The ETM System and Regulatory Compliance
|
|
- Laurence Baldwin
- 8 years ago
- Views:
Transcription
1 The ETM System and Regulatory Compliance A Whitepaper by SecureLogix Corporation In response to concerns of constituents, governments are demanding, through increasing regulations, greater accountability from enterprises for customer privacy and data reliability. This paper explores how the ETM system from SecureLogix Corporation assists enterprise executives in fulfilling their compliance obligations. Regulatory Landscape Following are a few examples from the growing list of regulations faced by enterprises: The Sarbanes-Oxley Act requires that certain executives of publicly traded companies personally certify that the financial statements are accurate and that effective internal controls are in place over procedures for compiling financial information. The Gramm-Leach-Bliley Act applies to banks, securities firms, insurance companies and other financial institutions. It requires the financial industry to protect the privacy of customer data. The Payment Card Industry Data Security Standard (PCI) is a worldwide standard for consumer data protection across the payment industry, born of collaboration between Visa and MasterCard to create common industry requirements that incorporates Visa s Cardholder Information Security Program (CISP) requirements. The Health Insurance Portability and Accountability Act (HIPAA) requires that healthcare providers and insurers (as well as any other enterprise handling medical data) protect patient health information. The Federal Information Security Management Act (FISMA) mandates that federal agencies implement enterprise-wide programs to secure data and information systems in accordance with National Institute of Standards and Technology (NIST) Recommended Security Controls for Federal Information Systems (NIST Special Publication ). The North American Electric Reliability Council (NERC) defines the reliability requirements to ensure that the North American bulk electric system is reliable, adequate and secure. The California Security Breach Information Act (Senate Bill 1386) requires any entity (commercial or government) doing business in California that has computerized personal information data to properly safeguard information and notify consumers of any intrusions or breaches. The Telemarketing and Consumer Fraud and Abuse Prevention Act is enforced by the Federal Trade Commission pursuant to the 2003 Telemarketing Sales Rule, which, among other requirements, prohibits calling consumers who have put their phone numbers on the National Do Not Call Registry. The European Commission requires, through the Directive on Privacy and Electronic Communications (DPEC), that EU member nations adopt regulations regarding privacy and integrity controls over personal information. The Turnbull Report by the Institute of Chartered Accountants in England and Wales sets out how publicly traded companies should address internal controls, including financial, operational, compliance and risk management.
2 Recognizing the mounting challenges of meeting regulatory obligations, while running successful organizations, Gartner, Inc. offered some help in a February 2004 report entitled, IT Security Technologies Can Address Regulatory Compliance, in which Gartner suggested that while IT security management processes and technologies are essential to safeguard successful operations, they also form a foundation upon which to demonstrate a system of controls that help comply with aspects of various regulations. Telecommunications Risks Completing the Security and Control Foundation The ETM system is a full service, voice security and management platform with an integrated set of powerful applications to secure, optimize and efficiently manage voice networks and communications. The core application of the ETM System is the Voice Firewall which assists enterprises with regulatory compliance by completing the security of corporate electronic perimeter and providing the additional capabilities to: Control identity and access management to IT resources and applications The ETM Voice Firewall resides at the edge of your voice network to detect, inspect, log, block, and alert all inbound and outbound voice traffic based on user-defined call admission control policies and patented use of its unique call-typing capability to react to modem, fax, voice or video traffic in real time. It therefore provides centralized visibility and control over access to parts of the interconnected data and telephone networks that can t be controlled by other tools. Key IT and operating systems such as database and management servers, routers, PBXs, voice mail systems, and SCADA systems have modem ports for remote access for routine management and maintenance functions. It is vitally important to restrict access to key resources as a basis for reliability. The need to monitor data-to-telephone network interconnections has been recognized by regulatory bodies which have issued specific requirements for addressing this concern. The following is an example from the financial industry. The Office of the Comptroller of the Currency (OCC) charters, regulates, and supervises all national banks and supervises the federal branches/agencies of foreign banks. The OCC recognizes that modems can provide an uncontrolled and unmonitored area for attack to bank systems, and requires bank officials to identify and either eliminate, or monitor and control modems presenting such vulnerabilities. Such guidance has been incorporated into standard operating and audit procedures of the Federal Financial Institutions Examination Council, an interagency body which prescribes uniform principles, standards, and report forms for the federal examination of financial institutions by the OCC, the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and the Office of Thrift Supervision (OTS). Protect the organization from external intrusions and attacks In 1999, before Gartner, Inc. was aware of the ETM system, it issued a CIO Alert entitled Modems on the Desktop Can Put Important Enterprise Elements at Risk, which warned enterprises cannot afford to ignore the risks of desktop modem security -- to do so is to be negligent and open the door to the legal and financial consequences of cyber-crime. Except for the availability of the ETM system as a solution to prevent attacks to networks via modems, not much has changed in the scenario of risks painted by Gartner in In fact, the general increase in data security and monitoring on the data network may have increased the incidences of employees connecting modems and dialing out to their local ISPs for private, unmonitored Internet sessions.
