Response to Questions CML Managed Information Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Response to Questions CML 15-018 Managed Information Security"

Transcription

1 Response to Questions CML Managed Information Security 1. What are the most critical aspects that need to be provided for this RFP, in light of the comment that multiple awards might be provided? The Library is seeking proposals from firms which can provide security consulting / practice development and/or managed security services. Multiple awards could be provided if the Library feels this is the most advantageous approach. 2. What are the decision criteria and weighting criteria being used for this RFP? Please see page 7 of the Managed Information Security Services RFP. Quality and comprehensiveness of the proposal. Quality of the proposed solution. Stability and viability of the product and Offeror. Offeror s experience on projects of similar scope. Input from reference contacts. 3. Do you want the partner to implement Office 365 as part of this contract? No. We are currently an o365 customer. 4. What are the total number of IT Staff who are managing the Network and Security operations of the Library currently? 2 5. How long does the library take to identify and valid a security incident from false positives? This varies based on incident. We believe an Infosec partner could help us in the areas of threat intelligence, incident management, and incident response. 6. How many people and man hours are typically spent in remediating a valid IT Security Incident ( infection of machine, etc )? This varies based on incident. We believe an Infosec partner could help us in the areas of threat intelligence, incident management, and incident response.

2 7. Please provide us data points / feedback on internal gaps analysis performed regarding the IT Security / Risk Management / Compliance posture of the library that will allow us to understand your current maturity model from a people / process / technology perspective. We will provide information related to prior assessments once a partner is selected. 8. Can we be provided a copy of the IT Strategic plan to help formulate response? No, this information will be provided once a partner is selected. 9. Does the library have a written IT Security policy in place? Please provide a copy for review if possible. Yes. The Library may seek input and guidance on policy, procedure, and practice creation to develop a more formalized security program. 10. Does the library currently use any threat intelligence data feeds as part of the security operations? What are the sources of the threat intelligence? ( name, vendor, etc ) The Library leverages threat intelligence today through various mediums. In the future the Library envisions having a partner as a primary go-to to fill this need. 11. How often does the library desire to have penetration testing performed? Annually 12. What cloud services are you using and what are planned cloud services over next 3-5 years? Example ( O365,Amazon,Box, Dropbox, etc ) The Library is currently using o365. The Library is evaluating IaaS options and our assessment of cloud based services and applications is ongoing. 13. What are the current IT Security technologies deployed and the applicable version running of the solution ( for desktop and laptop, servers, filtering and security, web application firewalls, firewalls, network IDS / IPS, advanced threat solutions, web filtering solutions? The Library has standard Information Security technology in place including firewall, antivirus, web filtering, malware protection, and log/event management. 14. Does the library want to deploy new solutions IT Security technologies that are for the differing platforms: Desktops, Servers, Mobile Devices We are open to further discussions and receiving proposals for replacement.

3 15. Does the library have a vulnerability scanning tool? What is the platform / vendor and current release of version running? No. Scans are performed on an as needed basis through a MSSP. 16. How often does the vulnerability scanning currently take place for the library? It is performed on an as needed basis through a MSSP. 17. How long does it take to remediate findings of vulnerabilities? This varies based on vulnerability. 18. What are is your length of storage requirements from a time aspect for log management and compliance purposes? (90 days for logs for example?) (1 year for PCI compliance data for example?) We will be looking for recommendations from our selected partner to ensure we are in compliance. 19. What is your current log management solution? The Library is using Solarwinds Log and Event Manager. The Library is seeking recommendations as part of this engagement. 20. Do you currently have a SEIM, Security Event Identification Management Solution, in production? What is platform and release information? The Library is using Solarwinds Log and Event Manager 21. How many total IP addresses ( physical and virtual IPs) does the library have for their network and systems? We have approximately 200 virtual servers. We have approximately 300 IP addresses allocated to network devices including WAPs. 22. What is expected growth rate for IP addresses for the library over next 3-5 years? ( Best estimate ) Approximately 10% per year.

