Request for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP # Addendum 1.0
|
|
- Justin Rodgers
- 7 years ago
- Views:
Transcription
1 Request for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP # Addendum 1.0 ISSUE DATE: February 23, 2012 Receipt of this addendum should be acknowledged on the Proposal Form. Inquiries have been received in response to RFP # The questions and responses follow. 1. Let me know if you would accept City and County references from the State of Colorado or many of the fortune 1000 accounts we have done business with Qualified companies shall have references to include K-12 school districts of, at least, similar size to Poudre School District. Your company would not meet the requirements. 2. What is the expected period of performance for this contract? That would be whatever duration you expect the discovery process and final report production to be based on the scope and an organization of our size. Anything outside the scope of the initial assessment and testing would be negotiated separately. 3. How many of the 60 physical locations will we be assessing? Main hub site, plus a representative sample of 2-3 school sites. 4. Will we be reviewing baseline builds of the 45,000 student/client devices? How many? The number of client devices (20,000) listed in Attachment A includes student and staff devices. We provide this information only to give proposers an idea of the size of our organization. It is not expected that anything other than a small sample be investigated. We expect the proposer to determine the sample size based on their experience with other organizations. 5. How extensive a review are you requesting for policies/procedures (i.e. how many?) A review of applicable formally defined Information Technology Board Policies, such as Acceptable Use, and informal ones such as password policies. Provide in your proposal a recommendation of the common policies and procedures to review based on organizations of similar size and industry. 6. Are all of the IP addresses in the two IPV4 Class B s listed in this external? If not, how many external IPs are needing to be scanned? There are 197 hosts in the two Class B subnets. We request an external scan to be performed to determine how many are externally accessible.
2 7. Is there expected to be a focused audit against each of the regulatory bodies mentioned below (i.e. a separate focus on HIPAA as opposed to SOX, etc.)? 8. Under regulatory compliance (1.4.2, 11 th bullet) are you looking for audits of the environment specifically to those standards, or are you looking for the findings/recommendations to be specifically targeted to meet those regulations? Regarding etc., did you have anything else in mind or would that be up to the proposing firm to suggest? 9. Regarding and are those duplicate, or is the requirement under looking to identify vulnerabilities based solely on architecture, operations, and governance? Section refers to items that are assessed based on architecture, operations and governance. Section requests separate penetration testing and scans. 10. Regarding 1.4.2, is that a different subset of systems in scope than what is referred to under the following request for vulnerability assessment and penetration testing (1.4.3)? The systems to be tested in vulnerability scanning/penetration testing are a subset of the systems to be analyzed by the overall assessment. 11. Regarding the vulnerability scans and penetration testing (1.4.3) - Out of the two class B s, how many servers/devices are live on the network? Is there a budget for this project? If yes, can you please provide us with the budget? A specific budget has not been set aside, but could be allocated based on the responses and available funds. 13. On which specific compliance regulations does PSD request assessment? 14. Does PSD have an in-house vulnerability assessment system? If so, would the system and/or trending data be available for use in testing and analysis? 15. Are all the workstations listed in the RFP part of the scope or does that number include student computers that connect to PSD's network and systems? The number of client devices (20,000) listed in Attachment A includes student and staff district-owned devices. We do not allow personal student devices to connect to our network. We provide this information only to give proposers an idea of the size of our organization. It is not expected that anything other than a small sample be investigated. 16. If the devices in the RFP are included in the scope of work, would PSD be interested in employing a sampling approach (or statistical sampling method such as bootstrapping) to reduce the number of devices that must be assessed and therefore the cost? 17. Does PSD use a systems management solution (e.g. SMS, Altiris, Marimba, BigFix) that has an agent on the workstations and servers? SCCM. 18. Does PSD have a network management system? We employ HP Procurve Manager and Netscout Performance Manager.
