Name. Description. Rationale

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Name. Description. Rationale"

Transcription

1 Cmplliiance Cmpnentt Descriptin Ratinale Benefits List the Dmain List the Discipline List the Technlgy Area List Prduct Cmpnent Dcument the Cmpliance Cmpnent Type Cmpnent Sub-type DEEFFI INITION Hst-Based Intrusin Detectin Systems (HIDS) Hst-Based Intrusin Detectin Systems (HIDS) perate n infrmatin cllected frm within an individual cmputer system. This vantage pint allws HIDS t analyze activities t determine exactly which prcesses and users are invlved in an attack n a particular system r hst. HIDS can see the utcme f an attempted attack, as they can directly access and mnitr the data files and perating system prcesses targeted by the attack. The first step in delivering an efficient and secure intrusin prtectin strategy is accurately detecting all pssible threats. T achieve this gal, multiple detectin methds including HIDS shuld be emplyed t ensure cmprehensive cverage. The failure t secure any State f Missuri hst system with HIDS puts agencies at a much greater risk f lss. A single attack can cst millins f dllars in time spent recvering frm the attack and liability fr cmprmised data and hardware. The damage frm an attack t State f Missuri services can als include incnvenience t citizens and the lss f public cnfidence. HIDS can detect attacks that cannt be seen by a Netwrk-Based IDS since they mnitr events lcal t a hst. HIDS can ften perate in an envirnment where netwrk traffic is encrypted. HIDS are unaffected by switched netwrks. HIDS can detect, and in sme cases prevent, attacks that invlve sftware integrity breaches, such as Trjan Hrses. HIDS have the ability t mnitr lcal files fr any changes r mdificatins. HIDS can see the utcme f an attempted attack since they can directly access and mnitr the data files and perating system prcesses targeted by the attack. ASSSSOCI IATEED ARCHITEECTUREE LLEEVEELLSS Security Technical Cntrls Intrusin Detectin Systems Guideline COMPPLLI IANCEE COMPPONEENT TYPPEE

2 COMPPLLI IANCEE DEETAI ILL General HIDS Requirements Administratrs shall be trained n the IDS befre implementatin. Despite vendr claims f ease f use, training and/r experience are abslutely necessary t manage any IDS. It is preferred t have the HIDS cntrlled directly frm a central lcatin(s). Hwever, the HIDS may be agent-based where respnse decisins are made at the hst. IDS administratrs shall be able t create r change plicies easily. State the Guideline, Standard r Legislatin HIDS Deplyment Requirements HIDS shall be deplyed in cnjunctin with Netwrk-Based IDS t fully prtect the system. It is recmmended that rganizatins install the Netwrk-Based IDS first, fllwed by the HIDS installatin n critical servers. Once administratrs are familiar with the HIDS, it may be installed n the remainder f the rganizatin s hsts. HIDS shall be installed n any hst where sensitive r critical infrmatin is stred. It is preferred t install IDS Management sftware n a separate system frm the target hst being mnitred. It is preferred t have the HIDS use an agent-manager (server) architecture, where plicy is created and mdified n the manager and autmatically distributed t all agents. It is preferred that hst agents pll the manager at peridic intervals fr plicy changes r new sftware updates. HIDS Analysis Requirements HIDS shall utilize infrmatin frm perating system audit trails and system lgs. HIDS shall have easy-t-use tls t analyze the lgs. HIDS shall detect, and preferably prevent, the fllwing: System scanning (prbing the target with different kinds f packets t garner infrmatin abut the system, such as tplgy, active hsts, perating systems and sftware in use), Denial f Service (DS) (slw r shut dwn targeted systems r hsts), and Penetratin (unauthrized acquisitin and/r alteratin f system privileges, resurces, r data). HIDS shall use Misuse Detectin methds (matching a predefined pattern f events describing an attack) and may als include Anmaly Detectin (abnrmal, unusual behavir) cmpnents. Administratrs shall fllw a schedule fr checking the results f the HIDS t ensure attackers have nt mdified the system.

