Securely Managing Cryptographic Keys used within a Cloud Environment

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Securely Managing Cryptographic Keys used within a Cloud Environment"

Transcription

1 Securely Managing Cryptgraphic Keys used within a Clud Envirnment Dr. Sarbari Gupta ext NIST Cryptgraphic Key Management Wrkshp September 10-11, 2012

2 Intrductin Federal gvernment mving cmputing/strage t Clud Vivek Kundra s Clud First Strategy OMB M FY 2012 Budget Guidance Clud Cmputing has unique security challenges Remte peratins, C-tenancy, Distributed Management Cryptgraphy essential t secure clud peratins Use f sund Key Management Practices is critical Yet, limited visibility int Clud Key Management FedRAMP streamlines Clud Authrizatins Des it prvide enugh visibility r assurance fr Clud Key Management? Page 2

3 Clud Service Prvider (CSP) - Mdels Clud Service Mdels Sftware as a Service (SaaS) - Access t applicatins and services hsted in clud Platfrm as a Service (PaaS) - Building blcks t rapidly develp/hst clud applicatins Infrastructure as a Service (Iaas) - Netwrked access t prcessing pwer, strage Clud Deplyment Mdels Public Clud Private Clud Cmmunity Clud Hybrid Clud Nt all Cluds are created equal! Page 3

4 Clud Based Systems Uncertainties Prcessr Where is my prcess running? Am I sharing the prcessr with ther users/rganizatins? Data Strage Where des my data reside? Is my data c-resident with ther users data? Cmmunicatin Hw des my CSP knw wh I am? Hw is my cnnectin t clud cmpnents prtected? Administratin Wh administers the Clud Infrastructure? Wh has access t my data? My activity histry? Key Management Where and hw are keys: Generated? Stred? Hw are keys: Distributed? Prtected? Hw are keys and data recvered if lst? When and hw are keys destryed? Page 4

5 Clud Systems Dependence n Brwser Brwser is integral t Clud Systems User Interface Presentatin Data input and utput frm Clud Cmmunicatin with Clud Cmpnents Brwsers have significant vulnerabilities Weak implementatin f security prtcls Man-in-the-middle (MITM) and ther attacks Brwser cntaminatin frm ther websites Brwser represents inherent weakness! Page 5

6 Cryptgraphy Integral t Clud Operatins Supprts strng authenticatin f remte Users, Administratrs Implements strng cmmunicatin prtcls between User (brwser) and clud Partitins User data in c-tenancy envirnments Prvides data cnfidentiality (even frm Administratrs) Supprts data integrity (tamperdetectin) Page 6

7 Cryptgraphic Key Management Basics (I) Cryptgraphic Keys - Cre Functins Cnfidentiality Integrity Surce Authenticatin Key Management - Scpe Key Generatin Key Strage Key Distributin Key Recvery Key Destructin Page 7

8 Cryptgraphic Key Management Basics (II) Key Management - Critical Dimensins Key Type, Algrithms, Strength, Crypt-perid, Metadata Key Generatin, Acquisitin Key Use, Users, Applicatins Key Establishment, Agreement, Distributin Key Material Prtectin (strage, transit) Key Access Cntrl Key Backup, Recvery Key Renewal, Revcatin, Destructin Page 8

9 Clud Cryptgraphy Visibility and Cntrl Remte Authenticatin; Secure Cmmunicatin with Clud Sme Visibility Use f Third Party Credential Prviders; Standard Cmmunicatin Prtcls (TLS/SSL) Sme Cntrl User may select wn Credential Prvider, Cnfigure Brwser settings Clud Data Prtectin (Cnfidentiality, Integrity) SaaS - n visibility; n cntrl CSP implements all crypt paque t Clud User PaaS limited visibility; limited cntrl CSP implements crypt in lwer layers paque t Clud User May prvide tlset (building blcks) fr applicatin develpment Iaas limited visibility; mre cntrl CSP implements infrastructure level crypt paque t Clud User Clud User cntrls key management fr virtualized IT cmpnents Page 9

