t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e info@foresightconsulting.com.au foresightconsulting.com.
|
|
- Edmund Booth
- 8 years ago
- Views:
Transcription
1 e Mr. James Kavanagh Chief Security Advisor Microsoft Australia Level 4, 6 National Circuit, Barton, ACT September 2014 Microsoft Azure IRAP Assessment Letter of Compliance Dear Mr. Kavanagh, This document is to act as a letter of compliance for the Microsoft Azure service. From June through September 2014 Foresight Consulting was engaged to conduct an IRAP assessment of the Microsoft Azure service, consistent with the process prescribed in the Australian Government Information Security Manual(ISM) and Protective Security Policy Framework. The assessment was conducted by Peter Baussmann and Greg Mansill who are both registered assessors within the Australian Signals Directorate Information Security Registered Assessors Program (IRAP). Microsoft Azure was assessed with regard to ISM controls for unclassified but sensitive information referred to as UNCLASSIFIED (DLM). Within the ISM, these are identified as Government system (G) controls. The scope of assessment included the following services: Virtual Machines, Cloud Services, Storage Services, Virtual Network, Azure SQL DB, Azure Active Directory; Global Foundation Services (Providers of the global network and physical infrastructure); and Australian Data Centre facilities. Microsoft Azure provides a range of additional cloud services that in general are considered to inherit the security controls and attributes of the assessed core services. Foresight conducted the IRAP assessment in two stages: The first stage determined whether the system architecture (including information security documentation) is based on sound security principles and has addressed all applicable controls from the ISM. The second stage determined whether the controls, as approved by the system owner and reviewed during the first stage, have been implemented and are operating effectively. Validation included onsite inspections, personnel interviews, process demonstrations, configuration reviews and review of existing certification reports and evidence. Foresight Consulting also reviewed the Australian Azure System Security Plan and have prepared a detailed Report of Compliance documenting applicability and compliance with specific controls. A summary of assessment findings is provided in the attached table. The principal finding of this assessment process is that the applicable Information Security Manual controls are in place and fully effective within Microsoft Azure for the processing, storage and transmission of UNCLASSIFIED (DLM) Australian Government data. If in the future, a significant change occurs to services within scope of this assessment, Microsoft should advise an IRAP assessor for consideration of reassessment. Microsoft should also review the latest versions of the Australian Government Information Security Manual as they are published for changes to controls applicable to the service. Regards, Peter Baussmann, CISSP, CISM, CCSA, PCI-QSA, PCI-P, ASD IRAP Assessor Principal Security Consultant, Foresight Consulting 1
2 e Not Information Security Risk Management Risk Assessment Foresight found the controls in place to be effective for the management of Azure information Security Risk Management Plan security risks. Roles and Responsibilities Chief Information Security Officer Foresight found that the roles identified met the IT Security Advisor intent of the roles described within the ISM and that team responsibilities were clearly defined. IT Security Manager IT Security Officer System Owner System Users Information Security Documentation Documentation Framework The Information Security Policies in place provide clear policy guidance and are considered to be an Information Security Policy effective security control for Azure. System Security Plan Standard Operating Procedures Incident Response Plan Business Continuity and Disaster Recovery Plan Information Security Monitoring Vulnerability Management The Microsoft Azure Australia SSP clearly details security controls for the system and is considered to be an effective security documentation control for the Azure service. The Microsoft Standard Operating Procedures reviewed addressed all security control areas and are considered to meet the intent of the applicable controls within the ISM. Microsoft Incident Management Standard Operating Procedures meet the ISM requirements for an Incident Response Plan and are assessed to be effective security controls. Business continuity and disaster recovery are suitably addressed and Azure is considered compliant with the ISM controls relating to availability, business continuity and disaster recovery. Microsoft s vulnerability management practices are assessed as effective for the identification, 2
3 e Not assessment, remediation and ongoing management of vulnerabilities. Change Management The change management process is considered an effective security control for managing changes to the Azure service. Cyber Security Incidents Detecting, Reporting and Managing Cyber Security Incidents Microsoft s incident management practices are considered compliant with the ISM and an effective security control for detecting, reporting and managing security incidents relating to the Azure service. Physical & Environmental Security Physical Security for Systems The physical security controls in place meet or exceed ISM requirements for storage of UNCLASSIFIED (DLM) data. Personnel Security for Information Systems Information Security Awareness & Training Authorisations, Security Clearances & Briefings Review of personnel security measures and interviews with security personnel provided assurance to Foresight that personnel security is managed effectively within the organisation. Communications Security Communications Security Communications security within Azure data centres is considered effective to meet the intent of the applicable controls within the ISM Communications Security section for the handling of UNCLASSIFIED (DLM) information. Product Security Product Security Microsoft s product security processes, combined with supporting vulnerability management, software and media security processes are assessed as an effective implementation of the ISM Product Security controls. Media Security Media Security Foresight found effective media security controls are in place for the handling, sanitisation, destruction and disposal of media. 3
