Cyber Essentials Questionnaire
|
|
- Adelia Atkins
- 8 years ago
- Views:
Transcription
1 Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable. It is mainly applicable where IT systems are primarily based on Common-Off-The-Shelf (COTS) products rather than large, heavily customised, complex solutions. The main objective of the Cyber Essentials assessment is to determine that your organisation has effectively implemented the controls required by the Scheme, in order to defend against the most common and unsophisticated forms of cyber-attack. This questionnaire is a self-assessment, which must be approved by a Board member or equivalent, and will then be verified by a competent assessor from ID Cyber Solutions, the certification body. Such verification may take a number of forms, and could include, for example, a telephone conference. The verification process will be at the discretion of ID Cyber Solutions. Scope of Cyber Essentials The Scope is defined in the scheme Assurance Framework document, available on the scheme web site You will be required to identify the actual scope of the system(s) to be evaluated as part of the questionnaire. How to avoid delays & additional charges You may incur additional charges if details are not sufficiently supplied, answer the questions as fully as possible giving supporting comments, paragraphs from policies and screen shots where possible. As a rule of thumb if it takes longer to assess the submission than you spent preparing it, you may be charged.
2 Organisation Identification Please provide details as follows: Organisation Name (legal entity): Sector: Parent Organisation name (if any): Size of organisation micro, small, medium, large. (See definition below) of employees Point of Contact name: Salutation (Mr, Mrs, Miss etc.) Initial First Surname Job Title: address: Telephone Number: Building Name/Number Address 1 Address 2 Address 3 City County Postcode Certification Body: ID Cyber Solutions Do you wish to be excluded from the register of Cyber Essentials certified companies? Exclusion means customers will not be able to find your entry. If this is left blank you will be entered. From time to time government departments and other interested bodies may wish to use your company for marketing Cyber Essentials. If you do not wish to be promoted in this way please enter NO in the box. If this is left blank you imply your consent.
3 SME Definition Company category Employees Turnover or Balance sheet total Medium-sized < m 43 m Small < m 10 m Micro < 10 2 m 2 m Business Scope Please identify the scope of the system(s) to be assessed under this questionnaire, including locations, network boundaries, management and ownership. Where possible, include IP addresses and/or ranges. A system name should be provided that uniquely identifies the systems to be assessed, and which will be used on any certificate awarded. (te: it is not permissible to provide the company name, unless all systems within the organisation are to be assessed): How many work sites are in scope? For Our Glasgow and Edinburgh offices are in scope for the test, excluding our development server located in our Glasgow office. These two sites are collectively known under the system name of Overall business systems. How are they connected? For Our Glasgow and Edinburgh offices are connected via VPN, with users from Edinburgh connecting to our file sharing server located in Glasgow. Have out-of-scope areas been sufficiently segregated (NAT/Firewall)? For Our out-ofscope development server is connected to our network but is segregated by a firewall. What Cloud Services are used (Dropbox, Office 365, Google Drive)? For We regularly use Office 365 to manage and access our system, as well as to store some working files. Please provide a URL (or send supplemental documentation) that shows each cloud provider s security processes and certifications
4 Boundary Firewalls and Internet Gateways Question Answer Comment 1 Have you installed Firewalls or similar devices at the boundaries of the networks in the Scope? What make are your Firewalls and who administers them? For Both of our offices are protected by identical Cisco ASA 5520 Firewalls. These were installed and are maintained by our outsourced IT company AAA Solutions. 2 Have the default usernames/passwords on all boundary firewalls (or similar devices) been changed to a strong password? 3 Have all open ports and services on each firewall (or similar device) been subject to justification and approval by an appropriately qualified and authorised business representative, and has this approval been properly documented? 4 Have all commonly attacked and vulnerable services (such as Server Message Block (SMB) NetBIOSm tftp, RPC, rlogin, rsh, rexec) been disabled or blocked by default at the boundary firewalls? When were the credentials changed, and who by? What are the complexity rules of the passwords? For Our outsourced IT company changed the passwords when the firewalls were installed three months ago. They have told us that the passwords are at least 15 characters long with a mixture of letters, numbers and special characters. What is the approval process when a new port is opened and who administers this? For Our Operations Manager issues a request to the outsourced IT company stating the reason for the port to be open and consults with them about any potential security issues. The outsourced IT company then arranges a suitable time to perform the operation. How do you know this to be the case? Who s role was it to check and when was this done? For This was checked by our Operations Manager shortly after the firewalls were installed. They asked the outsourced IT company to confirm that all of the