10 FedRAMP Cntrl fr Key Management (based n SP R3) SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT Cntrl: The rganizatin establishes and manages cryptgraphic keys fr required cryptgraphy emplyed within the infrmatin system. Cntrl Enhancements fr MODERATE baseline: (2) The rganizatin prduces, cntrls, and distributes symmetric cryptgraphic keys using [NIST-apprved] key management technlgy and prcesses. (5) The rganizatin prduces, cntrls, and distributes asymmetric cryptgraphic keys using apprved PKI Class 3 r Class 4 certificates and hardware security tkens that prtect the user s private key. SC-13 USE OF CRYPTOGRAPHY Cntrl: The infrmatin system implements required cryptgraphic prtectins using cryptgraphic mdules that cmply with applicable federal laws, Executive Orders, directives, plicies, regulatins, standards, and guidance. Cntrl Enhancements fr MODERATE baseline: (1)The rganizatin emplys, at a minimum, FIPS-validated cryptgraphy t prtect unclassified infrmatin. Page 10

11 FedRAMP Weaknesses fr Key Management N minimum requirements fr key parameters N explicit requirement fr Key Management Plicy (KMP) N explicit requirement fr Key Management Practices Statement (KMPS) N requirement fr key recvery Result Clud User has: Little visibility int clud key management Limited assurance f sundness f key management plicies, practices and peratins Page 11

12 Way Frward Establish Federal Prfile fr Clud Key Management Based n SP (being develped) Mre stringent requirements due t Clud Envirnment FedRAMP require that CSPs Fllw Federal Prfile fr Clud Key Management Develp Key Management Plan (KMP) and Key Management Practices Statements (KMPS) NIST SP Part 2: Best Practices fr Key Management Organizatin Have Mandatry 3 rd Party Auditing against KMP/KMPS Page 12

13 Wrap-Up and Cntact Infrmatin Dr. Sarbari Gupta Electrsft Phne: ext 12 LinkedIn: Page 13

Cloud Services Frequently Asked Questions FAQ

Cloud Services Frequently Asked Questions FAQ Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like

More information

State of Wisconsin. File Server Service Service Offering Definition

State of Wisconsin. File Server Service Service Offering Definition State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

Have some knowledge of how queries execute. Must be able to read a query execution plan and understand what is happening.

Have some knowledge of how queries execute. Must be able to read a query execution plan and understand what is happening. Curse 2786B: Designing a Micrsft SQL Server 2005 Infrastructure Abut this Curse This tw-day instructr-led curse prvides database administratrs wrking in enterprise envirnments with the knwledge and skills

More information

CLOUD COMPUTING: SECURITY THREATS AND MECHANISM

CLOUD COMPUTING: SECURITY THREATS AND MECHANISM CLOUD COMPUTING: SECURITY THREATS AND MECHANISM Vaishali Jshi 1, Lakshmi 2, Vivek Gupta 3 1,2,3 Department f Cmputer Science Engineering, Acrplis Technical Campus, Indre ABSTRACT Clud cmputing is a mdel

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

IMT Standards. Standard number A000014. GoA IMT Standards. Effective Date: 2010-09-30 Scheduled Review: 2011-03-30 Last Reviewed: Type: Technical

IMT Standards. Standard number A000014. GoA IMT Standards. Effective Date: 2010-09-30 Scheduled Review: 2011-03-30 Last Reviewed: Type: Technical IMT Standards IMT Standards Oversight Cmmittee Gvernment f Alberta Effective Date: 2010-09-30 Scheduled Review: 2011-03-30 Last Reviewed: Type: Technical Standard number A000014 Electrnic Signature Metadata

More information

Course Outline (70-413)

Course Outline (70-413) Curse Outline (70-413) Mdule 1: Planning Server Upgrade and Migratin This mdule explains hw t plan a server upgrade and migratin strategy. Upgrade and Migratin Cnsideratins Creating a Server Upgrade and

More information

Configuring, Monitoring and Deploying a Private Cloud with System Center 2012 Boot Camp

Configuring, Monitoring and Deploying a Private Cloud with System Center 2012 Boot Camp Cnfiguring, Mnitring and Deplying a Private Clud with System Center 2012 Bt Camp Length: 5 Days Technlgy: Micrsft System Center 2012 Delivery Methd: Instructr-led Hands-n Audience Prfile This curse is

More information

How Does Cloud Computing Work?

