Executive summary. by Adam Gauci, P.Eng., Didier Giarratano, and Sandeep Pathania

Size: px
Start display at page:

Download "Executive summary. by Adam Gauci, P.Eng., Didier Giarratano, and Sandeep Pathania"

Transcription

1 AR0 by Adam Gauci, P.Eng., Didier Giarratan, and Sandeep Pathania Executive summary The utility industry is under pressure t imprve substatin autmatin cyber security. Manufacturers f substatin prducts use prprietary r prduct-specific methdlgies fr managing device security. As a result, standardizatin and ease f management f these devices is lacking. This paper reviews prcesses and prcedures fr securing a substatin, ffers advice fr vercming substatin asset management challenges, and describes sme f the tls available.

2 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security Intrductin Over the past decade, the demand fr digitized, cnnected, and integrated peratins has increased acrss all industries. Cmpared t the IT Industry, the Energy Industry is late t the cnnectivity game. The pressing need t imprve critical pwer distributin infrastructure uptime is accelerating the rate f change in this dmain. Hwever, as the pwer netwrks merge and becme smarter, the benefits f imprved cnnectivity als pen the dr t mre cyber security risks. Accrding t US Department f Hmeland Security s Industrial Cntrl Systems Cmputer Emergency Respnse Team (ICS-CERT), 53% f cyber security incidents reprted and investigated by the agency in the first half f 2013 were related t the energy industry 1 (see Figure 1). Nw that cyber security is a tp-f-mind cncern, utility stakehlders are mimicking their IT peers and are scrambling t put their infrastructure security huse in rder. Within substatins, prprietary devices nce cnsidered fr specialized applicatins are nw vulnerable. Sensitive infrmatin (such as nline dcumentatin that describes hw these devices wrk) can be accessed via the internet by anyne, including thse with malicius intent wh wish t cause disruptin. Figure 1 Number f cyber security incidents and percentage f ttal by industry in the US (curtesy f US Hmeland Security Department) Pstal & Shipping 1% Nuclear 3% Inf Tech 4% Gv Facilities 2% Transprtatin 5% Water 4% Energy 53% Cmmercial Facilities 2% Cmmunicatins 5% Critical Manufacturing 17% Electrical substatins tday are characterized by different mixes f Infrmatin Technlgy (IT) and Operatinal Technlgy (OT). Operatinal Technlgy is defined as the autmatin and cntrl systems and cmpnents that mnitr, measure, and prtect critical infrastructure. When blstering the security f a substatin netwrk, IT infrastructure cmpnents such as PC hsts, netwrk devices (e.g., switches, ruters, and firewalls) are a lgical first step fr prtectin. Technlgies / tls such as SNMP and SYSLOG can be used with security mnitring systems t easily mnitr IT-based devices. Extending this same methdlgy t OT-based devices, hwever, can be mre difficult t achieve. 1 US Department f Hmeland Security, ICS-CERT Mnitr, Incident Respnse Activity, April/May/June 2013, page 2 Schneider Electric White Paper Revisin 0 Page 2

3 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security Mst embedded devices and pwer systems applicatins were nt designed with security mnitring in mind. T address this prblem, many substatin autmatin vendrs have tried the blt-n security apprach, keeping cyber security functinally separate frm nn-secured OT devices and building a layer f security arund them. This apprach may allw fr a layer f access cntrl and mnitring, but nce the initial layer is breached, devices remain vulnerable. While blt-n slutins allw fr a fast implementatin t reduce the risk f a cyber-attack n OT devices, substatin asset managers shuld cnsider upgrading their OT devices during their lifecycle t newer devices cntaining built-in cyber security functins. This paper details the level f security functinality required by OT devices in rder t prvide rbust security mnitring. The prcesses and rganizatin needed t supprt an OT security initiative are als described. Device lgging and mnitring Unique human user names Mst devices fund in tday s substatins cntain multiple, fixed access accunts that are shared amng several human users. This makes it difficult t determine which particular user has lgged a security event. The slutin t this prblem is t prvide a mechanism fr eliminating generic and lcally shared accunts and t enfrce human user-based accunts where any actin can be lgged with a specific user s accunt name. Human users can access a multitude f devices inside a substatin. Hence user accunt names shuld be synchrnized acrss all devices. Rather than centralized authenticatin, lcal accunt synchrnizatin is the preferred methd because OT devices shuld always be accessible in case f emergency. In the event f netwrk infrastructure failure, relying n a centralized server fr access is a risky apprach. Unique human user names allws asset security managers t cmpletely audit a user s actins, and t increase user accuntability thrugh nn-repudiatin, meaning that users cannt deny an actin that they may r may nt have taken. When pssible, authenticatin shuld als prtect frnt panel functins. This ensures that all critical device actins and cnfiguratin changes are recrded as events initiated by human users (see Figure 2). Figure 2 Example f unique user name lgn scrlling fr lcal IED device Security lgging Devices must be able t identify the individuals wh are authrized t take an actin. Thse particular security events that shuld be recrded must als be defined. In this case, many OT-related standards such as IEEE 1686 and IEC shuld prvide guidance (see Schneider Electric White Paper Revisin 0 Page 3