4 23. Per each library location please provide the number s for total servers and desktops / laptops? Each location has 1 branch server which supports public computing technologies. Approximately 90 end user devices per locations. 24. How many total desktops & laptops & tablet computers are under library management? What are the current Security solutions deployed to these devices. What is the current version of the Security solution in production Approximately 1,800. antivirus, web filtering, malware protection 25. Is a Security tool platform change in scope for this RFP? We are open to further discussions and receiving proposals for replacement. 26. How man total server operating systems are deployed at the library and what are their operating systems and release level? What are the current Security solutions deployed to these server assets? What is the current version of the Security solution deployed to server assets? The Library runs a mix of Windows and Linux. Additional details will be provided once a partner is selected. 27. How many servers are virtualized versus physical servers? What are the virtualization technologies deployed for servers and desktops? What vendor version and software release are running for the virtualization platform(s)? What is the management platform in use? The Library is 95% virtualized. The Library uses VMware ESX for server virtualization. 28. Please describe your network topology and a provide a network diagram and denote ingress and egress points of internet traffic. How many total number of egress points? How many total number of ingress points? Please see page 3 of the RFP. Additional details will be provided once a partner is selected. 29. What aspects of your network design represent the biggest concern or risk to the library?

5 30. Who are your internet and telecom vendors? OPLIN, TWC, XO 31. What are the total number of routers deployed? What are the vendor model number and software release running? Please denote each distinct active/ active and active / passive pair clusters deployed. How many active / active pairs? How many active / passive pairs? What is the management platform in use? Approximately What are the total number of switches you have deployed? What are the vendor model number and software release running? Please denote each distinct active/ active and active / passive pair clusters deployed. How many active / active pairs? How many active / passive pairs? What is the management platform in use? Approximately What are total number(s) of firewalls and / or UTM devices deployed? What are the vendor model numbers and software release running on your firewalls and / or UTM device? Please denote each distinct active/ active and active / passive pair clusters deployed. How many active / active pairs? How many active / passive pairs? What is the management platform in use? 34. What are the total number of network based IDS and IPS systems deployed? 35. What are deployed behavioral analysis tools deployed within network? Please provide vendor platform information and software release deployed in production? Please denote each VPN device active / active and active / passive pair clusters deployed. What is the management platform in use? 36. What type of VPN solution do you have deployed an in production? Please denote platform / vendor and software release running in production? What is the management platform in use?

6 37. What is your web filtering platform? What are the vendor model numbers and software release running? Please denote each active / active and active / passive pair clusters deployed. How many active / active pairs? How many active / passive pairs? What is the management platform in use? OpenDNS. 38. Do you deploy a web proxy / gateway solution? 39. Do you have a web application firewall solution deployed? 40. Do you have deployed a host based intrusion detection / intrusion prevention solution deployed to endpoint servers, desktops, laptops? 41. What is you endpoint security platform deployed on servers. desktops, laptops, and mobile devices? 42. What are your mission critical applications and the server operating systems running on? Please list and describe. i. Financial application ii. Web server environment iii. Staff Intranet iv. Public computing / print management v. ADFS/DirSync 43. What are your mission critical services and their operating underlying operating systems? AD, file, print, DCHP, DNS 2008, Please list all server operating systems deployed? The Library runs a mix of Windows and Linux. Additional details will be provided once a partner is selected.

7 45. Please list all desktop / laptops / tablet operating systems deployed? What is the total count of these systems? Windows 7 (1500), 8 (300) 46. What database platforms and releases you have deployed? SQL Server, MySQL 47. Do you have in production any advanced anti-malware such as Fireeye, PaloAlto, or Symantec ATP platforms? 48. Please provide information if load balancers are deployed and the platform and software release running? 49. Are you using netflow collectors? 50. Please provide any key contextual details and additional information that will help us understand your key objectives for your Managed Security Services. Please see page 3 5 of the RFP. 51. We need the number of external IP s currently being utilized at Columbus Metropolitan Library. Thank you in advance for your timely response. Approximately First, can you clarify the goal of the security consulting work? The goal of the security consulting work is to work with a chosen partner who will support the Library to enhance its IT security posture as well as reduce Information Security risk. We see this happening through general advising, policy and procedure development, threat intelligence, and incident management and response. Is it meant specifically to identify gaps in the program that will impede the managed services transition?

