TerraMedusa has both a privacy focused thinking system. As well with his employees as the institutions. We guarantee all kind of work with the confidentiality agreements performed on legal ground. All kind of cooperation with institutions are carried out on the legal basis, with sensitivity to rights and privileges.
The Internet has become a cultural center where everyone can meet with information regardless of time and place limits. Taking necessary and sufficient precautions by ensuring information security within the scope of new legal and ethical responsibilities will prevent many financial and moral damages that may occur in institutions in the near future. Legal and ethical responsibilities of institutions and information security professionals in ensuring electronic information security, are addressed within the scope of the European Union Law Legislation and professional ethical rules.
Information Security professionals are obliged to carry out their services within the framework of the legal rules related to the field of informatics while performing their responsibilities using computer technologies. The responsibilities of IT professionals are not limited to organizing, storing and presenting information. Institutions also have general responsibilities in protecting their employees’ personal information securely, protecting the privacy of private life information that can be obtained from the resources that their customers benefit from and to forward a crime to the competent authorities.
The issue of ensuring information security is the common subject of both the law and information fields. It is not possible to achieve permanent success if one of these disciplines is missing. For this reason, it is important to take technical measures in accordance with the legal rules during information security studies. Institutions are also required to request certain guarantees from the companies they will work with, paying attention to the other items listed below.
NDA’s must be signed before the information security work is to be done. It should be ensured that any information and documents that are received during and after the work in the confidentiality agreement are the intellectual property of the institution, confidential information and that this information is secured under the agreement indefinitely.
Companies with corporate titles should be preferred over individuals or over individual companies. Firms that sell automated services and operate in many areas (hardware, software, product, training, etc.), companies that outsource projects should not be preferred as much as possible, due to both corporate confidentiality violations and inability to realize projects.
The persons who commission the project and the services must be the employee or shareholder of the company from which the proposal is received. The company where the work will be carried out, the information of the people who will carry out the project should be requested and their social media accounts should be reviewed. Nowadays, it is seen that a lot of Information Security experts have made public statements about corporate customers or other companies’ private information, security vulnerabilities. These people who attack companies uncontrollably will pose a serious threat to your company in the future.
Reference about numerous previous projects should be requested. The offer submitted by the Information Security company should not be too low compared to equivalent companies. One of the factors that determine the quality and reliability of the service is the risks behind the offers that seem very advantageous.The information seized during the Information Security projects of many institutions is sold or shared with others. In addition, penetration test service should only be obtained from companies operating in this field. Firms that sell products, software, hardware, and training not only have these services outsourced to individuals/firms, but their reports do not contain anything other than the outputs of automated tools. The final reports of these companies are generally directing to high-cost hardware and software solutions for sales purposes.
Please reject any affordance such as “We found ‘X’ vulnerabilities in your systems, if you work with us we close them” from the institutions with whom the project is intended. In such cases a criminal complaint should be filed with the prosecutor’s office. It is difficult to know how the exploits obtained as a result of such projects without the permission of the institution are abused. Those who do this work without a confidentiality agreement want to work first, in the next phase they either blackmail or share the information they have obtained with others or sell them on some platforms over the Internet, if the work is not done.