Ensuring Your Account Security
As a part of our dedication to maintaining the safety and protection of your account and data, we encourage you to report any potential security concerns or issues you may come across while using our services. Your feedback is highly appreciated.
Security Guidelines
At ETB, we recognise the significance of collaborating with talented security researchers worldwide to pinpoint any potential weaknesses in our technology. If you happen to uncover a security vulnerability within our systems or any of our products/services, we value your assistance in reporting it to us responsibly.
We are committed to working closely with you to comprehend the nature and extent of the problem while ensuring that your concerns are thoroughly addressed. Vulnerability disclosures hold the utmost importance for us, and we will make every effort to promptly resolve any identified issues.
Exclusions
During your research, we kindly request that you abstain from the following activities:
Engaging in denial of service attacks
Spamming
Employing social engineering tactics (including phishing) against our staff, contractors, or customers
Initiating physical attacks against property or data centers
Attempting unauthorised data access or interactions
Reporting issues that do not align with industry best practices (we require evidence of a security vulnerability)
Utilising known-vulnerable libraries (unless you can provide evidence of exploitability).
Security Disclosure Policy
If you come across a potential security issue, please notify us promptly, and we will work diligently to address it as swiftly as possible. Allow us a reasonable timeframe to resolve the issue before disclosing it to the public or any third parties. Make a sincere effort to prevent privacy breaches, data destruction, and disruptions to our services. Only engage with accounts that belong to you.
Out of Scope
The following items are considered out of scope for our security research program
Reports generated by automated tools or scans.
Missing cookie flags on non-sensitive cookies.
Reports of insecure SSL/TLS ciphers (unless you provide a working proof of concept, rather than just a scanner report).
Exposure of non-sensitive data on mobile devices.
Missing security headers that do not directly lead to a vulnerability, including CSP (Content Security Policy).
Third-party vulnerabilities
If the issues reported to our program impact a third-party library, external project, or another vendor, we may share the details of the issue with that party without additional discussions with the researcher. We will make an effort to coordinate and maintain communication with researchers during this process, and we will not disclose your name to third parties without your consent.
Safe Harbor
Any actions carried out in accordance with this policy will be considered authorised, and we will not pursue legal action against you. If a third party initiates legal action against you in connection with activities conducted under this policy, we will take steps to publicly acknowledge that your actions were in compliance with this policy.
The senior management of Euro Time Bank is fully committed to upholding security standards within the organisation. They acknowledge the significance of identifying and safeguarding our information assets, preventing the loss, unauthorised disclosure, alteration, or misuse of information. They also promote the development, implementation, maintenance, and continual enhancement of our Information Security Management System (ISMS).
We are actively engaged in the following:
Periodically establishing objectives for Information Security management and the required steps to implement them.
Conducting systematic risk analyses and evaluating the impact and potential threats.
Validating actions required to mitigate identified risks deemed unacceptable, in accordance with criteria set by the Security Committee.
Implementing necessary controls and corresponding monitoring methods.
Ensuring compliance with legal, regulatory, and client requirements assumed by [Company's Name], as well as contractual security obligations.
Promoting awareness and providing information security training for all staff members.
Allocating the necessary resources to ensure business continuity for the company.
The safety objectives of are objectives in the following principles:
Safeguarding knowledge, information, and data.
Securing information and communication technologies.
Protecting facilities and buildings.
Preserving company assets.
Ensuring business continuity.
Adhering to legal and regulatory compliance standards.
Information Security is defined by the preservation of:
Availability: Ensuring that authorised users have access to the information and associated assets when needed.
Confidentiality: Ensuring that only authorised individuals can access the information.
Integrity: Ensuring that the information remains unaltered and traceable.
The Information Security Manager is appointed by management and bears direct responsibility for upholding this policy, providing guidance for its implementation.
This policy extends to all personnel, external collaborators, and suppliers who collaborate with our team.
We appreciate your efforts in helping to maintain the security of Euro Time Bank and our users!