8 No, this should be performed as a discovery function as part of a managed services proposal. Or is it meant to help shore up additional security program elements that will remain a responsibility of Library staff? Yes. The consulting partnership will help to enhance security program elements that will remain a responsibility of the Library. 53. Are you looking to add outside resources to assist in developing and operating the security program? Not outside of the selected partner(s) recommendations or resources. 54. Can you also give us a better understanding of the current program and its major components? You list it as security practices in the Appendix A can you list those out for us to better understand your intent? This includes governance, incident response, policies, procedures, and standards. The Library has standard Information Security technology in place including firewall, antivirus, web filtering, malware protection, and log/event management. 55. What drives the program today? What compliance initiatives are you concerned about? Compliance and organizational risk drives the program today. 56. If already developed, what security framework are you following (ISO, NIST, etc)? The Library is seeking recommendations as part of this engagement. 57. How many full time IT security resources are there and their responsibilities? IT security is a duty that all technical staff are responsible for. We do not have an FTE 100% focused on Information Security. 58. Can you give us a list of policies, procedures, standards that already are in existence? No. This will be shared once a partner is selected.

9 59. Do you leverage threat intelligence already today? In what forms do you take in threat intelligence? If so, in what capacity/tools? How are you envisioning it in the future? The Library leverages threat intelligence today through various mediums. In the future the Library envisions having a partner as a primary go-to to fill this need. 60. Generally speaking, what type of incidents do you experience? Are these generic issues such as malware infection and cleanup? Or are they insider or outsider threat type of issues? Recent events include malware, virus, and phishing attempts. 61. Appendix A Section 1 seems to imply that you are looking for someone to assess the library and its overall practice, provide guidance to the program through a set of projects and reassess as deemed appropriate. Much of this falls into the category of security management. Who would the outsourcer be advising through this series of practice improvements? Advising would be delivered to various stakeholders including, but not limited to, the project team, the Library s Strategic Planning Team, and/or the Library s Board of Trustees. 62. Is this feeding your own risk management practices? Do you follow a specific risk management framework and if so, which one? Yes. More details about the Library s risk management will be shared once a partner is selected. 63. What is your expectation for the scanning activities? Can you give an estimate to the frequency and scope of the following types of scans: External vulnerability scan - Annually Internal network vulnerability scan - Quarterly Network penetration testing - Annually Web application assessment - Annually

10 64. What type of output are you expecting? Something on line? Automated and formatted data from the scan? Or are you looking for analysis from security consultants and a tailored/custom report for each? Not all reports would need to be tailored / customized. As long as the output can be downloaded / exported we are open to various mediums. 65. Can you please elaborate on the technical specifications around the IaaS scenario that you are trying to describe (ie. what type of network resources and operations would you foresee moving to an IaaS environment?). The Library is currently investigating IaaS solutions. In the future, the Library may move its virtual server infrastructure to an IaaS provider. 66. Are you looking for a single provider to cover all aspects? The Library is seeking proposals from firms which can provide security consulting / practice development and/or managed security services. Multiple awards could be provided if the Library feels this is the best most advantageous approach. 67. What is the initial term for this contract if selected? The contract term will be discussed once a partner is selected. Appendix B of the RFP states pricing for a 12 month period should be provided. 68. Are you expecting to award this contract in phases for ex. the security consulting/development phase would be selected first and then based on how the findings from that project turn out then the managed services part of the project would be phase 2, etc., can you provide more guidance here? The Library will move forward with an approach that is deemed most advantageous based on the responses received. 69. Are all Services Centralized for the 25 locations? Yes. 70. Can you provide an overview of your current IT architecture firewall, network devices, IPS/IDS, wireless, etc.? What requirement will the old architecture place on this bid and the associated services to be delivered? Please see page 3 of the RFP. Additional details will be provided once a partner is selected.

11 71. What services are you referencing here? - This partner would provide implementation resources that would work closely with the Library infrastructure resources. Are the Services to be part of the contract? The Library is stating that if there will be implementation work as part of the proposed solution, the Library would expect partner resources to work with Library resources to implement the solution. Services should be detailed in the proposal. 72. If there are 25 locations as stated on Page 3, lower on the Page it says there are 22 Branch locations. If the operations Center is the 23rd, what are the other two? The other locations support administrative functions. The Library currently has 22 branch locations. 73. Is the Cisco Wireless Meraki? No. 74. How old is the Cisco Network Infrastructure Equipment? If the plan was first put together in 2003, this would (most likely) infer that the infrastructure needs to be updated. Is the design and architecture to be handled outside the RFP Information Security Consulting? The Cisco Infrastructure equipment is 4-6 years old. None of the Library s network infrastructure is EOL. 75. Do you currently have policies and procedures that the winning bid will maintain, update and create and new policies? Yes. The Library may seek input and guidance on policy, procedure, and practice creation and updates. 76. Do you currently have an incident management and response plan? Will the winning bidder be responsible for maintaining and updating, keeping current? Yes. The Library may seek input and guidance on maintaining and updating its incident management and response plan. 77. Are you using any log management application currently? Solarwinds Log and Event Manager. 78. What products are being used under Desktop and Server Protection? Antivirus, malware protection, and Web filtering.