How Does Cloud Computing Work? Hw Des Clud Cmputing Wrk? Carl Mazzanti, CEO, emazzanti Technlgies IT Supprt and Clud Cmputing Services fr Small Business Hbken, NJ and NYC, 201-360- 4400 Owner [Pick the date] Hw des Clud Cmputing Wrk?

More information

CNS-205: Citrix NetScaler 11 Essentials and Networking

CNS-205: Citrix NetScaler 11 Essentials and Networking CNS-205: Citrix NetScaler 11 Essentials and Netwrking Overview The bjective f the Citrix NetScaler 11 Essentials and Netwrking curse is t prvide the fundatinal cncepts and skills necessary t implement,

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

Restricted Document. Pulsant Technical Specification

Restricted Document. Pulsant Technical Specification Pulsant Technical Specificatin Title Pulsant Dedicated Server Department Prduct Develpment Cntributrs RR Classificatin Restricted Versin 1.0 Overview Pulsant ffer a Dedicated Server service t underpin

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

Skills for Employment Investment Project (SEIP)

Skills for Employment Investment Project (SEIP) Skills fr Emplyment Investment Prject (SEIP) Standards/ Curriculum Frmat Fr Server Administratin & Clud Management Curse Duratin: Tw Mnths 1 Curse Structure and Requirements Curse Title: Server Administratin

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Gateway Agent - First Amendment to the High Level Design Document

Gateway Agent - First Amendment to the High Level Design Document Gateway Agent - First Amendment t the High Level Design Dcument Scpe The Gateway Agent HLD thrugh update 1 assumes that nly the Cntrl App, while cnnected t the prximal netwrk, can initiate new clud services.

More information

Data classification for cloud readiness

Data classification for cloud readiness Data classificatin fr clud readiness Micrsft Trustwrthy Cmputing Trustwrthy Cmputing Data classificatin fr clud readiness Legal disclaimer This dcument is fr infrmatinal purpses nly. MICROSOFT MAKES NO

More information

Network Defense Specialist. Course Title: Network Defense Specialist: Security and Vulnerability Assessment

Network Defense Specialist. Course Title: Network Defense Specialist: Security and Vulnerability Assessment Curse Title: Netwrk Defense Specialist: Security and Vulnerability Assessment Page 1 f 11 Curse Descriptin The Netwrk Defense Series frm EC-Cuncil Press is cmprised f 5 bks designed t educate learners

More information

BYOD and Cloud Computing

BYOD and Cloud Computing BYOD and Clud Cmputing AIIM First Canadian Chapter May 22, 2014 Susan Nickle, Lndn Health Sciences Centre Chuck Rthman, Wrtzmans Sheila Taylr, Erg Infrmatin Management Cnsulting Clud cmputing Agenda What

More information

Name. Description. Rationale

Name. Description. Rationale Cmplliiance Cmpnentt Descriptin Ratinale Benefits List the Dmain List the Discipline List the Technlgy Area List Prduct Cmpnent Dcument the Cmpliance Cmpnent Type Cmpnent Sub-type DEEFFI INITION Hst-Based

More information

Serv-U Distributed Architecture Guide

Serv-U Distributed Architecture Guide Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U

More information

Unified Communications

Unified Communications Office f Infrmatin Technlgy Services Service Level Agreement Unified Cmmunicatins Nvember 7, 2013 v2.2 Service Descriptin Unified Cmmunicatins Service Descriptin ITS Unified Cmmunicatins ffers a number

More information

In-House Counsel Day Priorities for 2012. Cloud Computing the benefits, potential risks and security for the future

In-House Counsel Day Priorities for 2012. Cloud Computing the benefits, potential risks and security for the future In-Huse Cunsel Day Pririties fr 2012 Clud Cmputing the benefits, ptential risks and security fr the future Presented by David Richardsn Thursday 1 March 2012 WIN: What in-huse lawyers need Knwledge, supprt

More information

Better Practice Guide Financial Considerations for Government use of Cloud Computing

Better Practice Guide Financial Considerations for Government use of Cloud Computing Better Practice Guide Financial Cnsideratins fr Gvernment use f Clud Cmputing Nvember 2011 Intrductin Many Australian Gvernment agencies are in the prcess f cnsidering the adptin f clud-based slutins.