3 HIDS Respnse Requirements HIDS shall respnd in real-time. It is preferred that HIDS prvide active respnses t intrusins by: Cllecting additinal infrmatin: Turning up the number f events lgged, r Capturing all packets, nt just thse targeting a particular prt r system. Changing the envirnment: Terminating the cnnectin, r Recnfiguring ruters and firewalls t: Blck packets frm the intruder s IP address, Blck netwrk prts, prtcls r services, r Sever all cnnectins that use certain netwrk interfaces. HIDS administratrs shall wrk clsely with ruter and firewall administratrs when creating rules fr ruters and firewalls t ensure intruders cannt abuse the feature t deny access t legitimate users. HIDS may prvide passive respnses requiring subsequent human actin t intrusins by: Generating alarms and ntificatins with ppup windws, cellular phnes, pagers and , r Reprting alarms and alerts using SNMP traps and plug-ins t central netwrk management cnsles. All HIDS cmmunicatins shall be secure and use encrypted tunnels r ther cryptgraphic measures HIDS shall create utput with the fllwing infrmatin fr each intrusin detected: Time/date Sensr IP address Specific attack name Surce and destinatin IP addresses Surce and destinatin prt numbers Netwrk prtcl used Descriptin f the attack type Attack severity level Type f lss expected Type f vulnerability explited Input validatin (buffer verflw r bundary cnditin) Access validatin (faulty access cntrl mechanism) Exceptinal cnditin Envirnmental (unexpected interactin with an applicatin and the perating system r between tw applicatins) Hst Cnfiguratin

4 Race (delay between the time a system checks t see if an peratin is allwed and the time it perfrms the peratin) Design Sftware types and versins vulnerable Patch infrmatin t cunter the attack References t advisries abut the attack r vulnerability It is preferred that HIDS reprts cmbine redundant attack entries and make attacks f highest imprtance stand ut. NIST SP (www.csrc.nist.gv/publicatins/nistpubs) Intrusin Detectin Systems (IDS), Dcument Surce Reference # NIST SP (www.csrc.nist.gv/publicatins/nistpubs) CERT Guide t System and Netwrk Security Practices (www.cert.rg/security-imprvement/) Standard Organizatin Website Cntact Infrmatin Cntact Infrmatin Gvernment Bdy Natinal Institute f Standards and Technlgy (NIST), Cmputer Security Resurce Center Website (CSRC) CVE Vulnerability Search n ICAT Metabase List all Keywrds KEEYWORDSS Hney Pt, intrusin, cracker, buffer verflws, passwrds, sniffing, explit, denial-f-service, Java, ActiveX, SMURF, DNS, prbes COMPPONEENT CLLASSSSI IFFI ICATION Prvide the Classificatin Emerging Current Twilight Sunset Ratinale fr Cmpnent Classificatin Dcument the Ratinale fr Cmpnent Classificatin Dcument the Cnditinal Use Restrictins Dcument the Migratin Strategy Dcument the Psitin Statement n Impact Cnditinal Use Restrictins Migratin Strategy Impact Psitin Statement

5 CURREENT SSTATUSS Prvide the Current Status) In Develpment Under Review Apprved Rejected AUDIT TRAILL Creatin Date 04/03/2003 Date Accepted / Rejected 05/14/2003 Reasn fr Rejectin Last Date Reviewed Reasn fr Update Last Date Updated

Name. Description. Rationale

Name. Description. Rationale Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004E Payment Card Industry (PCI) Netwrk Security (prpsed) 01.1 Purpse The purpse f this Netwrk

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

2. When logging is used, which severity level indicates that a device is unusable?

2. When logging is used, which severity level indicates that a device is unusable? Last updated by Admin at March 3, 2015. 1. What are the mst cmmn syslg messages? thse that ccur when a packet matches a parameter cnditin in an access cntrl list link up and link dwn messages utput messages

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

State of Wisconsin. File Server Service Service Offering Definition

State of Wisconsin. File Server Service Service Offering Definition State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm

More information

Firewall Protection Profile

Firewall Protection Profile samhällsskydd ch beredskap 1 (10) ROS-ISÄK Rnny Janse 010-2404426 rnny.janse@msb.se Firewall Prtectin Prfile Extended Package: NAT samhällsskydd ch beredskap 2 (10) Innehållsförteckning 1. Intrductin...