12 79. Page 5, the contractor shall complete a discovery phase to capture the current state of their infrastructure is this billable? Service rates and charges shall be all inclusive. 80. What does MBE/DBE/WBE stand for (page 5) I assume Minority/Disabilities/Women? Minority Business Enterprise Disadvantaged Business Enterprise Women Business Enterprise 81. On-going/regular vulnerability scanning, what is the goal for performing this service? To mitigate risk and meet compliance standards. 82. Database security, what does that mean? Ensuring security controls to protect databases are in place. 83. What is your current definition of penetration scanning for ex. authenticate versus nonauthenticate scanning? The Library would be seeking recommendations from the selected partner as to which level of penetration scan should be performed. 84. Page 10, what is your definition of persistent default (can you provide some examples)? Contractor repeatedly misses deadlines. Contractor fails repeatedly to meet requirements of the contract. Repeated breaches by contractor to agree-to terms and conditions. 85. If select, when do you want to start this effort? ASAP once a partner is selected and a contract is in place. 86. There was no specific discussion on SLA s anywhere; do you have any specifics in mind here? Please provide your capabilities in your response.

13 Goal of the Engagement: 87. Clarify: what do ""Security Services"" and ""Highly Secure"" mean to CML (Setting our Expectations) Security Services are to include points 1-6 on page 4. Highly secure means working with a partner to help ensure CML is meeting compliance standards and cost effectively developing and delivering an Information Security program to meet the needs of the organization while mitigating risk. 88. We expect that there are publicly usable Internet workstations, but are there other services and applications in scope (i.e. Online catalog, e-library, fee collection that may fall under PCI-DSS requirements, etc.) Yes. 89. Is there currently, an existing security program and staff or are security responsibilities loosely defined and security operations best effort?"" The Library may seek input and guidance on policy, procedure, and practice creation to develop a more formalized security program. IT security is a duty that all technical staff are responsible for. We do not have an FTE 100% focused on Information Security. 90. Is there a manager, who has or will assume responsibility, for information security oversight? Yes 91. Have there been any prior assessments within the past 3-5 years and will those reports be provided?" Yes. Those reports can be provided once a partner is selected. 92. Could we obtain a Network Diagram? No. Please see page 3 of the RFP. Security Consulting/ Practice Development 93. Is there an existing security program and/or existing policies or procedures that provide some guidance? Yes, there are. The Library may seek input and guidance on policy, procedure, and practice creation to develop a more formalized security program.

14 94. Is there a particular program/control framework they have familiarity with (ISO, NIST, etc)? The Library is seeking recommendations as part of this engagement. 95. How many and what type of "publicly-facing services are in scope? Primarily web and authentication services. 96. Are there any system interconnections to other libraries or external entities/partners that would need to be considered? Yes 97. Log Management under Security Monitoring is called out, but there is no reference to the Log Management system being used. Can we please be provided with additional information around the Log Management platform? (Model, Version, etc ) The Library is using Solarwinds Log and Event Manager. The Library is seeking recommendations as part of this engagement. 98. In the section for Desktop and Server Protection Data Base Security is referenced. Can we better understand the infrastructure housing the data base? Would this be already what the customer called out to us as a critical server? The Library primarily uses Microsoft SQL Server and MySQL. 99. For Vulnerability Scanning can you verify the number of internal and external ip addresses would you like to have vulnerability scanning done for? (Most enterprises will have critical servers and network infrastructure devices included in this scanning) External 40 Internal For Vulnerability Scanning if we place one scanner will we be able to scan all internal address space in scope for this RFP? Yes 101. For the internal scanner appliance, would you prefer a physical appliance or a virtual appliance? (The virtual appliance runs on VMWare, Oracle VirtualBox, Citrix XenServer, and Microsoft Hyper-V) Physical appliance if not cost prohibitive.