4 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security Table 1). Internal mechanisms that recrd security events shuld be secure. It shuld nt be pssible t mdify security events. A mechanism shuld be put int place that allws security administratrs t frward security events t a centralized server. Event name Descriptin Table 1 Security events as defined in IEEE 1686 Lg In Manual Lg Out Timed Lg Out Value Frcing Cnfiguratin Access Cnfiguratin Change Firmware Change ID/Passwrd Creatin r Mdificatin ID/Passwrd Deletin Audit Lg Access Time/Date Change Unsuccessful Lgin Attempt Rebt Attempted Use f Unauthrized Cnfiguratin Sftware: Invalid Cnfiguratin r Firmware Dwnlad Unauthrized Cnfiguratin r Firmware File Unexpected Time Signal Out f Tlerance Invalid Field Hardware Changes Successful lg in (lcally r remtely) f a user t the device. User-initiated lg ut. Lg ut f user after a predefined perid f inactivity elapses. Actin f a lgged-in user that verrides real data with manual entry and/r causes a cntrl peratin. Dwnlading f a cnfiguratin file frm the IED t an external device r memry lcatin (e.g., cmputer, memry stick, cmpact disk). The uplading f a new cnfiguratin file t the IED r keystrke entry f new cnfiguratin parameters that causes a change in IED cnfiguratin. Writing t memry f new IED perating firmware. Creatin f new ID/passwrd r mdificatin f ID/passwrd r RBAC levels f authrizatin. Deletin f a user ID/passwrd. User access f audit lg fr viewing r audit lg dwnlad t an external device r memry lcatin (e.g., cmputer, memry stick, cmpact disk). User request t change time and date. Three incrrect passwrd entries in successin during a single lg-in attempt. Successive failed lg-in attempts after three will generate a single entry int the audit lg trail listed listing the time f the last attempt and ttal number f lg-in attempts that have ccurred in successin. The rebting r restarting f the IED by means f remving pwer r thrugh the use f a device-resident rebting mechanism such as a reset buttn, pwer-up sequence, r access sftware feature. The detectin by the IED f an attempted use f cnfiguratin sftware, accessing cmputer, r a cmbinatin theref which is nt registered as legitimately able t be used fr cnfiguratin f the IED. The detectin by the IED f a cnfiguratin r firmware dwnlad t the IED that des nt cntain the prper credentials that identify the cnfiguratin r firmware as valid. The detectin by the IED f a cnfiguratin r firmware dwnlad t the IED that des nt cntain the prper credentials that identify the cnfiguratin r firmware as authrized. The IED shall validate time-synchrnizatin messages received thrugh prtcl r dedicated time-synchrnizatin channels and alarm if the time-synchrnizatin message is nt within the tlerances f the IED's internal/lcal clck. The IED shall validate user-perfrmable (as identified by the vendr) field hardware changes and alarm if the field hardware change is perfrmed imprperly (i.e., wrng I/O bard inserted in a designated I/O slt). Schneider Electric White Paper Revisin 0 Page 4