More information

Datasheet. PV4E Management Software Features

Datasheet. PV4E Management Software Features PV4E Management Sftware Features PV4E is a field prven cmprehensive slutin fr real-time cntrl ver netwrk infrastructure and devices The new and refreshed Graphic User Interface (GUI) is nw even mre attractive,

More information

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation ViPNet VPN in Cisc Envirnment Supplement t ViPNet Dcumentatin 1991 2015 Inftecs Americas. All rights reserved. Versin: 00121-04 90 02 ENU This dcument is included in the sftware distributin kit and is

More information

Junos Pulse Instructions for Windows and Mac OS X

Junos Pulse Instructions for Windows and Mac OS X Juns Pulse Instructins fr Windws and Mac OS X When yu pen the Juns client fr the first time yu get the fllwing screen. This screen shws yu have n cnnectins. Create a new cnnectin by clicking n the + icn.

More information

Wireless Light-Level Monitoring

Wireless Light-Level Monitoring Wireless Light-Level Mnitring ILT1000 ILT1000 Applicatin Nte Wireless Light-Level Mnitring 1 Wireless Light-Level Mnitring ILT1000 The affrdability, accessibility, and ease f use f wireless technlgy cmbined

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

Managed Firewall Service Definition. SD007v1.1

Managed Firewall Service Definition. SD007v1.1 Managed Firewall Service Definitin SD007v1.1 Managed Firewall Service Definitin Service Backgrund It is imprtant t nte that the functin f any firewall service is t filter traffic cming int the netwrk (als

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

Serv-U Distributed Architecture Guide

Serv-U Distributed Architecture Guide Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH)

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) Murugiah Suppaya, Karen Scarfne, 1 and Larry Feldman, 2 Editrs Cmputer Security Divisin Infrmatin

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

FY-2006 Networking and Security Engineering and Operations NASA Task TM: Richard Kurak

FY-2006 Networking and Security Engineering and Operations NASA Task TM: Richard Kurak FY-2006 Task A-03: Netwrking and Security Engineering and Operatins NASA Task TM: Richard Kurak Task Summary: The Office f Chief Infrmatin Office (OCIO) is respnsible fr prviding ttal cmmunicatins capabilities

More information

Rule 4-004I Payment Card Industry (PCI) Virus and Vulnerability Management (proposed)

Rule 4-004I Payment Card Industry (PCI) Virus and Vulnerability Management (proposed) Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004I Payment Card Industry (PCI) Virus and Vulnerability Management (prpsed) 01.1 Purpse The

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

COURSE DETAILS. Introduction to Ethical Hacking. FootPrinting. What is Hacking. Who is a Hacker. Skills of a Hacker.

COURSE DETAILS. Introduction to Ethical Hacking. FootPrinting. What is Hacking. Who is a Hacker. Skills of a Hacker. COURSE DETAILS Intrductin t Ethical Hacking What is Hacking Wh is a Hacker Skills f a Hacker Types f Hackers Reasns fr Hacking Wh are at the risk f Hacking attacks Effects f Cmputer Hacking n an rganizatin

More information

RSA-Pivotal Security Big Data Reference Architecture RSA & Pivotal combine to help security teams detect threats quicker and speed up response

RSA-Pivotal Security Big Data Reference Architecture RSA & Pivotal combine to help security teams detect threats quicker and speed up response RSA-Pivtal Security Big Data Reference Architecture RSA & Pivtal cmbine t help security teams detect threats quicker and speed up respnse ESSENTIALS RSA and Pivtal are cmbining t help custmers get: Better