3 These unauthorized modem connections provide direct and unmonitored links between the public phone system and data networks, thereby allowing intruders to access an organization s information infrastructure and completely bypass firewall and IDS systems. Installed data network security technologies provide absolutely no visibility or control over these phone network connections. This well-recognized threat is often referred to as the Last Big Back Door into internal data networks. The ETM Voice Firewall unifies the security of telephony traffic and infrastructure across hybrid legacy and VoIP networks. It provides application-layer security to real-time media, and works side-by-side with existing data network firewalls to help complete the security of corporate electronic perimeters to detect, alert, and/or block: VoIP denial of service attacks (signaling and media-based) Malformed SIP signaling attacks against VoIP systems Toll fraud Telecom system tampering and voice mail/pbx attacks War dialing and other external modem attacks against the data network and other critical infrastructure Unauthorized employee dial-up connections and Internet usage over phone lines Virus infections and restricted file transfers over dial-up connections Harassing, threatening, or restricted inbound and outbound calls Fax and VoIP spam VoIP bandwidth abuse/issues Internal voice service misuse/abuse Fraudulent/wasteful employee calling activity: - After-hours and weekend long distance (LD) - Non-business international calls, LD and modem calling on fax lines - Restricted 1-900, and other toll calls - Billed 411 calls - Long duration LD from common resource areas Monitor and detect internal and external threats The Voice Firewall allows you to secure and control which inbound and outbound calls will be allowed or alerted as they flow in and out of your private corporate voice network. The Voice Firewall also inspects each call for voice application layer security threats or unauthorized service use violations. Our ETM Usage Manager is robust automated reporting tool that supplies over 60 out-of-the-box, pre-defined reports to immediately support a broad range of auditing and operational compliance reporting on: Call accounting activities. Telecom resource utilization. Phone network usage. Perform traffic analysis. Report on service performance and call quality. Service abuse, toll fraud and other voice security issues. In addition to the predefined reports, our reporting solution is flexible, allowing customers to alter existing reports or craft new ones tailored to specific compliance needs. It delivers critical telecom control and security information when and where you need it. One can schedule batch reports to run on a daily, weekly, or monthly basis, and have the results sent to compliance managers through , pages, or SNMP traps.
4 New Telecom security and Management Technologies In addition to the Voice Firewall, the ETM Platform hosts an integrated set of additional, powerful applications, including: Performance Manager - Dashboard of enterprise-wide visibility of both TDM and IP trunking infrastructure, with real-time and continuous monitoring of circuit health & status and call quality performance/qos. The system includes telecom error notification and threshold-based voice QoS alerting, with problem diagnosis and resolution tools. Voice IPS - Call pattern anomaly detection and prevention solution for real-time detection of PBX toll fraud, war dialing, and service abuse/misuse for hybrid voice networks. Call Recorder - Policy-based call recording of targeted calls of interest.
