Cyber Essentials Questionnaire

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cyber Essentials Questionnaire"

Transcription

1 Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable. It is mainly applicable where IT systems are primarily based on Common-Off-The-Shelf (COTS) products rather than large, heavily customised, complex solutions. The main objective of the Cyber Essentials assessment is to determine that your organisation has effectively implemented the controls required by the Scheme, in order to defend against the most common and unsophisticated forms of cyber-attack. This questionnaire is a self-assessment, which must be approved by a Board member or equivalent, and will then be verified by a competent assessor from ID Cyber Solutions, the certification body. Such verification may take a number of forms, and could include, for example, a telephone conference. The verification process will be at the discretion of ID Cyber Solutions. Scope of Cyber Essentials The Scope is defined in the scheme Assurance Framework document, available on the scheme web site You will be required to identify the actual scope of the system(s) to be evaluated as part of the questionnaire. How to avoid delays & additional charges You may incur additional charges if details are not sufficiently supplied, answer the questions as fully as possible giving supporting comments, paragraphs from policies and screen shots where possible. As a rule of thumb if it takes longer to assess the submission than you spent preparing it, you may be charged.

2 Organisation Identification Please provide details as follows: Organisation Name (legal entity): Sector: Parent Organisation name (if any): Size of organisation micro, small, medium, large. (See definition below) of employees Point of Contact name: Salutation (Mr, Mrs, Miss etc.) Initial First Surname Job Title: address: Telephone Number: Building Name/Number Address 1 Address 2 Address 3 City County Postcode Certification Body: ID Cyber Solutions Do you wish to be excluded from the register of Cyber Essentials certified companies? Exclusion means customers will not be able to find your entry. If this is left blank you will be entered. From time to time government departments and other interested bodies may wish to use your company for marketing Cyber Essentials. If you do not wish to be promoted in this way please enter NO in the box. If this is left blank you imply your consent.

3 SME Definition Company category Employees Turnover or Balance sheet total Medium-sized < m 43 m Small < m 10 m Micro < 10 2 m 2 m Business Scope Please identify the scope of the system(s) to be assessed under this questionnaire, including locations, network boundaries, management and ownership. Where possible, include IP addresses and/or ranges. A system name should be provided that uniquely identifies the systems to be assessed, and which will be used on any certificate awarded. (te: it is not permissible to provide the company name, unless all systems within the organisation are to be assessed): How many work sites are in scope? For Our Glasgow and Edinburgh offices are in scope for the test, excluding our development server located in our Glasgow office. These two sites are collectively known under the system name of Overall business systems. How are they connected? For Our Glasgow and Edinburgh offices are connected via VPN, with users from Edinburgh connecting to our file sharing server located in Glasgow. Have out-of-scope areas been sufficiently segregated (NAT/Firewall)? For Our out-ofscope development server is connected to our network but is segregated by a firewall. What Cloud Services are used (Dropbox, Office 365, Google Drive)? For We regularly use Office 365 to manage and access our system, as well as to store some working files. Please provide a URL (or send supplemental documentation) that shows each cloud provider s security processes and certifications

4 Boundary Firewalls and Internet Gateways Question Answer Comment 1 Have you installed Firewalls or similar devices at the boundaries of the networks in the Scope? What make are your Firewalls and who administers them? For Both of our offices are protected by identical Cisco ASA 5520 Firewalls. These were installed and are maintained by our outsourced IT company AAA Solutions. 2 Have the default usernames/passwords on all boundary firewalls (or similar devices) been changed to a strong password? 3 Have all open ports and services on each firewall (or similar device) been subject to justification and approval by an appropriately qualified and authorised business representative, and has this approval been properly documented? 4 Have all commonly attacked and vulnerable services (such as Server Message Block (SMB) NetBIOSm tftp, RPC, rlogin, rsh, rexec) been disabled or blocked by default at the boundary firewalls? When were the credentials changed, and who by? What are the complexity rules of the passwords? For Our outsourced IT company changed the passwords when the firewalls were installed three months ago. They have told us that the passwords are at least 15 characters long with a mixture of letters, numbers and special characters. What is the approval process when a new port is opened and who administers this? For Our Operations Manager issues a request to the outsourced IT company stating the reason for the port to be open and consults with them about any potential security issues. The outsourced IT company then arranges a suitable time to perform the operation. How do you know this to be the case? Who s role was it to check and when was this done? For This was checked by our Operations Manager shortly after the firewalls were installed. They asked the outsourced IT company to confirm that all of the

