Nine Five Circle (ISMS)
The NFC covers the interrelationships between humans and technology, which comprises security compliance in the organisation, as well as all third-party partners that are involved in cybercrimes prevention. It also covers various factors that involve key variables and latent variables. The NFC enables organisations to analyse and to mitigate issues. The experimentation of the NFC involves the validation of hypotheses, control over variables, careful measurement, establishing cause and effect relationships between variables.
Some frequently asked questions
The major challenge that limits technological innovation is the increasing rate of cyber-crimes. These crimes have led to rampant operational disruption and massive financial losses, especially in the organizations that misjudge the effectiveness of their controls. Financial Technology industry services are mostly based on cloud technologies and outsourcing, and these cannot be protected by organisations adapting of-the-shelf ISMS due to the high risks of outsourcing, and the sophisticated cybersecurity threats which still remain a top of mind, as these sectors continue evaluating new threats and potential fraud risks.
-enhance the interrelationship between technology and human factors - eliminate conflict and interaction between different competing factors that hinder the successful development of information security will be addressed
- resolving system bottleneck that is usually located between various factors in the organisations.
- considering the measurement and evaluation of organisation’s ISMS performance and outsourcing.
-addressing the main potential factors that generate any hindrances during ISMS process, unlike the ISO27001/27002/27005 where standards are designed for certain focus.
The NFC main aim is to provide a comprehensive process to improve the strategies for managing information security and provide a comprehensive model to secure data at organisational level through an empirical approach by means of an exploratory survey, descriptive statistics and t-tests to determine significant differences of penetration testing techniques. The outcome of the NFC is aimed to improve the strategies for managing information security and provide a comprehensive model to secure data at organisational level.
The NFC uses descriptive statistics and t-tests to determine significant differences of testing techniques. To prevent any bias in my validation, the NFC considers the size of each of the organisations attack surface such as their network attack surface, software (application) attack surface, and physical (employee) attack surface.
The following standards can currently be integrated with the NFC: ISO 27001, ISO 27002, ISO 27004, ISO 27005, ISO/IEC 27018, ISO 27019, PCI DSS,
GDPR, DSVGO. Future Integration possibility: BSI 100-1,
IDW PS 330,
IDW PH 9.330.1
IDW PS 880
IDW PS 951
IDW FAIT 1-3
ISO 22301 (BCM)
Yes. We accept, SPSS and excel data.
With our NFC-deamon, you can easily import your set of variables data into the NFC system.
No, NFC is not a scanning tool. But you can export your data or allow the NFC to generate and analysis your security measures. You can use tools that freely comes with kali-linux to scan your system and import the results to NFC.
Other tools are Acunetix, Aircrack-ng, BeEF, Burp Suite, Cain & Abel, Colasoft Packet Builder, DNSstuff, Fiddler, Firebug, hping, Hydra, ike-scan, JMeter, John the Ripper, Kismet, MBSA, netcat, Nikto, OpenVAS, PatervaMaltego, pstools, Rapid7 NeXpose und Metasploit, SAINT, Shodan, Smtpmap/Smptscan, socat, Social Engineering Toolkit, sqlmap, Tenable Nessus, Wikto, Wireshark, Wpscan, Xenotix, Zed Attack Proxy and more.
You do not have to install NFC. You can use it as a cloud base or on premises.
It is a web based application.
Report is giving to every phase of the NFC. As said, the phase runs 5five times at a time. In each phase there is a report generated termed as "semi-report".
The last report will be a final report which the NFC will analyze and compare to the the NFC metrics.
After a successful outcome, a full report will be generated. Certification is only issued after 12 Month based on the metrics of the company security measures during the past 12 Months.
License is only issued to organizations after 12 Month based on the metrics of the company security measures during the past 12 Months.
This is a 6 Months training course.
At the end of the intensive course, participants will be given 300 questions to answer, excluding the oral and some practical work that need to be completed during the training session. The exams has a duration of 4 Hours in total.