Policy-based Audit of Security Configuration. April 24-25, Berlin Serena Ponta, Henrik Plate (SAP)
|
|
- Philippa Aleesha Francis
- 8 years ago
- Views:
Transcription
1 Policy-based Audit of Security Configuration Cyber Security & Privacy EU Forum 2012 Cyber Security & Privacy EU Forum 2012 April 24-25, Berlin Serena Ponta, Henrik Plate (SAP)
2 Audit objective Gain assurance that an organization s control framework meets and met defined security objectives Requirement Policy Objectives Design Effectiveness Abstract Config Control Design Concrete Config Control Implement. Operating Effectiveness 2
3 Design Effectiveness Check that controls are properly designed Requirement Policy Leverage models present in central repository & ontology accessible to internals & externals (restricted to audit scope) current and past versions build audit program Audit Scope Abstract Config Concrete Config Explore system & security models Show IT security policies linked to CC Data! Show IT security policies linked to the inbound interface for CC data! Query models to check coverage Is CC data sent over communication channels w/o being protected by a policy for confidentiality? 3
4 Operating Effectiveness Check that controls work as designed Compliance Assessment Checklists/checks reflect policy chain Check known targets XML Checklists and Checks to describe (un)desired configurations Vulnerability Assessment Checklists/checks provided by externals, e.g., vendors, researchers and initiatives such as OWASP Check every potentially affected target Repository &Processor CMDB Auditee 4
5 Compliance Assessment Checklist structure follows policy chain build automatically, starting from model elements references checks for all relevant targets draft audit program given to auditors and reimported AuthC Policy AuthZ Policy AC Requirement Abstract Config Checklist Access Control Req. for Business Service einvoice AuthZ for Webapp einvoice Check 1: Rev-proxy on Apache server (IP-add1) Check 2: Realm on Tomcat (IP-add2) Check 3: web.xml of Webapp einvoice (IP-add2) AuthCfor einvoice Concrete Config Check 4 on target1 Check 5 on target2 5
6 Compliance Assessment AuthC Policy AC Requirement AuthZ Policy Assessment of configuration discrepancies Discrepancy security issue Judge by looking up in the policy chain Reflect analysis and result in fulfillment state of upper-layer concepts Pi Prioritization iti by means of weights and CCSS Remediation Redeployment of golden configuration Acceptance Re-design 6
7 Vulnerability Assessment Standardized representation of security knowledge Fosters collaboration and communication Allows exchange of security content Created independently from particular env. Fastens detection of vulnerabilities at increased precision and coverage Extended OVAL checks Conditions over software properties, software relationships, and configuration Relate targets t in distributed ib t d environments From OS-centric checks to Web apps & services Abstract from configuration retrieval Best-Practice Check (SANS) A Web app is securely configured if Deployed in a Servlet container supporting the Servlet spec = 3.0, HttpOnly flag is enabled in deployment descriptor 7
8 Vulnerability Assessment Examples & Screenshot Vulnerability check (CVE ) Tomcat vulnerability exploitable if Version < , AND APJ connector class Y used, AND Apache reverse proxy and Tomcat do not use a share password Best-Practice Check (SANS) A Web app is securely configured if Deployed in a Servlet container supporting the Servlet spec = 3.0, HttpOnly flag is enabled in deployment descriptor 8
9 Take-aways Get involved Work with us to experiment With our automatic generator of (optimized) configuration for network security controls, based on a description of your network and its policies i With tools for audit and configuration assessment based on public standards Get early access to project results (and influence them) Get information Download documents and scientific papers from Contact the speakers 9
10 Get more information PoSecCo website: Public documents related to audit D4.1 Standardized Audit Interfaces D4.4 Concept and architecture for automated model creation, population, maintenance and audit D4.5 Final version of a configuration validation language Contacts Dr. Serena Ponta (SAP) serena.ponta@sap.com Henrik Plate (SAP) henrik.plate@sap.com 10