5 necessary services had been disabled. Question Answer Comment 5 Confirm that there is a corporate policy requiring all firewall rules that are no longer required to be removed or disabled in a timely manner, and that this policy has been adhered to (meaning that there are currently no open ports or services that are not essential for the business)? Policy exists and has been implemented 6 Confirm that any remote administrative interface has been disabled on all firewall (or similar) devices? 7 Confirm that where there is no requirement for a system to have Internet access, a Default Deny policy is in effect and that it has been applied correctly, preventing the system from making connections to the Internet? Policy exists but has not been implemented Policy does not exist What is the name of the policy document? When was the last check performed to verify the policy is being adhered to and who signs off on the checks? For Our outsourced IT company maintains a policy document on our behalf titled Business Firewall Rules which is reviewed and checked at our 3-monthly catch-up meetings with the outsourced IT company. Our Operations Manager signs off on any changes to the policy and he is satisfied that the policy is being adhered to. Whose responsibility is it and when was this checked? Are firewalls ever configured remotely by anyone, and if so what compensating controls are used? For Our outsourced IT company administers our firewalls remotely via SSH which is configured to their IP address only. This was checked by our Operations Manager when the firewalls were installed three months ago. Do you have any machines that require this (i.e. machines you are keeping out of scope)? Are servers ever used to browse the web? For Our development server does not need to connect to the internet and has a Default Deny policy in effect. Our other servers are strictly access controlled and are never used to browse the internet.

6 Please provide any additional evidence to support your assertions above: Secure Configuration Question Answer Comment 8 Have all unnecessary or default user accounts been deleted or disabled? 9 Confirm that all accounts have passwords, and that any default passwords have been changed to strong passwords? 10 Has all unnecessary software, including OS utilities, services and applications, been removed or disabled? How is this administered and whose responsibility is it to check this? What is the process to ensure this is carried out? For Our outsourced IT company adheres to a set image for new computers which includes disabling any default user accounts. Our HR Manager ensures that any accounts belonging to ex-employees are removed within 7 days. How is it ensured that all accounts have strong passwords? Are technical controls in place to enforce complex passwords or is it a paper based policy? For All of our passwords protected systems ask users to set passwords when they first log in and make sure that they meet our minimum strength requirements. Whose role is it to commission a computer and how is it ensured that only approved services and applications have been installed and enabled? Is it part of policy to remove all unnecessary bundled software? For All computers are procured through our outsourced IT company who adhere to a default image which removes

7 11 Has the Auto Run (or similar service) been disabled for all media types and network file shares? 12 Has a host based firewall been installed on all desktop PCs or laptops, and is this configured to block unapproved connections by default? Installed and configured Installed, but not configured t installed any unnecessary software. How was this disabled? For Auto Run and Auto Play have been disabled for all of our computers, and is part of our outsourced IT providers default image for all new computers. How is this checked? For Our outsourced IT providers default image includes preconfigured rton antivirus and firewall which is installed on every PC and laptop. 13 Is a standard build image used to configure new workstations, does this image include the policies and controls and software required to protect the workstation, and is the image kept up to date with corporate policies? 14 Do you have a backup policy in place, and are backups regularly taken to protect against threats such as ransomware? Who created the build image and whose responsibility is it keep it up to date? If a build image is not used are build instructions of build best practice guidelines followed, and what are they? For Example: Our outsourced IT provider providers a default image for all new computers which adhere to all of our security requirements. These requirements are reviewed at 3-monthly meetings with the outsourced IT provider and updated if necessary. Describe your backup process (online, CD, hard drive etc.) and if they are segregated from other systems (i.e. could malware affect them if every other system was compromised?). For Our outsourced IT provider performs and maintains backups of all of our systems every 24 hours. We also have a backup