More information

1)What hardware is available for installing/configuring MOSS 2010?

1)What hardware is available for installing/configuring MOSS 2010? 1)What hardware is available fr installing/cnfiguring MOSS 2010? 2 Web Frnt End Servers HP Prliant DL 380 G7 2 quad cre Intel Xen Prcessr E5620, 2.4 Ghz, Memry 12 GB, 2 HP 146 GB drives RAID 5 2 Applicatin

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

Service Level Agreement Distributed Hosting and Distributed Database Hosting

Service Level Agreement Distributed Hosting and Distributed Database Hosting Office f Infrmatin Technlgy Services Service Level Agreement Distributed Hsting and Distributed Database Hsting Nvember 12, 2013 Service Descriptin Distributed Hsting and Distributed Database Hsting Service

More information

GUIDELINES FOR SECURING SOCIAL MEDIA ACCOUNTS. Version 1.0

GUIDELINES FOR SECURING SOCIAL MEDIA ACCOUNTS. Version 1.0 GUIDELINES FOR SECURING SOCIAL MEDIA ACCOUNTS Versin 1.0 Published Octber 2015 Dcument Cntrl Versin: 1.0 Authr: Cyber Security Divisin - ictqatar Classificatin: Public Date f Issue: Octber 2015 2 Page

More information

FLEET MANAGEMENT SYSTEM

FLEET MANAGEMENT SYSTEM FLEET MANAGEMENT SYSTEM Our web-based Fleet Management Sftware is a functinal system which supprts cmpanies in remving r minimizes the risks assciated with vehicle investment, imprving efficiency, prductivity

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

Serv-U Distributed Architecture Guide

Serv-U Distributed Architecture Guide Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v15.1.2.0 Page 1 f 20 Intrductin Serv-U

More information

Process of Setting up a New Merchant Account

Process of Setting up a New Merchant Account Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am

More information

Presentation: The Demise of SAS 70 - What s Next?

Presentation: The Demise of SAS 70 - What s Next? Presentatin: The Demise f SAS 70 - What s Next? September 15, 2011 1 Presenters: Jeffrey Ziplw - Partner BlumShapir Jennifer Gerasimv Senir Manager Delitte. SAS 70 Backgrund and Overview Purpse f a SAS

More information

Learn More Cloud Extender Requirements Cheat Sheet

Learn More Cloud Extender Requirements Cheat Sheet MaaS360.cm > Learn Mre Learn Mre Clud Extender Requirements Cheat Sheet OVERVIEW This dcument defines all requirements t ensure a successfully installatin f the Clud Extender t enable use f ActiveSync

More information

Appendix H. Annual Risk Assessment and Audit Plan 2013/14

Appendix H. Annual Risk Assessment and Audit Plan 2013/14 Annual Risk Assessment and Audit Plan 2013/14 Internal Audit Department September 25, 2013 Table f Cntents Intrductin.. 3 Risk Assessment Prcess... 4 Page 2 Intrductin Each year, the Internal Audit Department

More information

CPIT Aoraki ICT Asset and Media Security Standard

CPIT Aoraki ICT Asset and Media Security Standard CPIT Araki Crprate Services Divisin: ICT This security standard refers t CPIT, which is the current legal name fr the new rganisatin established 1 January 2016 bringing tgether CPIT and Araki Plytechnic.

More information

System Business Continuity Classification

System Business Continuity Classification System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality

More information

Introduction to FedRAMP Abel Sussman. June, 2015

Introduction to FedRAMP Abel Sussman. June, 2015 Intrductin t FedRAMP Abel Sussman June, 2015 1 Agenda FedRAMP Overview and Backgrund FedRAMP Final Package Authrizatin Types and Timeline Cmmn Challenges and Keys t Success Fr mre infrmatin. 2 Backgrund

More information

service description Colocation of Equipment Infrastructure as a Service

service description Colocation of Equipment Infrastructure as a Service easy t adpt, easy t use, easy t leave service descriptin Infrastructure as a Service versin 4.0 Cntents Overview... 3 Example use cases... 3 Pricing... 4 Trial service... 4 Infrmatin assurance... 4 Prduct