3 19. Does PSD anticipate any challenges with performing the vulnerability assessment remotely using a VPN connection to the network? We have the capability to provide a VPN connection to your firm. Operability may depend on what operations are being performed over that connection. 20. Are all of the 60 PSD sites reachable from a central location on the network such as the main hub of the network? 21. Does PSD maintain Access Control Lists in their network that limits any network traffic or protocols to/from each of the 60 sites? (i.e., does PSD perform any ingress or egress filtering to the sites across the WAN) 22. Does PSD want the offeror to provide both internal and external assessments? 23. Can we do most of the work remotely or do you require on site for the work? Most work could be done remotely. Some on-site interaction would be expected. 24. From The statement of work section 1.4.2, do you require a complete vulnerability assessment of each device listed in Appendix A or a sampling of the a. All 99 Servers located in remote sites? b. All 20,000 client devices? c. All application and Database servers? We do not expect testing of the entire client population. Some statistical sampling method is acceptable; the level of which we expect the vendor to propose. 25. Could you please describe the network infrastructure (network diagram preferred) for size and scoping: How many firewalls and what type? Number of firewalls is listed in Attachment A. Details of make and model will not be provided at this time. 26. How many routers, what model and, briefly, what is the primary purpose (head-end)? That level of detail will not be provided at this time. 27. Please describe the switching infrastructure, nomenclature and models (core, distribution, access, layer 3 routing at core? chassis based core, and distribution, 3560s at access?) That level of detail will not be provided at this time. 28. Please describe the load balancing environment, type, purpose, and method (public websites, round robin) traffic shaping in use? That level of detail will not be provided at this time. 29. Wireless infrastructure - WISM based, discrete APs, encryption in use? Multiple SSIDs, type model and auth methods in use? We have a homogenous wireless solution covering the entire enterprise. Multiple SSIDs, encryption. Other details will not be provided at this time. 30. Voice and PBX Is IP telephony in use, and on segmented networks, vendor type? IP telephony is in use. Stand alone PBX? Type and features (voic , agent group, paging, etc.)
4 31. Are modems still in use for remote access/support of systems? 32. Do you wish to include war dialing as a testing method of your DiD blocks? You may propose that activity. 33. What remote access methods are in use (SSL VPN, IPSEC VPN, Citrix)? SSL, IPSEC. 34. How many servers are in use, (physical, virtual) at how many sites? What OSs are in use? See Attachment A. Windows 2003/2008. Some Linux. 35. What web-based applications are exposed to the Internet? Do you wish to test the applications for vulnerabilities as well? (Testing web applications is a larger endeavor than simple vulnerability scanning) We are not asking for specific web application testing. 36. Is multifactor authentication in use? What type? (Smart cards, secure ID) 37. What IPS/IDS technology is in use? Is it actively monitored by a security team or managed service? IPS/IDS functionality exists in firewalls. 38. Is the school district using log correlation and SIEM tools? What type? 39. How many databases are in use? What type? See Attachment A. SQL, Oracle. 40. Is the district using SAN replications technologies over the network (TDMF, etc.)? 41. Are you using a standards framework, such as NIST or ISO, for policy and operational structure? Do you wish for us to evaluate against a standards framework, such as ISO 27001/2? Not using. Propose what you think is best. 42. How many endpoints are in use processing confidential or sensitive data, non-sensitive devices? Not available. 43. Are mobile devices used in the environment processing sensitive data or on sensitive networks? How many and what type (mobile devices are becoming an increasingly targeted attack vector)? Unknown. 44. Is a full scope HIPAA, CIPA, FERPA compliance assessment of interest to you, or are you looking for a brief compliance assessment? 45. Are all systems to be tested reachable over the networks from a central location? If not, how many physical locations will need to be visited and how many IP addresses are reachable per location? Is there segmentation between the sites or is it a flat network? Yes, all are reachable from our central location.
5 46. The RFP lists 20,000 Client devices (desktops, laptops, mobiles) but only 3,289 staff. Is some percentage of the client devices used by students? The number of client devices (20,000) listed in Attachment A includes student and staff district-owned devices. We do not allow personal student devices to connect to our network. We provide this information only to give proposers an idea of the size of our organization. It is not expected that anything other than a small sample be investigated. 47. Are all of the 20,000 client devices owned and/or under the control of PSD? See answer to question 46 above. 48. We see the 25 Public Web application Servers. How many public facing IP addresses are there? Approximately What are the mobile devices to be tested? We employ laptops running Windows XP, Windows 7, Mac OSX, Android and IOS. 50. How many of the client devices are expected to be tested? Full testing or sampling? If sampling, what level is desired? We do not expect testing of the entire client population. Some statistical sampling method is acceptable; the level of which we expect the vendor to propose. 51. Will testing be allowed 7x24 during the testing period, or will testing be restricted to certain hours/days? Testing could be done at any time. We would expect there to be some coordination with the vendor on timing before implementation. 52. How many hosts are expected to be alive on the two IPV4 class B subnets (131,068 possible)? Is there a list available of these hosts, or do we need to scan to detect them? There are 197 live on the two subnets. 53. Wireless testing are we looking for rogue wireless access points? If so at how many facilities / how many square feet? Do you have a list of approved wireless devices? We have a homogenous wireless solution that does have the ability to detect rogue devices. We don t expect you to do expansive detection, but you may propose to do evaluate that aspect of our environment. 54. Wireless testing what are the security features of the wireless network, and are we looking to crack these? We do expect an analysis of the wireless network environment. We are not asking for attempts to crack the security. 55. Is social engineering desired? Social engineering may be an aspect of security you propose to evaluate. We are not asking for any active testing based on social engineering. 56. Will testing be performed as authenticated or non-authenticated users of the network? Propose the methods you think are best. 57. Will web application testing be performed as an authenticated or non-authenticated user, or one round or each? Propose the methods you think are best. 58. For the access, authentication, and identity management component of the testing, are we expected to crack passwords to determine compliance with policies? Not necessarily, but we are asking for assessment of the security of our password and authentication passwords and policies.