8 15 Are security and event logs maintained on servers, workstations and laptops? server which mirrors our internal file sharing server, but this is more convenient than robust. Regardless, we are confident that our backups with our outsourced IT providers are sufficiently segregated. Which logs are enabled? For Access logs are maintained for all of our servers in addition to Windows event and error logs for all of our computers. Please provide any additional evidence to support your assertions above:

9 Access Control Question Answer Comment 16 Are user account requests subject to proper justification, provisioning and an approvals process, and assigned to named individuals? 17 Are users required to authenticate with a unique username and strong password before being granted access to computers and applications? 18 Are accounts removed or disabled when no longer required? What is the process for adding a new user account (e.g. for a new employee)? For Our HR Manager makes a request to add a new user account which must be approved by the Operations Manager. This request is then sent to the outsourced IT company who adds the new user account. Are all of your sensitive systems password protected? Have you identified any users that share login accounts? For All of our sensitive systems require users to authenticate before being granted access. We have a strict policy against users sharing login credentials and do not write passwords down. Do you have a procedure for removing unnecessary user accounts and are regular checks carried out to ensure that all unnecessary users have been removed? 19 Are elevated or special access privileges, such as system administrator accounts, restricted to a limited number of Our policy states that all unnecessary user accounts are to be removed within 7 days. Our HR Manager makes a request to remove the account which is approved by the Operations Manager. This request is then sent to the outsourced IT company which removes the account. The HR Manager checks the account is removed and is responsible for maintaining only necessary user accounts. What are the role of these individuals? For

10 authorised individuals? 20 Are special access privileges documented and reviewed regularly (e.g. quarterly)? 21 Are all administrative accounts only permitted to perform administrator activity, with no Internet or external permissions? 22 Does your password policy enforce changing administrator passwords at least every 60 days to a complex password? Elevated access is restricted to only our Operations Manager. All other administrative requests are submitted through the outsourced IT company. When were special access privileges last reviewed, and how are they documented (spreadsheet, database, etc.)? For Our documentation process is straightforward as our Operations Manager is the only member of staff with special access privileges and acts as our liaison with the outsourced IT company. All administrative accounts should be taken into consideration including domain and local computer admins. For Administrative accounts are only used when they are necessary. Administrative accounts are not used for dayto-day activities and instead the user is prompted for administrator credentials when an administrative action must be carried out. How is this policy enforced? Does your policy enforce less or more days between changes? For Our systems require users to set new passwords every 45 days. User passwords are automatically expired at the end of the password period which forces users to create a new password before being able to log in again. Please provide any additional evidence to support your assertions above:

11 Malware Protection Question Answer Comment 23 Please confirm that malware protection software has been installed on at least all computers with an ability to connect outside of the network in Scope? 24 Does corporate policy require all malware protection software to have all engine updates applied, and is this applied rigorously? 25 Have all anti malware signature files been kept up to date (through automatic updates or through centrally managed deployment)? 26 Has malware protection software been configured for on-access scanning, and does this include downloading or opening files, opening folders on removable or remote storage, and web page scanning? 27 Has malware protection software been configured to run regular (at least daily) scans? What malware protection software is used and how is it deployed? For All computers have rton antivirus and firewall installed. This is installed by default through the outsourced IT company s default computer image. It is advised that updates should occur within 90 days. For All of our malware protection software is set to automatically update whenever updates become available. How often is this checked and how is each machine kept up to date? For All of our malware signature files are kept up to date through automatic updates which are applied whenever they become available. Is it possible for users to change this setting? For Our malware protection software package provides complete protection including web page scanning and real-time scanning of downloaded files and removable storage. This configuration can only be changed by an administrator. What scan regime do you follow (full scan, quick scan, etc.)? For Our malware protection software is configured to perform quick scans every 6 hours and a full scan every 24 hours.

