top of page
Atendimento às Resoluções 4893.jpg
signal-2022-01-28-200350.jpeg

"Compliance with Resolutions 4893, enacted on 07/01/2021, 4658 (of 04/24/18) revoked by 4893)

"Compliance with Resolutions 4893, promulgated on 01/07/2021, 4658 (of 24/04/18) revoked by 4893), apply to FIs (Financial Institutions) and Circular 3909, which complements them for PIs (Payment Institutions) ), are decisions... of the Technological Committee of the Central Bank of Brazil that requires the financial sector to implement Information Security in its businesses, technologies, operations and physical environments.

CLASSIFICATION OF INFORMATION

Classifying information is translating the labels that exist for each appropriate information of the company in order to give them different treatment, within the security expectation that best suits each situation of use of that information.

Atendimento à LGPD.jpg
signal-2022-01-28-200118.jpeg

Compliance with LGPD (General Data Protection Law (Law 13709/18)

Ordinary General Law for the Protection of Private and Personal Data of Natural Persons (Physical, Non-Legal). This is the law that complements the Marco Civil da Internet on the issue of Security and extends it to all personal information of all people in Brazil.

ERM

ERM, or Enterprise Risk Management (in good Portuguese), is the process of establishing a long-term vision for the risk assessment model within a business, government or third sector organization.

signal-2022-01-28-200022.jpeg
Plano Diretor de Segurança.jpg

COBIT Maturity (Measurement)

What is it? COBIT(*) – Control Objectives for Information and Related Technology – or in free translation into Portuguese, Control Objectives for Related Information and Technologies.

Master Safety Plan

Security Master Plan serves to create a corporate or information security area in companies that need an active structure in this regard. In general, almost all. Even small companies, with few employees, should have a person or a contract with someone to carry out this task, which is complex, so to speak, but fundamental in guaranteeing the information to be transmitted between customers, suppliers and even internally.

signal-2022-01-28-200138.jpeg
Plano de Continuidade de Negócios.jpg

BIA 

BIA (Business Impact Analysis) or AIN (Business Impact Analysis) is an analysis carried out from interviews, subsequent to the Risk Assessment to the business, providing surveys that allow the understanding beyond the existence of risks that could harm the company, in addition to to determine the impacts that will arise from the occurrences, precipitating the creation of contingency strategies and subsequent Contingency and Business Continuity Plans.

 

 

 

 

 

Business Continuation Plan 

Business Continuity Plan

Interruptions in Business Processes, whether short or prolonged, always affect the business, causing impacts that are often irreversible. According to the DRI – Disaster Recovery Institute, of every five companies that have an interruption in their operations for a week, two close their doors in less than three years. This data justifies why in the world market one of the biggest challenges for executives is to guarantee the continuity of their business regardless of the type of event that may occur.

Avaliação de Segurança de Sistemas.png

Systems Security Assessment 

These are analyzes carried out by a specialist on a system developed internally, contracted for development in a software factory or acquired in the market. This analysis aims to identify whether the system meets the recommended security standards, avoiding critical security failures.

signal-2022-01-28-195827.jpeg

Vulnerability Analysis 

Vulnerability Analysis is one of the first analyzes that should be carried out in the focus of Information Security, as it is notable for structuring the knowledge of the actions of weaknesses in the access ports of firewalls, servers, gateways and other existing elements in a computer network.

signal-2022-01-28-195751.jpeg
image.png

Emergency Team 

Ransomware is a type of Cyber Attack where the Malefactor (commonly called a Cracker), invades the Customer's network, removes or encrypts the Customer's Database, demanding money to return the data or release the access key to the Database.

Security Policies 

Security policies, like any policies, serve to guide the way things happen in a company or organization, in relation to the topic of Security. They are structured documents that follow the ABNT NBR ISO/IEC 27002 standardization.

signal-2022-01-28-195722.jpeg
1.jpg

Money Laundering Prevention 

The expression Money Laundering originates from the fact that the money acquired illicitly is dirty and, therefore, must be laundered to become clean.

Data Protection 

Follow all our posts to always stay on top of our security issues.

 

Why do you want my CPF?

What are you going to do with him? Who gave you my phone?

What should I or shouldn't expose on the internet and social networks?

Teste de Invasão.png

Penetration Test 

Penetration tests are activities conducted by the so-called "hackers of good", or "Security Specialists", who simulate the action of hackers and crackers, invading networks with the proper legal authorization of the customers, in order to discover their main breach problems. security, confidentiality, integrity and availability. Below we detail its benefits and techniques.

analise-riscos.png
iso.jpg

Risk analysis

Risk Analysis (AR) is a fundamental initiative for the execution of Information Security services. It is not by chance that it is the first activity determined by the ISO 27002 standard (Code of Practice for Information Security). It is from there that the security activities are developed and carried out in their continuity, having the first action concluded, if it is known what is necessary to do in the intricacies of the company or body studied, for later implementation due within the necessary requirements for each situation and action properly and not in isolation.

ISO family  27000

ISO/IEC/NBR 27000 is a family of technical standards born from different nationalities, recommended by the ISO (International Standardization Organization) committee, a UN body (United Nations), which consists of its activities in the combination of knowledge gathered by all its member countries with the aim of disseminating technical knowledge around the world.

signal-2022-01-28-200904.jpeg

PCI-DSS certification

 PCI-DDS  is a security standard for the use of credit and debit cards, created in 2006, by joining  of the Mastercard and VISA Brands in a council called the PCI Council, for the safeguarding of personal information in the means of payment, providing security situations from the existing technology elements in the Acquiring companies (those that receive card transactions and pass them on to the Brands , in Brazil: Cielo, Rede, Global Payments, Vero, Getnet, Stone, among others), in payment gateways and in commercial establishments.

ESG_Novo.jpeg
Treinamento Personalizado.jpg

PCI-DSS certification

 PCI-DDS  is a security standard for the use of credit and debit cards, created in 2006, by joining  of the Mastercard and VISA Brands in a council called the PCI Council, for the safeguarding of personal information in the means of payment, providing security situations from the existing technology elements in the Acquiring companies (those that receive card transactions and pass them on to the Brands , in Brazil: Cielo, Rede, Global Payments, Vero, Getnet, Stone, among others), in payment gateways and in commercial establishments.

Treinamentos Personalizados

Treinamento para equipes especializadas e colaboradores da empresa afim de lhes informar e capacitar acerca dos temas Segurança da Informação, LGPD, Continuidade de Negócios, COBIT, ITIL e certificações específicas de Cibersegurança.

bottom of page