5 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security SYSLOG is a lng-time IT industry standard used with telecmmunicatins and netwrk infrastructure devices. This standard defines a client / server prtcl fr transmitting lgs t a centralized server. In mst cases, the perimeter f a substatin cntains many different types f devices. T prvide the mst cmplete audit f a substatin perimeter, it is necessary t cllect the security lgs frm as many different devices as pssible. SYSLOG makes it pssible t cllect data frm a multitude f OT devices and frm any IT device that supprts the prtcl. Once the data is aggregated and nrmalized int ne cmplete substatin security lg, it is much easier t crrelate security events generated by multiple devices and t detect ptential malicius behavir. Cllected lgs can als be transferred t an enterprise-level Security Infrmatin and Event Management (SIEM) system. Such a system identifies rt causes f security incidents thrugh analytics, prvides alerts based n ptential malicius activity signatures/patterns, and generates data and statistics that can be used fr cmpliance reprting. Security Mnitring Security mnitring can be accmplished using the cmmn IT administrative Simple Netwrk Management Prtcl (SNMP). SNMP is used t manage IP-based devices such as switches, ruters wrkstatins, and printers via a Netwrk Management System (NMS). Alerts ntify a security administratr in real time f any abnrmal r failing system cmpnents. These alerts can be sent directly as alarms r via r SMS. The SNMP apprach can als be applied t OT devices. Mnitring data that is available via SNMP can als be used fr cyber security mnitring. The data bjects that OT devices can prvide are based n the Management Infrmatin Base (MIB) defined in the IEC standard. Mnitring data frm OT devices can be leveraged at the NMS level in the fllwing ways: 1. Mnitring f device status: The NMS can alert the security administratr f any device failures r changes. 2. Mnitring f device perfrmance and cmmunicatins: Mnitring f the device CPU and cmmunicatins interface can help t alert the security administratr t any ptential verlad cnditins that may help detect many types f attacks, e.g., Denial f Service (DS) attacks. 3. Intrusin detectin: Data regarding device status and perfrmance can be crrelated inside an Intrusin Detectin System (IDS) t help detect changes in cnditin that culd signal a ptential system intrusin. 4. Cnfiguratin management: Prtins f the device cnfiguratin can be mnitred and recrded fr unapprved changes. This can make it easier t ensure the cnfiguratin is restred after a failure. This gives the administratr the ability t make cnfiguratin changes in real time in rder t respnd t a security event. An example f this is t frce the switch f standard redundant cmmunicatin channels t a backup channel if the main channel has been cmprmised. Cyber security cmpliance Secure system deplyment in secndary cntrl systems shuld be supprted by the rganizatinal and peratinal prcesses that manage the critical infrastructures. This is t ensure that all stakehlders (e.g., utility site teams, suppliers, site maintenance and cmmissining teams) are well trained and sensitized t thse security measures that are in place. In additin, these stakehlders must be made t use and maintain the secured system baseline while perfrming daily peratins. Schneider Electric White Paper Revisin 0 Page 5

6 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security The security plicy mdel illustrated in Figure 3 prvides a step-by-step apprach t implementing basic security cncepts such as Availability, Integrity, and Cnfidentiality (AIC), r Authrizatin, Authenticatin and Audit-ability (AAA). Figure 3 Example f a security plicy mdel Step 1: Define security plicy The cyber security plicy prvides a frmal set f rules t be fllwed. The purpse f the plicy is t infrm emplyees, cntractrs, and ther authrized users f their bligatins regarding prtectin f technlgy and infrmatin assets. It describes the list f assets that must be prtected, identifies threats t thse assets, describes authrized users respnsibilities and assciated access privileges, and describes unauthrized actins and resulting accuntability fr the vilatin f the security plicy. The plicy shuld als include the fllwing: A list f cntrl system hardware, embedded device CPUs, hard drives, USB, CD drives, frnt end data and histrian servers, assciated device drivers, perating systems, histrians, backup and restre slutins, anti-malware slutins, s, and web-server applicatins. A list f cntrl system sftware: HMI, gateway applicatins, cnfiguratin and maintenance tls, setting and disturbance analysis applicatins, and engineering sftware. Classificatin and prtectin f infrmatin. Rules t prtect sensitive infrmatin: Fr example, lists defining the sensitive infrmatin (hard cpy r sft cpy) being used, and classifying infrmatin int distinct categries such as cnfidential, nn-cnfidential, internal use, and public. Classificatin and prtectin f cntrl system cmpnents, netwrks, and servers (e.g., whether the device handles sensitive r prtected data, handles missin critical services, can be cnnected t ther netwrks, r can be cnnected t the internet). Schneider Electric White Paper Revisin 0 Page 6

7 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security The key t maintaining an effective security baseline is t cnduct a review nce r twice a year. A risk assessment based n internal and external threats (e.g., hackers, terrrists, disgruntled emplyees r cntractrs, unintentinal usage). Escalatin prcedure fr cyber incidents with the respnsible individual identified (i.e., whm t ntify during a cyber-incident). This is generally addressed using an incident respnse plan. Incident Respnse Plan: This defines hw an rganizatin priritizes, acts, respnds, and cmmunicates in the event f a cyber security incident. Bth internal and exte rnal incidents are cvered. Examples f incidents include: Breach by gaining unauthrized access, taking unauthrized cntrl, extracting cnfidential infrmatin, r manipulating system data. Unintentinal misuse that causes a disruptin f the expected system behavir and impacts essential services. Public disclsure f a new vulnerability by vendrs r cyber security experts which culd impact prducts r sftware applicatin cmpnents f the system in questin. CERT (Cmputer Emergency Respnse Team): This grup f individuals is respnsible fr rganizing, leading, cmmunicating, and reslving cyber security incidents within an rganizatin in a timely manner. This team shuld include participatin frm senir management, technical, and quality departments. The majr respnsibilities f this team include: Assess the incident. Determine validity and rt cause. Crrect the prblem and supprt the peratins teams. Determine hw t avid similar explitatin r vulnerabilities in the future. Cmmunicate effectively with peratins teams. Cmmunicate effectively with vendrs and crprate r federal CERT bdies. Step 2: Define prcesses As system security baselines keep changing in rder t address emerging vulnerabilities, cyber security system prcesses and prcedures need t be reviewed and updated regularly t fllw this evlutin. The key t maintaining an effective security baseline is t cnduct a review nce r twice a year. Anther imprtant step is t maintain a strng patch management system. The deplyment f a patch management system in supprt f secndary cntrl systems invlves the fllwing steps: System inventry baseline: Generate a target system inventry list using an autmated r manual prcess t determine which hardware equipment, perating systems, and sftware applicatins are used. Peridic risk analysis: Mnitr security surces fr vulnerability annuncements and patch and nn-patch remediatin. Analyze the applicability f the same t targeted system architecture. Remediatin f risks: Find, dwnlad, r acquire remediatin frm vendrs. Priritize risks and stre fixes in a cnfiguratin management system fr testing and applicatin n system cmpnents. Testing f patches: Test the patches / fixes in a nn-prductin envirnment r acquire patches frm suppliers that were tested in the intended system cnfiguratin t determine whether there is regressin in the system functins. Schedule a patch implementatin cycle depending n the cmpliance needs r planned system maintenance cycles. Infrm the stakehlders f the patch cycle results. Secure delivery and deplyment f patches t the target system. Schneider Electric White Paper Revisin 0 Page 7