12 28 Are users prevented from running executable code or programs from any media to which they also have write access? Other than anti-virus software, are access control measures in place to prevent virus code modifying commonly run executable files? 29 Are users prevented from accessing known malicious web sites by your malware protection software through a blacklisting function? What mechanisms are in place to ensure that if a user clicks on a malicious link, the executable file does not execute? How are these mechanisms achieved? For Whenever a user clicks on a link or file attachment they are prompted that the file may be dangerous and to confirm that they wish to run it. Does your malware protection software do this or have you subscribed to a third party DNS service that filters such sites (if so, include is it called)? For Our malware protection software includes a feature which provides a website check through the malware protection software vendor s database. Please provide any additional evidence to support your assertions above: Patch Management Question Answer Comment 30 Is all software installed on computers and network devices in the Scope licensed and supported? If any software/os/device does not have support available how have you ensured that it is out of scope? For 31 Are all Operating System security patches applied within 14 days of release? All of our software and devices are fully licenced and supported with the exception of some legacy development tools on our out-of-scope firewalled development server. How do you enforce this (i.e. central patch deployment or individual machines set to update automatically)? For

13 32 Are all Application software security patches applied within 14 days of release? 33 Is all legacy or unsupported software isolated, disabled or removed from devices within the Scope? 34 Is a mobile working policy in force that requires mobile devices (including BYOD) to be kept up to date with vendor updates and app patches? All of our individual computers are configured to apply Operating System updates automatically, as soon as they are available. How do you enforce this (i.e. central patch deployment or individual machines set to update automatically)? For All of our individual computers are configured to apply application software updates automatically, as soon as they are available. What is the process used to ensure this happens and to record which software is on which devices? For Any deviations from the standard machine image are recorded by the Operations Manager in a spreadsheet. This spreadsheet (and the contents of the standard image) is reviewed at our 3-monthly meetings with the outsourced IT company to ensure that all software present on our machines is up to scratch. What kind of work is done via mobile devices and are they kept up to date? Do any non-company owned devices connect to the company network or is there a guest partition where they can connect? For

14 We maintain a guest area for guests to connect noncompany owned devices. We also have a number of company owned tablets which are used by workers onsite. These devices are set to automatically install updates when they become available. Please provide any additional evidence to support your assertions above: Approval It is a requirement of the Scheme that a Board level (or equivalent) of the organisation has approved the information given. Please provide evidence of such approval:

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

Cyber Essentials. Test Specification

Cyber Essentials. Test Specification Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8

More information

Cyber Essentials PLUS. Common Test Specification

Cyber Essentials PLUS. Common Test Specification Cyber Essentials PLUS Common Test Specification Page 1 Version Control Version Date Description Released by 1.0 07/08/14 Initial Common Test Specification release SR Smith 1.1 19/08/14 Updated Scope SR

More information

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme avecto.com Contents Introduction to the scheme 2 Boundary firewalls and internet gateways 3 Secure configuration

More information

Cybersecurity Health Check At A Glance

Cybersecurity Health Check At A Glance This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not

More information

Activity 1: Scanning with Windows Defender

Activity 1: Scanning with Windows Defender Activity 1: Scanning with Windows Defender 1. Click on Start > All Programs > Windows Defender 2. Click on the arrow next to Scan 3. Choose Custom Scan Page 1 4. Choose Scan selected drives and folders

More information

Setting Up Scan to SMB on TaskALFA series MFP s.

Setting Up Scan to SMB on TaskALFA series MFP s. Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and

More information

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server

More information

AVeS Cloud Security powered by SYMANTEC TM

AVeS Cloud Security powered by SYMANTEC TM Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.