More information

Understand Business Continuity

Understand Business Continuity Understand Business Cntinuity Lessn Overview In this lessn, yu will learn abut: Business cntinuity Data redundancy Data availability Disaster recvery Anticipatry Set What methds can be emplyed by a system

More information

Agenda. PKI Defined Terminology Key Technical Concepts Key Infrastructure Concepts Practical Uses. o o o o o. Important Considerations of Being a CA

Agenda. PKI Defined Terminology Key Technical Concepts Key Infrastructure Concepts Practical Uses. o o o o o. Important Considerations of Being a CA PKI Overview Agenda PKI Defined Terminlgy Key Technical Cncepts Key Infrastructure Cncepts Practical Uses What Wh Why Imprtant Cnsideratins f Being a CA PKI Public Key Infrastructure The sum ttal f the

More information

Identify Storage Technologies and Understand RAID

Identify Storage Technologies and Understand RAID 98-365 Windws Server Administratin Fundamentals Identify Strage Technlgies and Understand RAID 98-365 Windws Server Administratin Fundamentals Lessn Overview In this lessn, yu will learn: Lcal strage ptins

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

The ADVANTAGE of Cloud Based Computing:

The ADVANTAGE of Cloud Based Computing: The ADVANTAGE f Clud Based Cmputing: A Web Based Slutin fr: Business wners and managers that perate equipment rental, sales and/r service based rganizatins. R M I Crpratin Business Reprt RMI Crpratin has

More information

System Business Continuity Classification

System Business Continuity Classification Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required

More information

State of Wisconsin DET Agency Managed Virtual Services Service Offering Definition

State of Wisconsin DET Agency Managed Virtual Services Service Offering Definition State f Wiscnsin DET Agency Managed Virtual Services Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 6/03/08 1.0 James Sylla Initial draft 9/21/11 1.7 Amy Dustin Annual review

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

AMERITAS INFORMATION TECHNOLOGY DISASTER RECOVERY AND DATA CENTER STRATEGY

AMERITAS INFORMATION TECHNOLOGY DISASTER RECOVERY AND DATA CENTER STRATEGY AMERITAS INFORMATION TECHNOLOGY DISASTER RECOVERY AND DATA CENTER STRATEGY O VERVIEW There are currently 3 primary Data Center lcatins (Lincln, Cincinnati, and Calvert) and 2 secndary (Fallbrk and Philadelphia).

More information

PRIVACY POLICY. This Privacy Policy describes how and when Pole Star USA, Inc. ( Pole Star ) collects, uses and

PRIVACY POLICY. This Privacy Policy describes how and when Pole Star USA, Inc. ( Pole Star ) collects, uses and PRIVACY POLICY This Privacy Plicy describes hw and when Ple Star USA, Inc. ( Ple Star ) cllects, uses and shares yur infrmatin when yu use Ple Star s NAO Clud Platfrm, which includes the Ple Star website

More information

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm

More information

CSC 421 COURSE COMPACT

CSC 421 COURSE COMPACT CSC 421 COURSE COMPACT Curse Cde: CSC 421 Curse Title: Cmputer Security Status: Cmpulsry Curse Unit: 2 Cntact Details Lecturer s Data Lecture perid: Tw hurs lectures per week fr 15 weeks (30 hurs) Name:

More information

Cloud Application Risks You Can t Manage What You Can t See

Cloud Application Risks You Can t Manage What You Can t See The Unique Alternative t the Big Fur Clud Applicatin Risks Yu Can t Manage What Yu Can t See Managing Unapprved and Apprved Emplyee Clud Adptin March 18, 2015 Agenda Shadw IT trends that are creating visibility

More information

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days ITIL V3 Planning, Prtectin and Optimizatin (PPO) Certificatin Prgram - 5 Days Prgram Overview The ITIL Intermediate Qualificatin: Planning, Prtectin and Optimizatin (PPO) Certificate is a free-standing

More information

Agenda. o Purpose of IT Assessment o Scope of IT Assessment o Deloitte Recommendations o IBM Discussions o Research Data Center o Open Season