More information

Security Information and Event Management Project

Security Information and Event Management Project Security Infrmatin and Event Management Prject Prpsal Submissin: Mr. Ken Fster 1 Cntents Recmmendatin:... 3 What is Security Infrmatin and Event Management:... 3 Business Case fr SEIM Deplyment:... 3 Cre

More information

ScaleIO Security Configuration Guide

ScaleIO Security Configuration Guide ScaleIO Security Cnfiguratin Guide 1 Intrductin This sectin prvides an verview f the settings available in ScaleIO t ensure secure peratin f the prduct: Security settings are divided int the fllwing categries:

More information

Preparing to Deploy Reflection : A Guide for System Administrators. Version 14.1

Preparing to Deploy Reflection : A Guide for System Administrators. Version 14.1 Preparing t Deply Reflectin : A Guide fr System Administratrs Versin 14.1 Table f Cntents Table f Cntents... 2 Preparing t Deply Reflectin 14.1:... 3 A Guide fr System Administratrs... 3 Overview f the

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

MANAGED VULNERABILITY SCANNING

MANAGED VULNERABILITY SCANNING Abut SensePst SensePst is an independent and bjective rganisatin specialising in infrmatin security cnsulting, training, security assessment services and IT Vulnerability Management. SensePst is abut security.

More information

CNS-205: Citrix NetScaler 11 Essentials and Networking

CNS-205: Citrix NetScaler 11 Essentials and Networking CNS-205: Citrix NetScaler 11 Essentials and Netwrking Overview The bjective f the Citrix NetScaler 11 Essentials and Netwrking curse is t prvide the fundatinal cncepts and skills necessary t implement,

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

SaaS Listing CA Cloud Service Management

SaaS Listing CA Cloud Service Management SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

Help Desk Level Competencies

Help Desk Level Competencies Help Desk Level Cmpetencies Level 1 Take user calls and manage truble tickets Ability t staff and manage the rganizatins helpdesk and effectively respnd t rutine custmer calls Ability t use prper grammar

More information

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD)

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD) State f Wiscnsin Divisin f Enterprise Technlgy (DET) Distributed Database Hsting Service Offering Definitin (SOD) Distributed Database Hsting SOD Page 1 12/9/2010 Dcument Revisin Histry (Majr Pst Publishing

More information

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013 Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup,

More information

SolarWinds Technical Reference

SolarWinds Technical Reference SlarWinds Technical Reference Preparing an Orin Failver Engine Installatin Intrductin t the Orin Failver Engine... 1 General... 1 Netwrk Architecture Optins and... 3 Server Architecture Optins and... 4

More information

Security Standard for General Information Systems

Security Standard for General Information Systems Ohi University Security Standard fr General Infrmatin Systems A Standard fr the Cnfiguratin and Operatin f Infrmatin Systems at Ohi University System Security Wrking Grup 10/24/2008 Security Standard fr

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

Vulnerability Management:

Vulnerability Management: Vulnerability Management: Creating a Prcess fr Results Kyle Snavely Veris Grup, LLC Summary Organizatins increasingly rely n vulnerability scanning t identify risks and fllw up with remediatin f thse risks.

More information

Securely Managing Cryptographic Keys used within a Cloud Environment

Securely Managing Cryptographic Keys used within a Cloud Environment Securely Managing Cryptgraphic Keys used within a Clud Envirnment Dr. Sarbari Gupta sarbari@electrsft-inc.cm 703-437-9451 ext 12 2012 NIST Cryptgraphic Key Management Wrkshp September 10-11, 2012 Intrductin

More information

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010 OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Crprate Accunt Takever & Infrmatin Security Awareness What is Crprate Accunt Takever? A fast grwing electrnic crime where thieves typically use sme frm f malware t btain lgin credentials t Crprate Online

More information

Oracle Cloud Enterprise Hosting and Delivery Policies

Oracle Cloud Enterprise Hosting and Delivery Policies Oracle Clud Enterprise Hsting and Delivery Plicies Statement f Changes Versin 1.5, 6/01/2015 This dcument utlines changes made t the Oracle Clud Enterprise Hsting and Delivery Plicies dated December 1,

