Security
Cyberpert Security Statement
Security is the product, so it has to be true of the company too.
What is true today
- This website is served entirely over HTTPS with modern TLS.
- No client data, credentials, or case material is processed by this public website — it is an informational site.
- The contact form transmits data over an encrypted connection and is rate-limited against abuse.
- We do not request classified, regulated, or highly sensitive information through public web forms.
- Internal access to client systems and data follows least-privilege and is logged.
What is on the roadmap
- Password hashing with Argon2id, unique per-account salts, and no reversible password storage.
- Mandatory multi-factor authentication for all portal accounts.
- Encryption at rest for all client and case databases, with envelope encryption and managed keys.
- TLS 1.2 minimum (1.3 preferred) for every service-to-service connection.
- Role-based and attribute-based access control aligned to least privilege.
- Tamper-evident audit logging for access to reports, cases, and evidence.
- Encrypted, tested, and access-restricted backups.
We would rather tell you what is not built yet than claim a control that doesn't exist.
Frameworks we build against
NIST Cybersecurity Framework 2.0
OWASP ASVS / Top 10
ISO/IEC 27001 principles
GDPR Article 32 (security of processing)
Privacy by Design
