FIBERLINK. Best practices for successfully deploying and managing data encryption on laptops. Delivering Mobility as a Service
|
|
- Vanessa Kennedy
- 8 years ago
- Views:
Transcription
1 FIBERLINK DATA ENCRYPTION IS HARD TO DO Best practices for successfully deploying and managing data encryption on laptops Delivering Mobility as a Service
2 Contents DATA ENCRYPTION IS HARD TO DO...1 The GAO Report on Federal Agency Encryption Efforts...1 What Can Be Done?...2 BEST PRACTICES FOR DEPLOYING DATA ENCRYPTION...3 Determining the Objectives and Selecting the Technology...3 Planning the Project and Designing the Solution...5 Preparing and Configuring the Software...7 Rolling out the Data Encryption Solution...8 A MANAGEMENT AND REPORTING PLATFORM FOR DATA ENCRYPTION...9 Status and Activation Reports...9 Policy Enforcement and Remediation...10 More on Mobility Management Platforms...11 Delivering Mobility as a Service ii
3 Data Encryption is Hard To Do Data encryption has become a "must-have" technology for businesses, government agencies, healthcare organizations, and other enterprises. Magazines and web sites are filled with news stories about stolen laptops containing thousands, or even millions, of confidential records (Figure 1). Every organization must assume that a certain number of laptops will be lost each year. And data encryption is the best available technology to prevent the loss of confidential data when laptops and mobile devices are lost or stolen. But to paraphrase the old song: "Data Encryption is hard to do." First, it can be difficult to deploy successfully. Second, even when it is appears to have been deployed successfully, many organizations lack the management tools to ensure that the encryption solution is in fact functioning properly. Figure 1: Headlines about stolen and lost laptops The lack of management tools is important not only from the point of view of maintaining good security, but also because organizations could potentially fail audits if they cannot prove that their data encryption solution is performing as planned THE GAO REPORT ON FEDERAL AGENCY ENCRYPTION EFFORTS The challenges of deploying and managing data encryption on remote devices are illustrated in a recent report from the United States Government Accountability Office titled "Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, But Work Remains." (Figure 2) The GAO auditors found that despite directives dating back to 2006 to deploy data encryption only 30% of data was actually encrypted: " the major agencies collectively reported that they had not yet installed encryption technology...on about 70 percent of their laptop computers and handheld devices." A second finding was noted by Computerworld's Frank Hayes: "...The GAO also found that, in many cases, even the devices believed to be encrypted had problems. Sometimes the encryption wasn't actually installed. Or it wasn't configured correctly. Or it hadn't been turned on." Figure 2: The GAO report on encryption efforts by US federal agencies Two examples of this type of finding are quoted in Figure 3. 1 The GAO report is available at: See also: 2 Frank Hayes, Frankly Speaking: Encrypting end user data is tough to do, Computerworld, August 4, See also: Delivering Mobility as a Service 1
4 "At the National Aeronautics and Space Administration (NASA) location we tested, we confirmed that the agency's selected FIPS-compliant encryption software had been installed on 27 of 29 laptop computers. Although the agency asserted that it had installed it on all 29 laptops, officials explained that they did not have a mechanism to detect whether the encryption product was successfully installed and functioning." (page 30) "...a component of the Department of Agriculture had not effectively monitored the effectiveness and continued functioning of encryption products on 5 of the 52 laptop computers that we examined. Agency officials were unaware that the drives of these devices had not been correctly encrypted and the agency had no mechanism in place to monitor whether the installed product was functioning properly." (page 31) Figure 3: From the GAO report: "no mechanism in place to monitor...the installed product" Evidently even rocket scientists can be challenged by information security. And unfortunately, while 93% and 90% compliance might be satisfactory in some situations, GAO and other auditors are not likely to be happy with a 7%-10% failure rate on systems that management thought were already protected (not to mention the 70% of systems that were known not to be encrypted yet). WHAT CAN BE DONE? The GAO report provides ample evidence that data encryption is not easy to deploy or manage, even for highly motivated organizations. However, there are: Best practices that can significantly improve the success rate for rolling out data encryption technology. Management tools that can give administrators visibility into encryption status on mobile devices. Fiberlink is a "Mobility as a Service" provider that helps customers deploy and manage a wide range of security and connectivity solutions on laptops and PCs. In this white paper we will discuss deployment best practices for data encryption developed by our Professional Services organization. Then we will briefly outline how Fiberlink's MaaS360 Visibility, Control and Mobile services can help customers report on and manage encryption solutions on mobile devices. Delivering Mobility as a Service 2
