Cyber Security Support Contract Questions and Answers

Questions and answers about this service

NFIR offers the Cyber Security Support Contract with various preventive services to reduce the probability of a Cyber Security Incident and reactive services to be well prepared in the event of an Incident. In addition, as a buyer of this Support Contract, you can count on attractive discounts for Pen tests and Incident Response.

What services does this Support Contract consist of?

Preventive Services:

  • 1 yearly phishing email simulation to employees
  • Once a year, a collective cyber awareness training for the management and/or board of directors of your organisation
  • Weekly vulnerability scan of 2 public IP addresses
  • 1 hour of free IT security consulting per quarter
  • 15% discount on the standard hourly rate for a pen test of your IT infrastructure, (web) application(s) or website(s)

Reactive services:

  • Available 24/7 if you are facing an IT security incident
  • The CERT of NFIR tries to be available at your location in the Netherlands within 3 hours (Wadden Islands excluded).
  • The Cyber Security Support Contract covers the intake (triage) of 1 incident p/y at no cost.
  • 15% discount on standard hourly rate for Incident Response work after intake

With how many people may I attend the yearly cyber awareness training for board members or management

Four employees per organization may participate in the yearly cyber awareness training.

Is the phishing email simulation general or specifically created for our organisation?

NFIR creates a phishing email simulation that fits your organization or industry. We use a customer-specific mail template, purchase a misspelled domain, and create a phishing website to retrieve login credentials from the recipient.

Which 2 IP addresses can I enter to be scanned weekly by the vulnerability scanner?

You may only provide public IP addresses, for example from your office environment, that are used and managed by you (or managed by a third party on your behalf) and that only receive and send traffic from you. Offering IP addresses belonging to a so-called shared-hosting environment is not allowed.

Why do I only receive an email with notifications from the weekly scanner? Is there also an online dashboard available?

From the Cyber Security Support Contract, you will only receive prio 1 and 2 notifications by email from the vulnerability scanner. This is in fact the “light version” of our vulnerability scanning service. If you also want to receive prio 3 and 4 notifications, add multiple public IP addresses, have your Office Automation scanned and would like an online dashboard, it is possible. We are happy to inform you about the various possibilities of vulnerability scanning for your organisation.

What can I use the 4 hours of IT Security Support per year for?

You may contact us to receive, among other things, advice on the current security situation of your IT infrastructure, your (web) application and your API links. In addition, you may ask us questions about IT security related issues where you are faced with a choice and we can think along with you. Consider choices for hardening, password managers, Network Security Monitoring, and the usefulness and necessity of a pen test. Finally, you may ask us to provide guidance on notifications you have received by e-mail from the weekly vulnerability scanner.

Can I also use NFIR for IT-Security advice for more than these 4 hours?

Of course. The 4 hours per year is included in the fee of your Cyber Security Support Contract. Additional work will be charged separately.

Why doesn’t NFIR offer Network Security Monitoring within the Cyber Security Support Contract?

Network Security Monitoring is one of the areas of expertise of NFIR. We offer this service from our “NFIR Insights” platform as an automated SIEM/SOC. Companies use this as an Intrusion Detection System and can add various other sources to it to keep a close eye on the network for suspicious traffic and situations. However, the service is too extensive and customer-specific to offer as a service within the Cyber Security Support Contract. We will gladly inform you about the possibilities for your organization!

When can I use the Incident Response services of NFIR?

Once you are dealing with an IT security incident or have strong suspicions of one, we are here for you 24/7! Perhaps your own IT department or an external party already has information they can share with us during the intake. Our team of ethical hackers and digital forensic examiners will ask various questions during the intake to get a good picture of the situation. This intake at your location is free of charge once a year for Cyber Security Support Contract customers. Immediately after the intake, we draw up an action plan to carry out triage and take mitigating measures. We also discuss with you the research questions for the digital forensic investigation and the formalities are taken care of before we start working. The Incident Response Team (in cooperation with your own IT department) will ensure that you regain control of your IT environment as soon as possible and will work on an investigation to provide answers to questions that are important to you (or to the Data Protection Authority). We always do this in a digitally forensic way, so that the findings can also be used for legal follow-up.

Why does NFIR offer discounted rates for pen testing?

Periodic pen testing of the technical resilience of your IT infrastructure, (web/mobile) applications and APIs is of great importance. As a result, your organisation will be informed in good time about the vulnerabilities present that could be exploited by unauthorised persons. We offer Cyber Security Support Contract customers an attractive discount on our standard hourly rate as a push to have a pen test performed periodically. This ensures you get the right insights at a reasonable rate and reduces the chances of an IT security incident.

Be prepared with the Cyber Security Support Contract.

More and more companies have cybercrime insurance, but it usually only covers consequential damage.
NFIR offers a very valuable package of preventive and reactive services, so you are assured of the very best help!

More and more companies have cybercrime insurance, but it usually only covers consequential damage. NFIR offers a Cyber Security Support Contract that provides direct assistance in the event of a cyber security incident and offers preventive measures to prevent a cyber security incident. For a small amount per year, without excess, we offer a very valuable package of preventive and reactive services and your organization is assured of the very best assistance.

When it comes to preventive services, think of:

  • 1-yearly phishing email test to stimulate cyber awareness among your employees
  • 1-Yearly collective cyber awareness training for the Management or the Executive Board of your organisation
  • 1 hour of free telephone IT-Security advice per quarter
  • Automated weekly vulnerability scan of 2 public IP addresses

When It comes to reactive services, think of:

  • Guaranteed availability 24/7 in the event of IT security incidents
  • Within 3 hours an Incident Response team available at your location in the Netherlands.
  • A support contract covers the intake interview (triage) of 1 incident p/y free of charge.

NFIR offers the Cyber Security Support Contract with various preventive services to reduce the probability of a Cyber Security Incident and reactive services to be well prepared in the event of an Incident. In addition, as a buyer of this Support Contract, you can count on attractive discounts for Pen tests and Incident Response.