1. Home

Help

What is the Cyber CS-1 Guideline?

Answer A common set of minimum security guidelines created by a team of OEM Chief Information Security Officers (CISO) including FCA, Ford, General Motors, Honda, and facilitated by the Automotive Industry Action Group (AIAG), which apply to all 3rd Parties who handle an OEM's data in an exter...

What is phishing?

Answer Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. Background Phishing emails distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials...

What is the Cyber Virtual Audit?

Answer An external vulnerability scan of any internet facing systems to idenitfy whether they could be open to attack, plus the ability to scan on a frequent basis to provide ongoing cyber assurance. Background The Cyber Virtual Audit scans given IP addresses/domain na...

What is a logical access control?

Answer Logical access controls are tools and protocols used for identification, authentication, authorization, and accountability in computer information systems. Background They relate to the access of computer information systems and networks rather than physical access controls like a lock and...

What is a Cyber Risk Assessment?

Answer An online assessment that enables a business to check their implemented business and technical controls against the Cyber CS-1 Guideline. It provides a corrective action plan on areas of identified weakness to enable issues to be quickly addressed. Background The Cyber Risk Assessment is c...

What is a DFARS?

Answer The DFARS provides DoD-specific acquisition regulations that government acquisition officials and contractors must follow in the procurement process for goods and services. Background The Defense Federal Acquisition Regulation Supplement (DFARS) is administered by the US Department of Defe...

How can I set scan exclusion times when I don't want the Cyber Virtual Audit to take place?

Answer You can manage the virtual audit scan date/time from the Virtual Audit Schedule screen. To access the Virtual Audit Schedule screen, please find the relevant Cyber Virtual Audit on your dashboard, and select View. The Virtual Audit Schedule is then under Options. Background We recognize th...

How do I share the Cyber Virtual Audit?

Answer You can access the sharing options for any questionnaire using the ‘share’ link on the questionnaire tile. To share the Cyber Virtual Audit, you will need to add a sharing request using the ‘share with a buyer’ option from the ‘sharing’ screen. Enter the buyer name that you would...

What does vulnerability management mean?

Answer A security practice specifically designed to proactively mitigate or prevent the exploitation of IT vulnerabilities which exist in a system or organization. Background Vulnerability management is the practice of knowing what vulnerabilities (either software defects that require patches to...

What is malware (malicious software)?

Answer Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Background Malware is designed to covertly operate on a compromised system without the consent of the user, such as:Trojan Horse – disguised in what appears to be legitimate softw...

What is the difference between encryption at rest and encryption in transit?

Answer Encryption at rest is like storing your data in a vault, encryption in transit is like putting it in an armored vehicle for transport. Background For encryption in transit, the data is encrypted before transmission; the computer system endpoints are then authenticated; and the data is decr...

What is encryption?

Answer The process of converting information or data into a code, especially to prevent unauthorized access. Background Encryption is a term for the method by which data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a dec...

Can I share my personal login details with colleagues?

Answer You should never share your personal login details with anyone else. Background Sharing your account with anyone else may result in giving colleagues access to data that they don’t normally have the right to access, and changes made by them being recorded agai...

Will the Cyber Virtual Audit impact my systems while it does the scan?

Answer The Cyber Virtual Audit is a non-intrusive external scan on the IP address or domain that you have provided and given consent for us to scan. It should have no adverse effect on your systems while the scan is undertaken. Background The Cyber Virtual Audit will typically take place within t...

What is a penetration test?

Answer The practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Background A penetration test is essentially an authorized simulated cyber attack on a computer system, performed to identify weaknesses (also referred to...


Can't find an answer to your question? Contact us


Your session will end in less than two minutes unless we detect activity in your browser