5 necessary services had been disabled. Question Answer Comment 5 Confirm that there is a corporate policy requiring all firewall rules that are no longer required to be removed or disabled in a timely manner, and that this policy has been adhered to (meaning that there are currently no open ports or services that are not essential for the business)? Policy exists and has been implemented 6 Confirm that any remote administrative interface has been disabled on all firewall (or similar) devices? 7 Confirm that where there is no requirement for a system to have Internet access, a Default Deny policy is in effect and that it has been applied correctly, preventing the system from making connections to the Internet? Policy exists but has not been implemented Policy does not exist What is the name of the policy document? When was the last check performed to verify the policy is being adhered to and who signs off on the checks? For Our outsourced IT company maintains a policy document on our behalf titled Business Firewall Rules which is reviewed and checked at our 3-monthly catch-up meetings with the outsourced IT company. Our Operations Manager signs off on any changes to the policy and he is satisfied that the policy is being adhered to. Whose responsibility is it and when was this checked? Are firewalls ever configured remotely by anyone, and if so what compensating controls are used? For Our outsourced IT company administers our firewalls remotely via SSH which is configured to their IP address only. This was checked by our Operations Manager when the firewalls were installed three months ago. Do you have any machines that require this (i.e. machines you are keeping out of scope)? Are servers ever used to browse the web? For Our development server does not need to connect to the internet and has a Default Deny policy in effect. Our other servers are strictly access controlled and are never used to browse the internet.
6 Please provide any additional evidence to support your assertions above: Secure Configuration Question Answer Comment 8 Have all unnecessary or default user accounts been deleted or disabled? 9 Confirm that all accounts have passwords, and that any default passwords have been changed to strong passwords? 10 Has all unnecessary software, including OS utilities, services and applications, been removed or disabled? How is this administered and whose responsibility is it to check this? What is the process to ensure this is carried out? For Our outsourced IT company adheres to a set image for new computers which includes disabling any default user accounts. Our HR Manager ensures that any accounts belonging to ex-employees are removed within 7 days. How is it ensured that all accounts have strong passwords? Are technical controls in place to enforce complex passwords or is it a paper based policy? For All of our passwords protected systems ask users to set passwords when they first log in and make sure that they meet our minimum strength requirements. Whose role is it to commission a computer and how is it ensured that only approved services and applications have been installed and enabled? Is it part of policy to remove all unnecessary bundled software? For All computers are procured through our outsourced IT company who adhere to a default image which removes
7 11 Has the Auto Run (or similar service) been disabled for all media types and network file shares? 12 Has a host based firewall been installed on all desktop PCs or laptops, and is this configured to block unapproved connections by default? Installed and configured Installed, but not configured t installed any unnecessary software. How was this disabled? For Auto Run and Auto Play have been disabled for all of our computers, and is part of our outsourced IT providers default image for all new computers. How is this checked? For Our outsourced IT providers default image includes preconfigured rton antivirus and firewall which is installed on every PC and laptop. 13 Is a standard build image used to configure new workstations, does this image include the policies and controls and software required to protect the workstation, and is the image kept up to date with corporate policies? 14 Do you have a backup policy in place, and are backups regularly taken to protect against threats such as ransomware? Who created the build image and whose responsibility is it keep it up to date? If a build image is not used are build instructions of build best practice guidelines followed, and what are they? For Example: Our outsourced IT provider providers a default image for all new computers which adhere to all of our security requirements. These requirements are reviewed at 3-monthly meetings with the outsourced IT provider and updated if necessary. Describe your backup process (online, CD, hard drive etc.) and if they are segregated from other systems (i.e. could malware affect them if every other system was compromised?). For Our outsourced IT provider performs and maintains backups of all of our systems every 24 hours. We also have a backup
