Cybersecurity Agreement Glossary
Unlimited Onsite Support
- An unlimited number of onsite support visits when you experience technical problems, outages, and disruptions.
- Onsite support is a range of IT services provided by knowledgeable and professional technicians at your business location. This includes everything from software and hardware installations to prompt resolution of technical issues, ensuring your IT infrastructure is robust and reliable.
- Does not include MACs to the existing infrastructure:
- Moves, Adds, or Changes to the environment, services, or scope of work
- All MACs will be quoted through the ByteTime procurement or business development departments and submitted for Client review
Unlimited Remote Support
- An unlimited number of remote support tickets/calls when you experience technical problems, outages, and disruptions.
- IT remote support is a service that enables IT technicians to access and troubleshoot another computer or device from a different location.
- Does not include MACs to the existing infrastructure:
- Moves, Adds, or Changes to the environment, services, or scope of work
- All MACs will be quoted through the ByteTime procurement or business development departments and submitted for Client review
Ticketing System & Customer Portal
- An IT ticketing system is a tool used to track IT service requests, events, incidents, and alerts.
- A ticket is a record that represents an incident, alert, request, or event that requires action from our IT department. It often contains additional contextual details and may also include relevant contact information of the individual who created the ticket.
BT Armor
- Next gen Perimeter defense with onsite backups and an IT presence that does not interfere with day-to-day activities.
- Jump Box allows for immediate disconnect from most BT tools and resources in the event of an IT emergency
- Installation of Advanced Disaster Recovery
- Provides continuous restore of local backup
- Minimizes downtime in event of a full restore
IT Vendor Mediation
- Save your organization time, money, and productivity by having ByteTime mediate any conversation with an IT vendor.
Automated Off-site Backups (AOB)
- Automated Offsite Backup refers to a remote, managed, or online backup service that provides a storage and recovery system. A means of securing your business’s data to a server or media in a different location than the primary server.
- Benefits include:
- Secure data from system malfunctions or attacks
- Access data from any location
- Easily share date
- Automatic backups provide necessary levels of safety & security.
- Replicates for a minimum of 28 days
- Reduce compliance risks
Patch Management
- Process of distributing and applying updates to software and devices. These updates are often necessary to correct errors and plug security gaps.
- Involves identifying, quarantining, testing, and installing patches or updates.
- Part of systems management and balances cybersecurity with operational needs.
Endpoint Detection & Response (EDR)
- Focuses primarily on detecting and securing individual endpoints, such as desktops, laptops, servers, and mobile devices.
- Provides visibility and security controls at the endpoint level.
- Collects data and analyzes endpoint activities to identify suspicious or malicious behavior.
- Reactive approach, requiring organizations to respond to threats once detected.
Managed Detection & Response (MDR)
- Service that includes monitoring and responding to threats across endpoints.
- Responsible for monitoring, detecting, and responding to threats on behalf of the organization, reducing the organization’s internal workload.
- Encompassed advanced processes, threat hunting, threat intelligence, and human expertise to detect and respond to threats.
- Proactive approach actively monitoring and hunting for threats and quickly taking action to detect and mitigate threats before they escalate.
SOC (Security Operations Center)
- Responsible for improving an organization’s cybersecurity posture and preventing, detecting, and responding to threats.
- Monitors identities, endpoints, servers, databases, network applications, websites, and other systems to uncover potential cyberattacks in real time.
Zero Trust
- Security strategy that is designed to protect digital assets by assuming that all users, devices, and components are untrusted at all times, regardless of whether they are inside or outside of an organization’s network
- The main concept behind the Zero Trust security model is “never trust, always verify.” This means that users and devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified
Sensitive File Encryption
- Process of encoding sensitive data so it is not accessible to anyone without permission
- Encrypting files ensures that sensitive data is only accessible to authorized recipients, keeping it safe from prying eyes and potential cyber threats
- Protects against malicious cyber threats, meets federal and state data privacy laws, makes data transfer easier, and reduces the need for other security measures.
Email Security Suite
- Practice of protecting email accounts and communications from unauthorized access, loss, or compromise. Organizations can enhance their email security posture by establishing policies and using tools to protect against malicious threats such as malware, spam, and phishing attacks.
- Protect a company’s brand, reputation, and bottom line. Email threats can lead to devastating costs, operational disruption, and other severe consequences.
- Enhance productivity: With a robust email security solution in place, businesses can reduce potential disruptions to operations and downtime because of a cyberattack.
