{"id":7026,"date":"2023-05-19T11:33:36","date_gmt":"2023-05-19T09:33:36","guid":{"rendered":"https:\/\/www.esferize.com\/?page_id=7026"},"modified":"2023-05-19T13:54:19","modified_gmt":"2023-05-19T11:54:19","slug":"security-policies","status":"publish","type":"page","link":"https:\/\/www.esferize.com\/en\/security-policies\/","title":{"rendered":"Security policies"},"content":{"rendered":"<div class=\"page\" title=\"Page 6\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<h2>Introduction<\/h2>\n<p>Like most companies today, our business is fully digitised and therefore depends on information; on the databases, repositories and systems where this information is stored and managed; on the data networks that allow us to access and distribute this information; and finally, on the equipment and devices that connect to these networks and allow us to work with it.<\/p>\n<p>Any incident involving any of these assets (information, systems, applications, networks and equipment) will jeopardise business continuity by paralysing almost all (depending on the scope of the incident) of the processes that allow us to function. These incidents can be of two types: technical (equipment failure), or security (premeditated attack). It is the latter that is the subject of this document.<\/p>\n<p>This document will set out security policies, objectives and procedures to, in the first instance, prevent security incidents from occurring in the first instance and, in the second instance, to be prepared if they do occur.<\/p>\n<p>Finally, but perhaps most importantly for the business, being an ICT company, which also offers a cybersecurity service in its portfolio, reputation is a matter of being in the market, or being driven out of it for good.<\/p>\n<p>&nbsp;<\/p>\n<div class=\"page\" title=\"Page 7\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<h2>Security objectives<\/h2>\n<p>As a company, we have set the following safety objectives, the achievement of which will be measured by indicators that will be displayed on the Management and Safety Committee scorecard:<\/p>\n<ul>\n<li><strong>Protect information assets:<\/strong> each asset will have an established owner, as well as the persons, suitably identified, who have access to this asset. Each asset is only accessible by its owner. If necessary, access will be authorised to other persons, but by default it will be in read mode, without any other privilege. Only if necessary and with the authorisation of the owner, or of the management (depending on the type of asset), will all usage privileges be granted to the authorised person.<br \/>\n<em><em><span style=\"font-size: 16px;\"><br \/>\nMetrics: Protected assets \/ Total assets, Active user accounts \/ Active employees, Public assets \/ Private assets.<\/span><\/em><\/em><\/li>\n<li><strong>Integrity of information:<\/strong> The integrity of the information must be maintained at all times during the operations carried out on the information. Reading, modification, encryption and deletion shall be prevented whenever unauthorised. The systems where this information is stored and the equipment and networks over which it is transmitted must actively support this, with end-to-end encryption if the network is untrusted (Internet).<br \/>\n<em><em><span style=\"font-size: 16px;\"><br \/>\nMetrics: Encrypted Assets \/ Total Assets<\/span><\/em><\/em><\/li>\n<li><strong>Access control with AAA mechanism:<\/strong>\n<ul>\n<li><strong>Authentication:<\/strong> all employees and users of the system will have access <span style=\"font-size: 16px;\">credentials (username and password, biometrics) that guarantee that the person is who they say they are. To increase security and make identity theft more difficult, all those assets where it can be implemented will use two-factor authentication with mobile application.<\/span><\/li>\n<li><span style=\"font-size: 16px;\"><strong>Authorisation:<\/strong> assets of all types shall ask for authorisation for use before allowing access regardless of whether the person has successfully authenticated.<\/span><\/li>\n<li><strong style=\"font-size: 16px;\">Accounting:<\/strong><span style=\"font-size: 16px;\"> all access to and modification of any asset shall be properly recorded.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<div class=\"page\" title=\"Page 8\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<ul>\n<li><strong>Develop a continuity plan<\/strong> to recover from a disaster in the shortest possible time.<em>Metrics: the plan itself, mock disaster report, project progress.<\/em><\/li>\n<li><strong>Inform, train and raise awareness<\/strong> among all employees on information security, especially on their roles, obligations and responsibility to fulfil them.<em>Metrics: hacking performance.<\/em><\/li>\n<li><strong>Recording and managing security incidents:<\/strong> this will be done using the SOC (Security Operations Centre) which operates 24&#215;7 every day of the year. Incidents will be logged and labelled as &#8220;security&#8221; and according to their impact will be given a criticality level, as established in the Incident Management.<em>Metrics: progress over time of the number of security incidents, resolution times, etc.<\/em><\/li>\n<li><strong>Auditing:<\/strong> based on the security dashboard and real-time monitoring systems, security-related events (e.g. denied access attempts), incident metrics, review of authorisation lists (persons who have been terminated, changed departments, etc.) will be constantly reviewed to prevent unwanted actions.