More information

Introduction. PCI DSS Overview

Introduction. PCI DSS Overview Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,

More information

Cyber Essentials KAMI VANIEA 2

Cyber Essentials KAMI VANIEA 2 Cyber Essentials DR. KAMI VANIEA KAMI VANIEA 2 First, the news Office of Personnel Management http://www.usatoday.com/story/news/politics/2015/06/23/op m-hack-senate-archuleta-hearing/29153773/ KAMI VANIEA

More information

THE EDINBURGH NAPIER UNIVERSITY WINDOWS VIRTUAL PRIVATE NETWORK (VPN) GUIDE FOR MAC USERS

THE EDINBURGH NAPIER UNIVERSITY WINDOWS VIRTUAL PRIVATE NETWORK (VPN) GUIDE FOR MAC USERS THE EDINBURGH NAPIER UNIVERSITY WINDOWS VIRTUAL PRIVATE NETWORK (VPN) GUIDE FOR MAC USERS INTRODUCTION... 2 WHAT SERVICES CAN I ACCESS USING THE VPN?... 2 WHAT ARE THE REQUIREMENTS OF THE VPN SERVICE?...

More information

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on

More information

Sophos Anti-Virus for Mac OS X Help

Sophos Anti-Virus for Mac OS X Help Sophos Anti-Virus for Mac OS X Help For networked and standalone Macs running Mac OS X Product version: 9 Document date: June 2013 Sophos TOC 3 Contents About Sophos Anti-Virus...5 About the Scans window...5

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

Computer and Network Security Policy

Computer and Network Security Policy Coffeyville Community College Computer and Network Security Policy Created By: Jeremy Robertson Network Administrator Created on: 6/15/2012 Computer and Network Security Page 1 Introduction: The Coffeyville

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9) Nessus Enterprise Cloud User Guide October 2, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Enterprise Cloud... 3 Subscription and Activation... 3 Multi Scanner Support... 4 Customer Scanning

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

[BRING YOUR OWN DEVICE POLICY]

[BRING YOUR OWN DEVICE POLICY] 2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2

More information

Microsoft Windows Client Security Policy. Version 2.1 POL 033

Microsoft Windows Client Security Policy. Version 2.1 POL 033 Microsoft Windows Client Security Policy Version 2.1 POL 033 Ownership Policy Owner: Information Security Manager Revision History Next Review Date: 2 nd April 2015 Approvals This document requires the

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Assurance Framework January 2015 December 2013 Contents Introduction... 3 Change from June 2014 version... 3 Overview... 4 Stage Definitions... 5 Stage 1 Cyber Essentials: verified

More information

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access

More information

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term

More information

March 2012 www.tufin.com

March 2012 www.tufin.com SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...

More information

Mobile Device Management Version 8. Last updated: 17-10-14

Mobile Device Management Version 8. Last updated: 17-10-14 Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names

More information

EMR Link Server Interface Installation

EMR Link Server Interface Installation EMR Link Server Interface Installation Version 1.0 ** INTRODUCTION ** If you would like assistance with installation, please contact our preferred support provider at support@bonecomputer.com, or call

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

WORKSTATION SECURITY STANDARD

WORKSTATION SECURITY STANDARD WORKSTATION SECURITY STANDARD Security Standards are mandatory security rules applicable to the defined scope with respect to the subject. Overview Scope Standard Improperly configured computer systems

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

User Guide. Version R91. English

User Guide. Version R91. English AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

How to Practice Safely in an era of Cybercrime and Privacy Fears

How to Practice Safely in an era of Cybercrime and Privacy Fears How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,

More information

Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A

Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879 Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 2 of 116 PageID: 4880 Payment Card Industry (PCI)

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac? Enterprise Computing & Service Management How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac? In order to connect remotely to a PC computer from your Mac, we recommend

More information

IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security

IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security INTC-8608-01 CE 12-2010 Page 1 of 8 Table of Contents 1. Scope of Services...3 2. Definitions...3

More information

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac? How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac? In order to connect remotely to a PC computer from your Mac, we recommend the MS Remote Desktop for Mac client.

