Frequently asked questions
Next, some questions about JakinCode an cybersecurity
A company is exposed to many different types of threats. On their own, basic elements such as antivirus, firewalls, etc., are insufficient to guarantee complete professional cybersecurity. The current sophistication of cybercrime requires specialized protection systems such as those offered by JakinCode.
Nowadays, efficient, effective and proactive protection requires a variety of products and services that add security to an organization. JakinCode provides tailor-made solutions ranging from the development of proprietary cybersecurity applications to the development of training and awareness plans for company personnel.
Our advanced resources, conceived from a holistic security management, offer tailored responses that provide a professional safeguard, identifying vulnerabilities, monitoring suspicious activities, complying with standards and regulations, mitigating the risk of incidents and also preparing people so that they do not fall victim to social engineering campaigns.
We incorporate them because they are internationally accepted methodologies and standards whose solvency is widely contrasted and recognized.
The PTES (Penetration Testing Execution Standard) methodology is followed when performing penetration tests. It ensures that the tests are carried out thoroughly and methodically. Its different phases provide a structured approach that allows us to know the security of the systems and their vulnerabilities.
OWASP, or the Open Web Application Security Project, is an open source initiative that seeks to improve software security. It provides a basis for testing technical controls for web application security and a list of requirements for secure development.
CVSS (Common Vulnerability Scoring System) is the reference system for classifying the criticality of vulnerabilities. It assigns scores that are very useful when it comes to prioritizing how to address them.
ISO 27001 is an international standard whose implementation and certification is a voluntary decision, while the National Security Framework (ENS) is limited to the Spanish scope, and its mandatory adoption affects the entire Public Sector, classified information systems and private sector entities that provide them with solutions and services for the exercise of administrative powers and authority.
The ISO 27001 standard does not develop its content from any law. The ENS is regulated by Spanish Royal Decree 311/2022 and, therefore, is sanctioned by the legal apparatus.
Although both ISO 27001 and the ENS provide a reference framework for information security management, ISO 27001 does not present a categorization that regulates different degrees of application of its measures, controls and requirements. On the other hand, the ENS presents three categories (Basic, Medium and High), which vary according to the controls to be adopted and the requirements to be met.
Our SIEM (Security Information and Event Management) is the deployment of an own security solution that allows us to provide detection, prevention and analysis capabilities for security incidents without the need to resort to other providers.
JakinCode’s professional team is highly skilled in analyzing all the data from the logs, enabling us to act as quickly as possible in the event of any anomaly detected. In addition to this constant monitoring, JakinCode’s consultants keep their clients fully informed through thorough and detailed customized reports, presented in an understandable and clearly explained manner.
Controlling all phases of the process, from the continuous technical development of the SIEM environment to the presentation of results, allows us to ensure optimal service performance in response to customer needs.
The strength of a defensive chain is only as strong as its weakest link. As specialized studies consistently show, the latter generally corresponds to the human factor.
The main avenue of illegitimate access to an organization’s resources by a malicious actor begins with a lack of cybersecurity awareness and training of the organization’s personnel, which puts companies at high risk.
JakinCode’s customized training courses and curricula provide fundamental value about business strategy on cybersecurity issues. Knowing how to recognize a phishing scam, or other common practices directly targeting company staff, enables people in an organization to protect themselves against more than three-quarters of cybersecurity incidents.
Apart from acting with the utmost respect for data protection laws, we agree on the scope and characteristics of the work to be performed, monitoring and recording step by step each action undertaken.
We detect vulnerabilities in a system through properly controlled procedures, . We do not alter or modify the functional and operational elements of infrastructures, the objective being to demonstrate how a cybercriminal could take control of them.
We work with widely recognized methodologies that have an international approval. Their purpose is not to cause losses in the performance of a company’s normal activity flows, but to detect those elements that are capable of causing them.
The “as a Service” offer is a subscription-based model. You pay only for the actual contracted use of the required products and services. This represents a substantial saving in time and money compared to the installation, management and maintenance of the same services and products under the traditional model.
In addition to cost reduction and higher investment productivity, the “as a Service” modality allows companies to focus on their own activities, as they do not have to take care of the correct technical operation of the contracted resources.