11 THANK YOU!
12 Disclaimer EU Disclaimer PoSecCo project (project no ) is partially supported/co-funded by the European Community/ European Union/EU under the Information and Communication Technologies (ICT) theme of the 7th Framework Programme for R&D (FP7). This document does not represent the opinion of the European Community, and the European Community is not responsible for any use that might be made of its content. PoSecCo Disclaimer The information in this document is provided "as is", and no guarantee or warranty is given that the information is fit for any particular purpose. The above referenced consortium members shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials subject to any liability which h is mandatory due to applicable law. 12
13
Service Manager and the Heartbleed Vulnerability (CVE-2014-0160)
Service Manager and the Heartbleed Vulnerability (CVE-2014-0160) Revision 1.0 As of: April 15, 2014 Table of Contents Situation Overview 2 Clarification on the vulnerability applicability 2 Recommended
More informationSecurity Content Automation Protocol for Governance, Risk, Compliance, and Audit
UNCLASSIFIED Security Content Automation Protocol for Governance, Risk, Compliance, and Audit presented by: Tim Grance The National Institute of Standards and Technology UNCLASSIFIED Agenda NIST s IT Security
More informationEnterprise Identity Management Reference Architecture
Enterprise Identity Management Reference Architecture Umut Ceyhan Principal Sales Consultant, IDM SEE Agenda Introduction Virtualization Access Management Provisioning Demo Architecture
More informationTomcat 5 New Features
Tomcat 5 New Features ApacheCon US 2003 Session MO10 11/17/2003 16:00-17:00 Craig R. McClanahan Senior Staff Engineer Sun Microsystems, Inc. Slides: http://www.apache.org/~craigmcc/ Agenda Introduction
More informationHow To Use A Policy Auditor 6.2.2 (Macafee) To Check For Security Issues
Vendor Provided Validation Details - McAfee Policy Auditor 6.2 The following text was provided by the vendor during testing to describe how the product implements the specific capabilities. Statement of
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationOnline Compliance Monitoring of Service Landscapes
Online Compliance Monitoring of Service Landscapes J.M.E.M. van der Werf 1 and H.M.W. Verbeek 2 1 Department of Information and Computing Science, Utrecht University, The Netherlands J.M.E.M.vanderWerf@UU.nl
More informationEXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger January 2015 by Martin Kuppinger mk@kuppingercole.com January 2015 Content 1 Introduction... 3 2 Product Description... 4 3 Strengths and Challenges...
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationPortal Factory 1.0 - CMIS Connector Module documentation
DOCUMENTATION Portal Factory 1.0 - CMIS Connector Module documentation Rooted in Open Source CMS, Jahia s Digital Industrialization paradigm is about streamlining Enterprise digital projects across channels
More informationD3.3.1: Sematic tagging and open data publication tools
COMPETITIVINESS AND INNOVATION FRAMEWORK PROGRAMME CIP-ICT-PSP-2013-7 Pilot Type B WP3 Service platform integration and deployment in cloud infrastructure D3.3.1: Sematic tagging and open data publication
More informationEnter Here --->> Directory Submitter Software For One > Get it Here <
Linux web server directory structure, apache web server deployment directory, tomcat web xml page encoding. Enter Here --->> Directory Submitter Software For One > Get it Here < TAGS: Active directory
More informationHow To Configure The Jasig Casa Single Sign On On A Workstation On Ahtml.Org On A Server On A Microsoft Server On An Ubuntu 7.5.3 (Windows) On A Linux Computer On A Raspberry V
Configuring CAS-based SSO with ActiveVOS on Apache Tomcat Technical Note Version: 1.3 Dated: August 2013 2013 Informatica Corporation ActiveVOS is a trademark of Informatica, Inc. All other company and
More informationCitrix XenApp Manager 1.0. Administrator s Guide. For Windows 8/RT. Published 10 December 2012. Edition 1.0.1
Citrix XenApp Manager 1.0 For Windows 8/RT Administrator s Guide Published 10 December 2012 Edition 1.0.1 Citrix XenApp Manager for Windows 8/RT Administrator s Guide Copyright 2012 Citrix Systems. Inc.
More informationBMC Client Management - SCAP Implementation Statement. Version 12.0
BMC Client Management - SCAP Implementation Statement Version 12.0 BMC Client Management - SCAP Implementation Statement TOC 3 Contents SCAP Implementation Statement... 4 4 BMC Client Management - SCAP
More informationFor each requirement, the Bidder should indicate which level of support pertains to the requirement by entering 1, 2, or 3 in the appropriate box.