Agenda. o Purpose of IT Assessment o Scope of IT Assessment o Deloitte Recommendations o IBM Discussions o Research Data Center o Open Season Agenda Purpse f IT Assessment Scpe f IT Assessment Delitte Recmmendatins IBM Discussins Research Data Center Open Seasn Purpse f IT Assessment Determine if IT resurces are being utilized efficiently and

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

Zimbra Professional Services Portfolio, Purchasing Guide & Price List

Zimbra Professional Services Portfolio, Purchasing Guide & Price List In- Tuitin Netwrks Ltd Zimbra Prfessinal Services Prtfli, Purchasing Guide & Price List This dcument prvides an verview f In- Tuitin Netwrks Limited s range f Zimbra Prfessinal Services available n the

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

GIS Service Provider. GIS Service Management

GIS Service Provider. GIS Service Management GIS Service Prvider GIS Service Management Overview What is ITIL? Brief Ottawa GIS Backgrund Prject Request The basis f ur existence in GIS, a need fr GIS service. Where d they cme frm? Service Strategy

More information

Service Level Agreement

Service Level Agreement Template SDSU-TPL-11085 v1.3 18/1/11 IT Services Service Level Agreement Enterprise CRM (ECRM) Versin: 0.1 01/11/2010 Cntents 1 INTRODUCTION... 4 1.1 Scpe f the Agreement... 4 1.2 Duratin f the Agreement...

More information

CNS-205 Citrix NetScaler 10.5 Essentials and Networking

CNS-205 Citrix NetScaler 10.5 Essentials and Networking CNS-205 Citrix NetScaler 10.5 Essentials and Netwrking Descriptin: The bjective f the Citrix NetScaler 10.5 Essentials and Netwrking curse is t prvide the fundatinal cncepts and advanced skills necessary

More information

NERC-CIP Cyber Security Standards Compliance Documentation

NERC-CIP Cyber Security Standards Compliance Documentation Cmpliance Dcumentatin Briv OnAir 8/3/20154 Page 2 Overview This dcument is intended t be the primary surce f infrmatin fr Briv s cmpliance with the Nrth America Electric Reliability Crpratin (NERC) reliability

More information

Comtrex Systems Corporation. CISP/PCI Implementation Guidance for Odyssey Suite

Comtrex Systems Corporation. CISP/PCI Implementation Guidance for Odyssey Suite CISP/PCI Implementatin Guidance fr Odyssey Suite Applicable Applicatin Versin This dcument supprts the fllwing applicatin versin: Odyssey Suite Versin 2.0 Intrductin Systems which prcess payment transactins

More information

The Secret Life of Data: Protecting Sensitive Information, Mobile to Cloud

The Secret Life of Data: Protecting Sensitive Information, Mobile to Cloud SESSION ID: CDS-R02 The Secret Life f Data: Prtecting Sensitive Infrmatin, Mbile t Clud Dan Griffin President JW Secure, Inc. @JWSdan WWNSAD? Intelligence agencies have been public abut: Inevitability

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

FUJITSU RUNMYPROCESS SECURITY WHITE PAPER. www.runmyprocess.com

FUJITSU RUNMYPROCESS SECURITY WHITE PAPER. www.runmyprocess.com FUJITSU RUNMYPROCESS SECURITY WHITE PAPER www.runmyprcess.cm TABLE OF CONTENTS 1. INTRODUCTION 4 2. BUSINESS GOVERNANCE 5 2.1. Data Prtectin 5 2.2. Intellectual Prperty Prtectin 5 3. ORGANIZATIONAL GOVERNANCE

More information

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD)

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD) State f Wiscnsin Divisin f Enterprise Technlgy (DET) Distributed Database Hsting Service Offering Definitin (SOD) Distributed Database Hsting SOD Page 1 12/9/2010 Dcument Revisin Histry (Majr Pst Publishing

More information

Hospital Information Management System Pro 2.1

Hospital Information Management System Pro 2.1 Hspital Infrmatin Management System Pr 2.1 A cmplete management sftware fr hspital / clinic Advanced, pwerful, flexible cmplete management sftware fr hspital, clinic and medical institutes. Integrates