5 SecureLogix Corporation ETM System Compliance Assistance for Key Regulations Regulation Section or Requirement Number Control/Log Access Intrusion Monitoring & Prevention Threat Detection Sarbanes-Oxley Act Gramm-Leach-Bliley Act Payment Card Industry Data Security Standard (PCI) Telemarketing and Consumer Fraud and Abuse Prevention Act 302(a)(4) - Officers are responsible for establishing, maintaining and testing internal controls 302(a)(5) - Officers must disclose to the external auditors and the audit committee of the board of directors any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer s internal controls. 302(a)(6) - Officers must indicate in their report whether or not there were significant changes in internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses Each financial institution has an obligation to protect the security and confidentiality of those customers' nonpublic personal information. 1 - Install and maintain a firewall configuration to protect data and systems from unauthorized access from the Internet and deny all other inbound and outbound traffic not specifically allowed. Prohibit direct public access between external networks and any system component that stores cardholder information. 7 - Limit access to computing resources and cardholder information to only those individuals whose job requires such access Track and monitor all access to network resources and cardholder data via automated audit trails in order to be able to reconstruct events for all system components, including (among other events): invalid logical access attempts and use of identification and authentication mechanisms Regularly test security systems and processes for security controls, limitations, network connections, and restrictions routinely to make sure they can adequately identify or stop any unauthorized access attempts. Prohibits calling consumers who have put their phone numbers on the National Do Not Call Registry
6 Regulation Section or Requirement Number Control/Log Access Intrusion Monitoring & Prevention Threat Detection Health Insurance Portability and Accountability Act (HIPAA) of 1996 Rules for HIPAA standards were published February 2003 in the Health Insurance Reform: Security Standards 45 CFR Federal Information Security Management Act (FISMA) via: NIST Special Publication (a)(1) Requires risk analysis, risk management and information system activity review processes (a)(6) Requires identification and response to suspected or known security incidents and security incidents be documented (a)(1) Implement technical policies and procedures for electronic information systems to control access only to those authorized. AC-17 Remote Access - Employ automated mechanisms to monitor and control remote access. AU-6 Audit Monitoring, Analysis, & Reporting - Review/analyze/investigate audit records for inappropriate or unusual activity. AU-9 Protection of Audit Information - The information system protects audit information and audit tools from unauthorized access, modification, and deletion. AU-11 Audit Retention - Retain audit logs to provide support for after-the-fact investigations of security incidents and to meet information retention requirements. MA-4 Remote Maintenance - Approve, control, and monitor remotely executed maintenance and diagnostic activities. SC-3 Security Function Isolation - Isolate security functions from non-security functions by means of partitions, domains, etc. SC-5 Denial of Service Protection - Protect against or limits the effects of denial of service attacks. SC-6 Resource Priority - Limits the use of resources by priority. SC-7 Boundary Protection - Monitor and control communications at the external boundary. SC-11 Trusted Path - Establishes a trusted communications path between the user and the security functionality of the system SC-19 Voice Over IP - Establish usage restrictions for Voice Over IP (VOIP) technologies based on the potential to cause damage to the information system if used maliciously.
7 Regulation Section or Requirement Number Control/Log Access Intrusion Monitoring & Prevention Threat Detection The North American Electric Reliability Council (NERC) Cyber Security Standards California SB1386 CIP-005 requires identification and protection of Electronic Security Perimeters and implementation of processes for monitoring and logging access twenty-four hours a day, seven days a week, including detection and alerting for attempts at or actual unauthorized accesses. CIP-007 requires methods, processes, and procedures for securing Cyber Assets within the Electronic Security Perimeter(s). CIP-008 requires the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Requires any entity that conducts business in California and handles computerized personal information to disclose (in specified ways) any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
How To Protect Your Business From A Voice Firewall
VOICE FIREWALL Secure your voice network edge and prevent financial losses. The ETM Voice Firewall secures your critical networking resources and lowers telecom expenses by protecting your enterprise voice
More informationVoice Network Management Best Practices
Voice Network Management Best Practices A white paper from SecureLogix Corporation Introduction Traditionally, voice networks have been managed from the switch room, with limited enterprise-wide visibility.
More informationEasily Protect Your Voice Network From Attack
ETM SYSTEM WE SEE YOUR VOICE We know some important things about your enterprise things that you may not know yourself. We know that you are significantly overpaying for your corporate voice network and
More informationPERFORMANCE MANAGER. Carrier-grade voice performance monitoring tools for the enterprise. Resolve service issues before they impact your business.
