The NFC supersedes both the ISO/IEC 27001, ISO/IEC 27002 & ISO/IEC 27005 in the context of cyber security. Just login...

Frequently Asked Questions

You Are In: Home / Frequently Asked Questions

Get all the answers to the most frequently asked questions (FAQs) regarding NFC ISMS, licence and certification.

  • What is the major challenge that limits technology innovation ?

    The major challenge that limits technological innovation is the increasing rate of cyber-crimes. These crimes have led to rampant operational disruption and massive financial losses, especially in the organizations that misjudge the effectiveness of their controls. Financial Technology industry services are mostly based on cloud technologies and outsourcing, and these cannot be protected by organisations adapting of-the-shelf ISMS due to the high risks of outsourcing, and the sophisticated cybersecurity threats which still remain a top of mind, as these sectors continue evaluating new threats and potential fraud risks.

  • What will be the outcome if I use the NFC? ?

    -enhance the interrelationship between technology and human factors - eliminate conflict and interaction between different competing factors that hinder the successful development of information security will be addressed - resolving system bottleneck that is usually located between various factors in the organisations. - considering the measurement and evaluation of organisation’s ISMS performance and outsourcing. -addressing the main potential factors that generate any hindrances during ISMS process, unlike the ISO27001/27002/27005 where standards are designed for certain focus.

  • What is the intended solution of the NFC ?

    The NFC main aim is to provide a comprehensive process to improve the strategies for managing information security and provide a comprehensive model to secure data at organisational level through an empirical approach by means of an exploratory survey, descriptive statistics and t-tests to determine significant differences of penetration testing techniques. The outcome of the NFC is aimed to improve the strategies for managing information security and provide a comprehensive model to secure data at organisational level.

  • Do you have to go through some checklist like the ISO27001 144 checklist? ?

    No

  • How is the NFC validating the process ?

    The NFC uses descriptive statistics and t-tests to determine significant differences of testing techniques. To prevent any bias in my validation, the NFC considers the size of each of the organisations attack surface such as their network attack surface, software (application) attack surface, and physical (employee) attack surface.

  • Do we have to pay according to number of employees ?

    No

  • Which standards apart from the NFC standards can be integrated with the NFC. ?

    The following standards can currently be integrated with the NFC: ISO 27001, ISO 27002, ISO 27004, ISO 27005, ISO/IEC 27018, ISO 27019, PCI DSS, GDPR, DSVGO. Future Integration possibility: BSI 100-1, BSI 100-2, BSI 100-3, BSI 100-4, BSI TR-03145, COBIT, IDW PS 330, IDW PH 9.330.1 IDW PS 880 IDW PS 951 IDW FAIT 1-3 ISAE 3402 ISO 22301 (BCM) MaRisk-E SREP SSAE 16 VDA ISA

  • Can I simply import data from other sources into NFC ?

    Yes. We accept, SPSS and excel data. With our NFC-deamon, you can easily import your set of variables data into the NFC system.

  • Can I use NFC to scan for vulnerabilities on my network? ?

    No, NFC is not a scanning tool. But you can export your data or allow the NFC to generate and analysis your security measures. You can use tools that freely comes with kali-linux to scan your system and import the results to NFC. Other tools are Acunetix, Aircrack-ng, BeEF, Burp Suite, Cain & Abel, Colasoft Packet Builder, DNSstuff, Fiddler, Firebug, hping, Hydra, ike-scan, JMeter, John the Ripper, Kismet, MBSA, netcat, Nikto, OpenVAS, PatervaMaltego, pstools, Rapid7 NeXpose und Metasploit, SAINT, Shodan, Smtpmap/Smptscan, socat, Social Engineering Toolkit, sqlmap, Tenable Nessus, Wikto, Wireshark, Wpscan, Xenotix, Zed Attack Proxy and more.

  • Do I have to install the NFC on my computer or server? ?

    You do not have to install NFC. You can use it as a cloud base or on premises. It is a web based application.

  • Will I be given a report after completion ?

    Report is giving to every phase of the NFC. As said, the phase runs 5five times at a time. In each phase there is a report generated termed as "semi-report". The last report will be a final report which the NFC will analyze and compare to the the NFC metrics. After a successful outcome, a full report will be generated. Certification is only issued after 12 Month based on the metrics of the company security measures during the past 12 Months.

  • Nine Five Circle License ?

    License is only issued to organizations after 12 Month based on the metrics of the company security measures during the past 12 Months.

  • Get certified as NFC auditor or expert ?

    This is a 6 Months training course. At the end of the intensive course, participants will be given 300 questions to answer, excluding the oral and some practical work that need to be completed during the training session. The exams has a duration of 4 Hours in total.