8 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security Revise the asset inventry baseline t ensure that n change frm the last revisin is carried ver t the beginning f the next cycle. Step 3: Chse and implement technlgy Chse technlgy based n internatinal standards t implement security plicy and prpsed risk mitigatin actins. A Secure by design apprach which is based n internatinal standards like IEC and IEEE 1686 (as ppsed t a Blt-n security apprach) can help t further reduce risk when securing cntrl system cmpnents. Determine which standards are best suited t implement the cyber security requirements in the peratinal technlgy envirnment and help t enfrce and maintain security plicy needs in an efficient manner. Step 4: Dcument Cyber security dcumentatin shuld include detailed prcedures, prcesses, netwrk diagrams, security architectures, and the prduct and system technical and user dcumentatin supplied by vendrs. As-built dcumentatin f deplyed system and apprved cyber security templates fr peridic security audits, security risk assessments, engineering, servicing, cmmissining, and patch management shuld als be included as part f the essential dcumentatin. Asset management challenges Crss Functinal Expertise Tw ptins exist fr addressing the issue f cyber security implementatin in substatins. The first ptin is t train cyber security specialists capable f wrking in the field. The secnd ptin is t manage cyber security frm a central lcatin where a pl f experts can handle cmplex and crss-disciplinary events. The system cmplexity is driven by the need fr mre crss-dmain activity where prtectin engineers, IT managers, security managers, and applicatin engineers are required t share their expertise t identify the ptential issues and attacks affecting their systems. Cyber security cnstraints are creating a new apprach in substatin design, cmmissining, and peratin. The nature f infrmatin exchange is evlving and driving the trend tward mre rbust cyber security. A settings file, fr instance, is a ptential threat if sme f the infrmatin can be cmprmised r changed. These new cnstraints are nw part f everyday life fr utility peratins and maintenance teams. The integratin f cyber security is als driving dramatic changes in peratinal and maintenance prcesses. Vulnerability Management When cyber threats were less f an issue, the relatinship between a utility and a vendr was based n discussins arund bugs that culd be fund in prducts r systems. Very ften, the utility qualified hardware reliability and tested the sftware and the algrithms embedded in the prduct. The qualificatin f a prduct characterized, in detail, the behavir f the system / prduct. The qualified hardware / sftware were managed cautiusly t guarantee the behavir f the verall prduct. This strategy is nw becming almst impssible t maintain as far as cyber security is cncerned because f a new factr that has entered the picture: vulnerability. A recent example is the heartbleed vulnerability discvered recently n a cmmunicatin stack called OPENSSL. Several releases f this stack were impacted by this vulnerability, leading several cmpanies t release new firmware fr their prducts / systems. As a result, regulatrs are Schneider Electric White Paper Revisin 0 Page 8