PERFORMANCE MANAGER Carrier-grade voice performance monitoring tools for the enterprise. Resolve service issues before they impact your business. The ETM Performance Manager provides unified, realtime,
More informationHow the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation
How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation Introduction Enterprises are continuing to convert and
More informationEnterprise Voice Network Security Solutions. A Corporate Whitepaper by SecureLogix Corporation
Enterprise Voice Network Security Solutions A Corporate Whitepaper by SecureLogix Corporation Contents Introduction 1 1. Voice Network Security Threats 1 Toll Fraud... 1 Social Engineering Attacks... 2
More informationHealth Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper
Regulatory Compliance Solutions for Microsoft Windows IT Security Controls Supporting DHS HIPAA Final Security Rules Health Insurance Portability and Accountability Act Enterprise Compliance Auditing &
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationCompliance and Industry Regulations
Compliance and Industry Regulations Table of Contents Introduction...1 Executive Summary...1 General Federal Regulations and Oversight Agencies...1 Agency or Industry Specific Regulations...2 Hierarchy
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More informationLogRhythm and PCI Compliance
LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent
More informationInformation Security: A Perspective for Higher Education
Information Security: A Perspective for Higher Education A By Introduction On a well-known hacker website, individuals charged students $2,100 to hack into university and college computers for the purpose
More informationUsing Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4
WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY POLICY Name Of Policy: Security Audit Logging Policy Domain: Security Date Issued: 05/23/11 Date
More informationAccess Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL
AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical
More informationOnline Lead Generation: Data Security Best Practices
Online Lead Generation: Data Security Best Practices Released September 2009 The IAB Online Lead Generation Committee has developed these Best Practices. About the IAB Online Lead Generation Committee:
More information933 COMPUTER NETWORK/SERVER SECURITY POLICY
933 COMPUTER NETWORK/SERVER SECURITY POLICY 933.1 Overview. Indiana State University provides network services to a large number and variety of users faculty, staff, students, and external constituencies.
More informationipatch System Manager - HIPAA Compliance
SYSTIMAX Solutions ipatch System Manager - HIPAA Compliance White Paper July 2008 www.commscope.com Overview Health plans, healthcare clearinghouses, healthcare providers including Medicare/ Medicaid agencies
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationSECURELINK.COM COMPLIANCE AND INDUSTRY REGULATIONS
COMPLIANCE AND INDUSTRY REGULATIONS INTRODUCTION Multiple federal regulations exist today requiring government organizations to implement effective controls that ensure the security of their information
More informationNERC CIP Whitepaper How Endian Solutions Can Help With Compliance
NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationUSM IT Security Council Guide for Security Event Logging. Version 1.1
USM IT Security Council Guide for Security Event Logging Version 1.1 23 November 2010 1. General As outlined in the USM Security Guidelines, sections IV.3 and IV.4: IV.3. Institutions must maintain appropriate
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationNETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 TABLE OF CONTENTS
OFFICE OF THE CHIEF INFORMATION OFFICER NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationITECH Net Monitor. Standards Compliance
If you rely on your IT infrastructure to maintain data integrity and protect your business from financial losses, it s a good idea to invest in a full fledged network monitoring program and achieve compliance
More informationTeleran PCI Customer Case Study
Teleran PCI Customer Case Study Written by Director of Credit Card Systems for Large Credit Card Issuer Customer Case Study Summary A large credit card issuer was engaged in a Payment Card Industry Data
More informationCompliance Overview: FISMA / NIST SP800 53
Compliance Overview: FISMA / NIST SP800 53 FISMA / NIST SP800 53: Compliance Overview With Huntsman SIEM The US Federal Information Security Management Act (FISMA) is now a key element of the US Government
More informationSelf-Service SOX Auditing With S3 Control
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal
More informationThe Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationPCI DSS Requirements - Security Controls and Processes
1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationIngate Firewall/SIParator SIP Security for the Enterprise
Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...