More information

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious

More information

Citrix Systems, Inc.

Citrix Systems, Inc. Citrix Password Manager Quick Deployment Guide Install and Use Password Manager on Presentation Server in Under Two Hours Citrix Systems, Inc. Notice The information in this publication is subject to change

More information

Information Security Policy

Information Security Policy Information Security Policy Last updated By A. Whillance/ Q. North/ T. Hanson On April 2015 This document and other Information Services documents are held online on our website: https://staff.brighton.ac.uk/is

More information

Sophos Anti-Virus for Mac OS X: Home Edition Help

Sophos Anti-Virus for Mac OS X: Home Edition Help Sophos Anti-Virus for Mac OS X: Home Edition Help For standalone Macs running Mac OS X Product version: 9C Document date: June 2013 Sophos TOC 3 Contents About Sophos Anti-Virus...5 About the Scans window...5

More information

NETWORK AND INTERNET SECURITY POLICY STATEMENT

NETWORK AND INTERNET SECURITY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

More information

Accessing the Media General SSL VPN

Accessing the Media General SSL VPN Launching Applications and Mapping Drives Remote Desktop Outlook Launching Web Applications Full Access VPN Note: To access the Media General VPN, anti-virus software must be installed and running on your

More information

Using GhostPorts Multi-Factor Authentication

Using GhostPorts Multi-Factor Authentication Using GhostPorts Multi-Factor Authentication With CloudPassage Halo GhostPorts is a powerful multi-factor authentication feature available with the Halo NetSec and Halo Professional subscription plans.

More information

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may

More information

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer

More information

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett Linux Boot Camp Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett Schedule for the Week Schedule for the Week Mon Welcome from Enrollment Management

More information

Managing Remote Access

Managing Remote Access VMWARE TECHNICAL NOTE VMware ACE Managing Remote Access This technical note explains how to use VMware ACE to manage remote access through VPN to a corporate network. This document contains the following

More information

UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY

UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY Firewall Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Originator: Recommended by Director

More information

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating

More information

DiamondStream Data Security Policy Summary

DiamondStream Data Security Policy Summary DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers

More information

On-Site Computer Solutions values these technologies as part of an overall security plan:

On-Site Computer Solutions values these technologies as part of an overall security plan: Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and

More information

Tenable for CyberArk

Tenable for CyberArk HOW-TO GUIDE Tenable for CyberArk Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with CyberArk Enterprise Password Vault. Please email any comments

More information

RSA Authentication Manager 7.1 Basic Exercises

RSA Authentication Manager 7.1 Basic Exercises RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo

More information

SANS Institute First Five Quick Wins

SANS Institute First Five Quick Wins #1 QUICK WIN- APPLICATION WHITELISTING SANS Critical Controls: #2: Inventory of Authorized and Unauthorized Software 1) Deploy application whitelisting technology that allows systems to run software only

More information

Guidelines for E-mail Account Management and Effective E-mail Usage

Guidelines for E-mail Account Management and Effective E-mail Usage Guidelines for E-mail Account Management and Effective E-mail Usage October 2014 Version 1.0 Department of Electronics and Information Technology Ministry of Communications and Information Technology Government

More information

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR. SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR. 1. Setting up your network to allow incoming connections on ports used by Eyemax system. Default ports used by Eyemax system are: range of ports 9091~9115

More information

CloudDesk - Security in the Cloud INFORMATION

CloudDesk - Security in the Cloud INFORMATION CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES

More information

Best Practices for DeltaV Cyber- Security

Best Practices for DeltaV Cyber- Security January 2013 Page 1 Best Practices for DeltaV Cyber- Security This document describes best practices will help you maintain a cyber-secure DeltaV digital automation system. www.deltav.com January 2013

More information

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide BlackBerry Enterprise Service 10 Universal Service Version: 10.2 Administration Guide Published: 2015-02-24 SWD-20150223125016631 Contents 1 Introduction...9 About this guide...10 What is BlackBerry

