FAQ’s

Welcome to our FAQ page, where we've compiled answers to the most common questions to help you understand our services better.

Get In Touch

General Questions

  • How is JDL Security different from a network/security consultant?

    Network/ Security consultants provide valuable service to help and to protect businesses. Unfortunately, consultants can also be cost excessive to small businesses who need their help but cannot afford the cost. At JDL, we try to provide a reasonable, administered security program that includes but is not limited to security assessments, compliance, breach response plan, and Policy review. Designed for small and mid-size businesses to provide them with the tools to create a level of education and protection against the threats of a data breach, all at a fraction of the cost of a consultant.

  • I already have a consultant taking care of my IT security, what is different with this service?

    Your network IT consultant is important and provides valuable services to keep your IT operational and secure. JDL security services is another pair of eyes to verify that proper protections are in place for your organization. Our services should be another layer in your layered defense strategy against the bad actors constantly seeking to compromise your system.

     

  • Which businesses need security?

    All businesses who collect, store, transfer, or use consumer data are required to have security. JDL follows security frameworks to protect your business, your brand, and your clients.

  • What is meant by physical security?

    Physical security refers to the protection of hardware, computer equipment, and other IT assets from external physical threats, such as unauthorized access, theft, or loss of backup media during transportation to external sites.

     

  • What is meant by application security?

    Application security refers to the security measures built into a software application itself to provide a secure computing environment. Common application security measures include authentication of the application, an access matrix for different levels of users, input validation to avoid the possibility of application flaws such as a buffer overflow, and application logging features, etc.  Application owners should determine with the development team application security requirements according to the criticality of the application in the design phase, as well as the sensitivity of the data to be processed.

     

  • What should be considered when drafting a security policy?

    A security policy should be practical, and work for your organization. The following should be considered:

    • The sensitivity and value of the assets that need to be protected
    • The legal requirements, regulations and laws of the Government in your jurisdiction
    • Your organization’s goals and business objectives
    • The practicalities in implementation, distribution and enforcement
  • What is the difference between your security assessment and your Managed Security Service?

    Our security assessment is a point in time assessment of your environment while our MSSP offering is a continuous monitoring and assessment of your environment.

     

  • Which of your security services is applicable to my environment?

    A security assessment is generally a good place to start if you have not done one recently and do not know the state of your IT security. If you have done a security assessment within the past year, the managed security service will provide continuous monitoring and protection to ensure that your data is secured.

     

  • If I start with security assessment, can I convert to your managed services?

    Yes, you can convert to our managed services if you start with our assessment. We provide financial credits for organizations that start with our security assessment and wish to migrate to our managed security service offering.

  • What if I start with one module within your MSSP, can I change to another module?

    Changes between modules are very seamless, with simple change in scope, you can start on a different module prorated, without any change to your previous contract period.

     

  • Why do I need an Intrusion Detection System (IDS) or an Intrusion Prevention System (IPS) if my network already has a firewall?

    Firewalls are only part of a total integrated security system, and they have limitations. Firewalls can neither alert you to ALL intrusions, nor stop ALL security breaches. Unless you are constantly monitoring for intrusions, you cannot know for sure if your firewall is blocking all intrusions. IDS / IPS can be installed and used at strategic locations to continuously collect and examine information for suspicious activity 7 days a week, 24 hours per day. IPS also provides an active response system to stop the source of attacks or to minimize the impact of any attacks.

     

  • How do I ensure you will protect my business information and will not disclose my trade secrets to others?

    The first order of business before we commence of our service will be a signed non-disclosure agreement that protect both parties from disclosure of classified information and trade secrets.

  • What is the payment term for your services?

    Security services are invoiced based on milestones. Usually 40% at the beginning of the service and the outstanding balance at project signoff. MSSP services are paid monthly at the beginning of each monthly period for which services will be provided.

  • What are the different type of services within JDL assessment and Managed Services?

    Our security assessment consists of two modules: 1. “Security Assessment Plus” is an efficient and cost-effective offering that incorporates a comprehensive evaluation rather than a single stand-alone test. 2. The “Security Assessment Pro” is a comprehensive service for security audit and amendment requirements, recommendation, risk analysis, and penetration testing.