5 Best Practices for Deploying Data Encryption Fiberlink's Professional Service organization finds that data encryption deployments are often undermined by problems such as: Incomplete understanding of the capabilities and limitations of the data encryption solutions selected. Lack of the right personnel on the implementation team. Inadequate planning and testing during the roll-out. To avoid these we will discuss best practices and pitfalls for four phases of the process: 1. Determining the objectives and selecting a data encryption technology 2. Planning the project and designing the solution 3. Preparing and configuring the software 4. Rolling out the solution. 1. DETERMINING THE OBJECTIVES AND SELECTING THE TECHNOLOGY Many organizations run into trouble early because they don't explicitly analyze the objectives (and constraints) of their data encryption project. What needs to be protected? An obvious place to start is to clarify exactly what needs to be protected: What types of sensitive information are found on laptops? Customer and employee records, financial information, business plans, research reports, software code? In what types of files is this information stored? Spreadsheets, database files, word processing documents, slide presentations, html files, software executable files? Whose laptops need protecting? Key executives, the sales force and field consultants, all employees, contractors, business partners? Who owns the laptops? Your organization, your employees, contractors, business partners? Is sensitive information being copied to USB thumb drives and other removable media? Compliance and Policies It is also important to understand compliance and corporate policy requirements from the beginning. Is your organization affected by HIPAA, PCI and other regulations? If so, what are the expected security "best practices" for your industry? Widely-accepted federal standards such as FIPS address topics like the control, distribution and management of encryption keys. And data encryption may be one means of enforcing policies of your own organization concerning what information employees are allowed to access and share. You may need to create and distribute new corporate policies. Employees need to understand that data encryption is being implemented to advance justified corporate policies, not to satisfy the paranoid fantasies of the IT security staff. Delivering Mobility as a Service 3
6 Limitations It is also important to understand some of the limitations of data encryption technologies so you don't set expectations that the technology is a panacea for mobile security threats. Data encryption protects data on lost and stolen devices, but it does not block employees from ing sensitive data to outside parties, or prevent a hacker or file-sharing program from opening and transferring sensitive files. You should also be deploying complementary technologies like firewalls, zero-day threat protection packages, and Data Loss Prevention (DLP) products. File/Folder Encryption Products There are three major data encryption technologies on the market today, and selecting the right one for your environment can have a big impact on the success of your project. Many of the first data encryption products on the market were "file" or "file/folder" systems. These encrypt files selected by the user, or encrypt all files placed in folders specified by either the user or an administrator. File/folder encryption solutions are very easy to implement. There are few configuration decisions to be made, and they do not conflict with patching systems, backup and recovery packages and other system software. But most file/folder encryption products rely to some extent on user actions like selecting files to encrypt and saving files to selected folders. Unfortunately, users can rarely be relied upon to follow policies consistently. These technologies also do not encrypt temporary files and swap space, so copies of sensitive files can be found on the system in an unencrypted state. Finally, the IT staff can rarely prove to auditors that all sensitive files on remote systems have in fact been properly encrypted. Full Disk Encryption (FDE) Products Full Disk Encryption (FDE) solutions, as their name implies, encrypt the entire contents of a disk or volume. This includes the operating system and applications as well as data files. Typically these solutions authenticate the user at boot time. Unauthorized users without the password cannot gain access to any code or files at all, making it impossible for them to get around the encryption program. Full Disk Encryption is a mature technology, and is extremely simple to configure, since the only decision is what disks or volumes to encrypt. There is no dependency on users (except to remember their passwords). It also protects the operating system, temporary files and swap space, so sensitive information is encrypted in all its forms. However, initially encrypting the hard drive can be a lengthy process. In some cases users will see slower performance when accessing very large files (although most FDE products have reduced the performance penalty significantly over the last few years). Encrypting the master boot record can make it hard to coexist with backup and recovery programs. And the failure of some sectors on the disk drive can make it much more difficult to recover data. "Intelligent Encryption" Products New "Intelligent Encryption" products combine some of the characteristics of File/Folder and Full Disk Encryption systems. These hybrid solutions resemble File/Folder products in that they encrypt files selectively and do not encrypt the operating system or application software. This reduces the time required for the initial encryption and Delivering Mobility as a Service 4