Annex Functional Requirements for: The integrated reconciliation system of Back-Office and Cash Accounts operations: Instructions: The Required or Desired column represents whether a feature is a business
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationSoftware Architecture Document
Software Architecture Document Project Management Cell 1.0 1 of 16 Abstract: This is a software architecture document for Project Management(PM ) cell. It identifies and explains important architectural
More informationSecurity for all: network-based protection for personal devices
Security for all: network-based protection for personal devices Antonio Lioy Politecnico di Torino < lioy @ polito.it > Cybersecurity & Privacy Innovation Forum 2015 Brussels, 28/4/2015 Why SECURity at
More informationSAP Business Intelligence Suite Patch 10.x Update Guide
SAP BusinessObjects Business Intelligence Suite Document Version: 4.0 Support Package 10-2014-07-25 SAP Business Intelligence Suite Patch 10.x Update Guide Table of Contents 1 Introduction.... 3 1.1 About
More informationBAPI. Business Application Programming Interface. Compiled by Y R Nagesh 1
BAPI Business Application Programming Interface Compiled by Y R Nagesh 1 What is BAPI A Business Application Programming Interface is a precisely defined interface providing access process and data in
More informationHow To Manage A Privileged Account Management
Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least
More informationInformation Not Collected and Retained
Information Not Collected and Retained For the purposes of this statement "personally identifiable information" means any information relating to an identified or identifiable individual who is the subject
More informationKonaKart Portlet Installation for Liferay. 6 th February 2015. DS Data Systems (UK) Ltd., 9 Little Meadow Loughton, Milton Keynes Bucks MK5 8EH UK
KonaKart Portlet Installation for Liferay 6 th February 2015 DS Data Systems (UK) Ltd., 9 Little Meadow Loughton, Milton Keynes Bucks MK5 8EH UK KonaKart Portlets Portlets can be created for both the store-front
More informationThe Requirements Compliance Matrix columns are defined as follows:
1 DETAILED REQUIREMENTS AND REQUIREMENTS COMPLIANCE The following s Compliance Matrices present the detailed requirements for the P&I System. Completion of all matrices is required; proposals submitted
More informationBootstrapping "softwarised" infrastructure trust: from SDN towards NFV
Bootstrapping "softwarised" infrastructure trust: from towards NFV Ludovic Jacquin Hewlett-Packard Laboratories < ludovic.jacquin@hp.com > Cybersecurity & Privacy Innovation Forum 2015 Brussels, 28/4/2015
More informationPCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com
PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in
More informationBES10 Cloud architecture and data flows
BES10 Cloud architecture and data flows Architecture: BES10 Cloud solution Component APNs BlackBerry Cloud Connector BES10 Cloud BlackBerry Infrastructure Company directory Devices GCM Other third-party
More informationPromotion Model. CVS SUITE QUICK GUIDE 2009 Build 3701 February 2010. March Hare Software Ltd
CVS SUITE QUICK GUIDE 2009 Build 3701 February 2010 March Hare Software Ltd Legal Notices Legal Notices There are various product or company names used herein that are the trademarks, service marks, or
More informationAbout Contract Management
Contract Management System Architecture Data Sheet June 2015 About Contract Management Oracle Primavera Contract Management is a multi-user, multi-project Web-based application that manages all aspects
More informationSecurity Advisory Relating to OpenSSL Vulnerability Heartbleed on Various Polycom Products
SECURITY BULLETIN CVE-2014-0160 Version 1.12 Security Advisory Relating to OpenSSL Vulnerability Heartbleed on Various Polycom Products DATE PUBLISHED: This information applies to all Polycom products
More informationManaging Open Source Code Best Practices
Managing Open Source Code Best Practices September 24, 2008 Agenda Welcome and Introduction Eran Strod Open Source Best Practices Hal Hearst Questions & Answers Next Steps About Black Duck Software Accelerate
More informationSecurity Advisory Relating to OpenSSL Vulnerability Heartbleed on Various Polycom Products
SECURITY BULLETIN CVE-2014-0160 Version 1.7 Security Advisory Relating to OpenSSL Vulnerability Heartbleed on Various Polycom Products DATE PUBLISHED: This information applies to all Polycom products using
More informationOverview of F5 Networks. Fatih Bilger Senior Systems Engineer, Prolink. fatih.bilger@prolink.com.tr
Overview of F5 Networks Fatih Bilger Senior Systems Engineer, Prolink fatih.bilger@prolink.com.tr Company Snapshot Leading provider of Application Delivery Networking products that optimize the security,
More informationCA Change Manager Enterprise Workbench r12
CA Change Manager Enterprise Workbench r12 Database Support for Microsoft SQL Server 2008 This documentation and any related computer software help programs (hereinafter referred to as the "Documentation")
More informationRelease Notes Oracle VueLink 19.3.2 for Documentum Interface for Oracle AutoVue, Client/Server Deployment Oracle Corporation
Release Notes Oracle VueLink 19.3.2 for Documentum Interface for Oracle AutoVue, Client/Server Deployment Oracle Corporation Introduction Oracle VueLink 19.3.2 for Documentum provides an interface between
More informationIs Penetration Testing recommended for Industrial Control Systems?