9 A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security impsing a requirement t update, within a defined and limited perid f time, devices affected by the latest secure instance f firmware, especially when a crypt library is at stake. In this case, it is almst impssible t red the full qualificatin prcesses f the device. The system is smetimes even mre cmplex because direct business relatinships exist between the utility and the relay manufacturer. Fr instance, in sme cmplex ecsystems, cntractrs, integratrs, panel builders, and manufacturers are invlved. The prblem f asset management is becming mre cmplex and, in many cases, the utility is left with the challenge f hw t address these cnstraints. The issue is becming mre critical fr utilities because sme insurance cmpanies are nw refusing t cmpensate damage caused t a system by a cyber attack if all the knwn patches have nt been prperly applied. It has becme clear that all equipment, including OT devices, must fllw the same rules, and that all the cmpnents including internal device sftware libraries must be identified and dcumented. Cnfiguratin Management Cnfiguratin is dynamic and therefre has a great impact n the security f systems. Multiple types f cnfiguratins exist. The first type f cnfiguratin is specific t a device (such as the number f bards and the cnfiguratin f each bard). The secnd type f cnfiguratin is related t the functinality f the device. In this secnd cnfiguratin, the settings, the threshlds, and the different lgics are all accunted fr. While the first type f cnfiguratin is generally static and defined during cmmissining, the secnd is mre dynamic and can change based n peratinal cnditins r n system changes ver time. Access t the cnfiguratin can als be perfrmed in several different ways: Via the settings tl f the device, which can be accessed lcally r remtely Via the frnt panel f the device, where sme parameters can be adjusted Via the lcal Human Machine Interface (HMIs) These ptins are well defined when the system aligns t the IEC standard. Cnfiguratin is dynamic and therefre has a great impact n the security f systems. It is a key tl fr restring the system t a nrmal perating state after a system cmpnent failure. Mst f the standards and regulatins (like NERC CIP) require the management f cnfiguratin data. The management task is quite cmplex because in each instance the infrmatin is different frm ne device t anther and frm ne manufacturer t anther, even if the functin is the same. Regardless f which cnfiguratin methd is used t manage OT equipment, the means t manage device cnfiguratin n a regular basis is a key issue and mandatry frm the cyber security perspective. N standard has yet been develped t address the cnfiguratin management issue. The primary functins f mst OT substatin security systems in place tday are t stre the infrmatin in rder t retrieve it in case f a security incident, and t prvide an alert if a cnfiguratin is different and has been changed n the device. While the cmparisn between tw different cnfiguratins cming frm the same device is quite simple, the cmparisn f the same functin cming frm different vendr devices remains almst impssible. This is why standardizatin effrts are still needed in this area. A cmmn set f grund rules must be established in rder t define bjects that can be cmpared s that these bjects can be better managed. Fr example, security lg event definitins are nt yet defined as a cnfiguratin parameter. Therefre a pwerful tl is needed t crrelate the infrmatin cming frm the different assets, which, in turn, have been prduced by different manufacturers. Schneider Electric White Paper Revisin 0 Page 9

10 2014 Schneider Electric. All rights reserved. A Framewrk fr Develping and Evaluating Utility Substatin Cyber Security Cnclusin Utility vendrs shuld apply standardized cyber security techniques and technlgies t substatin devices in rder t prtect critical infrastructure frm cyber threats. Lgging and mnitring is ne area where principles such as unique users and IT prtcls like SYSLOG and SNMP are being deplyed directly int OT embedded devices (e.g., IEDs, bay cntrllers, RTUs, etc.). Cyber security technlgy nly partially addresses the issue f cyber threats. Utilities als need t deply the prper rganizatin and prcesses in rder t supplement the impact f cyber security prtectin technlgies. As cyber security is an nging prcess, new technlgies and security layers need t be develped in rder t address gaps explited by hackers. In the realm f Asset Management, fr example, the lack f a standardized apprach must be vercme. One ptential answer is fr utilities and vendrs t develp standardized prcesses tgether s that cncepts such as device cnfiguratin can be utilized in a hetergeneus vendr envirnment. Abut the authrs Adam F. Gauci is the Cyber Security Marketing Manager, respnsible fr prduct management and critical infrastructure slutins within Schneider Electric s Energy Divisin. Mr. Gauci is currently a member f the IEEE Pwer and Energy Sciety and a registered prfessinal engineer in the prvince f Ontari, Canada. He hlds a Bachelr f Science degree in Cmputer Engineering frm Queen s University at Kingstn, Ontari. His previus wrk experience includes wrking fr Hydr One Netwrks as a Prtectin and Cntrl Engineer and Cper Pwer Systems as a Field Applicatin Engineer. Didier Giarratan is the Directr f Cyber Security Platfrms at Schneider Electric. In this rle, he versees and manages the research and develpment f cyber security slutins fr critical infrastructure. Mr. Giarratan is currently a member f the IEEE Pwer and Energy Sciety and a full participating member f the Pwer Systems Relaying Cmmittee. Sandeep Kumar Pathania is the Offer Creatin Manager within Schneider Electric s Energy Divisin and is respnsible fr leading cyber security and IEC61850 prjects. He hlds a Bachelr in Electrnics & Cmmunicatin Engineering degree frm Punjab Technical University, and a Plytechnic Diplma in Electrnics Engineering with specializatin in micrprcessr prgramming. Mr. Pathania has ver 12 years f wrk experience in energy autmatin and cntrl systems. His previus wrk experience includes digital cntrl system prject engineering at Alstm T&D India and substatin autmatin at AREVA T&D India. He is a member f the IEEE Pwer and Energy Sciety. Schneider Electric White Paper Revisin 0 Page 10

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH)

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) Murugiah Suppaya, Karen Scarfne, 1 and Larry Feldman, 2 Editrs Cmputer Security Divisin Infrmatin

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

Vulnerability Management:

Vulnerability Management: Vulnerability Management: Creating a Prcess fr Results Kyle Snavely Veris Grup, LLC Summary Organizatins increasingly rely n vulnerability scanning t identify risks and fllw up with remediatin f thse risks.