7 avoids performance issues. In addition, they permit administrators to specify encryption for files of a certain type (say spreadsheets and database files) and files produced by certain applications (say financial and HR applications). This approach ensures that all files of these types are encrypted without relying on the user to save them to specific folders. Finally, hybrid solutions typically do not interfere with backup and recovery, patch management, or strong authentication products. However, to ensure that all sensitive information is protected, you need to know what it is and where it resides. If you do not have a good handle on which files or file types contain confidential information it may be safer to simply encrypt everything using a FDE product. Also, in some situations there are benefits to having the extra level of authentication provided with FDE software. 2. PLANNING THE PROJECT AND DESIGNING THE SOLUTION As with all major IT projects, a solid investment in planning can avoid innumerable headaches in the roll-out phase. Document objectives, requirements and constraints You should document the objectives, requirements and policy issues uncovered so far in the project, and make sure that these are understood and approved by management and by key executives of the user groups that will be affected. While data encryption should not be a significant burden on computer users, it will not be completely transparent either, so everyone needs a clear understanding of why the effort and inconvenience are justified. You also need to identify the scope and the constraints of the project, including the time window available, the budget, and the availability of staff resources. As noted earlier, limits in the budget or staff resources could give you a reason to select a particular data encryption product or to call in the help of a consultant or a managed security services provider. Select the project team A typical data encryption involves multiple teams across the IT organization. You should select a project team that includes members from: The security group The desktop group (or whoever is responsible for laptop hardware and software) The network administration group Subject matter experts in networking and firewalls. Identify infrastructure integration tasks You need to allocate time and resources to integrating your data encryption solution into the rest of the IT infrastructure. Changes to the infrastructure might include: Changes in firewall and proxy server settings. Adjustments to endpoint backup and recovery processes. Integration with Active Directory and other enterprise directories. Delivering Mobility as a Service 5
8 Allocate resources to end user and support training Most data encryption solutions require some changes in the behavior of computer users, so end user resistance is a serious risk. It is therefore critical that you allocate resources and set schedules for educating end users. You will also need to train the help desk and IT administration groups so they can fully support the solution. Define success criteria Many planners neglect to define success criteria for their projects. This task is necessary to limit scope creep during the course of the project and to justify the effort to management at the end. Decide what to encrypt If you are implementing a file/folder encryption or intelligent encryption product then deciding what to encrypt is a critical step. For example, one intelligent product that we deploy allows you to selectively encrypt data: Included in specific file types (for example spreadsheets, databases, or temporary files). Written by specific applications that handle sensitive data for example an accounting application. Written to specific disk drives or removable media. Associated with a specific user (if a system is shared). Design for verification It is critical that you be able to verify that the data encryption software is operating correctly at all times. Then, if a laptop is lost or stolen, you can prove that sensitive data has been encrypted. Therefore: During roll-out there should be a way to verify that the data encryption package has been installed correctly. It is not enough for users to simply report that they have loaded the software on their machines, or for you to send them the software on CD and tell them to install it. You should to be able to perform regular "health checks" to make sure the software is operational and no one has tried to tamper with it. You should be able to verify when laptops were updated and that they are on the latest version of the data encryption product. This information should be captured and stored in a central, auditable log. In many environments these capabilities are mandatory. The FIPS standard specifically requires userindependent verification that the software is operational. The Federal Trade Commission's "Safeguards" document states that companies must "check with software vendors regularly to get and install patches that resolve software vulnerabilities." And frankly, you may get into just as much trouble for not being able to prove that the data on a lost or stolen laptop is protected as for failing to protect it in the first place. These verification capabilities may be provided by the data encryption software that you selected, but they can also be provided, or provided better, by a mobility management platform (which will be discussed later in this white paper). Delivering Mobility as a Service 6