    Our Managed services are divided into two modules: 1. “Managed Detection and Response” has vulnerability assessment, 24×7 Monitoring and triage of security events with remote remediation support for your IT team. 2. “Managed Security Services” has Full security management for your environment include vulnerability assessment, 24×7 Monitoring, triage and remediation, configuration of security devices with on-site and remote support.

IT Security Audit

  • What is an External Security Audit?

    An External Security Audit is where you have your Infrastructure and Network Security checked by a third party remotely. The purpose of an External Security Audit is to highlight weaknesses and configuration issues that you may not be aware of. This is done to help educate and to help protect companies from cyber security problems. The external security audit also makes sure that all the services your company uses are fully configured correctly with security in mind. Using the results from the IT security audit, you will be able to make changes and approve your business security to make it less appealing to internet hackers.

     

  • Why do I need to be Security Audited?

    If you have an IT Security Audit it can highlight lots of issues that have been missed or overlooked as your business network has grown and become more complex over the years. Devices are easily configured using software wizards, but these wizards don’t always configure the device correctly and often just configure the bare minimum to get the system running. It is good to get an impartial view from a third party for your own peace of mind. If you have had regular IT Security Audits from a third party this can significantly reduce the impact of the penalties in the event of a data breach.

  • What are the benefits of having an External Security Audit?

    Doing an IT Security Audit highlights potential business critical issues that could cost the business thousands of dollars if left in their current state. It follows government best practice of having your systems tested regularly. It ensures you have mitigated the risk of hackers easily breaking into your system. It also gives you faith in your existing IT team or IT Support company that they are doing their job correctly and have all the necessary security in place.

     

Compliance

  • What does “compliance” mean?

    Compliance is a term which means that you meet the requirements of accepted practices, specified standards, terms of a contract, legislation, or prescribed rules and regulations. Each business in the United States is required to protect consumer data, although the regulations vary by state, industry, and regulatory oversight into their business.

     

  • How long does it take to become “compliant”?

    Every business is different in terms of how they collect, use, and store data, therefore each business will likely have an individualized compliance program. Initially however, it may take anywhere from a few hours to a few weeks to get your program and compliance plan in place.

     

  • What is NIST?

    The National Institute of Standards and Technology is a division of the U.S. Departments of Commerce which promotes innovation and industrial competitiveness, while supporting, regulating, and establishing set standards of measurement and precision. NIST created the Cybersecurity Framework to help businesses collaborate on best practices and lessons learned, to help companies Identify, Protect, Detect, Respond, and Recover from a data breach or security incident.

     

  • What is the GDPR?

    The General Data Protection Regulation (GDPR) is a data protection and privacy law for the European Union and its residents which went into international law on May 25, 2018. The GDPR provides strict guidelines on how organizations collect and processes data of EU residents and can assign fines and penalties up to $20 million Euro or 4% of gross revenue.

     

  • How does the GDPR affect businesses outside the EU?

    Non-EU organizations that monitor the behavior of or offer goods and services to EU residents are required to comply with the GDPR. This includes any business with connections to the EU or EU residents through subsidiaries, vendors, or customers. (This means that everyone is affected by the GDPR.)

     

Support

  • What is the JDL MSS Support?

    The Managed Security Services (MSS) Support is a way to manage requests with our customers on the incidents they report, provide a knowledgebase of information about our products, provide additional downloads and manage subscription licenses.

     

  • Can I request support via email?

    Yes. Support requests are accepted via call or send an email [email protected]. Email requests must be sent from one of the email addresses provided to JDL as a support contact.

     

  • May I request to escalate my issue's priority?

    JDL determines the initial priority of your issue, though at any time, you may request to escalate or downgrade the priority of an issue via email.

     

  • What information should I provide with my support request?

    When submitting requests for support, the customer must provide all data that is relevant for resolving each technical support request. Relevant data may include, but is not limited to, log files, descriptions of the hardware and software environment, examples of inputs as well as expected and actual outputs. This information should be as complete as possible, but sensitive information (e.g., account names, passwords, internal IP addresses) should be sanitized before sending to JDL.

     

Explore the opportunity with us

Whether you’re actively seeking to provide new solutions or you’re looking to change service providers, we invite you to get in touch and schedule a discovery call with us. Find out more about our top-tier services, and whether we’d be a great backbone for your offering.

Get In Touch Now
bg