More information

G-CLOUD FRAMEWORK SERVICE DEFINITION. Solution Architecture for Cloud Service. Copyright: 2014 6point6 Ltd

G-CLOUD FRAMEWORK SERVICE DEFINITION. Solution Architecture for Cloud Service. Copyright: 2014 6point6 Ltd G-CLOUD FRAMEWORK SERVICE DEFINITION Slutin Architecture fr Clud Service Cpyright: 2014 6pint6 Ltd G-Clud Service Definitin Slutin Architecture fr Clud Service 1. SERVICE OVERVIEW 6pint6 is an innvative

More information

Security Standard for General Information Systems

Security Standard for General Information Systems Ohi University Security Standard fr General Infrmatin Systems A Standard fr the Cnfiguratin and Operatin f Infrmatin Systems at Ohi University System Security Wrking Grup 10/24/2008 Security Standard fr

More information

Microsoft Certified Database Administrator (MCDBA)

Microsoft Certified Database Administrator (MCDBA) Micrsft Certified Database Administratr (MCDBA) 460 hurs Curse Overview/Descriptin The MCDBA prgram and credential is designed fr individuals wh want t demnstrate that they have the necessary skills t

More information

Help Desk Level Competencies

Help Desk Level Competencies Help Desk Level Cmpetencies Level 1 Take user calls and manage truble tickets Ability t staff and manage the rganizatins helpdesk and effectively respnd t rutine custmer calls Ability t use prper grammar

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible

More information

Oracle Cloud Enterprise Hosting and Delivery Policies

Oracle Cloud Enterprise Hosting and Delivery Policies Oracle Clud Enterprise Hsting and Delivery Plicies Statement f Changes Versin 1.5, 6/01/2015 This dcument utlines changes made t the Oracle Clud Enterprise Hsting and Delivery Plicies dated December 1,

More information

LogMeIn Rescue Web SSO via SAML 2.0 Configuration Guide

LogMeIn Rescue Web SSO via SAML 2.0 Configuration Guide LgMeIn Rescue Web SSO via SAML 2.0 LgMeIn Rescue Web SSO via SAML 2.0 Cnfiguratin Guide 02-19-2014 Cpyright 2015 LgMeIn, Inc. 1 LgMeIn Rescue Web SSO via SAML 2.0 Cntents 1 Intrductin... 3 1.1 Dcument

More information

Introduction to Mindjet MindManager Server

Introduction to Mindjet MindManager Server Intrductin t Mindjet MindManager Server Mindjet Crpratin Tll Free: 877-Mindjet 1160 Battery Street East San Francisc CA 94111 USA Phne: 415-229-4200 Fax: 415-229-4201 mindjet.cm 2013 Mindjet. All Rights

More information

Best Practices for Optimizing Performance and Availability in Virtual Infrastructures

Best Practices for Optimizing Performance and Availability in Virtual Infrastructures Best Practices fr Optimizing Perfrmance and Availability in Virtual Infrastructures www.nimsft.cm Best Practices fr Optimizing Perfrmance and Availability in Virtual Infrastructures PAGE 2 Table f Cntents

More information

Enterprise Security Management CIS 259

Enterprise Security Management CIS 259 Enterprise Security Management CIS 259 Prerequisites CIS 175 Descriptin This curse is designed t cver the managerial aspects f cmputer security and risk management fr enterprises. The student will attain

More information

Instant Chime for IBM Sametime Quick Start Guide

Instant Chime for IBM Sametime Quick Start Guide Instant Chime fr IBM Sametime Quick Start Guide Fall 2014 Cpyright 2014 Instant Technlgies. All rights reserved. Cpyright and Disclaimer This dcument, as well as the sftware described in it, is furnished

More information

Installation Guide Marshal Reporting Console

Installation Guide Marshal Reporting Console Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling

More information

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH)

ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) ITL BULLETIN FOR JANUARY 2016 SECURING INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT USING SECURE SHELL (SSH) Murugiah Suppaya, Karen Scarfne, 1 and Larry Feldman, 2 Editrs Cmputer Security Divisin Infrmatin

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

ITIL Release Control & Validation (RCV) Certification Program - 5 Days ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