More informationCorreLog Alignment to PCI Security Standards Compliance
CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationNavigate Your Way to PCI DSS Compliance
Whitepaper Navigate Your Way to PCI DSS Compliance The Payment Card Industry Data Security Standard (PCI DSS) is a series of IT security standards that credit card companies must employ to protect cardholder
More informationLog Management How to Develop the Right Strategy for Business and Compliance. Log Management
Log Management How to Develop the Right Strategy for Business and Compliance An Allstream / Dell SecureWorks White Paper 1 Table of contents Executive Summary 1 Current State of Log Monitoring 2 Five Steps
More informationAuditor s Checklist. A XYPRO Solution Paper. MAY, 2009 XYPRO Technology Corporation
Auditor s Checklist A XYPRO Solution Paper MAY, 2009 XYPRO Technology Corporation 3325 Cochran Street, Suite 200 Simi Valley, California 93063-2528 U.S.A. Email: info@xypro.com Telephone: + 1 805-583-2874
More informationFeature. Log Management: A Pragmatic Approach to PCI DSS
Feature Prakhar Srivastava is a senior consultant with Infosys Technologies Ltd. and is part of the Infrastructure Transformation Services Group. Srivastava is a solutions-oriented IT professional who
More informationHow To Protect Information At De Montfort University
Network Security Policy De Montfort University January 2006 Page 1 of 18 Contents 1 INTRODUCTION 1.1 Background... 1.2 Purpose and Scope... 1.3 Validity... 1.4 Assumptions... 1.5 Definitions... 1.6 References..
More informationCALL RECORDER. Record targeted call content that threatens or impacts your business.
CALL RECORDER Record targeted call content that threatens or impacts your business. The ETM Call Recorder enables automated, policybased recording of targeted calls of interest through the remotely managed
More information787 Wye Road, Akron, Ohio 44333 P 330-666-6200 F 330-666-7801 www.keystonecorp.com
Introduction Keystone White Paper: Regulations affecting IT This document describes specific sections of current U.S. regulations applicable to IT governance and data protection and maps those requirements
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationCompliance Guide: PCI DSS
Compliance Guide: PCI DSS PCI DSS Compliance Compliance mapping using Huntsman INTRODUCTION The Payment Card Industry Data Security Standard (PCI DSS) was developed with industry support by the PCI Security
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationRelease 5.2. Voice Firewall. User Guide DOC-FW-ETM521-2007-0504
Release 5.2 Voice Firewall User Guide DOC-FW-ETM521-2007-0504 About SecureLogix Corporation SecureLogix Corporation enables secure, optimized, and efficiently managed enterprise voice networks. The company
More informationWHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI
WHITEPAPER Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI About PCI DSS Compliance The widespread use of debit and credit cards in retail transactions demands
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationData Leakage: What You Need to Know
Data Leakage: What You Need to Know by Faith M. Heikkila, Pivot Group Information Security Consultant Data leakage is a silent type of threat. Your employee as an insider can intentionally or accidentally
More informationApplying LT Auditor+ to Address Regulatory Compliance Issues
Applying LT Auditor+ to Address Regulatory Compliance Issues An Executive White Paper By BLUE LANCE, Inc. BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com In today s business environments,
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationBendigo and Adelaide Bank Ltd Security Incident Response Procedure
Bendigo and Adelaide Bank Ltd Security Incident Response Procedure Table of Contents 1 Introduction...1 2 Incident Definition...2 3 Incident Classification...2 4 How to Respond to a Security Incident...4
More informationAchieving Regulatory Compliance through Security Information Management
www.netforensics.com NETFORENSICS WHITE PAPER Achieving Regulatory Compliance through Security Information Management Contents Executive Summary The Compliance Challenge Common Requirements of Regulations
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationSIP Security Controllers. Product Overview
SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running
More informationSummary. Background and Justification
Supporting Statement for the Recordkeeping and Disclosure Requirements Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information (FR 4100; OMB No. 7100-0309) Summary
More informationETM System SIP Trunk Support Technical Discussion
ETM System SIP Trunk Support Technical Discussion Release 6.0 A product brief from SecureLogix Corporation Rev C SIP Trunk Support in the ETM System v6.0 Introduction Today s voice networks are rife with
More informationHIPAA Compliance: Meeting the Security Challenge. Eric Siebert Author and vexpert. whitepaper