9 Design for Minimal User Impact You should design the solution to have the minimum interaction with end users apart from displaying warning messages and alerts. Little or no action from end users should be required to implement or update the solution, and users should not be able to change any encryption parameters or the way in which data encryption is applied to attached devices. Users must not be able to uninstall the software by using the Windows Control Panel or deleting program files. Also, users must not be able to prevent the encryption software from executing by using the Windows Services Manager or Task Manager features. 3. PREPARING AND CONFIGURING THE SOFTWARE Prepare the Infrastructure At this stage in the process you make changes to the infrastructure so that your data encryption solution can be integrated into it. This may include changes in firewall and proxy server settings, adjustments to backup processes, and integration with an enterprise directory. Many data encryption products work best on defragmented disk drives, so a best practice before encryption is to run the defragmenter on disks to clean up bad sectors. You should also delete all temporary Internet files on the laptops, since you won't want to encrypt them. Finally, you should identify the corporate images of your laptops and reduce them to the smallest number possible. You will find it much easier to administer your environment if there are relatively few variation in the images. Configure the Data Encryption System If you are implementing the solution yourself you will need to purchase, install and configure an encryption server. You will also need to configure the data encryption clients to encrypt files and drives based on the designs you created earlier. If you are using a "Mobility as a Service" provider like Fiberlink you will not need to install the server or server software, but you will want to work with them to develop and implement your encryption policies. Run an alpha test We strongly recommend running an "alpha test." This means deploying the solution on a limited number of laptops belonging to the IT staff. Often this uncovers critical issues like incompatibilities between the data encryption package and other software being used in the organization (for example the backup and recovery application). Delivering Mobility as a Service 7
10 4. ROLLING OUT THE DATA ENCRYPTION SOLUTION The last phase of the process is to deploy the solution. As mentioned earlier, it is critical to train end users and support staff so that they understand the justification for the project and know what to expect. Start the roll-out itself with a "beta test" of non-it employees using standard corporate images. This testing will uncover not only any remaining technical problems, but also issues related to user understanding and acceptance. Document the lessons learned and make changes accordingly. When the "beta test" is complete, you should roll out the solution to the rest of the organization in phases. This can be on a department-by-department basis. If you are deploying a file/folder encryption or hybrid encryption solution, then another approach we like is to start by encrypting only a few critical files or types of files, and then ramp up to encrypting all of the targeted files. You should schedule checkpoints throughout the deployment phase to document the status of the process and make mid-course corrections. At the end of the roll-out you should update the requirements documents and process plans to include new information gathered and lessons learned. These will help you when it is time to expand or upgrade the data encryption solution. Finally, you should provide a written report to management that describes the results of the process and compares them with the success criteria you determined at the beginning of the process. Although the processes described here involve a lot of work, it is good to keep in mind that a wellmanaged data encryption implementation is much less painful than notifying thousands of customers or employees that their personal data has been exposed because someone lost a laptop. Delivering Mobility as a Service 8
11 A Management and Reporting Platform for Data Encryption As noted earlier, rolling out data encryption is only half the battle. Administrators need tools to monitor the deployment of encryption across the organization, to document the status or health of the software on mobile and remote systems, to identify and remediate problems. Sometimes these tools are provided by the data encryption vendor, but frequently these tools are not reliable when systems are out of the corporate office (as shown by the GAO report excerpts quoted in Figure 3 above). STATUS AND ACTIVATION REPORTS Figure 4 illustrates of the type of reports that can help administrators track the progress of a rollout. These report show information like how many systems have been successfully encrypted, how many have encryption installed but not active, how many systems have no encryption at all, and what different encryption products are being used. Figure 4: Summary reports track the progress of encryption deployments across an organization The information in this report is obviously helpful for initial deployments of data encryption solutions, but it also helps the organization track progress over time and keep on top of events when user populations change (for example because of acquisitions or rolling out encryption to new departments). And versions of this report can be used to show managers and auditors progress over time toward 100% compliance. Figure 5 is an example of an activation report that drills down to individual systems to show exactly which devices have been encrypted and which have not. Delivering Mobility as a Service 9
12 Figure 5: An activation report shows which systems have not been successfully encrypted This type of information allows administrators to go right to the unencrypted systems and troubleshoot the problem. POLICY ENFORCEMENT AND REMEDIATION Finally, if the mobility management platform includes software on the mobile device, the software may be able to remediate some problems. This often means automatically restarting the data encryption software if it has been turned off by the user, or a virus, or some other piece of software on the system. Figure 6 shows a policy enforcement dashboard; the second graph in the left-hand column shows the policy enforcement and remediation actions that have been taken during the last 7 days, which in this example includes 435 automatic "Application Started" actions. Figure 6: This policy enforcement dashboard shows that 435 "Application Started" actions have been taken in the last 7 days Automatic remediation actions can reduce the number of expensive calls to the help desk and reduce the time the IT staff spends diagnosing and fixing problems on remote systems. This can be particularly valuable during the rollout period for a new data encryption product. Delivering Mobility as a Service 10
