Our understanding of management and information systems processes in the business environment is based on the following ideas:
We assess the processes and security measures of your services to help you to know yourself better, to know your security strengths and weaknesses, to make informed decisions and to increase your resilience.
We do this based on a self-developed methodology created from the main international standards, regulations and best practices, which you can consult here.
We work on the diagnosis, not on the vaccine.
We provide you with the analysis, the information, and even indicate possible solutions, but in the end it is your decision on the possible measures to take. We are a rating agency. We are analysts and we do ratings. We are not consultants.
But we come close.
In each audit we evaluate more than three hundred cybersecurity capabilities and establish a rating of the security level of a given service. But the rating of a service, however high it may be, does not indicate that it is impenetrable, there is no such thing, but it does indicate that potential intruders will have a more difficult time the higher the score obtained.
Our guarantee is our experience and knowledge, which we constantly update to keep abreast of new techniques and attack vectors used.
Our ratings, unlike those known as digital ratings, are complete, carried out from the inside. They provide information that is real, complete and useful. But not only that, the rating also includes a continuous follow-up, both with a digital monitoring tool and with specific campaigns against known vulnerabilities.
We also work to establish alliances with other companies to achieve additional benefits for our clients.
If you go to a hotel, you are sure that it has a license that guarantees minimum operating, health and hygiene measures. However, this license does not indicate the level and quality of these measures, which will be different in a five-star establishment than in a one-star one.
Roughly speaking, this is the difference between certification and rating, between, for example, an ISO 27001 and a cybersecurity rating. Where certification indicates that minimum standards are met, our rating lets you know the actual level of cybersecurity of your suppliers, or your own, with the most comprehensive system.
A company is not an island, it operates within a value chain of suppliers and customers, which is as strong as its weakest link, as secure as its most exposed entity.
With the rating, we make it easier for each element of a supply chain to know the security level of each of the other parties and to accredit its own. In this way, companies can manage supplier risk by knowing the security level of their suppliers and thus define the access they grant them.
We are all connected.
With each entity that makes a new commitment to cybersecurity, the overall security of the ecosystem increases and we are all, as a whole, safer. That's why we promote initiatives aimed at a more protected digital ecosystem.
We don't lose our sense of humor, but for us cybersecurity is a very serious matter. We devote time and energy to it, we study and participate, we go where we are called, we publish, we disseminate and we reflect on current issues related to the sector.
To stay up to date, visit our blog or subscribe to our newsletter.
Cybersecurity is not just about investing in technology, nor is it just about digital elements. That's why the methodology used in our comprehensive assessments also includes aspects such as the location of backups, access control and staff training, among others.
We have no gimmicks, no catches. That is why our methodology is public and can be downloaded for consultation. And every time we update it we make a public call to participate in it.
And if you have any questions contact us, we want to hear from you. You can do so via phone, e-mail, Twitter, LinkedIn, Facebook or Instagram. You can even come and visit us.