Embed Size (px)
Citation preview
secunia.com
Secunia Data SecuritySecunia is located in Denmark in northern Europe, a very stable region of the world. Denmark is a full member of the EU, and a found-ing member of the NATO and the OECD. All of the above provide the stability and foundation for Secunia as one of the strongest players in the global security market.
The security and integrity of Secunia’s network is crucial for Secunia and its customers. The internal security policy at Secunia describes strict guidelines for handling customer data and other sensitive information.
All data transferred to the Customer Area (including data from the Secunia Corporate Software Inspector) is sent via industry standard SSL-encrypted HTTPS connections.
The data sent to Secunia is non-personal data only. The data is generic, standardised, and originates from installed programs and operating system on the devices, never from their configuration. Following is a sample data that is sent to Secunia: c:\CD1\SETUP.EXE - PE Timestamp : 0x45d6922f - Version : 5.2.3790.3959 - VendorName : Microsoft Corporation - FileDescription : Welcome to Windows Server 2003 - FileVersion : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) - InternalName : autorun - LegalCopyright : Microsoft Corporation. All rights reserved. - Filename : AUTORUN.EXE - ProductName : Microsoft Windows Operating System - ProductVersion : 5.2.3790.3959
All passwords for the Customer Area are hashed.
Customers can securely change their passwords via SSL to ensure that the passwords are confidential. Minimum length for the password is 8 characters.
Secunia will never ask for your password. Lost passwords can only be reset after contacting your account manager at Secu-nia.
No details are shared with any third party.
The information is stored for as long as the account is active.
Customers can delete host data if they wish, and it will be immediately removed from the active database. The data will only be present in backup archives for approximately 30 days.
Secunia follows best practices in regards to data separation and ACL-based security models.
All offline backups are encrypted.
Data
secunia.com
Secunia servers are hosted at two independent data centers, at separate physical locations.
The data centers have the following standards and compliance: - ISO 27001 certified compliant (DC1) - DS-484 compliant (DC2) - PCI compliant (DC2) - RS3411B audited by Grant Thornton (DC2) DC1 = Data center One, DC2 = Data center Two.
All HQ systems are hosted in highly secure Lampertz racks.
Only selected IT-staff have physical and administrative access to the systems containing sensitive data.
All staff handling sensitive data must hold a clean criminal record.
Backups and off-site replication of crucial data are conducted in a manner allowing Secunia to rebuild the network, and restore essential services in just a few hours in case of an emergency.
In case of total failure at one of the physical locations, the recovery plan allows Secunia to scale up and restore a fully running setup within one business day.
Data Center
Backup
Recovery Plan
Being the leading provider of Vulnerability Intelligence, Secunia plays an important role in the security eco-system, and is the preferred supplier for many enterprises and government agencies around the globe.
Vulnerabilities in programs represent the Achilles’ heel of any network or IT-system. Secunia’s mission is to identify and eliminate the threat from these vulnerabilities, by accurately tracking software vulnerabilities and supply products to our customers, and the community.
The quality and importance of Secunia in the security eco-system is publicly recognised by customers, partners, software vendors, industry peers, media, and the community. Secunia has from year one exhibited
peerless financial and strategic performance, proving the following by organic means:
Higher growth than market average since inception – and organic
Continuous growth in staffing
Profitable all years
No bearing debt
Privately funded, no venture capital
Dun and Bradstreet AA rating
A very strong and credible brand provider.
Contact [email protected] for more information