15 102. For pen testing, we often utilize a sampling methodology to help an organization complete a cost effective penetration test of their environment. For example, if 100 web servers are all running Windows 2008R2 with IIS 7.0, the same vulnerabilities will likely be detected on all servers running the same software. By utilizing sampling, we can assess a smaller number of hosts and reduce the time and cost to the organization. With this knowledge, consider approximately how many live, "unique" hosts would be in scope for the penetration test to answer the next two questions. Total number of unique internal servers / IP addresses in scope for penetration testing? i. 150 Total number of unique externally reachable servers / IP addresses in scope for penetration testing? i. 30

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Request for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP #12-680-004. Addendum 1.0

Request for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP #12-680-004. Addendum 1.0 Request for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP #12-680-004 Addendum 1.0 ISSUE DATE: February 23, 2012 Receipt of this addendum should be acknowledged on the Proposal Form. Inquiries

More information

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015 QUESTIONS ANSWERS Q1 What is the goal of testing? A1 We engage in this type of testing to promote our own best practices and ensure our security posture is as it should be. Q2 No of active IP s (internal):

More information

Vendor Questions and Answers

Vendor Questions and Answers OHIO DEFERRED COMPENSATION REQUEST FOR PROPOSALS (RFP) FOR COMPREHENSIVE SECURITY ASSESSMENT CONSULTANT Issue Date: December 7, 2016 Written Question Deadline: January 11, 2016 Proposal Deadline: RFP Contact:

More information

RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST

RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,

More information

Goals. Understanding security testing

Goals. Understanding security testing Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3

More information

HIPAA SECURITY RISK ANALYSIS FORMAL RFP

HIPAA SECURITY RISK ANALYSIS FORMAL RFP HIPAA SECURITY RISK ANALYSIS FORMAL RFP ADDENDUM NUMBER: (2) August 1, 2012 THIS ADDENDUM IS ISSUED PRIOR TO THE ACCEPTANCE OF THE FORMAL RFPS. THE FOLLOWING CLARIFICATIONS, AMENDMENTS, ADDITIONS, DELETIONS,

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

Sample Vulnerability Management Policy

Sample Vulnerability Management Policy Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director

More information

After reviewing all the questions, the most common and relevant questions were chosen and the answers are below:

After reviewing all the questions, the most common and relevant questions were chosen and the answers are below: 2015 007 After reviewing all the questions, the most common and relevant questions were chosen and the answers are below: 1. Is there a proposed budget for this RFP? No 2. What is the expect duration for

More information

Security Services. 30 years of experience in IT business

Security Services. 30 years of experience in IT business Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3

More information

Unified Threat Management, Managed Security, and the Cloud Services Model

Unified Threat Management, Managed Security, and the Cloud Services Model Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

QUESTIONS & RESPONSES #2

QUESTIONS & RESPONSES #2 QUESTIONS & RESPONSES #2 RFP / TITLE 070076 IT Cybersecurity Assessment and Plan CONTACT Michael Keim, CPPB, Sr. Contract Adminstrator EMAIL procurement@portoftacoma.com PHONE NUMBER 253-428-8608 SUBMITTAL

More information

Payment Card Industry Self-Assessment Questionnaire

Payment Card Industry Self-Assessment Questionnaire How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.

More information

Enterprise Computing Solutions

Enterprise Computing Solutions Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company

More information

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software McAfee Global Threat Intelligence File Reputation Service Best Practices Guide for McAfee VirusScan Enterprise Software Table of Contents McAfee Global Threat Intelligence File Reputation Service McAfee

More information

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business

More information

Request for Proposal MDM0031012338. Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

Request for Proposal MDM0031012338. Offeror s Questions for RFP for Virtual Private Network Solution (VPN) Request for Proposal MDM0031012338 Offeror s Questions for RFP for Virtual Private Network Solution (VPN) 1. How much throughput must the VPN support long-term? Answer: 10 GB firewall, 4 GB 3DES/AES VPN

More information

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Vulnerability Manager IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

D. Grzetich 6/26/2013. The Problem We Face Today

D. Grzetich 6/26/2013. The Problem We Face Today Ideas on Using Asset Criticality Inference (ACI) Through Gathering and Processing of Asset Contextual Utilizing Analytical Models and Processing Rules D. Grzetich 6/26/2013 The Problem We Face Today Security

