Skip to content

Dynah

A SaaS system designed to keep your business ready for the next step

What Dynah does for your small to mid-sized business...

Sample question, answer and reference from Dynah
Dynah Sample Question
Dynah Feedback & Resource

If you have ninety seconds a week...

... then you have time for security information.  We've all been in 3-4 hour trainings, which have slowly become self-guided videos we click through while on mute. And by the end, we've learned nothing and set proverbial fire to the money spent on training.  

This is where Dynah comes in.

Dynah, a fully integrated, continuous compliance software, reminds your employees once a week to answer a simple question and then gives valuable feedback based on the answer selected. 

Each question aligns with a compliance standard for NIST SMB - the framework by the National Institute for Standards & Technology - Small Business - or the framework you work within. With each question answered, your employees are given an actionable item; read why it's important in two sentences, and make any fixes if necessary.

You get to see everything you need from our dashboard command center - percentage of questions completed, and how close to full compliance you are in the framework.  You get to stay up to date, they don't feel overwhelmed - and everyone stays productive.

Compliance within a framework gives your business a world of opportunities - vendor assessments for revenue expansion, completing cyber insurance checklists,  even aiding in the process of mergers & acquisitions.

Overall, you can easily train employees for ninety seconds a week, creating a more effective, cognitively positive experience for them - and leaving you with a list of actionable items to fix holes in your protocol that we've helped you find.  You can also select different levels of training for different personnel - IT, Users, Administrators, etc. 

Red Queen believes in keeping it simple - for users, for compliance, for employers and for cybersecurity.  Ninety seconds a week for full compliance? Checkmate.

What you get with Dynah

Dynah isn't just an easy way to train and check your compliance to frameworks, complete vendor assessments or cyber insurance checklists. With your year subscription to our program, you also receive the three documents most vendors require you have if you hope to expand with them - tailored specifically to your businesses needs.

Employee Acceptable Use Policy

  • Expectations for recruits, vendors, and customers

  • Authentication and Authorization Policy

    • Access controls on service and administrative accounts

    • Maintenance of TOTP (Time-Based One Time Password) applications, seeds, and backups such as Google Authenticator, Authy, etc.

    • Password use and changes

  • Remote Access Policy

    • Risk management on wireless access outside the office

  • Travel

    • Public Wi-Fi

    • VPNs and how they can/cannot provide anonymity in given cases

  • Information Handling Policy

    • Email/Communication Policy

    • Clean Desk Policy

    • Proper channels for client and customer information

    • What to do when some contacts insist on using personal accounts such as LinkedIn DMs or Facebook Messenger and how to migrate to official comms

    • Where data goes and how it can (mostly) be kept in the correct and safe locations

  • Incident Response

    • IOC (Indicators of Compromise) checklist and guidelines

    • Responsible reporting of potential phishing attempt

Data Security Policy

  • Data storage

    • Organizational data

    • Vendor data

    • Employee data

    • Associate data

  • Data Retention

  • Change Management Policy

  • Data Backup Policy

  • Asset Destruction

  • Treatment of financial data

  • Encryption Policy

    • Acceptable Encryption/Key Management Policy

    • Data Security - data at rest and in transit are protected (use of encryption)

  • Information Classification

    • Asset ownership

    • Asset criticality

    • Asset sensitivity

  • Network Access Policy

    • BYOD device policies

      • Software Updates

      • Antivirus/Anti-malware Use and Configuration

      • Repair practices

  • Policy Administration

    • Request/Creation

    • Approval/Rejection

    • Governance/Enforcement

    • Review/Revision triggers

    • Frequency (annual default)

    • Technology change

Privacy Policy

  • Data collection and use

  • Categorization of data

  • Data Portability, Data Access and Deletion Requests

  • Data Retention

  • Regulatory Compliance Policies

    • Federal

    • State

    • Industry

  • Contact Information

Deliverables

At the conclusion of the assessment meeting(s), RQD will provide a comprehensive set of policies, that include a description of the methodology used to provide these policies. The report will provide written documentation of the approach, findings, and recommendations associated with the project. In conjunction with policy delivery, RQD will conduct official onboarding of Client's staff of up to 100 seats unless otherwise specified.