4 e Not Asset Management Software Security SOE Application Whitelisting Software Application Development Database Systems Access Privileged Access Event Logging and Auditing Secure Administration Secure Administration Network Security Network Management, Design and Configuration Ensuring Service Continuity Foresight found that asset management is performed effectively within Microsoft consistent with the requirements for UNCLASSIFIED (DLM) information. Operating system security controls are considered effective for the handling and storage of The application whitelisting controls in place within Azure meet the intent of the ISM for the effective control of permitted executables. Foresight found that the approach Microsoft takes to software security including secure development and deployment meets or exceeds the security requirements of the ISM. Microsoft Azure SQL DB security controls meet the compliance requirements for Database Systems within the ISM. Privileged access to systems is appropriately managed and monitored with controls assessed as effective with regard to applicable ISM controls. Azure s collection and management of system and network event logs is a thorough and effective mechanism and meets the ISM requirements for event logging and auditing. Foresight found that the reviewed security controls for secure administration are considered effective. The network management and configuration mechanisms are considered effective security controls for the transmission and handling of UNCLASSIFIED (DLM) data. The DDoS controls in place are considered operationally effective and meet the service continuity compliance requirements of the ISM. 4
5 e Not Intrusion Detection and Prevention Cryptography Cryptographic Security Cross Domain Security Cross Domain Security Data Transfers Data Transfers The intrusion detection mechanisms within Azure are considered effective security controls for detecting malicious or unusual activities within a cloud environment and meet the intent of the controls contained within the ISM. The cryptographic functions used within Azure are considered to be effective security controls. The firewalling capability implemented within Azure is considered effective for the protection of The security mechanisms in place for data transfer meet the intent of the ISM and are considered effective security controls for the transfer of 5
foresightconsulting.com.au
Mr. James Kavanagh National Security Officer Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 02 March 2015 Microsoft Office 365 IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,
More informationInformation System Audit Guide
Australian Government Department of Defence Information System Audit Guide VERSION 11.1 January 2012 Commonwealth of Australia 2011 Page 1 TABLE OF CONTENTS 1. INTRODUCTION TO ACCREDITATION...4 2. THE
More informationThird Party Identity Services Assurance Framework. Information Security Registered Assessors Program Guide
Third Party Identity Services Assurance Framework Information Security Registered Assessors Program Guide Version 2.0 December 2015 Digital Transformation Office Commonwealth of Australia 2015 This work
More informationAustralian Government Information Security Manual CONTROLS
2014 Australian Government Information Security Manual CONTROLS 2014 Australian Government Information Security Manual CONTROLS Commonwealth of Australia 2014 All material presented in this publication
More informationInformation Security Registered Assessors Program - Gatekeeper PKI Framework Guide
Information Security Registered Assessors Program - Gatekeeper PKI Framework Guide V2.0 NOVEMBER 2014 Information Security Registered Assessors Program - Gatekeeper PKI Framework Guide V 2.0 NOVEMBER
More informationThe Protection and Security of Electronic Information Held by Australian Government Agencies
The Auditor-General Audit Report No.33 2010 11 Performance Audit The Protection and Security of Electronic Information Held by Australian Government Agencies Australian National Audit Office Commonwealth
More informationGatekeeper Public Key Infrastructure Framework. Compliance Audit Program
Gatekeeper Public Key Infrastructure Framework Compliance Audit Program V 2.1 December 2015 Digital Transformation Office Commonwealth of Australia 2015 This work is copyright. Apart from any use as permitted
More informationGatekeeper Compliance Audit Program
Gatekeeper Compliance Audit Program V2.0 DECEMBER 2014 Gatekeeper Compliance Audit Program V 2.0 DECEMBER 2014 Contents Contents 2 1. Guide Management 4 1.1. Change Log 5 1.2. Review Date 5 1.3. Conventions
More informationAustralian Government Information Security Manual CONTROLS
2015 Australian Government Information Security Manual CONTROLS 2015 Australian Government Information Security Manual CONTROLS Commonwealth of Australia 2015 All material presented in this publication
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationIRAP Policy and Procedures up to date as of 16 September 2014.