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1)

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1) Continuous Monitoring for the New IT Landscape July 14, 2014 (Revision 1) Table of Contents Introduction... 3 The New IT Landscape... 3 Gaps in the New IT Landscape... 5 Tenable s Continuous Monitoring

More information

Fortinet Solutions for Compliance Requirements

Fortinet Solutions for Compliance Requirements s for Compliance Requirements Sarbanes Oxley (SOX / SARBOX) Section / Reference Technical Control Requirement SOX references ISO 17799 for Firewall FortiGate implementation specifics IDS / IPS Centralized

More information

SIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK. www.alienvault.com

SIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK. www.alienvault.com SIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK www.alienvault.com A Rose By Any Other Name SLM/LMS, SIM, SEM, SEC, SIEM Although the industry has settled on

More information

Addendum No. 2 RFP # 13-10340-3950 SAP ERP SYSTEM AND INFORMATION SECURITY PROGRAM ASSESSMENTS

Addendum No. 2 RFP # 13-10340-3950 SAP ERP SYSTEM AND INFORMATION SECURITY PROGRAM ASSESSMENTS Addendum 2 RFP # 13-10340-3950 SAP ERP SYSTEM AND INFORMATION SECURITY PROGRAM ASSESSMENTS Prospective Respondents: You are hereby notified of the following information in regard to the referenced RFP:

More information

Vendor 1 QUESTION CCSF RESPONSE

Vendor 1 QUESTION CCSF RESPONSE Vendor 1 QUESTION 1 If we have already filled out the vendor profile application, business tax declaration and local business forms will we need to fill them out again? 2 Is CCSF open to rolling up all

More information

PCI DSS. Get Compliant, Stay Compliant Seminar

PCI DSS. Get Compliant, Stay Compliant Seminar PCI DSS Get Compliant, Stay Compliant Seminar ValueSYS Solutions & Services Wael Hosny CEO ValueSYS Wael.hosny@valuesys.net Solutions you Need, with Quality you Deserve Seminar Agenda Time 09:00 10:00

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com PCI Compliance - A Realistic Approach Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com What What is PCI A global forum launched in September 2006 for ongoing enhancement

More information

University of Pittsburgh Security Assessment Questionnaire (v1.5)

University of Pittsburgh Security Assessment Questionnaire (v1.5) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided

More information

PCI-DSS Penetration Testing

PCI-DSS Penetration Testing PCI-DSS Penetration Testing Adam Goslin, Co-Founder High Bit Security May 10, 2011 About High Bit Security High Bit helps companies obtain or maintain their PCI compliance (Level 1 through Level 4 compliance)

More information

Security Information and Event Management (SIEM) Hardware & Software RFP #15-109309

Security Information and Event Management (SIEM) Hardware & Software RFP #15-109309 CITY OF FARMINGTON 800 Municipal Drive Farmington, NM 87401-2663 (505) 599-1373 Fax (505) 599-1377 http://www.fmtn.org REQUEST FOR PROPOSALS FOR Security Information and Event Management (SIEM) Hardware

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Getting Started with the iscan Online Data Breach Risk Intelligence Platform Getting Started with the iscan Online Data Breach Risk Intelligence Platform 2 Table of Contents Overview... 3 Data Breach Risk Intelligence... 3 Data Breach Prevention Lifecycle Defined... 3 Choosing

More information

agenda 5 IBM ISS security consulting solutions 6 Reduzca costos y la complejidad de la seguridad en su negocio

agenda 5 IBM ISS security consulting solutions 6 Reduzca costos y la complejidad de la seguridad en su negocio Reduzca costos y la complejidad de la seguridad en su negocio Juan Carlos Carrillo Security Sales Leader Viernes, 11 de Septiembre de 2009 agenda 1 2 3 X-Force 2008 Trend & Risk Report Highlights IBM Security

More information

REQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014

REQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014 REQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014 Q1) Page 2, Section A and Page 5, Section H --- Does the County desire only an assessment of compliance

More information

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS EXTENDING THREAT PROTECTION AND WHITEPAPER CLOUD-BASED SECURITY SERVICES PROTECT USERS IN ANY LOCATION ACROSS ANY NETWORK It s a phenomenon and a fact: employees are always on today. They connect to the

More information

SECURITY 2.0 LUNCHEON

SECURITY 2.0 LUNCHEON PROTECTING YOUR ORGANIZATION SECURITY 2.0 LUNCHEON AGAINST CYBER THREATS Tommy Montgomery, Principal Consultant Viral Dhimar, Consultant Adam Ferguson, VP October 22, 2014 #SWCEvents Security 2.0: Next

More information

Endpoint Security: Become Aware of Virtual Desktop Infrastructures!