13 MORE ON MOBILITY MANAGEMENT PLATFORMS Fiberlink is the world's leading provider of "Mobility as a Service." "Mobility as a Service" means enabling productive, secure mobile work by delivering and managing mobilityrelated technologies as hosted services. In practice this means offering a wide range of connectivity and security products, and allowing organizations to use Fiberlink's global web-based infrastructure to deploy and manage them. For example, with Fiberlink's services enterprises can deploy and manage not only data encryption packages, but also anti-virus and patch updates, data loss prevention (DLP), media encryption and port control (USB control), backup and recovery, VPNs and other security technologies. Fiberlink's MaaS360 Visibility, Control and Mobile services provide visibility into laptops and remote devices and help administrators control software and security on those devices. These services are based on the MaaS360 Platform, a unique cloud-based platform that provides a single portal for IT operations and security personnel to monitor and manage laptops and remote systems. Fiberlink also offers connectivity and remote access services, so mobile workers can connect with the Internet and corporate networks anywhere, using one standard user interface for all connection types (including Wi-Fi, 3G mobile data network, corporate WLAN, broadband and dial-up). Enterprises that utilize Fiberlink's Mobility-as-a-Service offerings can speed up the deployment of new mobility-related technologies, reduce the cost of managing those technologies, improve security, increase the satisfaction of mobile workers, and streamline the collection of compliance data for audits. For more information on Fiberlink's MaaS360 Visibility, Control and Mobileservices and Fiberlink's Security Services, please see Fiberlink's home page and related pages on the web site. FOR MORE INFORMATION For more information on Fiberlink s technology and services, contact Fiberlink at: 1787 Sentry Parkway West, Building 18, Suite 200; Blue Bell, PA Phone ; Fax Delivering Mobility as a Service
Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview
Services > Overview MaaS360 Control Overview Control Over Endpoints Ensure that patches and security software on laptops and distributed PCs are always up to date. Restart applications automatically. Block
More informationHealthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service
Services > Overview MaaS360 Ensure Technical Safeguards for EPHI are Working Monitor firewalls, anti-virus packages, data encryption solutions, VPN clients and other security applications to ensure that
More informationMaaS360 Mobile Service
Services > Overview MaaS360 Mobile Service Go Mobile! Everything for mobile work - visibility, control, easy mobile connectivity, management tools and security - all in one economical, hosted solution.
More informationUSER GUIDE: MaaS360 Services
USER GUIDE: MaaS360 Services 05.2010 Copyright 2010 Fiberlink Corporation. All rights reserved. Information in this document is subject to change without notice. The software described in this document
More informationScoMIS Encryption Service
Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend
More informationMicrosoft Windows Intune: Cloud-based solution
Microsoft Windows Intune: Cloud-based solution So what exactly is Windows Intune? Windows Intune simplifies and helps businesses manage and secure PCs using Windows cloud services and Windows 7. Windows
More informationHow to Implement Security Best Practices for Mobile and Remote Computers. Simple. Secure. Mobility.
EXTENDING PCI COMPLIANCE TO THE MOBILE WORKFORCE How to Implement Security Best Practices for Mobile and Remote Computers Simple. Secure. Mobility. Contents OVERVIEW...1 PCI NON-COMPLIANCE IS OFTEN LINKED
More informationSERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less
SERVICE SUMMARY ITonDemand provides four levels of service to choose from to meet our clients range of needs. Plans can also be customized according to more specific environment needs. SERVICES BRONZE
More informationPREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD
SERVICE SUMMARY ITonDemand provides four levels of service to choose from to meet our clients range of needs. Plans can also be customized according to more specific environment needs. PREMIER SUPPORT
More informationScoMIS Encryption Service
Introduction This guide explains how to install the ScoMIS Encryption Service Software onto a laptop computer. There are three stages to the installation which should be completed in order. The installation
More informationUnderstand Backup and Recovery Methods
Understand Backup and Recovery Methods Lesson Overview Understand backup and recovery methods. In this lesson, you will explore: Backup management Backup options Recovery methods Backup Management Windows
More informationMaaS360.com > White Paper. Mobile Data Security. Finding the Balance
Mobile Data Security Finding the Balance 1 Copyright 2014 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information of Fiberlink, an IBM
More informationStable and Secure Network Infrastructure Benchmarks
Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day
More informationInformation Technology Solutions. Managed IT Services
Managed IT Services System downtime, viruses, spyware, lost productivity; if these problems are impacting your business, it is time to make technology work for you. At ITS, we understand the importance
More informationMapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.
