Cyber Horizon
Back to Legal

Information Security Policy

Cyber Horizon Intelligence Ltd

Effective Date: 1 January 2024 · Last Updated: 29 March 2026 · Version 1.1

1. Security Objectives

Cyber Horizon Intelligence is committed to maintaining the highest standards of information security to protect our customers, partners, and business operations. Our security objectives include:

  • Confidentiality: Ensuring information is accessible only to authorized individuals
  • Integrity: Maintaining accuracy and completeness of information and systems
  • Availability: Ensuring reliable access to information and services when needed
  • Compliance: Meeting all applicable legal, regulatory, and contractual requirements

2. Technical Security Controls

Data Protection

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Database encryption with key rotation
  • Secure backup and recovery procedures

Network Security

  • Next-generation firewalls and intrusion detection systems
  • Network segmentation and zero-trust architecture
  • Regular vulnerability assessments and penetration testing
  • 24/7 security monitoring and incident response

Application Security

  • Secure development lifecycle (SDLC) practices
  • Regular code reviews and security testing
  • Input validation and output encoding
  • Session management and authentication controls

3. Access Control Policy

Authentication Requirements

  • Multi-factor authentication (MFA) for all user accounts
  • Strong password policies with regular rotation
  • Single sign-on (SSO) integration where applicable
  • Account lockout policies for failed login attempts

Authorisation Principles

  • Principle of least privilege access
  • Role-based access control (RBAC)
  • Regular access reviews and certifications
  • Immediate revocation upon termination or role change

4. Incident Response

Incident Classification:

  • Critical: Major service disruption or data breach
  • High: Significant security event requiring immediate attention
  • Medium: Security incident with moderate impact
  • Low: Minor security event for monitoring and analysis

Response Procedures: Automated 24/7 monitoring with defined incident response procedures, automated threat detection and alerting, defined escalation procedures and communication protocols, and post-incident analysis and lessons learned process.

5. Compliance and Auditing

  • SOC 2 Type II (in progress)
  • GDPR compliance for EU data subjects
  • ISO 27001 alignment (pursuing certification)
  • NIST Cybersecurity Framework alignment
  • Comprehensive security logging and monitoring
  • Regular internal and external security audits

6. Policy Governance

This Information Security Policy is reviewed and updated annually or as needed, approved by senior executive leadership, communicated to all employees and relevant stakeholders, and enforced through regular training and awareness programs.

Contact

For questions about this policy or to report security concerns: security@cyberhorizon.co