This blog dives into the most frequently asked questions (FAQs) about cyber security audits, specifically designed for insurance brokers. We cover essential practices, insights, and considerations that will help brokers navigate the complexities of cyber security with greater confidence.
This guide will improve your approach to digital security, this guide provides a solid foundation to safeguard sensitive information and maintain compliance.
> Most frequently asked questions about cyber security audits
> Detailed answers & other information
A comprehensive understanding of cyber security audits is important for insurance brokers to effectively assess and mitigate these risks. This blog explores the frequently asked questions (FAQs) surrounding cyber security audits tailored specifically for insurance brokers, offering insights into the essential practices and considerations necessary to navigate the complex realm of cyber security with confidence and proficiency.
Answer: Please provide the corresponding details of your insurance broking firm
Answer as follows:-
1. Vivek Stanley: IT Head: M-Tech-Technology Management: 11 Years
2. Vaishnavi S: Server management: Diploma in Computer Hardware: 5.5 Years
3. Devassy Nelvin: DevOps: MCA: 2 Years
4. Suraj Radhakrishnan: Front End: Plus Two: 10 Years
Answer: In AWS, encryption policies are typically implemented using services like AWS Key Management Service (KMS) to manage encryption keys. You can enforce encryption at rest for various AWS resources, such as Amazon S3 buckets, Amazon EBS volumes, and Amazon RDS databases. Additionally, AWS Identity and Access Management (IAM) allows you to control access to encryption keys and resources, ensuring secure data handling within your AWS environment.
Answer: –
At Rest: Data is considered at rest when it is stored in a persistent storage medium, such as databases, Amazon S3 buckets, or EBS volumes.
In Transit: We are using secure communication channel using protocols like HTTP for web traffic and SSL for various services.
Answer: TLS 1.2, SSH
Answer: Yes, we do.
Answer: Yes, we do.
Answer: Yes. Gitlab.
Answer: NA.
Answer: Yes.
Answer: Regular updates, testing, training are essential to maintain the effectiveness. In the case of database backup we are using two types of back up –
1. Daily backup
2. Three hour backup
Restoration Process: Our RTO is 4 hours. It means that the organization aims to have the application fully operational within 4 hours of a disruption.
Recovery point objective: 3 hours. It means that data recovery should be initiated in a way that ensures no more than 3 hour of data is lost.
Answer:
1. Server level controls: The access to server is protected by user credentials along with the SSH key using which, authorized personnel can only access the server. We are also using least access privilege and strong password management policy to ensure secure access.
2 Website level controls:-
1) User with privilege will be able to access the admin panel of the website.
2) When we will be enabling customer accounts, then we will be having a 2FA for end customers.
Answer: Yes. Based on the roles and responsibilities
Answer: No. Only reviewed on demand.
Answer:–
1. In App Server: HTTPS 443, HTTP 80, SSH 22
2. In MySQL: 3306, HTTPS 443, HTTP 80, SSH 22
Answer:
1. Operating System: OS ubuntu 20.04
2. Firewall: Firewall Default
3. MySQL version: MySQL version 8
4. PHP Version: PHP version 8.1
5. Server Location: Mumbai
Answer: We are storing our database in a secure server and we are using MySQL as our database and we are using SHA2 based encryption which is tested for SQL injection and other hacking techniques.
Answer: Hosting: AWS Mumbai, India.
Answer: We are using Sibro application as MIS and Policy Engine for Insurer Integration. All Employees login to SIBRO for MIS purpose. The Policy Engine is an API system that enables real time connectivity and single window connectivity between Broker Systems and insurance core systems.
Answer: We have monitoring in place; that will intimate us on above expected usage. This will help us take scaling decisions.
Well, you have all the answers here. If you want to know how to become a successful modern insurance broker, click here to explore more tips.
By adopting these innovations, brokers can ensure operational efficiency, elevate client satisfaction, and stay ahead in a competitive market. Embrace the future of insurance broking with these cutting-edge solutions and transform your business into a model of efficiency and client-centric excellence.
Author at Protracked Software Solutions