Is Penetration Testing recommended for Industrial Control Systems? By Ngai Chee Ban, CISSP, Honeywell Process Solutions, Asia Pacific Cyber Security Assessment for Industrial Automation Conducting a cyber-security
More informationHow to Audit the Top Ten E-Business Suite Security Risks
In-Source Your IT Audit Series How to Audit the Top Ten E-Business Suite Security Risks February 28, 2012 Jeffrey T. Hare, CPA CISA CIA Industry Analyst, Author, Consultant ERP Risk Advisors Stephen Kost
More informationSecurity FAQs (Frequently Asked Questions) for Xerox Remote Print Services
Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services February 30, 2012 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation
More informationApplying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains (DRAFT)
NIST Interagency Report 7800 (Draft) Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains (DRAFT) David Waltermire, Adam Halbardier,
More informationSecuring a Web Service
1 Securing a Web Service HTTP Basic Authentication and HTTPS/SSL Authentication and Encryption - Read Chaper 32 of the J2EE Tutorial - protected session, described later in this chapter, which ensur content
More information8 Key Requirements of an IT Governance, Risk and Compliance Solution
8 Key Requirements of an IT Governance, Risk and Compliance Solution White Paper: IT Compliance 8 Key Requirements of an IT Governance, Risk and Compliance Solution Contents Introduction............................................................................................
More informationWeb Application Security
About SensePost SensePost is an independent and objective organisation specialising in information security consulting, training, security assessment services and IT Vulnerability Management. SensePost
More informationTECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS
TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS Technical audits in accordance with Regulation 211/2011 of the European Union and according to Executional Regulation 1179/2011 of the
More informationWorkshop for WebLogic introduces new tools in support of Java EE 5.0 standards. The support for Java EE5 includes the following technologies:
Oracle Workshop for WebLogic 10g R3 Hands on Labs Workshop for WebLogic extends Eclipse and Web Tools Platform for development of Web Services, Java, JavaEE, Object Relational Mapping, Spring, Beehive,
More informationCONQUERING COMPLIANCE ISSUES WITH RHN SATELLITE AND TENABLE NESSUS SECURITY
CONQUERING COMPLIANCE ISSUES WITH RHN SATELLITE AND TENABLE NESSUS SECURITY Akash Chandrashekar - Solution Architect, Red Hat Renaud Deraison - Tenable Network Security, Inc. / Nessus.org Compliance Issues
More informationhttp://support.oracle.com/
Contract Management System Architecture Data Sheet October 2012 Legal Notices Copyright 1997, 2012, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle
More informationMinimum Hardware Configurations for EMC Documentum Archive Services for SAP Practical Sizing Guide
Minimum Hardware Configurations for EMC Documentum Archive Services for SAP Practical Sizing Guide Abstract The sizing of hardware in a deployment of EMC Document Archive Services for SAP is determined
More informationSecuring your Apache Tomcat installation. Tim Funk November 2009
Securing your Apache Tomcat installation Tim Funk November 2009 Who am I? Tomcat committer for over 7 years Day job: programmer at Armstrong World Industries. Why? function search() { var q = document.search.q.value.split(/\w+/);