More information

Implementation Guide

Implementation Guide Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein

More information

Chapter 7 Managing Users, Authentication, and Certificates

Chapter 7 Managing Users, Authentication, and Certificates Chapter 7 Managing Users, Authentication, and Certificates This chapter contains the following sections: Adding Authentication Domains, Groups, and Users Managing Certificates Adding Authentication Domains,

More information

K7 Business Lite User Manual

K7 Business Lite User Manual K7 Business Lite User Manual About the Admin Console The Admin Console is a centralized web-based management console. The web console is accessible through any modern web browser from any computer on the

More information

Microsoft Baseline Security Analyzer (MBSA)

Microsoft Baseline Security Analyzer (MBSA) Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA) is a software tool released by Microsoft to determine security state by assessing missing security updates and lesssecure

More information

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X Sophos Anti-Virus standalone startup guide For Windows and Mac OS X Document date: June 2007 Contents 1 What you need for installation...4 2 Installing Sophos Anti-Virus for Windows...5 3 Installing Sophos

More information

1. Installation Overview

1. Installation Overview Quick Install Guide 1. Installation Overview Thank you for selecting Bitdefender Business Solutions to protect your business. This document enables you to quickly get started with the installation of Bitdefender

More information

Host/Platform Security. Module 11

Host/Platform Security. Module 11 Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic

More information

Lessons Learned CIP Reliability Standards

Lessons Learned CIP Reliability Standards Evidence for a requirement was not usable due to a lack of identifying information on the document. An entity should set and enforce a "quality of evidence" standard for its compliance documentation. A

More information

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft] Cox Managed CPE Services RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft] September, 2015 2015 by Cox Communications. All rights reserved. No part of this document may be reproduced or transmitted

More information

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

US companies experience and attitudes towards security threats

US companies experience and attitudes towards security threats US companies experience and attitudes towards security threats Q u a n t i t a t i v e s u r v e y w i t h i n L a r g e a n d M e d i u m c o m p a n i e s i n t h e U S A Objectives Determine the existing

More information

User Guide. Cloud Gateway Software Device

User Guide. Cloud Gateway Software Device User Guide Cloud Gateway Software Device This document is designed to provide information about the first time configuration and administrator use of the Cloud Gateway (web filtering device software).

More information

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201 Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...

More information

WhatsUp Gold v16.1 Installation and Configuration Guide

WhatsUp Gold v16.1 Installation and Configuration Guide WhatsUp Gold v16.1 Installation and Configuration Guide Contents Installing and Configuring Ipswitch WhatsUp Gold v16.1 using WhatsUp Setup Installing WhatsUp Gold using WhatsUp Setup... 1 Security guidelines

More information

Accessing TP SSL VPN

Accessing TP SSL VPN Accessing TP SSL VPN This guide describes the steps to install, connect and disconnect the SSL VPN for remote access to TP intranet systems using personal notebooks. A. Installing the SSL VPN client Junos

More information

My FreeScan Vulnerabilities Report

My FreeScan Vulnerabilities Report Page 1 of 6 My FreeScan Vulnerabilities Report Print Help For 66.40.6.179 on Feb 07, 008 Thank you for trying FreeScan. Below you'll find the complete results of your scan, including whether or not the

More information

Best Practices for DanPac Express Cyber Security

Best Practices for DanPac Express Cyber Security March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction

More information

IIS, FTP Server and Windows

IIS, FTP Server and Windows IIS, FTP Server and Windows The Objective: To setup, configure and test FTP server. Requirement: Any version of the Windows 2000 Server. FTP Windows s component. Internet Information Services, IIS. Steps:

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc. Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Perimeter Service... 3 Subscription and Activation... 3 Multi Scanner Support...

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Business ebanking Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide

More information

Multi-Factor Network Authentication

Multi-Factor Network Authentication Multi-Factor Network Authentication Setup Guide Multi-Factor Network Authentication (also called GhostPorts) is a powerful security feature available with the Halo Workload Firewall Management security

More information