8 15 Are security and event logs maintained on servers, workstations and laptops? server which mirrors our internal file sharing server, but this is more convenient than robust. Regardless, we are confident that our backups with our outsourced IT providers are sufficiently segregated. Which logs are enabled? For Access logs are maintained for all of our servers in addition to Windows event and error logs for all of our computers. Please provide any additional evidence to support your assertions above:
9 Access Control Question Answer Comment 16 Are user account requests subject to proper justification, provisioning and an approvals process, and assigned to named individuals? 17 Are users required to authenticate with a unique username and strong password before being granted access to computers and applications? 18 Are accounts removed or disabled when no longer required? What is the process for adding a new user account (e.g. for a new employee)? For Our HR Manager makes a request to add a new user account which must be approved by the Operations Manager. This request is then sent to the outsourced IT company who adds the new user account. Are all of your sensitive systems password protected? Have you identified any users that share login accounts? For All of our sensitive systems require users to authenticate before being granted access. We have a strict policy against users sharing login credentials and do not write passwords down. Do you have a procedure for removing unnecessary user accounts and are regular checks carried out to ensure that all unnecessary users have been removed? 19 Are elevated or special access privileges, such as system administrator accounts, restricted to a limited number of Our policy states that all unnecessary user accounts are to be removed within 7 days. Our HR Manager makes a request to remove the account which is approved by the Operations Manager. This request is then sent to the outsourced IT company which removes the account. The HR Manager checks the account is removed and is responsible for maintaining only necessary user accounts. What are the role of these individuals? For
10 authorised individuals? 20 Are special access privileges documented and reviewed regularly (e.g. quarterly)? 21 Are all administrative accounts only permitted to perform administrator activity, with no Internet or external permissions? 22 Does your password policy enforce changing administrator passwords at least every 60 days to a complex password? Elevated access is restricted to only our Operations Manager. All other administrative requests are submitted through the outsourced IT company. When were special access privileges last reviewed, and how are they documented (spreadsheet, database, etc.)? For Our documentation process is straightforward as our Operations Manager is the only member of staff with special access privileges and acts as our liaison with the outsourced IT company. All administrative accounts should be taken into consideration including domain and local computer admins. For Administrative accounts are only used when they are necessary. Administrative accounts are not used for dayto-day activities and instead the user is prompted for administrator credentials when an administrative action must be carried out. How is this policy enforced? Does your policy enforce less or more days between changes? For Our systems require users to set new passwords every 45 days. User passwords are automatically expired at the end of the password period which forces users to create a new password before being able to log in again. Please provide any additional evidence to support your assertions above:
11 Malware Protection Question Answer Comment 23 Please confirm that malware protection software has been installed on at least all computers with an ability to connect outside of the network in Scope? 24 Does corporate policy require all malware protection software to have all engine updates applied, and is this applied rigorously? 25 Have all anti malware signature files been kept up to date (through automatic updates or through centrally managed deployment)? 26 Has malware protection software been configured for on-access scanning, and does this include downloading or opening files, opening folders on removable or remote storage, and web page scanning? 27 Has malware protection software been configured to run regular (at least daily) scans? What malware protection software is used and how is it deployed? For All computers have rton antivirus and firewall installed. This is installed by default through the outsourced IT company s default computer image. It is advised that updates should occur within 90 days. For All of our malware protection software is set to automatically update whenever updates become available. How often is this checked and how is each machine kept up to date? For All of our malware signature files are kept up to date through automatic updates which are applied whenever they become available. Is it possible for users to change this setting? For Our malware protection software package provides complete protection including web page scanning and real-time scanning of downloaded files and removable storage. This configuration can only be changed by an administrator. What scan regime do you follow (full scan, quick scan, etc.)? For Our malware protection software is configured to perform quick scans every 6 hours and a full scan every 24 hours.