CyberForce
- Specialized CyberSecurity team to manage advanced security services that include:
- Security Assessments/Remediation/Ongoing monitoring
- Managed Security
- Web Security
- Email Security
- Endpoint Security
- Data Protection & Compliance
- Identity Management & Access Controls
- Mobile Security (MDM)
- Perform CyberSecurity risk assessments
NOC Services
- A Network Operations Center (NOC) is a physical or virtual centralized location where computers, telecommunications or satellite networks systems are monitored and managed 24-7. It is the first line of defense against network disruptions and failures.
- Oversee complex networking environments, including servers, databases, firewalls, devices, and related external services. The IT infrastructure may be located on-premises and/or with a cloud-based provider, depending on the company’s needs.
- NOCs typically operate in a tiered fashion. Incidents are categorized from one to three, with one being the lowest level, such as assessing alerts from infrastructure devices, and three being the most severe incidents, such as a ransomware attack or network outage.
Multi-factor Authentication (MFA)
- Authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.
- Core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber-attack.
Microsoft 365 Suite with Email and Backups
- Microsoft 365 (sometimes referred to as O365) is a popular SaaS (solution-as-a-service) offering so end users & organizations receive a robust suite of productivity tools, which include Exchange Online, OneDrive for Business, SharePoint Online, and Microsoft Teams, among others.
- As opposed to conventional licensing and usage models for these applications, Microsoft 365 is hosted in the cloud, making it available anytime, anywhere – without the hassle of installing or maintaining these services.
Security Education Training Awareness (SETA)
- Security Education Training and Awareness (SETA) is a program designed to help organizations mitigate the number of security breaches caused by human error.
- Security education and awareness refers to the methodology followed for training, educating, and generating awareness for information technology security in the workplace
- SETA includes the following components:
- Awareness: Focuses attention on security.
- Training: Produces relevant and needed security skills and competency.
- Education: Integrates all (security skills and competencies) into a common body of knowledge, adding a multidisciplinary study of concepts, issues, and principles.
CyberSecurity Insurance Consultation
- With the rise in security incidents, cyber insurance companies are intensifying the scope and complexity of qualifying requirements for coverage and policy renewals.
- Cyber insurance applications cover a wide range of requirements that can be very challenging to achieve and manage.
- ByteTime is able to provide your organization with a CyberSecurity specialist to review your current policy and make recommendations.
Baseline CyberSecurity Risk Assessment
- The goal of the assessment is to identify an organization and their employees’ overall competency of cybersecurity topics and potential cybersecurity risks.
- We can help keep your company secure by implementing appropriate training procedures.
- The assessment is comprised of sixty questions and must be completed in one session. It will take each user 20-30 minutes to complete.
- Topics will include Phishing awareness, Working Remotely, Handling PII, General CyberSecurity Knowledge, Password Hygiene, and Social Media.
Ongoing CyberSecurity Risk Assessment
- Each week, all users will receive a brief description of the week’s topic, some quick tips, and a link to a video with assessment questions pertaining to that video.
- These are short 2-3 minute videos (CyberSecurity topics) accompanied by a four question (True/False quiz based) on the material covered.
IT Policies & Procedures
- ByteTime will create standard policies and procedures to help organizations detail many of their security practices and outline the protection measures that are being followed.
- Policies and procedures help demonstrate compliance with certain regulatory requirements as well as provide employees with clear indications of their expected responsibilities and best practices to follow.
- Policies & Procedures are typically based off the National Institute of Standards & Technology (NIST) framework.
Disaster Recovery Plan
- ByteTime will create a Disaster Recovery Plan that outlines how an organization will respond effectively to an unplanned incident and resume business operations.
- In cybersecurity, a Disaster Recovery Plan will focus explicitly on disasters resulting from cyber threats, such as DDoS attacks or data breaches.
- This plan will contain timelines, detailed documentation, and specific goals for recovering both data and systems.
Mobile Device Management (MDM)
- Mobile Device Management (MDM) is a type of security software that enables organizations to secure, monitor, manage, and enforce policies on employees’ mobile devices.
- Components of MDM tools include:
- Device Tracking
- Mobile Management
- Application Security
- Identity & Access Management (IAM)
- Endpoint Security
Quarterly Business Review (QBR)
- Quarterly strategic meeting between ByteTime and Client to discuss your organization’s security, infrastructure, and any outstanding issues.
- Purpose is for strategic alignment, technology advice, service metrics, accomplishments/goals, and feedback.