<\/li>\n<\/ul>\n<div class=\"page\" title=\"Page 9\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 10\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 11\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 12\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 13\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 14\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 15\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 16\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 17\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 18\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 19\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 20\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 21\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 22\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 24\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 25\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 26\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 27\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 28\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 29\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 30\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 31\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 32\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 35\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 36\">\n<div class=\"layoutArea\">\n<div class=\"page\" title=\"Page 36\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 37\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 38\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 38\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 39\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 39\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 40\">\n<div class=\"layoutArea\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Like most companies today, our business is fully digitised  [&#8230;]<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-7026","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Security policies - Esferize<\/title>\n<meta name=\"robots\" content=\"noindex, nofollow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security policies - Esferize\" \/>\n<meta property=\"og:description\" content=\"Introduction Like most companies today, our business is fully digitised [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esferize.com\/en\/security-policies\/\" \/>\n<meta property=\"og:site_name\" content=\"Esferize\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-19T11:54:19+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/security-policies\\\/\",\"url\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/security-policies\\\/\",\"name\":\"Security policies - Esferize\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/#website\"},\"datePublished\":\"2023-05-19T09:33:36+00:00\",\"dateModified\":\"2023-05-19T11:54:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/security-policies\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.esferize.com\\\/en\\\/security-policies\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/security-policies\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security policies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/\",\"name\":\"Esferize\",\"description\":\"Connect to the future\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/#organization\",\"name\":\"Esferize Comunicaciones S.L.\",\"url\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.esferize.com\\\/wp-content\\\/uploads\\\/2019\\\/10\\\/logo.png\",\"contentUrl\":\"https:\\\/\\\/www.esferize.com\\\/wp-content\\\/uploads\\\/2019\\\/10\\\/logo.png\",\"width\":453,\"height\":100,\"caption\":\"Esferize Comunicaciones S.L.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.esferize.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/esferize-comunicaciones\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security policies - Esferize","robots":{"index":"noindex","follow":"nofollow"},"og_locale":"en_US","og_type":"article","og_title":"Security policies - Esferize","og_description":"Introduction Like most companies today, our business is fully digitised [...]","og_url":"https:\/\/www.esferize.com\/en\/security-policies\/","og_site_name":"Esferize","article_modified_time":"2023-05-19T11:54:19+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.esferize.com\/en\/security-policies\/","url":"https:\/\/www.esferize.com\/en\/security-policies\/","name":"Security policies - Esferize","isPartOf":{"@id":"https:\/\/www.esferize.com\/en\/#website"},"datePublished":"2023-05-19T09:33:36+00:00","dateModified":"2023-05-19T11:54:19+00:00","breadcrumb":{"@id":"https:\/\/www.esferize.com\/en\/security-policies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esferize.com\/en\/security-policies\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esferize.com\/en\/security-policies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/www.esferize.com\/en\/"},{"@type":"ListItem","position":2,"name":"Security policies"}]},{"@type":"WebSite","@id":"https:\/\/www.esferize.com\/en\/#website","url":"https:\/\/www.esferize.com\/en\/","name":"Esferize","description":"Connect to the future","publisher":{"@id":"https:\/\/www.esferize.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esferize.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esferize.com\/en\/#organization","name":"Esferize Comunicaciones S.L.","url":"https:\/\/www.esferize.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esferize.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.esferize.com\/wp-content\/uploads\/2019\/10\/logo.png","contentUrl":"https:\/\/www.esferize.com\/wp-content\/uploads\/2019\/10\/logo.png","width":453,"height":100,"caption":"Esferize Comunicaciones S.L."},"image":{"@id":"https:\/\/www.esferize.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/esferize-comunicaciones"]}]}},"_links":{"self":[{"href":"https:\/\/www.esferize.com\/en\/wp-json\/wp\/v2\/pages\/7026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esferize.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.esferize.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.esferize.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esferize.com\/en\/wp-json\/wp\/v2\/comments?post=7026"}],"version-history":[{"count":0,"href":"https:\/\/www.esferize.com\/en\/wp-json\/wp\/v2\/pages\/7026\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esferize.com\/en\/wp-json\/wp\/v2\/media?parent=7026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}