Australian Signals Directorate Cyber and Information Security Division Information Security Registered Assessors Program Policy and Procedures 09/2014 IRAP Policy and Procedures 09/2014 1 IRAP Policy and
More informationApplication White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off
Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.
More informationMS 20247C Configuring and Deploying a Private Cloud
MS 20247C Configuring and Deploying a Private Cloud Description: Days: 5 Prerequisites: This course equips students with the skills they require to configure and deploy a cloud using Microsoft System Center
More informationAdditional Security Considerations and Controls for Virtual Private Networks
CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES
More informationAUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES
AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by
More informationConfiguring and Deploying a Private Cloud. Day(s): 5. Overview
Configuring and Deploying a Private Cloud Day(s): 5 Course Code: M20247 Overview This course equips students with the skills they require to configure and deploy a cloud using Microsoft System Center 2012
More informationDesigning a Data Solution with Microsoft SQL Server 2014
20465C - Version: 1 22 June 2016 Designing a Data Solution with Microsoft SQL Server 2014 Designing a Data Solution with Microsoft SQL Server 2014 20465C - Version: 1 5 days Course Description: The focus
More informationMS 20465C: Designing a Data Solution with Microsoft SQL Server
MS 20465C: Designing a Data Solution with Microsoft SQL Server Description: Note: Days: 5 Prerequisites: The focus of this five-day instructor-led course is on planning and implementing enterprise database
More informationConfiguring and Deploying a Private Cloud 20247C; 5 days
Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Configuring and Deploying a Private Cloud 20247C; 5 days Course Description
More informationArchitecture for ACSI33 email security requirements. Implementation using janusseal and Clearswift MIMEsweeper
Implementation using janusseal and Clearswift MIMEsweeper Greg Colla July 2005 This paper outlines the changes in the security policy for email within Australian Government agencies, specifically the email
More informationImplementing Microsoft Azure Infrastructure Solutions
20533B - Version: 1 02 July 2016 Implementing Microsoft Azure Infrastructure Solutions Implementing Microsoft Azure Infrastructure Solutions 20533B - Version: 1 5 days Course Description: This course is
More informationConfiguring and Deploying a Private Cloud
Course 20247C: Configuring and Deploying a Private Cloud Course Details Course Outline Module 1: Planning for the Cloud Planning a hybrid cloud involves understanding these tools and technologies so that
More informationMicrosoft Office Macro Security
Microsoft Macro Security March 2016 Introduction 1. Microsoft applications can execute macros to automate routine tasks. However, macros can contain malicious code resulting in unauthorised access to sensitive
More informationACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire
ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire Overview This pre-implementation questionnaire is designed to provide the Boston College Internal Audit Department with a general understanding
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationMalicious Email Mitigation Strategy Guide
CYBER SECURITY OPERATIONS CENTRE Malicious Email Mitigation Strategy Guide Introduction (UPDATED) SEPTEMBER 2012 1. Socially engineered emails containing malicious attachments and embedded links are commonly
More informationCompliance Guide: ASD ISM OVERVIEW
Compliance Guide: ASD ISM OVERVIEW Australian Information Security Manual Mapping to the Principles using Huntsman INTRODUCTION In June 2010, The Australian Government Protective Security Policy Framework
More informationDIR Contract Number DIR-TSO-2621 Appendix C Pricing Index
DIR Contract Number DIR-TSO-2621 Appendix C Index CenturyLink Technology s offers Tier 3 Cloud services: Public Cloud, Private Cloud and Hybrid Cloud provided over our Tier One network. We own and operate
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationUniversity of Central Florida Class Specification Administrative and Professional. Information Security Officer
Information Security Officer Job Code: 2534 Serve as the information security officer for the University. Develop and computer security system standards, policies, and procedures. Serve as technical team
More informationConfiguring and Deploying a Private Cloud
3 Riverchase Office Plaza Hoover, Alabama 35244 Phone: 205.989.4944 Fax: 855.317.2187 E-Mail: rwhitney@discoveritt.com Web: www.discoveritt.com Configuring and Deploying a Private Cloud Course: MS20247D
More informationSpecific recommendations
Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationDefending against modern threats Kruger National Park ICCWS 2015
Defending against modern threats Kruger National Park ICCWS 2015 Herman Opperman (CISSP, ncse, MCSE-Sec) - Architect, Cybersecurity Global Practice Microsoft Corporation Trends from the field Perimeter