Along with this, there is also the flexibility offered by being able to work through the cloud. The “as a Service” format extends its productivity regardless of the specific location of the assets that require the functionality of the resource thus contracted. In addition, its scalability allows for a tailor-made adaptation to the specific needs of customers.
Although it is a voluntary standard, it offers competitive advantages that allow for better business opportunities.
The ISO 27001 standard is applied internationally in the field of information. It supports the design of policies, procedures and controls that ensure the confidentiality, integrity and availability of an organization’s information and the systems and applications that process it.
Demonstrating commitment to the criteria of this standard demonstrates an entity’s commitment to security, which increases confidence in it. At the same time, by being in perfect harmony with security-related legislation (such as the Data Protection Act, for example), it aids better regulatory compliance, which reduces the risks of potential legal liability arising from non-compliance.
Our JakinSuma software facilitates the entire document process and efficiently manages the different aspects to be considered, such as, for example, risk analysis.
“Chief Information Security Officer (CISO) as a Service allows companies to adjust their budgets without reducing the quality of their cybersecurity activities. Outsourcing this figure offers organizations the possibility of having the most up-to-date knowledge available.
Through the CISO as a Service modality, our clients get a return on their investment in cybersecurity, benefiting from an experience used to face a wide variety of challenges that enables the effectiveness of the solutions adopted.
Our consultants provide added value in understanding the risks to which organizations are exposed, thereby improving the implementation of controls.
At JakinCode, we have the means to protect companies from the risks of leaks, unfair competition or industrial espionage.
We implement specific security measures through TSCM (Technical Surveillance Counter-Measures) solutions. We carry out electronic sweeps to discover information transmission elements installed for purposes that are contrary to the interests of our customers.
We perform rigorous scrutiny of equipment and workspaces through physical inspections and thermal, telephonic and radioelectric analysis.
An incident response plan consolidates the cybersecurity protection strategy. In a hyper-connected world, organizations are exposed to threats of various kinds (data theft, ransomware, etc.) that require appropriate treatment detailing the best way to deal with them.
Having procedures in place to act effectively prevents cyber-attacks before they occur, and minimizes the cost and business disruption associated with cyber-attacks that do occur. It
also prevents the effects of malicious actions from spreading (causing further damage to productivity).
Likewise, having an incident response plan is essential to mitigate the impact of an attack, as it helps to manage in a timely manner the proper recovery of the activity, which reduces the economic impact that could result from a bad action.
Cyber resilience, or the ability to withstand and recover from a cyber attack, requires technical and organizational measures designed to ensure business continuity by protecting an organization’s systems, data and operations. No organization is safe from falling victim to the malicious actions of cybercrime. It is necessary to have a very good preparation to be able to face them, by means of optimal systems, widely contrasted procedures, and adequate training.
Acquiring a good cyber resilience capability helps reduce financial losses, protects corporate reputation, aligns with the requirements of security laws and regulations, and enhances the overall protection strategy.
Thanks to it, a system is prepared to react adequately not only to identified threats, but also to those that could represent an unforeseen incident not previously contemplated.
Yes, but it must be ensured that the evidence has not been altered in any way in its chain of custody. Extreme precautions must be taken when working with the data obtained, as they must retain their original state at all times, without subsequent manipulation altering, modifying or affecting in any way the content, reference, identification or characteristics of the evidence.
The aim is to extract all the necessary information that needs to be presented as valid evidence in a process that seeks the clarification of facts involving technological elements.
Evidence can be obtained from information contained in system logs, even from such sensitive elements as volatile memory of a device, hard disks, etc., and its extraction must comply with the legal requirements stipulated for this purpose.
Risk analyses are used to identify and evaluate those elements that may have negative consequences for a company’s information systems. Once performed, well elaborated and supported decisions can be taken to mitigate undesired situations derived from the detected risks.
The defensive functionality of the systems depends on their detailed description. Risk analyses take into account the probability of their occurrence as well as their impact. It is therefore important to carry out a complete identification of the assets belonging to an organization, to know the vulnerabilities, and to assess the threats.
A good methodology to carry them out is called MAGERIT, which allows establishing dependencies between the different assets, grouping them together to know how they are mutually related, and how the risk of one may have an impact on the rest.