Megatrust Tecnologies
Back
FAQ·cybersecurity·

Cybersecurity FAQ

What is the difference between a vulnerability assessment and a penetration test?

A vulnerability assessment scans your systems to identify known weaknesses — misconfigured services, outdated software, weak credentials — and produces a prioritised list of issues to remediate. It is broad but shallow. A penetration test goes further: a human expert actively attempts to exploit identified vulnerabilities to demonstrate real-world impact. A pen test answers "can an attacker actually get in?" where a vulnerability assessment answers "where might they try?". Both have their place; many clients start with an assessment to understand their baseline before commissioning a pen test.

How long does a penetration test take?

Scope determines duration. A web application penetration test for a mid-complexity application typically takes 5–10 business days. An external network penetration test covering 50–100 IPs takes 3–5 days. A comprehensive internal + external + web application test for a larger organisation can run 2–4 weeks. After testing ends, we spend an additional 3–5 days producing the report — a detailed technical document with evidence, risk ratings, and remediation steps that can go directly to your board or a regulator.

Can you help us become ISO 27001 or SOC 2 compliant?

Yes. We offer compliance advisory services that guide you through gap assessments, control implementation, policy writing, and audit readiness. We work with your chosen certification body's requirements and can act as your virtual CISO during the process. ISO 27001 certification typically takes 6–12 months from a standing start; SOC 2 Type II (which requires a 6-month observation period) takes 9–15 months. We have helped Nigerian fintech companies, SaaS platforms, and enterprise IT teams achieve both.

What should we do if we suspect we have been breached?

Contain first, investigate second. Isolate affected systems from the network immediately — disconnect, do not power off (powering off can destroy forensic evidence in memory). Contact our incident response team. We provide 24/7 emergency response and will be on a call within 90 minutes of engagement. We perform forensic investigation to determine scope, advise on regulatory notification obligations, support remediation, and produce a post-incident report with root cause analysis and recommended improvements.

What does ongoing security monitoring include?

Our managed security monitoring service provides continuous analysis of logs from your servers, cloud infrastructure, endpoints, and network devices. We use a SIEM platform to correlate events and alert on suspicious patterns — failed login bursts, unusual outbound traffic, privilege escalation attempts. You receive real-time alerts for critical events, a monthly threat summary, and a quarterly review of your security posture with updated recommendations. Think of it as a security operations centre without the cost of building one in-house.