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

System Business Continuity Classification

System Business Continuity Classification System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality

More information

PCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities

PCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities PCI - Why Yu Need t be Cmpliant When Accepting Credit Card Payments Tuesday, March 27, 2012 Agenda Breach Events & Cmmnalities Evlutin f PCI PCI Requirements Risks f Nn-cmpliance Industry Initiatives t

More information

Mobile Device Manager Admin Guide. Reports and Alerts

Mobile Device Manager Admin Guide. Reports and Alerts Mbile Device Manager Admin Guide Reprts and Alerts September, 2013 MDM Admin Guide Reprts and Alerts i Cntents Reprts and Alerts... 1 Reprts... 1 Alerts... 3 Viewing Alerts... 5 Keep in Mind...... 5 Overview

More information

NERC-CIP Cyber Security Standards Compliance Documentation

NERC-CIP Cyber Security Standards Compliance Documentation Cmpliance Dcumentatin Briv OnAir 8/3/20154 Page 2 Overview This dcument is intended t be the primary surce f infrmatin fr Briv s cmpliance with the Nrth America Electric Reliability Crpratin (NERC) reliability

More information

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This

More information

Citrix XenApp 6.5 Basic Administration

Citrix XenApp 6.5 Basic Administration Citrix XenApp 6.5 Basic Administratin Descriptin: Days: 5 Prerequisites: Citrix XenApp 6.5 Basic Administratin training curse prvides the fundatin necessary fr administratrs t effectively centralize and

More information

Understand Business Continuity

Understand Business Continuity Understand Business Cntinuity Lessn Overview In this lessn, yu will learn abut: Business cntinuity Data redundancy Data availability Disaster recvery Anticipatry Set What methds can be emplyed by a system

More information

Evaluation Report. 29 May 2013. Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 www.icsalabs.com

Evaluation Report. 29 May 2013. Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 www.icsalabs.com Plycm RealPresence Access Directr 29 May 2013 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 www.icsalabs.cm Table f Cntents Executive Summary... 1 System Cmpnents... 3

More information

Unified Infrastructure/Organization Computer System/Software Use Policy

Unified Infrastructure/Organization Computer System/Software Use Policy Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help

More information

9 ITS Standards Specification Catalog and Testing Framework

9 ITS Standards Specification Catalog and Testing Framework New Yrk State ITS Standards Specificatin Develpment Guide 9 ITS Standards Specificatin Catalg and Testing Framewrk This chapter cvers cncepts related t develpment f an ITS Standards Specificatin Catalg

More information

Using Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors

Using Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors Using Sentry-g Enterprise/ASPX fr Sentry-g Quick & Plus! mnitrs 3Ds (UK) Limited, February, 2014 http://www.sentry-g.cm Be Practive, Nt Reactive! Intrductin Sentry-g Enterprise Reprting is a self-cntained

More information

Installation Guide Marshal Reporting Console

Installation Guide Marshal Reporting Console Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling

More information

EA-POL-015 Enterprise Architecture - Encryption Policy

EA-POL-015 Enterprise Architecture - Encryption Policy Technlgy & Infrmatin Services EA-POL-015 Enterprise ure - Encryptin Plicy Authr: Craig Duglas Date: 17 March 2015 Dcument Security Level: PUBLIC Dcument Versin: 1.0 Dcument Ref: EA-POL-015 Dcument Link:

More information

Frequently Asked Questions LIME Security Suite

Frequently Asked Questions LIME Security Suite Frequently Asked Questins LIME. Fr living. Everyday. Q: What Is? A: is a sftware applicatin, which prvides prtectin frm nline viruses and ther malicius risk whiles n the Internet. Q: Is the service secured

More information

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report Natinal Infrmatin Assurance Partnership Cmmn Criteria Evaluatin and Validatin Scheme Validatin Reprt Micrsft Windws 8, Micrsft Windws RT, Micrsft Windws Server 2012 IPsec VPN Client TM Reprt Number: CCEVS-VR-VID10529-2013