More information

IT CHANGE MANAGEMENT POLICY

IT CHANGE MANAGEMENT POLICY IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement

More information

Help Desk Level Competencies

Help Desk Level Competencies Help Desk Level Cmpetencies Level 1 Take user calls and manage truble tickets Ability t staff and manage the rganizatins helpdesk and effectively respnd t rutine custmer calls Ability t use prper grammar

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

IT Help Desk Service Level Expectations Revised: 01/09/2012

IT Help Desk Service Level Expectations Revised: 01/09/2012 IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+

More information

Sample Role Description Immunization Information System (IIS) Testing Analyst

Sample Role Description Immunization Information System (IIS) Testing Analyst Sample Rle Descriptin Immunizatin Infrmatin System (IIS) Testing Analyst Nte: This rle descriptin is meant t ffer sample language and a cmprehensive list f ptential desired respnsibilities with crrespnding

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010 OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

Cloud Services Frequently Asked Questions FAQ

Cloud Services Frequently Asked Questions FAQ Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like

More information

Junos Pulse Instructions for Windows and Mac OS X

Junos Pulse Instructions for Windows and Mac OS X Juns Pulse Instructins fr Windws and Mac OS X When yu pen the Juns client fr the first time yu get the fllwing screen. This screen shws yu have n cnnectins. Create a new cnnectin by clicking n the + icn.

More information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

Rule 4-004I Payment Card Industry (PCI) Virus and Vulnerability Management (proposed)

Rule 4-004I Payment Card Industry (PCI) Virus and Vulnerability Management (proposed) Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004I Payment Card Industry (PCI) Virus and Vulnerability Management (prpsed) 01.1 Purpse The

More information

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013 Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup,

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

System Business Continuity Classification

System Business Continuity Classification Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required

More information

Best Practices for Optimizing Performance and Availability in Virtual Infrastructures

Best Practices for Optimizing Performance and Availability in Virtual Infrastructures Best Practices fr Optimizing Perfrmance and Availability in Virtual Infrastructures www.nimsft.cm Best Practices fr Optimizing Perfrmance and Availability in Virtual Infrastructures PAGE 2 Table f Cntents

More information

Name. Description. Rationale

Name. Description. Rationale Cmplliiance Cmpnentt Descriptin Ratinale Benefits List the Dmain List the Discipline List the Technlgy Area List Prduct Cmpnent Dcument the Cmpliance Cmpnent Type Cmpnent Sub-type DEEFFI INITION Hst-Based

More information

June 29, 2009 Incident Review Dallas Fort Worth Data Center Review Dated: July 8, 2009

June 29, 2009 Incident Review Dallas Fort Worth Data Center Review Dated: July 8, 2009 The purpse f this dcument is t capture the events and subsequent respnse t the incident that tk place in the DFW datacenter n 29 June, 2009. I. Executive Summary On 29 June, an area f the Rackspace DFW

More information

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor ACTIVITY MONITOR Real Time Mnitr Emplyee Activity Mnitr This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it is a library

More information

State of Wisconsin. File Server Service Service Offering Definition

State of Wisconsin. File Server Service Service Offering Definition State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm

More information

LINCOLNSHIRE POLICE Policy Document

LINCOLNSHIRE POLICE Policy Document LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area

More information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents

More information

Service Management - Framework 2013

Service Management - Framework 2013 Service - Framewrk 2013 Getting Started Right with Service System Netwrk Firewall Sftware Service App With the right framewrk, enterprises f almst any size small t large can implement effective functinal

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent

More information

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Revised Critical Infrastructure Prtectin Reliability Standards Dcket N. RM15-14-000 Statement f Thmas F. O Brien Vice President & Chief Infrmatin

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

System Business Continuity Classification

System Business Continuity Classification System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality

More information

Phi Kappa Sigma International Fraternity Insurance Billing Methodology

Phi Kappa Sigma International Fraternity Insurance Billing Methodology Phi Kappa Sigma Internatinal Fraternity Insurance Billing Methdlgy The Phi Kappa Sigma Internatinal Fraternity Executive Bard implres each chapter t thrughly review the attached methdlgy and plan nw t