Mapping Your Path to the Cloud A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Table of Contents Why the Cloud? Mapping Your Path to the Cloud...4
More informationMaaS. MaaS. UNIVERSAL WIRELESS CLIENT: How to simplify mobility and reduce the cost of supporting mobile workers. www.maas360.com.
UNIVERSAL WIRELESS CLIENT: How to simplify mobility and reduce the cost of supporting mobile workers www.360.com Table of Contents THE PRICE OF FREEDOM...1 THE UNIVERSAL WIRELESS CLIENT...1 Connecting
More informationICT Professional Optional Programmes
ICT Professional Optional Programmes Skills Team are a Microsoft Academy with new training rooms and IT labs in our purpose built training centre in Ealing, West London. We offer a range of year-long qualifications
More informationEncryption as a Cloud Service provides the lowest TCO
Encryption as a Cloud Service provides the lowest TCO Alertsec offer Full Disk Encryption at half the total cost of ownership of on-premise solutions Contents Executive Summary... 3 The Costs of Encryption...
More informationIT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS
IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS IT INFRASTRUCTURE MANAGEMENT SERVICES Nortech Remote management IT security Services provide around clock remote Management, real time
More informationMCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring
MCSA Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange
More informationHow Endpoint Encryption Works
WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationDriveLock and Windows 7
Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More information10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group
10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group Presented by: Michael Flavin and Stan Stahl Saalex Information Technology Overview Saalex Information
More informationManaged Antivirus Quick Start Guide
Quick Start Guide Managed Antivirus In 2010, GFI Software enhanced its security product offering with the acquisition of Sunbelt Software and specifically its VIPRE product suite. Like GFI Software, Sunbelt
More informationSophos Enterprise Console Help. Product version: 5.1 Document date: June 2012
Sophos Enterprise Console Help Product version: 5.1 Document date: June 2012 Contents 1 About Enterprise Console...3 2 Guide to the Enterprise Console interface...4 3 Getting started with Sophos Enterprise
More informationHIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP
HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right
More informationPointsec Enterprise Encryption and Access Control for Laptops and Workstations
Pointsec Enterprise Encryption and Access Control for Laptops and Workstations Overview of PC Security Since computer security has become increasingly important, almost all of the focus has been on securing
More informationUsing BitLocker As Part Of A Customer Data Protection Program: Part 1
Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients
More informationהמרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון 79165 טל'- 08-6801535 פקס- 08-6801543 בשיתוף עם מכללת הנגב ע"ש ספיר
מודולות הלימוד של מייקרוסופט הקורס מחולק ל 4 מודולות כמפורט:.1Configuring Microsoft Windows Vista Client 70-620 Installing and upgrading Windows Vista Identify hardware requirements. Perform a clean installation.
More informationInstallation Procedure For McAfee Agent
THE CHINESE UNIVERSITY OF HONG KONG Installation Procedure For McAfee Agent Prepared by Information Technology Services Centre The Chinese University of Hong Kong Version 1.1 August 2014 For enquiries,
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationProviding Immediate ROI & Productivity Gains Cutting IT Support Costs and Increasing Operating Efficiency
Providing Immediate ROI & Productivity Gains Cutting IT Support Costs and Increasing Operating Efficiency IT professionals are responsible for maintaining the numerous computers of an organization. This
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationNavigating Endpoint Encryption Technologies
Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationsafend a w a v e s y s t e m s c o m p a n y
safend a w a v e s y s t e m s c o m p a n y SAFEND Data Protection Suite Installation Guide Version 3.4.5 Important Notice This guide is delivered subject to the following conditions and restrictions:
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationUSER GUIDE: MaaS360 Financial IT Reg Enforcement Service
USER GUIDE: MaaS360 Financial IT Reg Enforcement Service 3.2011 Copyright 2011 Fiberlink Corporation. All rights reserved. Information in this document is subject to change without notice. The software
More informationThe Business Value of a Comprehensive All-in-One Data Protection Solution for Your Organization
The Business Value of a Comprehensive All-in-One Data Protection Solution for Your Organization You have critical data scattered throughout your organization on back-office servers, desktops, mobile endpoints
More informationData Protection McAfee s Endpoint and Network Data Loss Prevention
Data Protection McAfee s Endpoint and Network Data Loss Prevention Dipl.-Inform. Rolf Haas Principal Security Engineer, S+, CISSP rolf@mcafee.com January 22, 2013 for ANSWER SA Event, Geneva Position Features