6 59. Vulnerability scanning and penetration testing seems to be a separate item listed at 1.4.3, but it is typically a key component of the testing requested at Please clarify the separation. Section refers to items that are assessed based on architecture, operations and governance requests separate penetration testing and scans. 60. What level of compliance testing do you want performed around HIPAA, CIPA, FERPA, etc.? Is this full assessment, or awareness of these regulations during the other testing, or something in between? If this is more than just our awareness, please clarify etc. 61. What are the operating systems / types of the clients, servers, databases and network equipment? We have Windows XP, Windows 7, Mac OSX, Windows Server 2003/2008, SQL and Oracle. HP Procurve. 62. Please expand / clarify voice systems (PBX) and phone (fax and modem) lines. Is war dialing desired to find open modems? Is a list of numbers available? Yes, that could be proposed and we can provide our dialing plan. 63. Are phone systems traditional analog / digital PBX or Voice over IP (VOIP)? Our phone systems are IP-based, VOIP-capable, but include analog and digital capabilities. 64. Should we assume that IT is aware of false positives frequently identified in the PSD environment and can IT facilitate a prompt review of these items? 65. Please provide an approximate range of the total number of vulnerabilities identified during previous tests and the approximate percentage that were deemed to be false positives. Information not available. 66. Will we be testing the functionality of the IDS (i.e. will we have to use stealth scanning techniques to determine which traffic is identified by the IDS and which is not?) 67. Is the IDS configured to automatically block access for what is deems as an attack? If yes, will it be disable for our testing / will we be whitelisted? 68. Is the management of any part of the environment outsourced? 69. Is an analysis of firewall, router and/or DMZ architecture included? 70. Will review of border router and/or firewall rules be included? 71. Is management of the IT function centralized or decentralized? Centralized. 72. Does the PSD have a written vulnerability management program that outlines identifying, evaluating, and mitigating vulnerabilities?
7 73. How long after Patch Tuesday is the organization 100% patched? Cannot answer at this time. 74. How many IT personnel are there? Would you like us to review the physical security of the data center and work areas? 76. Are there any IP addresses that are sensitive or risky (i.e. systems that should not be tested because the platform is unstable or has known issues? Not known at this time.
Information Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationREQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014
REQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014 Q1) Page 2, Section A and Page 5, Section H --- Does the County desire only an assessment of compliance
More informationRFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST
RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,
More informationResponse to Questions CML 15-018 Managed Information Security
Response to Questions CML 15-018 Managed Information Security 1. What are the most critical aspects that need to be provided for this RFP, in light of the comment that multiple awards might be provided?
More informationPHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015
QUESTIONS ANSWERS Q1 What is the goal of testing? A1 We engage in this type of testing to promote our own best practices and ensure our security posture is as it should be. Q2 No of active IP s (internal):
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More information1. How many user roles are to be tested in Web Application Penetration testing? 1. 2. Provide the approx. no. of input fields in the web application?
Below are all the questions that were submitted. This is the District s first security assessments and the District is looking to qualified firms to assess our systems. As it states in the RFQ, technical
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationCONTENTS. PCI DSS Compliance Guide
CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not
More informationPlease note that in VISA s vernacular this security program for merchants is sometimes called CISP (cardholder information security program).
Introduction This document serves as a guide for TCS Retail users who are credit card merchants. It is written to help them become compliant with the PCI (payment card industry) security requirements.