More informationOffice of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,
More informationAutomation of Credit Card Processing in SAP. Martha Confessore and Narayan Narsinghani
Automation of Credit Card Processing in SAP Martha Confessore and Narayan Narsinghani Introduction Speakers Martha Confessore Wurth USA Director IT at Wurth USA An accomplished IT leader with more than
More informationTeam Collaboration, Version Management, Audit Trails
Team Collaboration, Version Management, Audit Trails Best Practices for Successful Project Delivery with VoiceObjects May 2008 www.voiceobjects.com 2 Team Collaboration, Version Management, Audit Trails
More informationSecurity Automation in Agile SDLC Real World Cases
Security Automation in Agile SDLC Real World Cases Ofer Maor Director of Security Strategy, Synopsys AppSec California, January 2016 Speaker Security Strategy at Synopsys Founder of Seeker / Pioneer of
More informationSUSE Linux Enterprise 12 Security Certifications
SUSE Linux Enterprise 12 Security Certifications Common Criteria, FIPS, PCI DSS, DISA STIG,... What's All This About? Thomas Biege Team Lead Maintenance/Security thomas@suse.com 2 Evaluation Validation
More informationData Center Automation with YADT
Data Center Automation with YADT Berlin 23.05.2013 Schlomo Schapiro Systems Architect, Open Source Evangelist License: http://creativecommons.org/licenses/by-nc-nd/3.0/ www.immobilienscout24.de >2 billion
More informationThe Security Development Lifecycle at SAP How SAP Builds Security into Software Products
SAP Security Concepts and Implementation The Security Development Lifecycle at SAP How SAP Builds Security into Software Products Table of Contents 4 Integrating Security Right from the Start 4 Establishing
More informationProduct comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2
Product comparison GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2 General features GFI LanGuard 2014 Microsoft WSUS 3.0 SP2 Scheduled scans Agent-less r Agent-based Integration
More informationCALIBRATION DATA MANAGEMENT: MEETING THE REPORTING REQUIREMENTS OF ISO/IEC FDIS 17025.
CALIBRATION DATA MANAGEMENT: MEETING THE REPORTING REQUIREMENTS OF ISO/IEC FDIS 17025. Nicholas Mason Metrology Software Project Manager Calibration Group, Fluke Corporation 6920 Seaway Blvd. Everett,
More informationSecurity Intelligence Solutions
Security Intelligence Solutions Know what is going on inside your enterprise with QRadar Joseph Skocich, WW Sales Integration Executive Q1 Labs, an IBM Company June 2012 jskocich@us.ibm.com What is Security
More informationCA Clarity Project & Portfolio Manager
CA Clarity Project & Portfolio Manager Connector for CA Unicenter Service Desk & CA Software Change Manager for Distributed Product Guide v2.0.00 This documentation, which includes embedded help systems
More informationIBM WebSphere Application Server
IBM WebSphere Application Server Multihomed hosting 2011 IBM Corporation Multihoming allows you to have a single application communicate with different user agent clients and user agent servers on different
More informationSAP NetWeaver MDM Business Content
SAP NetWeaver MDM Business Content What s In It For You? SAP NetWeaver MDM Solution Management August 2010 Business Content for SAP NetWeaver MDM Introduction The Issue Organizational intricacies are always
More informationSecurity Advisory Relating to Multiple OpenSSL Vulnerabilities on Various Polycom Products.