BAMS Third Party Service Providers (TPSPs) FAQs

BAMS Third Party Service Providers (TPSPs) FAQs BAMS Third Party Service Prviders (TPSPs) FAQs 1) What is the Third Party Service Prvider (TPSP) Agent Registratin Prgram? The TPSP Agent Registratin Prgram is a Card Brand (Visa USA Inc and MasterCard

More information

(CNS-222) Citrix NetScaler Essentials and Unified Gateway

(CNS-222) Citrix NetScaler Essentials and Unified Gateway (CNS-222) Citrix NetScaler Essentials and Unified Gateway Overview Designed fr students with little r n previus NetScaler, NetScaler Gateway r Unified Gateway experience, this curse is best suited fr individuals

More information

RSA SecurID Software Token Security Best Practices Guide. Version 3

RSA SecurID Software Token Security Best Practices Guide. Version 3 RSA SecurID Sftware Tken Security Best Practices Guide Versin 3 Cntact Infrmatin G t the RSA crprate web site fr reginal Custmer Supprt telephne and fax numbers: www.rsa.cm. Trademarks RSA, the RSA Lg

More information

Installation Guide Marshal Reporting Console

Installation Guide Marshal Reporting Console INSTALLATION GUIDE Marshal Reprting Cnsle Installatin Guide Marshal Reprting Cnsle March, 2009 Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 3 Sftware Prerequisites 3 Installatin

More information

Vendor Management. Federal Deposit Insurance Corporation Division of Risk Management Supervision Atlanta Regional Office.

Vendor Management. Federal Deposit Insurance Corporation Division of Risk Management Supervision Atlanta Regional Office. Vendr Management Federal Depsit Insurance Crpratin Divisin f Risk Management Supervisin Atlanta Reginal Office June 18, 2014 1 Agenda Intrductin Vendr Management Overview Regulatry Expectatins Bard and

More information

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and

More information

PCI DSS Cloud Computing Guidelines

PCI DSS Cloud Computing Guidelines Standard: PCI Data Security Standard (PCI DSS) Versin: 2.0 Date: February 2013 Authr: Clud Special Interest Grup PCI Security Standards Cuncil Infrmatin Supplement: PCI DSS Clud Cmputing Guidelines Table

More information

CryptoMate64. USB Cryptographic Token. Technical Specifications V1.03. Subject to change without prior notice. info@acs.com.hk www.acs.com.

CryptoMate64. USB Cryptographic Token. Technical Specifications V1.03. Subject to change without prior notice. info@acs.com.hk www.acs.com. CryptMate64 USB Cryptgraphic Tken Technical Specificatins V1.03 Subject t change withut prir ntice inf@acs.cm.hk www.acs.cm.hk Table f Cntents 1.0. Intrductin... 3 2.0. Features... 4 2.1. Cryptgraphic

More information

OCR LEVEL 2 CAMBRIDGE TECHNICAL

OCR LEVEL 2 CAMBRIDGE TECHNICAL Cambridge TECHNICALS OCR LEVEL 2 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT SETTING UP AN IT NETWORK M/601/3274 LEVEL 2 UNIT 6 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 SETTING UP AN IT NETWORK

More information

Junos Pulse Instructions for Windows and Mac OS X

Junos Pulse Instructions for Windows and Mac OS X Juns Pulse Instructins fr Windws and Mac OS X When yu pen the Juns client fr the first time yu get the fllwing screen. This screen shws yu have n cnnectins. Create a new cnnectin by clicking n the + icn.

More information

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report Natinal Infrmatin Assurance Partnership Cmmn Criteria Evaluatin and Validatin Scheme Validatin Reprt Micrsft Windws 8, Micrsft Windws RT, Micrsft Windws Server 2012 IPsec VPN Client TM Reprt Number: CCEVS-VR-VID10529-2013

More information

FINRA Regulation Filing Application Batch Submissions

FINRA Regulation Filing Application Batch Submissions FINRA Regulatin Filing Applicatin Batch Submissins Cntents Descriptin... 2 Steps fr firms new t batch submissin... 2 Acquiring necessary FINRA accunts... 2 FTP Access t FINRA... 2 FTP Accunt n FINRA s

More information