More information

ESSS Vendor Evaluation Form WhiteCanyon Software

ESSS Vendor Evaluation Form WhiteCanyon Software WhiteCanyn Sftware U.S. Department f Veterans Affairs Office f Infrmatin and Technlgy Infrmatin Prtectin and Risk Management Field Security Operatins Enterprise Security Slutin Service Date f Meeting:

More information

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

SBClient and Microsoft Windows Terminal Server (Including Citrix Server) SBClient and Micrsft Windws Terminal Server (Including Citrix Server) Cntents 1. Intrductin 2. SBClient Cmpatibility Infrmatin 3. SBClient Terminal Server Installatin Instructins 4. Reslving Perfrmance

More information

Readme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2.

Readme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2. Oracle s Hyperin Data Integratin Management Release 9.2.1 Readme Readme File This file cntains the fllwing sectins: Purpse... 1 Intrductin t Data Integratin Management... 1 Data Integratin Management Adapters...

More information

PENETRATION TEST OF THE FOOD COMPUTER NETWORK

PENETRATION TEST OF THE FOOD COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE FOOD AND DRUG ADMINISTRATION'S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office fpublic

More information

MaaS360 Cloud Extender

MaaS360 Cloud Extender MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument

More information

Serv-U Distributed Architecture Guide

Serv-U Distributed Architecture Guide Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v15.1.2.0 Page 1 f 20 Intrductin Serv-U

More information

UBC Incident Response Plan V1.5

UBC Incident Response Plan V1.5 UBC Incident Respnse Plan V1.5 Cntents 1. Ratinale... 2 2. Objective... 2 3. Applicatin... 2 4. Reprting a Cmputer Security Incident... 2 5. Managing the Security Incident... 2 5.1. All Incidents... 2

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI

More information

Nuance Healthcare Services Project Delivery Methodology

Nuance Healthcare Services Project Delivery Methodology NUANCE PROFESSIONAL SERVICES Nuance Healthcare Services 2008 Nuance Cmmunicatins, Inc. All rights reserved. Nuance Healthcare Services 1 INTRODUCTION This dcument describes the prject management methdlgy

More information

Best Practices for Optimizing Performance and Availability in Virtual Infrastructures

Best Practices for Optimizing Performance and Availability in Virtual Infrastructures Best Practices fr Optimizing Perfrmance and Availability in Virtual Infrastructures www.nimsft.cm Best Practices fr Optimizing Perfrmance and Availability in Virtual Infrastructures PAGE 2 Table f Cntents

More information

Job Aid: Security Configuration Assessment of Information Systems (IS)

Job Aid: Security Configuration Assessment of Information Systems (IS) Jb Aid: Security Cnfiguratin Assessment f Infrmatin Systems (IS) Using this jb aid This jb aid prvides an verview f the prcess fr assessing the technical security cntrls and system cnfiguratin f cntractr

More information

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager JOB SPECIFICATION FUNCTION JOB TITLE REPORTING TO GRADE WORK PATTERN LOCATION IT & Digital Netwrk Services Analyst Netwrk Services Team Manager Band D Full-time Birmingham TRAVEL REQUIRED Occasinally ROLE

More information

IT Account and Access Procedure

IT Account and Access Procedure IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

ABELMed Platform Setup Conventions

ABELMed Platform Setup Conventions ABELMed Platfrm Setup Cnventins 1 Intrductin 1.1 Purpse f this dcument The purpse f this dcument is t prvide prspective ABELMed licensees and their hardware vendrs with the infrmatin that they will require

More information

Appendix A Page 1 of 5 DATABASE TECHNICAL REQUIREMENTS AND PRICING INFORMATION. Welcome Baby and Select Home Visitation Programs Database

Appendix A Page 1 of 5 DATABASE TECHNICAL REQUIREMENTS AND PRICING INFORMATION. Welcome Baby and Select Home Visitation Programs Database Appendix A Page 1 f 5 The items in the list f database technical requirements belw was develped thrugh several meetings between First 5 LA Research and Evaluatin, Infrmatin Technlgy, and Prgram Develpment