SECURITY BULLETIN - Multiple CVEs Relating to OpenSSL Bulletin Version 1.2 Security Advisory Relating to Multiple OpenSSL Vulnerabilities on Various Polycom Products. DATE PUBLISHED: This information applies
More informationThe TIPS project is supported by the European Commission through the Seventh Framework Programme for Research and Technological Development /
FP7 Requirements for your Project's Exploitation Plan Ulrich BOES URSIT Ltd., Bulgaria Outline Goal of the presentation Summarise the exploitation requirements of FP7 Outline Definitions Official documents
More informationMeasurably reducing risk through collaboration, consensus & practical security management. 2013 CIS Security Benchmarks 1
Measurably reducing risk through collaboration, consensus & practical security management 2013 CIS Security Benchmarks 1 Background City University of New York s Rights and Benefits as a CIS Security Benchmarks
More informationTechnical Note: Setting Up Authorized Reference GL Account IDs for Use when Posting AP Invoices
Article # 1224 Technical Note: Setting Up Authorized Reference GL Account IDs for Use when Posting AP Invoices Difficulty Level: Beginner Level AccountMate User Version(s) Affected: AccountMate 7 for SQL
More informationIBM Rational AppScan: enhancing Web application security and regulatory compliance.
Strategic protection for Web applications To support your business objectives IBM Rational AppScan: enhancing Web application security and regulatory compliance. Are untested Web applications putting your
More informationPENTEST. Pentest Services. VoIP & Web. www.novacybersecurity.com
PENTEST VoIP & Web Pentest Services VoIP & WEB Penetration Testing The Experinced and National VoIP/Unified Communications R&D organization, NETAŞ NOVA Pentest Services test the applications, infrastructure
More informationStrategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP
Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP Principal Systems Engineer Symantec LAMC Agenda 1 What DLP is and its purpose 2 Challenges
More informationEMC Documentum Content Services for SAP Repository Manager
EMC Documentum Content Services for SAP Repository Manager Version 6.0 Installation Guide P/N 300 005 500 Rev A01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748 9103 1 508 435 1000 www.emc.com
More informationIBM Innovate 2011. AppScan: Introducin g Security, a first. Bobby Walters Consultant, ATSC bwalters@atsc.com Application Security & Compliance
IBM Innovate 2011 Bobby Walters Consultant, ATSC bwalters@atsc.com Application Security & Compliance AppScan: Introducin g Security, a first June 5 9 Orlando, Florida Agenda Defining Application Security
More informationSSO Plugin. Integration for Jasper Server. J System Solutions. http://www.javasystemsolutions.com Version 3.6
SSO Plugin Integration for Jasper Server J System Solutions Version 3.6 JSS SSO Plugin Integration with Jasper Server Introduction... 3 Jasper Server user administration... 4 Configuring SSO Plugin...
More informationWorkflow und Identity Management - Genehmigungsprozesse, Role Mining, Role Design und Compliance Management
Workflow und Identity Management - Genehmigungsprozesse, Role Mining, Role Design und Compliance Management Stefan Stiehl Senior Technology Sales Specialist Identity Security Management sstiehl@novell.com
More informationService OnBoarding: A Process Approach for Uniting ITIL and DevOps. Bill Cunningham
Service OnBoarding: A Process Approach for Uniting ITIL and DevOps Bill Cunningham Service OnBoarding A Process Approach for Uniting ITIL and DevOps through Standardized Non- Functional Requirements DevOps:
More informationUPGRADING TO XI 3.1 SP6 AND SINGLE SIGN ON. Chad Watson Sr. Business Intelligence Developer
UPGRADING TO XI 3.1 SP6 AND SINGLE SIGN ON Chad Watson Sr. Business Intelligence Developer UPGRADING TO XI 3.1 SP6 What Business Objects Administrators should consider before installing a Service Pack.