HIPAA Compliance: Meeting the Security Challenge Eric Siebert Author and vexpert HIPAA Compliance: Meeting the Security Challenge A Closer Look: The HIPAA Compliance Challenge - As many IT managers and
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationEnterprise Telecom Security Solutions. A Corporate Whitepaper by Mark D. Collier, Chief Technical Officer and Vice President of Engineering
Enterprise Telecom Security Solutions A Corporate Whitepaper by Mark D. Collier, Chief Technical Officer and Vice President of Engineering Executive Summary Traditional data and voice network security
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationWalnut Telephone Company, Inc. dba/ Walnut Communications Network Management Practices Policy Disclosure
Walnut Telephone Company, Inc. dba/ Walnut Communications Network Management Practices Policy Disclosure Pursuant to the Federal Communications Commission s newly enacted Open Internet Rules found in Part
More informationCredit Card (PCI) Security Incident Response Plan
Credit Card (PCI) Security Incident Response Plan To address credit cardholder security, the major credit card brands (Visa, MasterCard, American Express, Discover & JCB) jointly established the PCI Security
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationSecurity Self-Assessment Tool
Security Self-Assessment Tool State Agencies Receiving FPLS Information, 7/15/2015 Contents Overview... 2 Access Control (AC)... 3 Awareness and Training (AT)... 8 Audit and Accountability (AU)... 10 Security
More informationThe Healthcare challenge to protect patient information - HIPAA Compliance
The Healthcare challenge to protect patient information - HIPAA Compliance Introduction Every industry presents its own challenges, and the healthcare industry has its own. Healthcare Organisations (HCOs)
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationSecurity Information Lifecycle
Security Information Lifecycle By Eric Ogren Security Analyst, April 2006 Copyright 2006. The, Inc. All Rights Reserved. Table of Contents Executive Summary...2 Figure 1... 2 The Compliance Climate...4
More informationStrengthen Security and Accountability of Multi-Vendor Voice Systems
WhitePaper Strengthen Security and Accountability of Multi-Vendor Voice Systems HOW UNIFIED VOICE ADMINISTRATION CAN HELP REDUCE EXPOSURE TO CORPORATE SECURITY RISKS. Executive Summary Network security
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationVerve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More information<COMPANY> PR11 - Log Review Procedure. Document Reference Date 30th September 2014 Document Status. Final Version 3.
PR11 - Log Review Procedure Document Reference PR11 - Log Review Procedure Date 30th September 2014 Document Status Final Version 3.0 Revision History 1.0 12 January 2010 - Initial release. 1.1 14 September
More informationSession Border Controllers in Enterprise
A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing
More informationVoice Over IP and Firewalls
Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more
More informationAttaining HIPAA Compliance with Retina Vulnerability Assessment Technology
l Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology Overview The final privacy rules for securing electronic health care became effective April 14th, 2003. These regulations require
More informationSample CDC Certification and Accreditation Checklist For an Application That Is Considered a Moderate Threat
Sample CDC Certification and Accreditation Checklist For an Application That Is Considered a Moderate Threat Centers for Disease and Prevention National Center for Chronic Disease Prevention and Health
More informationDesign of Database Security Policy In Enterprise Systems
Design of Database Security Policy In Enterprise Systems by Krishna R Singitam Database Architect Page 1 of 10 Table of Contents 1. Abstract... 3 2. Introduction... 3 2.1. Understanding the Necessity of
More informationOhio Supercomputer Center
Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationTOLL FRAUD POLICIES AND PREVENTION
TOLL FRAUD POLICIES AND PREVENTION What is Toll Fraud? Toll Fraud is the theft of long-distance service. It s the unauthorized use of phone lines, services or equipment to make long distance calls. When
More informationE-Commerce Security Perimeter (ESP) Identification and Access Control Process
Electronic Security Perimeter (ESP) Identification and Access Control Process 1. Introduction. A. This document outlines a multi-step process for identifying and protecting ESPs pursuant to the North American
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationNERC CIP Compliance with Security Professional Services
NERC CIP Compliance with Professional Services The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is
More informationSIP Trunking with Microsoft Office Communication Server 2007 R2
SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY
More information