Endpoint Security: Become Aware of Virtual Desktop Infrastructures! Endpoint Security: Become Aware of Virtual Desktop Infrastructures! An Ogren Group Special Report May 2011 Executive Summary Virtual desktops infrastructures, VDI, present IT with the unique opportunity

More information

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

CounselorMax and ORS Managed Hosting RFP 15-NW-0016 CounselorMax and ORS Managed Hosting RFP 15-NW-0016 Posting Date 4/22/2015 Proposal submission deadline 5/15/2015, 5:00 PM ET Purpose of the RFP NeighborWorks America has a requirement for managed hosting

More information

Find the needle in the security haystack

Find the needle in the security haystack Find the needle in the security haystack Gunnar Kristian Kopperud Principal Presales Consultant Security & Endpoint Management Technology Day Oslo 1 Find the needle in the security haystack Manually deep

More information

Response to Queries Received for RFP of Security Integrator - Tender No. 63

Response to Queries Received for RFP of Security Integrator - Tender No. 63 Sr.N RFP Clause Original Query Reply/Remark o. 1. Perform Incident Management with respect to the following: For Forensic Analysis of logs Please clarify the systems/devices Contain attacks through for

More information

Automate PCI Compliance Monitoring, Investigation & Reporting

Automate PCI Compliance Monitoring, Investigation & Reporting Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Sygate Secure Enterprise and Alcatel

Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and

More information

PRESIDIO MANAGED SERVICES OVERVIEW

PRESIDIO MANAGED SERVICES OVERVIEW OVERVIEW VALUE AND COMMITMENT OUR COMMITMENT In our pursuit of excellence for Managed Services we dedicate our team to support the strategic business and IT drivers from our customers. Enabling you to

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments OVERVIEW This document explains the functionality of Security for Virtual and Cloud Environments (SVCE) - what

More information

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security

More information

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1) Configuring Virtual Switches for Use with PVS February 7, 2014 (Revision 1) Table of Contents Introduction... 3 Basic PVS VM Configuration... 3 Platforms... 3 VMware ESXi 5.5... 3 Configure the ESX Management

More information

ICT budget and staffing trends in the UK

ICT budget and staffing trends in the UK ICT budget and staffing trends in the UK Enterprise ICT investment plans to 2013 January 2013 TABLE OF CONTENTS 1 Trends in ICT budgets... 1 1.1 Introduction... 1 1.2 Survey demographics... 1 1.3 IT budget

More information

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to the Centre

More information

Continuous Network Monitoring for the New IT Landscape. March 16, 2015 (Revision 4)

Continuous Network Monitoring for the New IT Landscape. March 16, 2015 (Revision 4) Continuous Network Monitoring for the New IT Landscape March 16, 2015 (Revision 4) Table of Contents Introduction... 3 The New IT Landscape... 3 Gaps in the Modern IT Landscape... 5 Tenable s Five Critical

More information

Symantec Endpoint Protection Analyzer Report

Symantec Endpoint Protection Analyzer Report Symantec Endpoint Protection Analyzer Report For Symantec Customer Table of Contents Statement of Confidentiality... 3 1. Introduction... 4 2. Environmental Analysis Overview... 5 2.1 Findings Overview...

More information

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR AUTHOR: UDIT PATHAK SENIOR SECURITY ANALYST udit.pathak@niiconsulting.com Public Network Intelligence India 1 Contents 1. Background... 3 2. PCI Compliance

More information

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide

More information

CONTENTS. PCI DSS Compliance Guide

CONTENTS. PCI DSS Compliance Guide CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not

More information

Vulnerability management lifecycle: defining vulnerability management

Vulnerability management lifecycle: defining vulnerability management Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By

More information

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.