12 28 Are users prevented from running executable code or programs from any media to which they also have write access? Other than anti-virus software, are access control measures in place to prevent virus code modifying commonly run executable files? 29 Are users prevented from accessing known malicious web sites by your malware protection software through a blacklisting function? What mechanisms are in place to ensure that if a user clicks on a malicious link, the executable file does not execute? How are these mechanisms achieved? For Whenever a user clicks on a link or file attachment they are prompted that the file may be dangerous and to confirm that they wish to run it. Does your malware protection software do this or have you subscribed to a third party DNS service that filters such sites (if so, include is it called)? For Our malware protection software includes a feature which provides a website check through the malware protection software vendor s database. Please provide any additional evidence to support your assertions above: Patch Management Question Answer Comment 30 Is all software installed on computers and network devices in the Scope licensed and supported? If any software/os/device does not have support available how have you ensured that it is out of scope? For 31 Are all Operating System security patches applied within 14 days of release? All of our software and devices are fully licenced and supported with the exception of some legacy development tools on our out-of-scope firewalled development server. How do you enforce this (i.e. central patch deployment or individual machines set to update automatically)? For
13 32 Are all Application software security patches applied within 14 days of release? 33 Is all legacy or unsupported software isolated, disabled or removed from devices within the Scope? 34 Is a mobile working policy in force that requires mobile devices (including BYOD) to be kept up to date with vendor updates and app patches? All of our individual computers are configured to apply Operating System updates automatically, as soon as they are available. How do you enforce this (i.e. central patch deployment or individual machines set to update automatically)? For All of our individual computers are configured to apply application software updates automatically, as soon as they are available. What is the process used to ensure this happens and to record which software is on which devices? For Any deviations from the standard machine image are recorded by the Operations Manager in a spreadsheet. This spreadsheet (and the contents of the standard image) is reviewed at our 3-monthly meetings with the outsourced IT company to ensure that all software present on our machines is up to scratch. What kind of work is done via mobile devices and are they kept up to date? Do any non-company owned devices connect to the company network or is there a guest partition where they can connect? For
14 We maintain a guest area for guests to connect noncompany owned devices. We also have a number of company owned tablets which are used by workers onsite. These devices are set to automatically install updates when they become available. Please provide any additional evidence to support your assertions above: Approval It is a requirement of the Scheme that a Board level (or equivalent) of the organisation has approved the information given. Please provide evidence of such approval:
Cyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationCyber Essentials. Test Specification
Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8
More informationCyber Essentials PLUS. Common Test Specification
Cyber Essentials PLUS Common Test Specification Page 1 Version Control Version Date Description Released by 1.0 07/08/14 Initial Common Test Specification release SR Smith 1.1 19/08/14 Updated Scope SR
More informationCybersecurity Health Check At A Glance
This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not
More informationCreated By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
More informationActivity 1: Scanning with Windows Defender
Activity 1: Scanning with Windows Defender 1. Click on Start > All Programs > Windows Defender 2. Click on the arrow next to Scan 3. Choose Custom Scan Page 1 4. Choose Scan selected drives and folders
More informationAVeS Cloud Security powered by SYMANTEC TM
Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting
More informationCompliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme
Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme avecto.com Contents Introduction to the scheme 2 Boundary firewalls and internet gateways 3 Secure configuration
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More informationStep-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses
Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationCyber Essentials KAMI VANIEA 2
Cyber Essentials DR. KAMI VANIEA KAMI VANIEA 2 First, the news Office of Personnel Management http://www.usatoday.com/story/news/politics/2015/06/23/op m-hack-senate-archuleta-hearing/29153773/ KAMI VANIEA
More informationTHE EDINBURGH NAPIER UNIVERSITY WINDOWS VIRTUAL PRIVATE NETWORK (VPN) GUIDE FOR MAC USERS
THE EDINBURGH NAPIER UNIVERSITY WINDOWS VIRTUAL PRIVATE NETWORK (VPN) GUIDE FOR MAC USERS INTRODUCTION... 2 WHAT SERVICES CAN I ACCESS USING THE VPN?... 2 WHAT ARE THE REQUIREMENTS OF THE VPN SERVICE?...