More informationOffice 365 Windows Intune Administration Guide
Chapter 7 Office 365 Windows Intune Administration Guide Office 365 is a suite of technologies delivered as a Software as a Service (SaaS) offering. Office 365 reduces the IT costs for businesses of any
More informationNETWORK INFRASTRUCTURE USE
NETWORK INFRASTRUCTURE USE Information Technology Responsible Office: Information Security Office http://ooc.usc.edu infosec@usc.edu (213) 743-4900 1.0 Purpose The (USC) provides its faculty, staff and
More informationSYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION
SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION Frequently Asked Questions WHAT IS SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION 1? Symantec Endpoint Protection Small Business Edition is built
More informationCourse overview. CompTIA A+ Certification (Exam 220 902) Official Study Guide (G188eng verdraft)
Overview This 5-day course is intended for those wishing to qualify with. A+ is a foundation-level certification designed for IT professionals with around 1 year's experience whose job role is focused
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More informationMaaS360 Mobile Enterprise Gateway
MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2013 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice. The software
More informationAntivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)
Below you will find the following sample policies: Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template) *Log in to erisk Hub for
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationFive Reasons Your Business Needs Network Monitoring
Five Reasons Your Business Needs Network Monitoring cognoscape.com Five Reasons Your Business Needs Network Monitoring Your business depends on the health of your network for office productivity. Most
More informationBetter secure IT equipment and systems
Chapter 5 Central Services Data Centre Security 1.0 MAIN POINTS The Ministry of Central Services, through its Information Technology Division (ITD), provides information technology (IT) services to government
More informationMobile Device Management
Mobile Device Management Complete remote management for company devices Corporate and personal mobile devices (commonly referred to as Bring Your Own Device, or BYOD) must be provisioned, configured, monitored,
More informationDesktop Delivery: Making Desktop Virtualization Work
Desktop Delivery: Making Desktop Virtualization Work Published: April, 2008 TABLE OF CONTENTS SUMMARY...2 CHALLENGES WITH TRADITIONAL DESKTOPS...3 DESKTOP VIRTUALIZATION OVERVIEW...4 DESKTOP VIRTUALIZATION
More informationManaging and Maintaining a Windows Server 2003 Network Environment
Managing and maintaining a Windows Server 2003 Network Environment. AIM This course provides students with knowledge and skills needed to Manage and Maintain a Windows Server 2003 Network Environment.
More informationTHREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS
THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS Learn more about Symantec security here OVERVIEW Data and communication protection isn t a problem limited to large enterprises. Small and
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationMaaS360 Mobile Enterprise Gateway
MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2014 Fiberlink, an IBM Company. All rights reserved. Information in this document is subject to change without notice. The software described
More informationSee all, manage all is the new mantra at the corporate workplace today.
See all, manage all is the new mantra at the corporate workplace today. 1) Do you want to schedule backups, software updates using just one consistent automation platform? 2) Do you want a product that
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agency Mobile Security July 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: Mobile Security
More informationLesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment
Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4
More information10 Hidden IT Risks That Threaten Your Practice
(Plus 1 Fast Way to Find Them) Your practice depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine
More informationManageEngine Desktop Central Training
ManageEngine Desktop Central Training Course Objectives Who Should Attend Course Agenda Course Objectives Desktop Central training helps you IT staff learn the features offered by Desktop Central and to
More informationEndpoint Protection Small Business Edition 2013?
Symantec Endpoint Protection Small Business Edition 2013 Customer FAQ FAQ: Endpoint Security What is Symantec Endpoint Protection Small Business Edition 2013? is a new solution that offers simple, fast,
More informationSymantec Endpoint Encryption (SEE Client) Installation Instructions. Version 8.2
Symantec Endpoint Encryption (SEE Client) Installation Instructions Version 8.2 Warning: This software is labor intensive, therefore it is important to validate that the hard drive is healthy by first
More informationStep-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses
Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.
More informationIBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide
IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation
More informationOperations Manager Comprehensive, secure remote monitoring and management of your entire digital signage network infrastructure
Network monitoring, management and maintenance 3M TM Network Operations Manager Comprehensive, secure remote monitoring and management of your entire digital signage network infrastructure Provides real-time
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationAllstate Insurance Company s Local Data Protection (LDP) Project
Allstate Insurance Company s Local Data Protection (LDP) Project A Case Study Laptop Encryption Eric V. Leighninger Chief Security Architect Allstate Insurance Company PD1 Agenda Allstate and information
More informationMobile Device Management (MDM) Policies. Best Practices Guide. www.maas360.com
Mobile Device Management (MDM) Policies Best Practices Guide www.maas360.com Copyright 2014 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential
More informationTHE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements
THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION Technology Overview, Business Justification, and Resource Requirements Introduction to Data Loss Prevention Intelligent Protection for Digital Assets Although
More informationComputer Security at Columbia College. Barak Zahavy April 2010
Computer Security at Columbia College Barak Zahavy April 2010 Outline 2 Computer Security: What and Why Identity Theft Costs Prevention Further considerations Approach Broad range of awareness Cover a
More informationTraining Guide: Configuring Windows8 8
Training Guide: Configuring Windows8 8 Scott D. Lowe Derek Schauland Rick W. Vanover Introduction System requirements Practice setup instructions Acknowledgments Errata & book support We want to hear from
More informationComputer Backup Strategies
Computer Backup Strategies Think how much time it would take to recreate everything on your computer...if you could. Given all the threats to your data (viruses, natural disasters, computer crashes, and
More informationMCSA Security + Certification Program
MCSA Security + Certification Program 12 credit hours 270 hours to complete certifications Tuition: $4500 Information technology positions are high-demand occupations that support virtually all industries.
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationStatement of Work. LabTech Implementation Bronze. LabTech Software 4110 George Road Suite 200 Tampa, FL 33634
Statement of Work LabTech Implementation Bronze LabTech Software 4110 George Road Suite 200 Tampa, FL 33634 US Direct: 813.397.4600 UK: 0844.544.1690 AUS: 3.8652.1797 www.labtechsoftware.com Contents Section
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More information2003, Rainbow Technologies, Inc.
Expertise Corporate 25 Years of Security SMB to Fortune 30 Access Control 28 Million Hardware Keys 50% Token market share 6 Years of ikey Web Security 10 Years of SSL Secure > 50% of the Data NetSwift
More information11 Best Practices for Mobile Device Management (MDM)
MaaS360.com > White Paper 11 Best Practices for Mobile Device Management (MDM) 11 Best Practices for Mobile Device Management (MDM) www.maas360.com Copyright 2014 Fiberlink Communications Corporation.
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationExtending Compliance to the Mobile Workforce. www.maas360.com
Extending Compliance to the Mobile Workforce www.maas360.com 1 Copyright 2014 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationUsing Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4
WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,
More informationSchool of Computer Science and Engineering policy with regard to self-administered computers
School of Computer Science and Engineering policy with regard to self-administered computers CSE Computer Security Committee October, 2002 Abstract The School s Computing Support Group (CSG) provides a
More informationGETTING STARTED WITH A COMPUTER SYSTEM FACTSHEET
FACTSHEET When setting up a small business there can be many areas of uncertainty, but getting your IT or computer systems right and connected does not need to be one of them. If your company is either
More informationWhitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015
Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is
More informationCHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationDesktop and Laptop Security Policy
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
More informationGeorgia Institute of Technology Data Protection Safeguards Version: 2.0
Data Protection Safeguards Page 1 Georgia Institute of Technology Data Protection Safeguards Version: 2.0 Purpose: The purpose of the Data Protection Safeguards is to provide guidelines for the appropriate
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationGlobal security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise
Global security intelligence YoUR DAtA UnDeR siege: DeFenD it with encryption #enterprisesec kaspersky.com/enterprise Contents Your Data Under Siege: Defend it with Encryption 3 Steps Taken to Minimise
More informationIdentity Theft Prevention Committee Updates and Discussions: 3/15. Team,
Identity Theft Prevention Committee Updates and Discussions: 3/15 Team, We will be meeting on Monday, March 19 th to move forward with the Identity Theft Prevention Program. Please bring the packet that
More informationSymantec AntiVirus Corporate Edition Patch Update
Symantec AntiVirus Corporate Edition Patch Update Symantec AntiVirus Corporate Edition Update Documentation version 10.0.1.1007 Copyright 2005 Symantec Corporation. All rights reserved. Symantec, the Symantec
More informationIntegrating Single Sign-on Across the Cloud By David Strom
Integrating Single Sign-on Across the Cloud By David Strom TABLE OF CONTENTS Introduction 1 Access Control: Web and SSO Gateways 2 Web Gateway Key Features 2 SSO Key Features 3 Conclusion 5 Author Bio
More information