More information

Configuring, Monitoring and Deploying a Private Cloud with System Center 2012 Boot Camp

Configuring, Monitoring and Deploying a Private Cloud with System Center 2012 Boot Camp Cnfiguring, Mnitring and Deplying a Private Clud with System Center 2012 Bt Camp Length: 5 Days Technlgy: Micrsft System Center 2012 Delivery Methd: Instructr-led Hands-n Audience Prfile This curse is

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

Using PayPal Website Payments Pro UK with ProductCart

Using PayPal Website Payments Pro UK with ProductCart Using PayPal Website Payments Pr UK with PrductCart Overview... 2 Abut PayPal Website Payments Pr & Express Checkut... 2 What is Website Payments Pr?... 2 Website Payments Pr and Website Payments Standard...

More information

Deployment Overview (Installation):

Deployment Overview (Installation): Cntents Deplyment Overview (Installatin):... 2 Installing Minr Updates:... 2 Dwnlading the installatin and latest update files:... 2 Installing the sftware:... 3 Uninstalling the sftware:... 3 Lgging int

More information

RSA-Pivotal Security Big Data Reference Architecture RSA & Pivotal combine to help security teams detect threats quicker and speed up response

RSA-Pivotal Security Big Data Reference Architecture RSA & Pivotal combine to help security teams detect threats quicker and speed up response RSA-Pivtal Security Big Data Reference Architecture RSA & Pivtal cmbine t help security teams detect threats quicker and speed up respnse ESSENTIALS RSA and Pivtal are cmbining t help custmers get: Better

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

SaaS Listing CA Cloud Service Management

SaaS Listing CA Cloud Service Management SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012 Research Reprt Abstract: Security Management and Operatins: Changes n the Hrizn By Jn Oltsik, Senir Principal Analyst With Kristine Ka and Jennifer Gahm July 2012 2012, The Enterprise Strategy Grup, Inc.

More information

ACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop.

ACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop. Web Develpment Offshre Develpment Outsurcing SEO ACTIVITY MONITOR This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it

More information

9 ITS Standards Specification Catalog and Testing Framework

9 ITS Standards Specification Catalog and Testing Framework New Yrk State ITS Standards Specificatin Develpment Guide 9 ITS Standards Specificatin Catalg and Testing Framewrk This chapter cvers cncepts related t develpment f an ITS Standards Specificatin Catalg

More information

BUSINESS NEED SUMMARY TABLE: # Need P Concerns Current Solution Proposed Solution

BUSINESS NEED SUMMARY TABLE: # Need P Concerns Current Solution Proposed Solution EXTRACT FRO BUSINESS REQUIREENTS DOCUENT KEY BUSINESS NEEDS Business case drivers, prduct definitin dcumentatin, legal/regulatry, and ther stated requirements r needs that must be met by the final slutin

More information

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021 Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

Audit Committee Charter

Audit Committee Charter Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm

More information

Service Desk Self Service Overview

Service Desk Self Service Overview Tday s Date: 08/28/2008 Effective Date: 09/01/2008 Systems Invlved: Audience: Tpics in this Jb Aid: Backgrund: Service Desk Service Desk Self Service Overview All Service Desk Self Service Overview Service

More information

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

Solving the Patch Management Dilemma Using SCCM 2007

Solving the Patch Management Dilemma Using SCCM 2007 White Paper Slving the Patch Management Dilemma Using SCCM 2007 Abstract If yu find it difficult t patch r update yur enterprise cmputers, a Micrsft System Center Family prduct System Center Cnfiguratin

More information

Integrating With incontact dbprovider & Screen Pops

Integrating With incontact dbprovider & Screen Pops Integrating With incntact dbprvider & Screen Pps incntact has tw primary pints f integratin. The first pint is between the incntact IVR (script) platfrm and the custmer s crprate database. The secnd pint

More information

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

ITIL Release Control & Validation (RCV) Certification Program - 5 Days ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

Request for Proposal Technology Services

Request for Proposal Technology Services Avca Schl District 37 Wilmette, IL Request fr Prpsal Technlgy Services Netwrk and Systems Infrastructure Management Services December 5, 2013 Avca Schl District 37 is seeking an IT cnsulting firm t manage

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

2. When logging is used, which severity level indicates that a device is unusable?

2. When logging is used, which severity level indicates that a device is unusable? Last updated by Admin at March 3, 2015. 1. What are the mst cmmn syslg messages? thse that ccur when a packet matches a parameter cnditin in an access cntrl list link up and link dwn messages utput messages

More information

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation 2010. User Guide

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation 2010. User Guide HarePint HelpDesk fr SharePint Fr SharePint Server 2010, SharePint Fundatin 2010 User Guide Prduct versin: 14.1.0 04/10/2013 2 Intrductin HarePint.Cm (This Page Intentinally Left Blank ) Table f Cntents

More information

NC3A SOA Techwatch Day Call for Presentations

NC3A SOA Techwatch Day Call for Presentations NC3A SOA Techwatch Day Call fr Presentatins 1 February 2012 Hsted at NATO C3 Agency, The Hague, The Netherlands By NC3A Chief Technlgy Office (CTO) David Burtn Chief Technlgy fficer Versin 1, 1 December

More information

Document Management Versioning Strategy

Document Management Versioning Strategy 1.0 Backgrund and Overview Dcument Management Versining Strategy Versining is an imprtant cmpnent f cntent creatin and management. Versin management is a key cmpnent f enterprise cntent management. The

More information

Using Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors

Using Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors Using Sentry-g Enterprise/ASPX fr Sentry-g Quick & Plus! mnitrs 3Ds (UK) Limited, February, 2014 http://www.sentry-g.cm Be Practive, Nt Reactive! Intrductin Sentry-g Enterprise Reprting is a self-cntained

More information

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028

More information

5.2.1 Passwords. Information Technology Policy. Policy. Purpose. Policy Statement. Applicability of this Policy

5.2.1 Passwords. Information Technology Policy. Policy. Purpose. Policy Statement. Applicability of this Policy Infrmatin Technlgy Plicy 5.2.1 Passwrds Plicy Area: 5.2 Security Title: 5.2.1 Passwrds Issued by: Assistant Vice-President/CIO, ITS Date Issued: 2006 July 24 Last Revisin Date: 2011 Octber 19 Apprved by:

More information

Sources of Federal Government and Employee Information

Sources of Federal Government and Employee Information Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities

More information

Professional Leaders/Specialists

Professional Leaders/Specialists Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and

More information

Password Reset for Remote Users

Password Reset for Remote Users 1 Passwrd Reset fr Remte Users Curin prvides a cmpnent fr the PasswrdCurier Passwrd Prvisining System that manages the lcal passwrd cache in cnjunctin with self-service passwrd reset activities. The slutin

More information

Network Security Trends in the Era of Cloud and Mobile Computing

Network Security Trends in the Era of Cloud and Mobile Computing Research Reprt Abstract: Netwrk Security Trends in the Era f Clud and Mbile Cmputing By Jn Oltsik, Senir Principal Analyst and Bill Lundell, Senir Research Analyst With Jennifer Gahm, Senir Prject Manager

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins

More information

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager JOB SPECIFICATION FUNCTION JOB TITLE REPORTING TO GRADE WORK PATTERN LOCATION IT & Digital Netwrk Services Analyst Netwrk Services Team Manager Band D Full-time Birmingham TRAVEL REQUIRED Occasinally ROLE

More information

Implementing SQL Manage Quick Guide

Implementing SQL Manage Quick Guide Implementing SQL Manage Quick Guide The purpse f this dcument is t guide yu thrugh the quick prcess f implementing SQL Manage n SQL Server databases. SQL Manage is a ttal management slutin fr Micrsft SQL

More information

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc. www.patrol-it.com

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc. www.patrol-it.com White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm White Paper fr Mbile Wrkfrce Management and Mnitring Cpyright 2014 by Patrl-IT Inc. www.patrl-it.cm 2

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

Flash Padlock. Self-Secured and Host-Independent USB Flash Drive White Paper. April 2007 Prepared by ClevX, LLC for Corsair Memory

Flash Padlock. Self-Secured and Host-Independent USB Flash Drive White Paper. April 2007 Prepared by ClevX, LLC for Corsair Memory Flash Padlck - White Paper Flash Padlck Self-Secured and Hst-Independent USB Flash Drive White Paper April 2007 Prepared by ClevX, LLC fr Crsair Memry 1 INTRODUCTION Millins f USB Flash Drives (UFDs) are

More information

SMART Active Directory Migrator 9.0.2. Requirements

SMART Active Directory Migrator 9.0.2. Requirements SMART Active Directry Migratr 9.0.2 January 2016 Table f Cntents... 3 SMART Active Directry Migratr Basic Installatin... 3 Wrkstatin and Member Server System... 5 Netwrking... 5 SSL Certificate... 6 Service

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

CHANGE MANAGEMENT STANDARD

CHANGE MANAGEMENT STANDARD The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the

More information

Technical White Paper

Technical White Paper The Data Integrity Imperative If it isn t accurate, it isn t available. Technical White Paper Visin Slutins, Inc. Intrductin The fundamental requirement f high availability sftware is t ensure that critical

More information

In addition to assisting with the disaster planning process, it is hoped this document will also::

In addition to assisting with the disaster planning process, it is hoped this document will also:: First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business

More information