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationCyber Essentials Scheme
Cyber Essentials Scheme Assurance Framework January 2015 December 2013 Contents Introduction... 3 Change from June 2014 version... 3 Overview... 4 Stage Definitions... 5 Stage 1 Cyber Essentials: verified
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationComputer and Network Security Policy
Coffeyville Community College Computer and Network Security Policy Created By: Jeremy Robertson Network Administrator Created on: 6/15/2012 Computer and Network Security Page 1 Introduction: The Coffeyville
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More information[BRING YOUR OWN DEVICE POLICY]
2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2
More informationInformation Security Policy
Information Security Policy Last updated By A. Whillance/ Q. North/ T. Hanson On April 2015 This document and other Information Services documents are held online on our website: https://staff.brighton.ac.uk/is
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationMicrosoft Windows Client Security Policy. Version 2.1 POL 033
Microsoft Windows Client Security Policy Version 2.1 POL 033 Ownership Policy Owner: Information Security Manager Revision History Next Review Date: 2 nd April 2015 Approvals This document requires the
More informationHow do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?
Enterprise Computing & Service Management How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac? In order to connect remotely to a PC computer from your Mac, we recommend
More informationMCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationSophos Anti-Virus for Mac OS X Help
Sophos Anti-Virus for Mac OS X Help For networked and standalone Macs running Mac OS X Product version: 9 Document date: June 2013 Sophos TOC 3 Contents About Sophos Anti-Virus...5 About the Scans window...5
More informationInternet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM
Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating
More informationNessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)
Nessus Enterprise Cloud User Guide October 2, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Enterprise Cloud... 3 Subscription and Activation... 3 Multi Scanner Support... 4 Customer Scanning
More informationCPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS
CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationGuidelines for E-mail Account Management and Effective E-mail Usage
Guidelines for E-mail Account Management and Effective E-mail Usage October 2014 Version 1.0 Department of Electronics and Information Technology Ministry of Communications and Information Technology Government
More informationSECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)
WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term
More informationUser Guide. Cloud Gateway Software Device
User Guide Cloud Gateway Software Device This document is designed to provide information about the first time configuration and administrator use of the Cloud Gateway (web filtering device software).
More informationA Guide to New Features in Propalms OneGate 4.0
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
More informationAvoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data
Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer
More informationHow do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?
How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac? In order to connect remotely to a PC computer from your Mac, we recommend the MS Remote Desktop for Mac client.
More informationUS companies experience and attitudes towards security threats
US companies experience and attitudes towards security threats Q u a n t i t a t i v e s u r v e y w i t h i n L a r g e a n d M e d i u m c o m p a n i e s i n t h e U S A Objectives Determine the existing
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationIBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security
IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security INTC-8608-01 CE 12-2010 Page 1 of 8 Table of Contents 1. Scope of Services...3 2. Definitions...3
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationAvoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data
Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer
More informationUser Guide. Version R91. English
AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from
More informationCase 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A
Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879 Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 2 of 116 PageID: 4880 Payment Card Industry (PCI)
More informationSANS Institute First Five Quick Wins
#1 QUICK WIN- APPLICATION WHITELISTING SANS Critical Controls: #2: Inventory of Authorized and Unauthorized Software 1) Deploy application whitelisting technology that allows systems to run software only
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationAccessing the Media General SSL VPN
Launching Applications and Mapping Drives Remote Desktop Outlook Launching Web Applications Full Access VPN Note: To access the Media General VPN, anti-virus software must be installed and running on your
More informationIIS, FTP Server and Windows
IIS, FTP Server and Windows The Objective: To setup, configure and test FTP server. Requirement: Any version of the Windows 2000 Server. FTP Windows s component. Internet Information Services, IIS. Steps:
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationSETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.
SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR. 1. Setting up your network to allow incoming connections on ports used by Eyemax system. Default ports used by Eyemax system are: range of ports 9091~9115
More informationNETWORK AND INTERNET SECURITY POLICY STATEMENT
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationMicrosoft Baseline Security Analyzer (MBSA)
Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA) is a software tool released by Microsoft to determine security state by assessing missing security updates and lesssecure
More informationAccessing TP SSL VPN
Accessing TP SSL VPN This guide describes the steps to install, connect and disconnect the SSL VPN for remote access to TP intranet systems using personal notebooks. A. Installing the SSL VPN client Junos
More informationCitrix Systems, Inc.
Citrix Password Manager Quick Deployment Guide Install and Use Password Manager on Presentation Server in Under Two Hours Citrix Systems, Inc. Notice The information in this publication is subject to change
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
More information1. Installation Overview
Quick Install Guide 1. Installation Overview Thank you for selecting Bitdefender Business Solutions to protect your business. This document enables you to quickly get started with the installation of Bitdefender
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationEMR Link Server Interface Installation
EMR Link Server Interface Installation Version 1.0 ** INTRODUCTION ** If you would like assistance with installation, please contact our preferred support provider at support@bonecomputer.com, or call
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationImplementation Guide
Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationNetwork and Workstation Acceptable Use Policy
CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of
More informationNessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)
Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Perimeter Service... 3 Subscription and Activation... 3 Multi Scanner Support...
More informationMobile Device Management Version 8. Last updated: 17-10-14
Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names
More informationHost/Platform Security. Module 11
Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic
More informationBusiness ebanking Fraud Prevention Best Practices
Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationOn-Site Computer Solutions values these technologies as part of an overall security plan:
Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and
More informationCopyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com
Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationNETWORK SECURITY GUIDELINES
NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus
More informationCox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]
Cox Managed CPE Services RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft] September, 2015 2015 by Cox Communications. All rights reserved. No part of this document may be reproduced or transmitted
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationConsensus Policy Resource Community. Lab Security Policy
Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationTHE OPEN UNIVERSITY OF TANZANIA
THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather
More informationSophos Anti-Virus standalone startup guide. For Windows and Mac OS X
Sophos Anti-Virus standalone startup guide For Windows and Mac OS X Document date: June 2007 Contents 1 What you need for installation...4 2 Installing Sophos Anti-Virus for Windows...5 3 Installing Sophos
More informationGeorgia Institute of Technology Data Protection Safeguards Version: 2.0
Data Protection Safeguards Page 1 Georgia Institute of Technology Data Protection Safeguards Version: 2.0 Purpose: The purpose of the Data Protection Safeguards is to provide guidelines for the appropriate
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationUse of The Information Services Active Directory Service (AD) Code of Practice
Use of The Information Services Active Directory Service (AD) Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be
More informationDeploying BitDefender Client Security and BitDefender Windows Server Solutions
Deploying BitDefender Client Security and BitDefender Windows Server Solutions Quick Install Guide Copyright 2011 BitDefender 1. Installation Overview Thank you for selecting BitDefender Business Solutions
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationLessons Learned CIP Reliability Standards
Evidence for a requirement was not usable due to a lack of identifying information on the document. An entity should set and enforce a "quality of evidence" standard for its compliance documentation. A
More informationDiamondStream Data Security Policy Summary
DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationManaging Remote Access
VMWARE TECHNICAL NOTE VMware ACE Managing Remote Access This technical note explains how to use VMware ACE to manage remote access through VPN to a corporate network. This document contains the following
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More information