Questions and answers
Q. Why do I need information security?
A. Data breaches and cyberattacks regularly make headlines, causing companies millions of dollars in losses and damaging their reputations. Ransomware attacks and personal data breaches cause financial loss and reputational damage. Information security helps businesses: protecting customer data, preventing downtime, and staying competitive. Security processes and solutions are required by regulations from regulators such as GDPR, PCI DSS and HITECH/HIPAA. Failure to comply can result in serious penalties. Incident prevention is cheaper than incident remediation. Cyber-health is analogous to physical health, so it is always better to prevent a disease than to treat it.
Q. Why should I buy a security assessment service?
A. Technical security assessment identifies vulnerabilities in your applications, networks or systems to help prevent attacks and minimize risk. An independent assessment from our team complements the efforts of your IT professionals by providing an objective view and a detailed report with recommendations. This helps justify your security budget and protect your business from threats.
Q. What is the difference between information security audit, review, assessment, penetration testing, and vulnerability scanning?
A. Penetration testing
is a security assessment by hacker methods. Security audit or review
usually means a more general approach. For example, process compliance. Technical security assessment can be a part of an audit. Vulnerability scanning
is a relatively simple, automated work to find technical vulnerabilities in systems. This work is only one stage of some pentests.
Q. What are information security vulnerabilities, and how do they appear?
A. Information security vulnerabilities (or technical vulnerabilities) are flaws in software code or configuration. Some security vulnerabilities can be exploited and used by hackers for penetration and other attacks. Vulnerabilities occur in websites, applications, firmware, services, etc. mainly due to human error. Vulnerabilities should be sought, found, and eliminated. This can often be done in a variety of ways.
Q. Is hacking legitimate and legal?
A. Hacking is legal if conducted with the written authorization of the system owner. Our services, such as penetration testing, are performed strictly under contract and in accordance with ethical standards. We simulate the actions of hackers in a secure environment to identify vulnerabilities and protect your business.
Q. How do I know I can trust you?
A. Our international certifications require only lawful actions and ethical behavior, otherwise immediately revoked. Our clients have been recommending us for years. Read more about us and our differences, because this is also important to build trust.
Q. Who are your clients?
A. Our clients are e-commerce, industrial, pharmaceutical, telecommunication, retail, IT and insurance companies, as well as banks and governmental organizations. We tailor our services to different industries and work with both large corporations and small businesses. Any company that values its information, online services, compliance, privacy, and business continuity is our potential client.
Q. Who usually contacts you to request your services? Who should be contacted to promote security?
A. You can talk to business owners and CEOs, CIOs, CISOs, and so on. Learn more about how you can help the company and make money at the same time.
Q. If security is an intangible asset, then how will I know what I have paid for?
A. The client sees what they are paying for with clear plans and reports. Together with a commercial offer, we provide a detailed project plan developed individually for you. To create such a plan, we find out all your needs, prerequisites and conditions. Security requirements, threat models, testing modes, scope specifications, and other parameters are detailed in the plan. Developing the project plan is part of the pre-engagement stage and is free of charge.
Q. What does ‘H-X’ stand for?
A. Initially it was ‘Hacker eXperience’, but we have grown beyond just hacking, so now H-X is our name and that’s it.