingerprint or facial scan (something you are), or a code sent to your phone (something you have).

This extra layer of security makes it much harder for unauthorised people to access your accounts, even if they have your password.

Why is MFA important?



MFA is important because it adds an extra level of protection against cyber threats like hacking, phishing, and identity theft.

Passwords alone are becoming increasingly vulnerable, as cyber criminals develop more sophisticated ways to steal or guess them. With MFA, even if your password is compromised, unauthorised individuals still can't access your accounts without the additional authentication factor(s). MFA significantly reduces the risk of account takeovers and data breaches.

How does MFA work, and what are some common examples?



MFA works by requiring two or more different methods of authentication to verify your identity. Common examples include:

Entering your password, then entering a one-time code sent to your mobile phone (this is known as two-factor authentication or 2FA).
Logging in with your password, then using your fingerprint or facial recognition on your device.
Entering your password, then inserting a physical security key into your computer's USB port.

The idea is that even if one factor (like your password) is compromised, an attacker still can't access your account without the other factor(s) that only you have access to. This makes it much more difficult for cyber criminals to breach your accounts.

Frequently asked questions

faq

The most common questions

We've got answers

Policy

General Security

Passwords

Ready to unlock the true potential of your business?

Solutions

Quick Links

Follow Us On:

Solutions

Quick Links

Follow Us On: