Cigital. Paco Hope, Technical Manager
|
|
- Shona Porter
- 8 years ago
- Views:
Transcription
1 The Foundation for Security Paco Hope, Technical Manager Cigital, Inc. All Rights Reserved. 2 Cigital Consulting firm of recognized software security experts since 1992 Widely published in books, white papers, and articles Industry thought leaders Deep expertise in commercial areas: financial services, wireless communications, gaming Experience in industry standards, best practices, and regulatory compliance 3 Redistribution Prohibited 1
2 Cigital, Inc. All Rights Reserved. 4 What are Requirements? The IEEE Standard 729 defines requirements as: A condition or capability needed by a user to solve a problem or achieve an objective A condition or capability that must be met or possessed by a system to satisfy a contract, standard, specification, or other formally imposed document. Three Types of Requirements Functional (Behavioral) Requirements Functions that the system must perform Non- Functional Requirements Properties system must possess Derived Requirements Functional/non- functional requirements implicit from stated requirements Cigital, Inc. All Rights Reserved. 5 Redistribution Prohibited 2
3 Func5onal Requirements Inputs that are expected by the system Outputs that must be produced Relationships between those inputs and outputs ÜberInventory : If the system is powered off, and the CMD button is pressed for 4 seconds, the system shall be termed Powered On. If the system is powered on, and the CMD button is pressed for 4 seconds, the system shall be termed Powered Off. If the Scan button is pressed, the laser shall activate and scan for a barcode. The laser shall remain active for 30 seconds or until a barcode is recognized. Cigital, Inc. All Rights Reserved. 6 Non- func5onal Requirements Example Non- Functional Requirements The system shall connect to a and b networks. The system shall acquire and recognize barcodes within 15 seconds more than 80% of the time. The system will require less than 11 Mbs network speed to handle 100 concurrent devices. Auditability Extensibility Maintainability Performance Portability Reliability Security Testability Usability etc. Cigital, Inc. All Rights Reserved. 7 Redistribution Prohibited 3
4 A;ributes of Good Requirements Testable Complete Clear Consistent Measurable Unambiguous Cigital, Inc. All Rights Reserved. 8 New and Old Vocabulary Functional security requirement A condition or capability needed in the system to control or limit the fulfillment of requirements Non- functional security requirement A property of the system required to ensure fulfillment of requirements in the face of abuse or misuse Derived security requirements From functional requirements From other security requirements Cigital, Inc. All Rights Reserved. 12 Redistribution Prohibited 4
5 Func5onal Security Requirements Describe positive, functional behavior related to security. Can be directly tested. Often related to security features like role- based access control, data integrity, etc. Back office users must authenticate with userid / password. 5 or more failed attempts to login account lockout Cigital, Inc. All Rights Reserved. 13 Security Non- Func5onal Requirements Audit logs shall be verbose enough to support forensics All price modification events shall be logged. The event log shall contain date, time, user, action, object, prior value, new value Audit logs shall have integrity protection... Application shall achieve 99.7% uptime between 6:00am and 2:00am local time. Multiple database servers Transaction integrity, fall- back, retry, etc. Cigital, Inc. All Rights Reserved. 14 Redistribution Prohibited 5
6 Derived Security Requirements Back office users must authenticate with userid / password. 5 or more failed attempts to login account lockout Implication: Bad guy can deny users access Guess or learn accounts Try every account 3 times All accounts locked Derived requirement: Accounts should unlock after 5 minutes of no attempts Cigital, Inc. All Rights Reserved. 15 Cigital, Inc. All Rights Reserved. 16 Redistribution Prohibited 6
7 Thinking backwards Think of abuse cases and misuse cases as backward use cases Consider grammatical negation Start with use cases Think about what a system does Continue at increasing levels of detail Once you know what a system does, look at it from the adversary's perspective. How can they disrupt the system? How can they profit from the system? 17 Copyright 2007 Cigital Inc. An Automated Teller Machine Scenario: 1. Login 2. Withdraw money 3. Logout What are some example functional requirements? 18 Copyright 2007 Cigital Inc. Redistribution Prohibited 7
8 Login, Withdraw, Logout Card required to login Correct PIN required to login Withdraw even dollar amounts in increments of $20 Can't exceed account balance It's still not good enough What will a bad guy do? 19 Copyright 2007 Cigital Inc. Security Requirements Shoulder- surfing Don't display PIN Steal card Don't allow lots of login attempts Guy behind you uses your forgotten card Audible and visible alerts Session timeout and logout 20 Copyright 2007 Cigital Inc. Redistribution Prohibited 8
9 Cigital, Inc. All Rights Reserved. 21 Four Ways to Create Security Requirements Cigital, Inc. All Rights Reserved. 22 Redistribution Prohibited 9
10 Security Requirements Process Cigital, Inc. All Rights Reserved. 23 Security Requirements Fodder Input Validation Velocity Transactions Visibility Concurrency Cigital, Inc. All Rights Reserved. 24 Redistribution Prohibited 10
11 Input Valida5on: Four Levels Length and Boundaries 4 input fields 1-3 digits, 0-9 inclusive Characters and encoding English characters in ASCII or Unicode, any UTF encoding Syntactic Positive integer percentage Semantic All percentages must total to exactly 100, no more no less Can total to 100 with any combination of 1-4 inputs Cigital, Inc. All Rights Reserved. 25 Velocity Checking How many shots does an attacker get? At what rate? Logins / hour Transactions / minute Kilobytes / day Changes / user Assume attackers do billions of things per hour Does that change your concerns about security? Insiders have higher hit rate Cigital, Inc. All Rights Reserved. 26 Redistribution Prohibited 11
12 Transac5ons Operations can be interrupted Just because you start, doesn't mean you finish Who shares data / resources? Back- office batch processing Help desk Users What do they share? Databases Web servers Session IDs Cigital, Inc. All Rights Reserved. 27 Visibility Versus True Enforcement Don't omit functionality for unauthorized users Prevent use by unauthorized users Specify that it can't be done Then testers must test it Specify what does happen when bad things are attempted Cigital, Inc. All Rights Reserved. 28 Redistribution Prohibited 12
13 Concurrency Can I log in more than once? Can I modify more than one user simultaneously? Can two admins do the same function simultaneously? Can two people view the same file at the same time? How do you resolve conflicts? Cigital, Inc. All Rights Reserved. 29 Four Ways to Create Security Requirements Cigital, Inc. All Rights Reserved. 30 Redistribution Prohibited 13
14 How Do You Do It? Ideal: During initial requirements Next best thing: during test ttrategy Include Security Test Strategy as part of strategy Balance security testing based on risks and impacts Use risk- based security testing to drive security requirements Use some fodder Cigital, Inc. All Rights Reserved. 31 About Security Requirements Cigital, Inc. All Rights Reserved. 32 Redistribution Prohibited 14
Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/
Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite 7. Restrict access to cardholder data by business need to know PCI Article (PCI DSS 3) Report Mapping How we help 7.1 Limit access to system
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More informationAccess Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL
AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical
More informationReviewing All Applications & Critiques for a Review Meeting
proposalcentral Reviewing All Applications & Critiques for a Review Meeting If you need assistance, contact Customer Service by email at pcsupport@altum.com or by phone at 1-800-875-2562 or phone 703-964-5840
More informationCash Management. Getting Started Guide
Cash Management Getting Started Guide Table of Contents Accessing Cash Management Online... 3 Multifactor Authentication... 3 Navigation... 5 Administration... 5 Manage Users... 6 User Activity Reports...
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationEJGH Email Encryption User Tip Sheet 10-11-2013 1 of 8
EJGH Email Encryption User Tip Sheet 10-11-2013 1 of 8 External Users Decrypting Secure Messages The following sections describe how users external to EJGH receive and decrypt secure messages. Reading
More informationInstructions for the Integrated Travel Manager (ITM) Self Service Password Reset (May 2011)
How to Complete the Challenge Questions and Responses Setup Process 1a 1b Open an Internet Explorer window Point your browser to: https://itm-prod.rdc.noaa.gov/cgibin/90ipi/docprep/login.w If the Web Security
More informationThe Initial Registration Process. During the initial registration process, this guide assumes the user has been provided a login ID.
eopf Account Guide The following processes are covered in this guide: Initial Registration Process (for new users) Forgotten Password Process Forgotten Login ID Process The Initial Registration Process
More informationUsing the Help Desk. Logging into Help Desk. Creating a New Help Desk Ticket
powered by Logging into Help Desk 1. Go to http://helpdesk.hslc.org. 2. Login using your username and password. 3. Are you creating a new Help Desk ticket? If yes, see Creating a New Help Desk Ticket.
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationHow To Secure An Emr-Link System Architecture
EMR-Link Security Administration Guide Introduction This guide provides an overview of the security measures built into EMR-Link, and how your organization s security policies can be implemented with these
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control
More informationTraining Guide for Delaware Practitioners and Pharmacists Delaware Division of Professional Regulation Prescription Monitoring Program
Training Guide for Delaware Practitioners and Pharmacists Delaware Division of Professional Regulation Prescription Monitoring Program August 2014 v1.7 Contents Contents 1 Document Overview... 1 Purpose
More informationFlexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0
Flexible Identity Multi-Factor Authentication Tokenless authenticators guide version 1.0 Publication History Date Description Revision 2014.02.07 initial release 1.0 Copyright Orange Business Services
More informationRiver Valley Credit Union Online Banking
River Valley Credit Union Online Banking New user setup guide Members can self enroll for the service by answering a few simple questions. Before beginning the process, please make sure you have this information
More informationWhite Paper. Information Security -- Network Assessment
Network Assessment White Paper Information Security -- Network Assessment Disclaimer This is one of a series of articles detailing information security procedures as followed by the INFOSEC group of Computer
More informationStrategic Asset Tracking System User Guide
Strategic Asset Tracking System User Guide Contents 1 Overview 2 Web Application 2.1 Logging In 2.2 Navigation 2.3 Assets 2.3.1 Favorites 2.3.3 Purchasing 2.3.4 User Fields 2.3.5 History 2.3.6 Import Data
More informationService Desk R11.2 Upgrade Procedure - Resetting USD passwords and unlocking accounts in etrust Web Admin
Service Desk R11.2 Upgrade Procedure - Resetting USD passwords and unlocking accounts in etrust Web Admin Purpose of document The purpose of this document is to assist users in reset their USD passwords
More informationIBM Connections Cloud Security
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationActivity 1: Scanning with Windows Defender
Activity 1: Scanning with Windows Defender 1. Click on Start > All Programs > Windows Defender 2. Click on the arrow next to Scan 3. Choose Custom Scan Page 1 4. Choose Scan selected drives and folders
More informationInstallation Steps for PAN User-ID Agent
Installation Steps for PAN User-ID Agent If you have an Active Directory domain, and would like the Palo Alto Networks firewall to match traffic to particular logged-in users, you can install the PAN User-ID
More informationMonash Health Self Service
Monash Health Self Service Table of Contents Monash Health Self Service Password Reset \ Account Unlock via a Non-Monash Workstation... 2 Monash Health Self Service Password Reset \ Account Unlock via
More informationUser Guide for CDC s SAMS Partner Portal. Document Version 1.0
User Guide for CDC s SAMS Partner Portal Document Version 1.0 Introduction If you are reading this guide, it probably means that you have been (or will be) invited to register with the SAMS Partner Portal.
More informationContact Center Administrator Guide
ServicePattern Version 3.6 Revision SP36-CCADM-41855 Bright Pattern, Inc. 1111 Bayhill Drive, Suite 275, San Bruno, CA 94066 Phone: +1 (650) 529.4099 Fax: +1 (415) 480.1782 www.brightpattern.com 2010-2014
More informationLab 8.3.1.2 Configure Basic AP Security through IOS CLI
Lab 8.3.1.2 Configure Basic AP Security through IOS CLI Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, the student will learn the following
More informationAcunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.
Acunetix Web Vulnerability Scanner Getting Started V8 By Acunetix Ltd. 1 Starting a Scan The Scan Wizard allows you to quickly set-up an automated scan of your website. An automated scan provides a comprehensive
More informationApplication Security Testing. Generic Test Strategy
Application Security Testing Generic Test Strategy Page 2 of 8 Contents 1 Introduction 3 1.1 Purpose: 3 1.2 Application Security Testing: 3 2 Audience 3 3 Test Strategy guidelines 3 3.1 Authentication
More informationMINNESOTA STATE STANDARD
Version: 1.00 Approved Date: 4/29/2011 Approval: Signature on file MINNESOTA STATE STANDARD From the Office of Carolyn Parnell Chief Information Officer, State of Minnesota Enterprise Security Portable
More informationRSA SecurID Software Token Security Best Practices Guide
RSA SecurID Software Token Security Best Practices Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA, the RSA
More informationReference Document. SedonaOnline Support
Document Overview This document is being provided to explain how to request a SedonaOnline password and how to use SedonaOnline to submit and view Support Tickets. Our company utilizes the SedonaOffice
More informationEnhanced Model of SQL Injection Detecting and Prevention
Enhanced Model of SQL Injection Detecting and Prevention Srinivas Baggam, Assistant Professor, Department of Computer Science and Engineering, MVGR College of Engineering, Vizianagaram, India. b_srinio@yahoo.com
More informationIT Security Procedure
IT Security Procedure 1. Purpose This Procedure outlines the process for appropriate security measures throughout the West Coast District Health Board (WCDHB) Information Systems. 2. Application This Procedure
More informationDesktop 1.800.603.6802. Inventory/Audit Compliance and Reporting. Active Directory Integration. Drag and Drop. Edit by Scan. Auto Tracking of Records
Desktop Top NEW Features 6 1.800.603.6802 Desktop 6 is our most advance and powerful software solution yet for managing and tracking just about anything! It is easy to use, completely customizable and
More informationFrequently Asked Questions
Frequently Asked Questions What is Construction InfoNet? How can I access the Construction InfoNet? How much are the subscription fees? Are the published rates inclusive of 7% GST? What are the payment
More informationFortiOS Handbook - Hardening your FortiGate VERSION 5.2.3
FortiOS Handbook - Hardening your FortiGate VERSION 5.2.3 FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER
More informationRisk Based Security Testing
Risk Based Security Testing Improving Your Test Strategy to Expose Security Issues Software Confidence. Achieved. www.cigital.com paco@cigital.com +44 7985 419 802 Course Objectives At the end of this
More informationSupplement to Gaming Machine Technical Standards Consultation
Supplement to Gaming Machine Technical Standards Consultation Downloadable, Wireless and Cashless Gaming Machine Systems Consultation paper, September 2006 Introduction 1. This paper is a supplement to
More informationSelf-service password management user guide
King s College London IT Services Self-service password management user guide v1.04 26 January 2016 Contents How to register for online services and self-service password management... 2 How to reset your
More informationHost-based Protection for ATM's
SOLUTION BRIEF:........................................ Host-based Protection for ATM's Who should read this paper ATM manufacturers, system integrators and operators. Content Introduction...........................................................................................................
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationDepartment of Information Technology Remote Access Audit Final Report. January 2010. promoting efficient & effective local government
Department of Information Technology Remote Access Audit Final Report January 2010 promoting efficient & effective local government Background Remote access is a service provided by the county to the Fairfax
More informationInformation Technology Security Procedures
Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3
More informationAUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS
AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS OBJECTIVE Increase your IT vocab so that you can assess the risks related to your audits of EHRs and/or EHR related data AGENDA What
More informationExternal Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy
External Authentication with CiscoSecure ACS Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington Business
More informationAESDIRECT ACCOUNT ADMINISTRATION USER GUIDE
AESDIRECT ACCOUNT ADMINISTRATION USER GUIDE Updated June 24, 2014 Table of Contents OVERVIEW... 3 AESDirect Roles Defined... 3 Account Administrator... 3 User Managers... 3 Users... 4 AESDIRECT RULES...
More informationWelcome Guide for MP-1 Token for Microsoft Windows
Welcome Guide for MP-1 Token for Microsoft Windows Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made
More informationNSi Mobile Administrator Guide. Version 6.2
F NSi Mobile Administrator Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 16, 2013 Copyright 2012 2013 Notable Solutions, Inc. 2 CONTENTS TABLE OF CONTENTS PREFACE...
More informationNetwork and Workstation Acceptable Use Policy
CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of
More informationAuthentication Part 4: Issues and Implications. People and Security Lecture 8
Authentication Part 4: Issues and Implications People and Security Lecture 8 The great authentication fatigue (1) 23 knowledge workers asked to keep a diary of all their authentication events for 24 hours
More informationDatabase Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG
Database Security Guideline Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG Table of Contents Chapter 1 Introduction... 4 1.1 Objective... 4 1.2 Prerequisites of this Guideline...
More informationInternet Access Gateway Logon Instructions IAG Platform, XP
Business Services Network (BSN) Internet Access Gateway Logon Instructions IAG Platform, XP Welcome to the Business Services Network a secure, private network for authorized users within which one may
More informationEntire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center www.praetorian.com
Entire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center www.praetorian.com Threat Modeling "Threat modeling at the design phase is really the only way to
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationINFORMATION TECHNOLOGY CONTROLS
CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,
More informationBlackShield ID Agent for Remote Web Workplace
Agent for Remote Web Workplace 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication may be reproduced,
More informationSecuring Corporate Email on Personal Mobile Devices
Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...
More informationDriveLock and Windows 7
Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows Desktop Self-service Password Reset Layer v.3.2-007 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200
More informationCHANGES IN GECS 3.50 PACKAGES
CHANGES IN GECS 3.50 PACKAGES GECS version 3.50 started shipping January 20 th, 2005. You can find the date of the last GECS package installed by looking in the file named PKGDATE.TXT located in your GECS
More informationi-mobile Multi-Factor Authentication
i-mobile Multi-Factor Authentication Introduction... 1 i-mobile Multi-Factor Authentication... 1 i-mobile WAP MFA Enrollment... 2 i-mobile Application MFA Enrollment... 4 Error Conditions and Resolutions...
More informationRemote Access Password Tips
Introduction: The following document was created to assist Remote Access users with password change and synchronization issues. IT&S has identified the following five (5) scenarios for remote access password
More informationSynergy SIS AdminVUE Administrator & User Guide
Synergy SIS AdminVUE Administrator & User Guide Edupoint Educational Systems, LLC 1955 South Val Vista Road, Ste 210 Mesa, AZ 85204 Phone (877) 899-9111 Fax (800) 338-7646 Volume 01, Edition 01, Revision
More informationCYBER SECURITY POLICY For Managers of Drinking Water Systems
CYBER SECURITY POLICY For Managers of Drinking Water Systems Excerpt from Cyber Security Assessment and Recommended Approach, Final Report STATE OF DELAWARE DRINKING WATER SYSTEMS February 206 Kash Srinivasan
More informationManual Password Depot Server 8
Manual Password Depot Server 8 Table of Contents Introduction 4 Installation and running 6 Installation as Windows service or as Windows application... 6 Control Panel... 6 Control Panel 8 Control Panel...
More informationLogMeIn HIPAA Considerations
LogMeIn HIPAA Considerations Contents Introduction LogMeIn HIPAA Considerations...3 General HIPAA Information...4 Section A Background information on HIPAA Rules...4 Technical Safeguards Overview...5 Section
More informationUSM IT Security Council Guide for Security Event Logging. Version 1.1
USM IT Security Council Guide for Security Event Logging Version 1.1 23 November 2010 1. General As outlined in the USM Security Guidelines, sections IV.3 and IV.4: IV.3. Institutions must maintain appropriate
More informationSecurity and Identity Management Auditing Converge
Research Publication Date: 12 July 2005 ID Number: G00129279 Security and Identity Management Auditing Converge Earl L. Perkins, Mark Nicolett, Ant Allan, Jay Heiser, Neil MacDonald, Amrit T. Williams,
More informationBusiness ebanking - User Sign On & Set Up
About Sign On Business ebanking has two authentication methods that reduce the risk of online identity theft: secure token authentication and out-of-band authentication. The authentication method companies
More informationMUSC Information Security Policy Compliance Checklist for System Owners Instructions
Instructions This checklist can be used to identify gaps in compliance with MUSC's information security policies and standards, which are published on the Web at http://www.musc.edu/security. Each of the
More informationSANS Institute First Five Quick Wins
#1 QUICK WIN- APPLICATION WHITELISTING SANS Critical Controls: #2: Inventory of Authorized and Unauthorized Software 1) Deploy application whitelisting technology that allows systems to run software only
More informationTwo Factor Authentication. Software Version (SV) 1.0
Two Factor Authentication Software Version (SV) 1.0 Property of: Worldwide Interactive Services, Inc. 5025 South Orange Avenue Orlando, FL 32809 The data contained in this documentation is PROPRIETARY
More informationStill Aren't Doing. Frank Kim
Ten Things Web Developers Still Aren't Doing Frank Kim Think Security Consulting Background Frank Kim Consultant, Think Security Consulting Security in the SDLC SANS Author & Instructor DEV541 Secure Coding
More informationTechnology Manager Non-Seller Admin Guide Creating and Managing Fannie Mae User IDs
Technology Manager Non-Seller Admin Guide Creating and Managing Fannie Mae User IDs As a Technology Manager Administrator, you can use Technology Manager to create and manage users as well as authorize
More informationDetailed Analysis Achieving PCI Compliance with SkyView Partners Products for AIX
Detailed Analysis Achieving PCI Compliance with SkyView Partners Products for AIX The Payment Card Industry has a published set of Data Security Standards to which organization s accepting and storing
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationFlexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0
Flexible Identity Multi-Factor Authentication OTP software tokens guide version 1.0 Publication History Date Description Revision 2014.02.07 initial release 1.0 Copyright Orange Business Services 2 of
More informationBig Data and Security: At the Edge of Prediction
Big Data and Security: At the Edge of Prediction Mark Seward Splunk Inc. Fred Wilmot Splunk Inc. Session ID: Session Classification: SPO2-T17 Intermediate The Way Cyber Adversaries Think Where is the most
More informationUser Management Guide
AlienVault Unified Security Management (USM) 4.x-5.x User Management Guide USM v4.x-5.x User Management Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationImplementation Guide
Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationRSA Authentication Manager 7.1 Basic Exercises
RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo
More informationAdopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures
Whitesheet Navigate Your Way to Compliance The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an American federal law that requires organizations that handle personal health information
More informationecatcher - Security Features with a Talk2M Pro Account
Application User Guide AUG 057 / Rev. 1.1 ecatcher - Security Features with a Talk2M Pro Account This application guide describes the security features of ecatcher 5 with a Talk2M Pro account. support.ewon.biz
More informationRSA SecurID Certified Administrator (RSA Authentication Manager 8.0) Certification Examination Study Guide
RSA SecurID Certified Administrator (RSA Authentication Manager 8.0) Certification Examination Study Guide Introduction The RSA SecurID Certified Administrator (CA) examination is based on the critical
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationHosted VoIP Phone System. Admin Portal User Guide for. Enterprise Administrators
Hosted VoIP Phone System Admin Portal User Guide for Enterprise Administrators Contents Table of Figures... 3 1 About this Guide... 4 2 Accessing the Hosted VoIP Phone System Administration Portal... 5
More informationSophos Mobile Control user help. Product version: 6.1
Sophos Mobile Control user help Product version: 6.1 Document date: May 2016 Contents 1 About this help...4 2 About Sophos Mobile Control...5 3 Login to the Self Service Portal...6 3.1 First login...6
More informationCITRUS COMMUNITY COLLEGE DISTRICT GENERAL INSTITUTION COMPUTER AND NETWORK ACCOUNT AND PASSWORD MANAGEMENT
CITRUS COMMUNITY COLLEGE DISTRICT GENERAL INSTITUTION AP 3721 COMPUTER AND NETWORK ACCOUNT AND PASSWORD MANAGEMENT 1.0 Purpose The purpose of this procedure is to establish a standard for the administration
More informationBlackShield ID Agent for Terminal Services Web and Remote Desktop Web
Agent for Terminal Services Web and Remote Desktop Web 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication
More informationAnalytics, Big Data, & Threat Intelligence: How Security is Transforming
Analytics, Big Data, & Threat Intelligence: How Security is Transforming Jason Sloderbeck Director, Product Management RSA Web Threat Detection 1 Presentation Overview The Largest Threat How Can Big Data
More informationFAQs for Password Self Service
FAQs for Password Self Service Contents 1.1 What is PSS? 1.2 What do I do if I forget my Portal/POS or Network/Workstation password? 1.3 What do I do if my Portal/POS or Network/Workstation password has
More informationPharos User Process Guide
Pharos User Process Guide TABLE OF CONTENTS CHAPTER 1 USING THE PS20 TERMINALS...2 OVERVIEW...2 OBJECTIVES...2 DEMONSTRATION CHANGING YOUR PASSWORD...3 DEMONSTRATION RUNNING COPY JOBS...5 DEMONSTRATION
More informationApplication Installation/Setup
Application Installation/Setup Q: Who is allowed to use the iphone or Android Mobile Banking Applications? A: Any customer with personal accounts may access the App. The customer must also be in good standing
More informationJosiah Wilkinson Internal Security Assessor. Nationwide
Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges
More informationRemotelyAnywhere. Security Considerations
RemotelyAnywhere Security Considerations Table of Contents Introduction... 3 Microsoft Windows... 3 Default Configuration... 3 Unused Services... 3 Incoming Connections... 4 Default Port Numbers... 4 IP
More informationUser Manual For MIS Helpdesk
User Guide 1 User Manual For MIS Helpdesk User Guide 2 INDEX 1. About MIS Help Desk -------------------------------------------4 2. Details operation of different Module 2.1 User Login----------------------------------------------------5
More information