More information

Designing & Implementing. Programs. MBA Bank Expo 2012 April 11, 2012

Designing & Implementing. Programs. MBA Bank Expo 2012 April 11, 2012 Designing & Implementing Enterprise Security Programs MBA Bank Expo 2012 April 11, 2012 Session Purpose G R O U P Premise: Security is institutionalized, but the enterprise is evolving. the enterprise

More information

QRadar SIEM 6.3 Datasheet

QRadar SIEM 6.3 Datasheet QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems. Presenter: Matt Harkrider. Founder, Alert Logic

Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems. Presenter: Matt Harkrider. Founder, Alert Logic Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems Presenter: Matt Harkrider Founder, Alert Logic Who We Are: Corporate Fact Sheet Founded: 2002 Sample Customers: HQ: Houston,

More information

SIEM Implementation Approach Discussion. April 2012

SIEM Implementation Approach Discussion. April 2012 SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved. Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security

More information

Information Technology 2016-2021 Strategic Plan

Information Technology 2016-2021 Strategic Plan Information Technology 2016-2021 Strategic Plan Draft Table of Contents Table of Contents... 3 Introduction... 4 Mission of IT... 4 Primary Service Delivery Objectives... 4 Availability of Systems...

More information

PCI Solution for Retail: Addressing Compliance and Security Best Practices

PCI Solution for Retail: Addressing Compliance and Security Best Practices PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment

More information

8. Firewall Design & Implementation

8. Firewall Design & Implementation DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or

More information

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper with Cloud-Based Security Services > White Paper It s a phenomenon and a fact: employees are always on today. They connect to the network whenever they want, from wherever they happen to be, with laptops,

More information

Cyber Security. John Leek Chief Strategist

Cyber Security. John Leek Chief Strategist Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Important Facts. Small & Medium size businesses report an average of 50 hours lost productivity per employee per year due to IT related problems.

Important Facts. Small & Medium size businesses report an average of 50 hours lost productivity per employee per year due to IT related problems. Your information systems are at the heart of your businesses daily operation. System down time costs businesses a significant amount of money each year. Most problems that cause down time can be prevented

More information

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard

More information

Netzwerkvirtualisierung? Aber mit Sicherheit!

Netzwerkvirtualisierung? Aber mit Sicherheit! Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

Company Profile. First Page. Previous Page. Next Page. Last Page. A Member of Harel Mallac Group

Company Profile. First Page. Previous Page. Next Page. Last Page. A Member of Harel Mallac Group Company Profile A Member of Harel Mallac Group First Table of Contents Who are we? 3 Our Services 4-11 Key Differentiators 11 Contact Us 12 Who are we? Founded in the early 1970 s, Mauritius Computing

More information

Deploy Remote Desktop Gateway on the AWS Cloud

Deploy Remote Desktop Gateway on the AWS Cloud Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4

More information

Required Software Product List

Required Software Product List Symantec ($3.2 million, 35% weight) AdVantage AdvisorMail AntiVirus (Endpoint Protection) AntiVirus Enterprise Edition App Center Application HA Asset Management Suite Backup Exec Certificate Intelligence

More information

Required Software Product List

Required Software Product List Symantec ($3.2 million, 35% weight) AdVantage AdvisorMail AntiVirus (Endpoint Protection) AntiVirus Enterprise Edition App Center Application HA Arellia Application Control Solution Arellia Endpoint Security

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Cloud Security: Getting It Right

Cloud Security: Getting It Right Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon

More information

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...

More information

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance

More information

Data Security and Healthcare

Data Security and Healthcare Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population

More information

GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE

GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE iscan Online 5600 Tennyson Parkway Suite 343 Plano, Tx 75024 Table of Contents Overview... 3 Data Breach Prevention... 4 Choosing

More information

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Cybersecurity: An Innovative Approach to Advanced Persistent Threats Cybersecurity: An Innovative Approach to Advanced Persistent Threats SESSION ID: AST1-R01 Brent Conran Chief Security Officer McAfee This is who I am 2 This is what I do 3 Student B The Hack Pack I used

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

Is your business prepared for Cyber Risks in 2016

Is your business prepared for Cyber Risks in 2016 Is your business prepared for Cyber Risks in 2016 The 2016 GSS Find out Security with the Assessment Excellus BCBS customers hurt by security breach Hackers Access 80 Mn Medical Records At Anthem Hackers

More information

Total Protection for Compliance: Unified IT Policy Auditing

Total Protection for Compliance: Unified IT Policy Auditing Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.

More information

Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements

Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the

More information