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationQ&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015
Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015 UPDATE HISTORY: 10/21/2015 10/30/2015 11/5/2015 Questions submitted by Proposers All proposers should reference the following
More informationHIPAA SECURITY RISK ANALYSIS FORMAL RFP
HIPAA SECURITY RISK ANALYSIS FORMAL RFP ADDENDUM NUMBER: (2) August 1, 2012 THIS ADDENDUM IS ISSUED PRIOR TO THE ACCEPTANCE OF THE FORMAL RFPS. THE FOLLOWING CLARIFICATIONS, AMENDMENTS, ADDITIONS, DELETIONS,
More informationVendor Questions and Answers
OHIO DEFERRED COMPENSATION REQUEST FOR PROPOSALS (RFP) FOR COMPREHENSIVE SECURITY ASSESSMENT CONSULTANT Issue Date: December 7, 2016 Written Question Deadline: January 11, 2016 Proposal Deadline: RFP Contact:
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationUsing a VPN with Niagara Systems. v0.3 6, July 2013
v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel
More informationPCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com
PCI Compliance - A Realistic Approach Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com What What is PCI A global forum launched in September 2006 for ongoing enhancement
More informationState of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY
State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY Effective December 15, 2008 State of Illinois Department of Central Management Services
More informationWhy a Reverse Proxy with My Instant Communicator for mobiles??
Why a Reverse Proxy with My Instant Communicator for mobiles?? INTEGRATED COMMUNICATION SYSTEMS 8AL020043359DRARA, February 2010 What is OmniTouch 8600 My Instant Communicator? Is an aggregator of all
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationNetwork Segmentation
Network Segmentation The clues to switch a PCI DSS compliance s nightmare into an easy path Although best security practices should be implemented in all systems of an organization, whether critical or
More information1B1 SECURITY RESPONSIBILITY
(ITSP-1) SECURITY MANAGEMENT 1A. Policy Statement District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure,
More informationToday's security needs in networking
Today's security needs in networking Besoins actuels de la sécurité réseau European partner summit Thursday, October 13, 2005 Hervé Schauer Hervé Schauer Agenda Firewalls Liability
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationSygate Secure Enterprise and Alcatel
Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and
More information1.0 Purpose of Solicitation
Information Technology Consulting Services Notice of Request for Proposal Information Technology Managed Services and Support South Adams County Water and Sanitation District 1.0 Purpose of Solicitation
More informationHow To Protect Your School From A Breach Of Security
SECURITY MANAGEMENT IT Security Policy (ITSP- 1) 1A Policy Statement District management and IT staff will plan, deploy, and monitor IT security mechanisms, policies, procedures, and technologies necessary
More informationRAP Installation - Updated
RAP Installation - Updated August 01, 2012 Aruba Controller Release 6.1.3.2 The Controller has several wizards that can guide you through a variety of configuration processes. On the Configuration tab
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationPCI within the IU Enterprise
PCI within the IU Enterprise Cheryl L. Shifflett, AAP, CTP Associate Director Treasury Operations Daniel Tony Brazzell, Security+, GCUX Lead Network Systems Engineer University Information Technology Services
More informationCITY AND COUNTY OF DENVER AUDITOR S OFFICE REQUEST FOR PROPOSAL FOR PROFESSIONAL AUDITING SERVICES. Additional Information.
CITY AND COUNTY OF DENVER AUDITOR S OFFICE FOR PROFESSIONAL AUDITING SERVICES Additional Information March 10, 2016 The following questions were asked and answered at the February 26, 2016 Pre-Proposal
More informationConnecting an Android to a FortiGate with SSL VPN
Connecting an Android to a FortiGate with SSL VPN This recipe describes how to provide a group of remote Android users with secure, encrypted access to the network using FortiClient and SSL VPN. You must
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationUsing a VPN with CentraLine AX Systems
Using a VPN with CentraLine AX Systems User Guide TABLE OF CONTENTS Introduction 2 What Is a VPN? 2 Why Use a VPN? 2 How Can I Set Up a VPN? 2 Important 2 Network Diagrams 2 Network Set-Up with a VPN 2
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationICT budget and staffing trends in the UK
ICT budget and staffing trends in the UK Enterprise ICT investment plans to 2013 January 2013 TABLE OF CONTENTS 1 Trends in ICT budgets... 1 1.1 Introduction... 1 1.2 Survey demographics... 1 1.3 IT budget
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationGlobal ediscovery Client Data Security. Managed technology for the global legal profession
Global ediscovery Client Data Security Managed technology for the global legal profession Epiq Systems is a global leader in providing fully integrated technology products and services for ediscovery and
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationRAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009
Systems Development Proposal Scott Klarman March 15, 2009 Systems Development Proposal Page 2 Planning Objective: RAS Associates will be working to acquire a second location in Detroit to add to their
More informationAPPENDIX 8 TO SCHEDULE 3.3
EHIBIT Q to Amendment No. 60 - APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT EHIBIT Q to Amendment No.