More informationCourse 20465C: Designing a Data Solution with Microsoft SQL Server
Course 20465C: Designing a Data Solution with Microsoft SQL Server Module 1: Introduction to Enterprise Data Architecture As organizations grow to enterprise scale, their IT infrastructure requirements
More informationExternal Supplier Control Requirements
External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration
More informationConfiguring and Deploying a Private Cloud
Course Code: M20247 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Configuring and Deploying a Private Cloud Overview This course equips students with the skills they require to configure and
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationIntroduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationCourse 20247: Configuring and Deploying a Private Cloud
Course 20247: Configuring and Deploying a Private Cloud Type:Course Audience(s):IT Professionals Technology:Microsoft System Center Level:300 This Revision:D Delivery method: Instructor-led (classroom)
More informationStrategies to Mitigate Targeted Cyber Intrusions Mitigation Details
CYBER SECURITY OPERATIONS CENTRE 13/2011 21 July 2011 Strategies to Mitigate Targeted Cyber Intrusions Mitigation Details INTRODUCTION 1. This document provides further information regarding DSD s list
More information20247D: Configuring and Deploying a Private Cloud
20247D: Configuring and Deploying a Private Course Details Course Code: Duration: Notes: 20247D 5 days This course syllabus should be used to determine whether the course is appropriate for the students,
More informationSection 1 CREDIT UNION Member Information Security Due Diligence Questionnaire
SAMPLE CREDIT UNION INFORMATION SECURITY DUE DILIGENCE QUESTIONNAIRE FOR POTENTIAL VENDORS Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire 1. Physical security o Where is
More informationNE-20247D Configuring and Deploying a Private Cloud
NE-20247D Configuring and Deploying a Summary Duration Vendor Audience 5 Days Microsoft IT Professionals Published Level Technology 10 December 2014 300 Microsoft System Center 2012 Delivery Method Instructor-led
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationAppendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs.
Appendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs. The hosting company retained by Aproove is Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 USA.
More informationGE Measurement & Control. Cyber Security for Industrial Controls
GE Measurement & Control Cyber Security for Industrial Controls Contents Overview...3 Cyber Asset Protection (CAP) Software Update Subscription....4 SecurityST Solution Options...5 Centralized Account
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationDesigning a Data Solution with Microsoft SQL Server 2014
Page 1 of 8 Overview The focus of this five-day instructor-led course is on planning and implementing enterprise database infrastructure solutions by using SQL Server 2014 and other Microsoft technologies.
More information8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day
Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.
More informationDesigning a Data Solution with Microsoft SQL Server
The focus of this five-day instructor-led course is on planning and implementing enterprise database infrastructure solutions by using SQL Server 2014 and other Microsoft technologies. It describes how
More informationManaging Enterprise Devices and Apps using System Center Configuration Manager
Course 20696B: Managing Enterprise Devices and Apps using System Center Configuration Manager Course Details Course Outline Module 1: Managing Desktops and Devices in the Enterprise This module explains
More informationMOC 10964C: Cloud and Datacenter Monitoring with System Center Operations Manager
MOC 10964C: Cloud and Datacenter Monitoring with System Center Operations Manager Course Overview This course provides students with the knowledge and skills to deploy and configure System Center 2012
More informationCourse 20465: Designing a Data Solution with Microsoft SQL Server
Course 20465: Designing a Data Solution with Microsoft SQL Server Overview About this course The focus of this five-day instructor-led course is on planning and implementing enterprise database infrastructure
More informationManaging internet security
Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More informationDesigning a Data Solution with Microsoft SQL Server
Course 20465C: Designing a Data Solution with Microsoft SQL Server Page 1 of 6 Designing a Data Solution with Microsoft SQL Server Course 20465C: 4 days; Instructor-Led Introduction The focus of this four-day
More informationUse of Exchange Mail and Diary Service Code of Practice
Use of Exchange Mail and Diary Service Code of Practice Introduction This code of practice outlines the support mechanisms in place for the security of the Exchange mail and diary service. References are
More informationHayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks
EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector
More informationMS 20246C Monitoring and Operating a Private Cloud
MS 20246C Monitoring and Operating a Private Cloud Description: Days: 5 Prerequisites: This course describes how to monitor and operate a cloud with Microsoft System Center 2012 R2. This course focuses
More informationNE-10750A Monitoring and Operating a Private Cloud with System Center 2012
NE-10750A and Operating a with System Center 2012 Summary Duration Vendor Audience 5 Days Microsoft IT Professionals Published Level Technology 16 June 2012 200 Microsoft System Center 2012 Delivery Method
More informationSyste. Microsoft. Center 2012 UNLEASHE. Rand Morimoto, Ph.D., MCITP Pete Handley, MCITP David E. Ross, MCITP lechnical Edit by Guy YardenI
Chris Amaris, MCITF? CISSP Rand Morimoto, Ph.D., MCITP Pete Handley, MCITP David E. Ross, MCITP lechnical Edit by Guy YardenI Microsoft Center 2012 Syste UNLEASHE 800 East 96th Street, Indianapolis, Indiana
More informationCloud Courses Description
Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,
More informationMS-10751: Configuring and Deploying a Private Cloud with System Center 2012. Required Exam(s) Course Objectives. Price. Duration. Methods of Delivery
MS-10751: Configuring and Deploying a Private Cloud with System Center 2012 This course teaches students how to design, install and configure a private cloud, including how to configure and deploy the
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationCAPABILITY STATEMENT
WHO WE ARE UberGlobal Enterprise is the dedicated government and enterprise business division of Australian web service provider, UberGlobal. UberGlobal was founded through the merger of a number of medium
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationProfessional Services Overview
Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationFMCS SECURE HOSTING GUIDE
FMCS SECURE HOSTING GUIDE October 2015 SHG-MNL-v3.0 CONTENTS INTRODUCTION...4 HOSTING SERVICES...4 Corporate Secure Hosting... 4 Hosting Partner... 4 Hosting Location... 4 Physical Security... 4 Risk and
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationTop 4 Strategies to Mitigate Targeted Cyber Intrusions
CYBER SECURITY OPERATIONS CENTRE JULY 2013 Top 4 Strategies to Mitigate Targeted Cyber Intrusions Mandatory Requirement Explained Including technical implementation advice for a Windows environment CONTENTS
More informationCourse 10750A: Monitoring and Operating a Private Cloud with System Center 2012
Course 10750A: Monitoring and Operating a Private Cloud with System Center 2012 OVERVIEW About this Course This course describes how to monitor and operate a private cloud with Microsoft System Center
More informationMicrosoft Technologies
NETWORK ENGINEERING TRACK Microsoft Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationCourse 10750A: Monitoring and Operating a Private Cloud with System Center 2012
Course 10750A: Monitoring and Operating a Private Cloud with System Center 2012 Duration: 5 Days What you will learn This course describes how to monitor and operate a private cloud with Microsoft System
More informationNew Zealand National Cyber Security Centre
Unclassified New Zealand National Cyber Security Centre Application Whitelisting With Microsoft Applocker June 2012 V1.0.5 Application Whitelisting with Microsoft Applocker Cyber Security Plan As outlined
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationGatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria
Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationWe are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review
We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business
More information20465: Designing a Data Solution with Microsoft SQL Server
20465: Designing a Data Solution with Microsoft SQL Server Microsoft - Base de Dados Nível: Avançado Duração: 30h Sobre o curso The focus of this five-day instructor-led course is on planning and implementing
More informationINFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING. forebrook
INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING forebrook Forebrook offers a range of information security, governance, IT systems and infrastructure related
More informationMonitoring and Operating a Private Cloud with System Center 2012
Course 10750A: Monitoring and Operating a Private Cloud with System Center 2012 Length: Delivery Method: 5 Days Instructor-led (classroom) About this Course This course describes how to monitor and operate
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationABB s approach concerning IS Security for Automation Systems
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationLinux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications
NETWORK ENGINEERING TRACK Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use Office
More informationTechnology Risk Management
1 Monetary Authority of Singapore Technology Risk Guidelines & Notices New Requirements for Financial Services Industry Mark Ames Director, Seminar Program ISACA Singapore 2 MAS Supervisory Framework Impact
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More information