More informationRSA Security Analytics Security Analytics System Overview
RSA Security Analytics Security Analytics System Overview Copyright 2010-2015 RSA, the Security Division of EMC. All rights reserved. Trademarks RSA, the RSA Logo and EMC are either registered trademarks
More informationCrawl Proxy Installation and Configuration Guide
Crawl Proxy Installation and Configuration Guide Google Enterprise EMEA Google Search Appliance is able to natively crawl secure content coming from multiple sources using for instance the following main
More informationGuidance for Data Users on the Collection and Use of Personal Data through the Internet 1
Guidance for Data Users on the Collection and Use of Personal Data through the Internet Introduction Operating online businesses or services, whether by commercial enterprises, non-government organisations
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationConnecting Custom Services to the YAWL Engine. Beta 7 Release
Connecting Custom Services to the YAWL Engine Beta 7 Release Document Control Date Author Version Change 25 Feb 2005 Marlon Dumas, 0.1 Initial Draft Tore Fjellheim, Lachlan Aldred 3 March 2006 Lachlan
More informationFSC130 SAP Bank Communication Management
SAP Bank Communication Management SAP ERP - Financials Course Version: 97 Course Duration: 2 Day(s) Publication Date: 2014 Publication Time: Copyright Copyright 2014 SAP AG. All rights reserved. No part
More informationAgio Remote Monitoring and Management
Remote Monitoring and Management s Remote Monitoring & Management is a 24x7x365 service in which we proactively manage your infrastructure and IT environment to make sure it s in a healthy state and stays
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationCyber Security RFP Template
About this document This RFP template was created to help IT security personnel make an informed decision when choosing a cyber security solution. In this template you will find categories for initial
More informationPenetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015
For the Financial Industry in Singapore 31 July 2015 TABLE OF CONTENT 1. EXECUTIVE SUMMARY 3 2. INTRODUCTION 4 2.1 Audience 4 2.2 Purpose and Scope 4 2.3 Definitions 4 3. REQUIREMENTS 6 3.1 Overview 6
More informationUnderstanding changes to the Trust Services Principles for SOC 2 reporting
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding changes to the Trust Services Principles for SOC 2 reporting
More informationPEOPLESOFT MOBILE INVENTORY MANAGEMENT FOR THE HEALTHCARE INDUSTRY
PEOPLESOFT MOBILE INVENTORY MANAGEMENT FOR THE HEALTHCARE INDUSTRY PeopleSoft Mobile Inventory Management Applications enables automated mobile user operations. Users perform tasks using handheld Windowsenabled
More informationSeven Practical Steps to Delivering More Secure Software. January 2011
Seven Practical Steps to Delivering More Secure Software January 2011 Table of Contents Actions You Can Take Today 3 Delivering More Secure Code: The Seven Steps 4 Step 1: Quick Evaluation and Plan 5 Step
More informationCombining SAWSDL, OWL DL and UDDI for Semantically Enhanced Web Service Discovery
Combining SAWSDL, OWL DL and UDDI for Semantically Enhanced Web Service Discovery Dimitrios Kourtesis, Iraklis Paraskakis SEERC South East European Research Centre, Greece Research centre of the University
More informationeeye Digital Security Product Training
eeye Digital Security Product Training Retina CS for System Administration (4MD) This hands-on instructor led course provides security system administration/analysts with the skills and knowledge necessary
More informationWebNow Single Sign-On Solutions
WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationUser Guide for Paros v2.x
Table of Contents 1 Introduction...1 1.1 Paros Overview...1 1.2 History...1 2 Copyright...2 3 Installation...3 4 Configuration...4 5 Functions...6 5.1 Spider...6 5.2 Scanner...6 5.3 Filter...7 5.4 Trapping
More informationIntegrating your Maven Build and Tomcat Deployment
Integrating your Maven Build and Tomcat Deployment Maven Publishing Plugin for Tcat Server MuleSource and the MuleSource logo are trademarks of MuleSource Inc. in the United States and/or other countries.
More informationIdentity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities
Identity and Access Management Integration with PowerBroker Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 4 BeyondTrust
More informationInstant Messaging Nokia N76-1
Instant Messaging Nokia N76-1 NO WARRANTY The third-party applications provided with your device may have been created and may be owned by persons or entities not affiliated with or related to Nokia. Nokia
More informationThreat Modeling. A workshop on how to create threat models by creating a hands-on example
Threat Modeling A workshop on how to create threat models by creating a hands-on example Introduction 2 Introduction 3 Part 1: Application- Layer Attacks A brief primer on some web application attacks
More informationORACLE CRM ON DEMAND DEVELOPMENT ADDENDUM TO THE ORACLE PARTNERNETWORK AGREEMENT
ORACLE CRM ON DEMAND DEVELOPMENT ADDENDUM TO THE ORACLE PARTNERNETWORK AGREEMENT This Oracle CRM On Demand Development Addendum (the " CRM On Demand Addendum ") is between you ( Developer ) and the Oracle
More informationPatch Management Reference
www.novell.com/documentation Patch Management Reference ZENworks 11 SP4 November 2015 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,
More information