Immersive Labs 2021 Global Crisis Exercise: Ransomware
How we use your data: fact sheet
The data we collect about you
At the point of registration, we collect the following information from you:
- Email address
- Company size (by number of employees)
- Job title
- Number of years experience
- Gender (we provide “other” and “prefer not to say” options)
(with the final two fields being optional).
We also use your IP address to collect information about the way you interact with the exercise. During this exercise we will be collecting your individual answers to each of the questions including the time you take to answer each question.
Some of this information identifies you as an individual. We process this information in accordance with our privacy notice which contains more detailed information about the personal data we collect, what we use it for, who we share it with and how we protect it. If you have any questions, please contact firstname.lastname@example.org.
How we use your data
Any data collected as part of the crisis sim exercise will be used to get insights into the current state of the cybersecurity industry workforce. Any published data used in reports will be aggregated and anonymized in a way which means that no individuals or individual companies can be identified.
This means we will only publish data points that consists of at least 5 people for role level trends or 5 companies for industry trends. We will however publish individual quotes which do not identify individuals.
How we look after your data
Being in the cyber security space, naturally we maintain a strong security posture. For detailed information about the security measures we put in place to secure the data we collect about our users, please see our Security Measures page. Examples of the types of measures include:
- Encryption: User data is encrypted at rest and in transit using AES – 256. For data in transit the protocol is TLS 1.2.
- Hosting: We host our platform on AWS which places user data in its data centers in Ireland. Using AWS means we take advantage of their rigorous security standards, and reliance, servers and firewalls are always up to date. AWS has SLAs regarding availability, and there are controls in place to protect the production environment.
- Passwords: Passwords are encrypted, and we enforce complexity requirements, being 12 characters in length
- Disclosure of user data: We only disclose user data to third parties where disclosure is necessary to provide our services or as required to respond to lawful requests from public authorities.
- Handling: We perform daily backups of all data contained in the platform, including user data, to prevent data loss. We have in place a disaster recovery plan which is regularly tested. Documents containing customer data are automatically classified as confidential and are subject to our highest standards of security.
- Certifications: We are ISO27001, Cyber Essentials and Cyber Essentials plus certified.