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

AvePoint Perimeter 1.6. Administrator Guide

AvePoint Perimeter 1.6. Administrator Guide AvePint Perimeter 1.6 Administratr Guide Issued May 2016 Table f Cntents What s New in this Guide... 10 Abut AvePint Perimeter... 11 AvePint Perimeter Pr Features... 11 Licensing AvePint Perimeter... 11

More information

Bit9 Security Solution Technology Whitepaper Date: September 17, 2015

Bit9 Security Solution Technology Whitepaper Date: September 17, 2015 P a g e 1 Bit9 Security Slutin Technlgy Whitepaper Date: September 17, 2015 Atlanta Bstn Dallas Denver Ls Angeles Manchester (U.K.) New Yrk San Francisc Seattle Washingtn, D.C. 877.224.8077 inf@calfire.cm

More information

Sample Role Description Immunization Information System (IIS) Testing Analyst

Sample Role Description Immunization Information System (IIS) Testing Analyst Sample Rle Descriptin Immunizatin Infrmatin System (IIS) Testing Analyst Nte: This rle descriptin is meant t ffer sample language and a cmprehensive list f ptential desired respnsibilities with crrespnding

More information

HP Email Archiving software for Microsoft Exchange

HP Email Archiving software for Microsoft Exchange HP Email Archiving sftware fr Micrsft Exchange PST Imprt Tls Cmpnents and Deplyment Best Practices Table f Cntents Overview... 2 Prerequisites... 2 Cmpnents... 2 Archive Credentials... 2 PST Lader... 2

More information

Endpoint Protection Solution Test Plan

Endpoint Protection Solution Test Plan Endpint Prtectin Slutin Test Plan This test plan is intended t lay ut high-level guidelines fr testing and cmparing varius endpint prtectin and investigatin slutins. It specifies test envirnments, cnnectivity

More information

RSA Authentication Manager 5.2 and 6.1 Security Best Practices Guide. Version5

RSA Authentication Manager 5.2 and 6.1 Security Best Practices Guide. Version5 RSA Authenticatin Manager 5.2 and 6.1 Security Best Practices Guide Versin5 Cntact Infrmatin G t the RSA crprate web site fr reginal Custmer Supprt telephne and fax numbers: www.rsa.cm. Trademarks RSA,

More information

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5 Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet

More information

System Business Continuity Classification

System Business Continuity Classification Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required

More information

CHANGE MANAGEMENT STANDARD

CHANGE MANAGEMENT STANDARD The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the

More information

Learn More Cloud Extender Requirements Cheat Sheet

Learn More Cloud Extender Requirements Cheat Sheet MaaS360.cm > Learn Mre Learn Mre Clud Extender Requirements Cheat Sheet OVERVIEW This dcument defines all requirements t ensure a successfully installatin f the Clud Extender t enable use f ActiveSync

More information

Unified Communications

Unified Communications Office f Infrmatin Technlgy Services Service Level Agreement Unified Cmmunicatins Nvember 7, 2013 v2.2 Service Descriptin Unified Cmmunicatins Service Descriptin ITS Unified Cmmunicatins ffers a number

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

Traffic monitoring on ProCurve switches with sflow and InMon Traffic Sentinel

Traffic monitoring on ProCurve switches with sflow and InMon Traffic Sentinel An HP PrCurve Netwrking Applicatin Nte Traffic mnitring n PrCurve switches with sflw and InMn Traffic Sentinel Cntents 1. Intrductin... 3 2. Prerequisites... 3 3. Netwrk diagram... 3 4. sflw cnfiguratin

More information

Access the SQLsafe Release Notes

Access the SQLsafe Release Notes Access the SQLsafe Release Ntes SQLsafe is a pwerful backup and recvery slutin that greatly reduces backup and recvery time, minimizes strage requirements, and prvides enterprise management capabilities

More information