CyberGuardTech

Security Policy

CyberGuardTech.ro

Last updated: 2026

1. Introduction

At CyberGuardTech, security is a core principle of our operations. We are committed to protecting our systems, infrastructure, and user data against unauthorized access, misuse, disclosure, or destruction.

This Security Policy outlines the measures we implement, the standards we follow, and the procedures for reporting vulnerabilities or security concerns.

2. Scope

This policy applies to:

  • The website: https://cyberguardtech.ro
  • Associated web applications and services
  • Infrastructure, servers, and databases used to support our operations
  • Any digital systems under the control of CyberGuardTech

3. Security Principles

We follow industry best practices and security principles, including:

  • Confidentiality – ensuring data is accessible only to authorized parties
  • Integrity – maintaining the accuracy and consistency of data
  • Availability – ensuring systems remain accessible and operational
  • Accountability – maintaining logs and traceability of actions
  • Least Privilege – restricting access to only what is necessary

4. Technical Security Measures

We implement a range of technical controls to protect our systems:

4.1 Network Security

  • Firewalls and network segmentation
  • DDoS protection mechanisms
  • Traffic monitoring and anomaly detection

4.2 Application Security

  • Secure development practices (OWASP guidelines)
  • Regular vulnerability scanning
  • Input validation and output encoding
  • Protection against common threats (XSS, SQL Injection, CSRF, etc.)

4.3 Data Protection

  • HTTPS encryption (TLS)
  • Secure storage and handling of sensitive data
  • Data minimization principles

4.4 Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication (where applicable)
  • Strong password policies

4.5 Monitoring & Logging

  • Security event logging
  • Intrusion detection systems
  • Continuous monitoring for suspicious activities

5. Organizational Security Measures

We also implement internal controls, including:

  • Access restrictions for internal systems
  • Security awareness practices
  • Regular system updates and patching
  • Incident response planning

6. Vulnerability Disclosure Policy

We encourage responsible disclosure of security vulnerabilities.

If you believe you have discovered a vulnerability, please report it responsibly.

6.1 How to Report

Send an email to: [email protected]

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Proof of concept (if applicable)

6.2 Responsible Disclosure Guidelines

We ask that you:

  • Do not exploit the vulnerability beyond what is necessary for proof
  • Do not access or modify user data
  • Do not disrupt services or systems
  • Give us reasonable time to fix the issue before public disclosure

6.3 Our Commitment

We commit to:

  • Acknowledge receipt of your report
  • Investigate the issue promptly
  • Take appropriate remediation actions
  • Maintain confidentiality of the reporter (if requested)

7. Prohibited Activities

The following activities are strictly prohibited:

  • Unauthorized access attempts
  • Brute-force attacks
  • Automated scanning without permission
  • Exploitation of vulnerabilities for personal gain
  • Denial-of-Service (DoS / DDoS) attacks
  • Social engineering targeting our systems or users

Violations may result in legal action.

8. Third-Party Security

We may rely on trusted third-party providers for:

  • Hosting infrastructure
  • Analytics and monitoring
  • Security tools

We ensure that such providers meet appropriate security and compliance standards.

9. Incident Response

In the event of a security incident, we:

  • Identify and contain the threat
  • Investigate the root cause
  • Mitigate risks and vulnerabilities
  • Notify affected parties if required by law
  • Implement improvements to prevent recurrence

10. Data Breach Procedures

In case of a personal data breach:

  • We assess the severity and impact
  • Notify authorities (if required under GDPR)
  • Inform affected users when necessary
  • Take corrective measures immediately

11. Continuous Improvement

Security is an ongoing process.

We continuously:

  • Review and update our security practices
  • Monitor emerging threats
  • Improve infrastructure and defenses
  • Align with industry standards and frameworks

12. Limitation of Liability

While we take strong measures to secure our systems, no system is completely immune to risk.

CyberGuardTech does not guarantee absolute security and shall not be held liable for damages resulting from sophisticated cyberattacks beyond reasonable control.

13. Legal Compliance

We comply with applicable laws and regulations, including:

  • GDPR (EU 2016/679)
  • ePrivacy Directive
  • Relevant cybersecurity and data protection laws

14. Contact Information

For security-related inquiries or vulnerability reports:

📧 Email: [email protected]
🌐 Website: https://cyberguardtech.ro

🔐 Security Commitment Statement

At CyberGuardTech, we treat security not as a feature, but as a fundamental responsibility. We continuously invest in technologies, processes, and practices that enhance the protection of our systems and the trust of our users.