More informationConfiguring an IPsec VPN to provide ios devices with secure, remote access to the network
Configuring an IPsec VPN to provide ios devices with secure, remote access to the network This recipe uses the IPsec VPN Wizard to provide a group of remote ios users with secure, encrypted access to the
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationEnterprise Computing Solutions
Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationQUESTIONS & RESPONSES #2
QUESTIONS & RESPONSES #2 RFP / TITLE 070076 IT Cybersecurity Assessment and Plan CONTACT Michael Keim, CPPB, Sr. Contract Adminstrator EMAIL procurement@portoftacoma.com PHONE NUMBER 253-428-8608 SUBMITTAL
More informationThis chapter covers the following topics:
This chapter covers the following topics: Components of SAFE Small Network Design Corporate Internet Module Campus Module Branch Versus Headend/Standalone Considerations for Small Networks C H A P T E
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationBest Practices for Securing IP Telephony
Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationSecuring end devices
Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices. Endpoint Security
More informationCCNA Cisco Associate- Level Certifications
CCNA Cisco Associate- Level Certifications Routing & Switching Security Voice Wireless Advance your network engineering skills in working on complex Cisco network solutions. WWW.FASTLANEUS.COM Cisco CCNA
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationLucent VPN Firewall Security in 802.11x Wireless Networks
Lucent VPN Firewall Security in 802.11x Wireless Networks Corporate Wireless Deployment is Increasing, But Security is a Major Concern The Lucent Security Products can Secure Your Networks This white paper
More informationEstablishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client
Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client Generally speaking, remote users need to use a VPN client software for establishing a VPN connection to their home/work router
More informationSecurity. TestOut Modules 12.6 12.10
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
More informationICT budget and staffing trends in Healthcare
ICT budget and staffing trends in Healthcare Enterprise ICT investment plans November 2013 ICT budget and staffing trends in Healthcare P a g e 1 www.kable.co.uk / The id Factor Ltd / + 44 (0) 207 936
More informationINFORMATION TECHNOLOGY ENGINEER V
1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County
More informationAfter reviewing all the questions, the most common and relevant questions were chosen and the answers are below:
2015 007 After reviewing all the questions, the most common and relevant questions were chosen and the answers are below: 1. Is there a proposed budget for this RFP? No 2. What is the expect duration for
More informationInformation Technology Security Guideline. Network Security Zoning
Information Technology Security Guideline Network Security Zoning Design Considerations for Placement of s within Zones ITSG-38 This page intentionally left blank. Foreword The Network Security Zoning
More informationWe are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review
We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business
More informationFear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!
Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured! Presented by: Kristen Zarcadoolas, Jim Soenksen, and Ed Sale PART 2: plan, act, repeat (from the look, plan,
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationApproved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationREPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
More informationREDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance
REDSEAL NETWORKS SOLUTION BRIEF Proactive Network Intelligence Solutions For PCI DSS Compliance Overview PCI DSS has become a global requirement for all entities handling cardholder data. A company processing,
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationNetwork System Design Lesson Objectives
Network System Design Lesson Unit 1: INTRODUCTION TO NETWORK DESIGN Assignment Customer Needs and Goals Identify the purpose and parts of a good customer needs report. Gather information to identify network
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationHow To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack
DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationPierianDx - Clinical Genomicist Workstation Software as a Service FAQ s
PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s Network Security Please describe the preferred connection method(s) between the PierianDx network and a healthcare organization s
More informationMCTS Guide to Microsoft Windows 7. Chapter 14 Remote Access
MCTS Guide to Microsoft Windows 7 Chapter 14 Remote Access Objectives Understand remote access and remote control features in Windows 7 Understand virtual private networking features in Windows 7 Describe
More informationPayment Card Industry (PCI) Data Security Standard ROC Reporting Instructions for PCI DSS v2.0
Payment Card Industry (PCI) Data Security Standard ROC Reporting Instructions for PCI DSS v2.0 September 2011 Changes Date September 2011 Version Description 1.0 To introduce PCI DSS ROC Reporting Instructions
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationPut into test the security of an environment and qualify its resistance to a certain level of attack.
Penetration Testing: Comprehensively Assessing Risk What is a penetration test? Penetration testing is a time-constrained and authorized attempt to breach the architecture of a system using attacker techniques.
More informationPrint4 Solutions fully comply with all HIPAA regulations
HIPAA Compliance Print4 Solutions fully comply with all HIPAA regulations Print4 solutions do not access, store, process, monitor, or manage any patient information. Print4 manages and optimize printer
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationEnterprise Governance and Planning
GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15,
More information