BKDconnect Security Overview
|
|
- Homer Carson
- 8 years ago
- Views:
Transcription
1 BKDconnect Security Overview
2 1 Introduction 1.1 What is BKDconnect 1.2 Site Creation 1.3 Client Authentication and Access 2 Security Design 2.1 Confidentiality Least Privilege and Role Based Security TLS Authentication and Communication Access Controls in BKDconnect VLAN s Separate Authentication Mechanisms Encryption Content Retention 2.2 Integrity Audit Trails Version Controls 2.3 Availability Segregated Environments Redundant Systems Load Balancers Backups 3 Security Operations 3.1 Physical Security 3.2 Personnel and Processes 3.3 Additional Security Controls Table of Contents
3 1 Introduction 1.1 What is BKDconnect? BKDconnect is an online application hosted by BKD, LLP (BKD). With BKDconnect, BKD hosts client data, provides project management and enables client collaboration through the life of the project. BKDconnect allows clients to easily submit documentation, oversee their project, provide updates and collaborate with other client personnel and BKD staff. BKD recognizes that with the increased efficiencies and communication of online applications, also comes increased security concerns and risk. This document describes the controls implemented by BKD specific to BKDconnect for the purpose of clients to determine if BKDconnect is suitable for their business. 1.2 Site Creation Client sites can only be created by BKDconnect Site Administrators. These are internal BKD personnel responsible for the administration and management of the client site and only the BKD System Administrators can add users to Site Administrators group. BKD requires that all personnel receive training before they are added to the Site Administrator s group. This is to ensure that all site administrators are prepared to help their teams and client teams with site use. 1.3 Client Authentication and Access Upon creation of the client site, the BKD Site Administrator will create a Client Site Administrator account for the client as designated by the client. This account will be the account used by the client to create new accounts for client personnel to access and use the site. Additionally, the Client Site Administrator account will be able to assign roles to the accounts it creates. This provides the client with role based security if they choose to use it. Client user accounts are managed by the designated Client Site Administrator. As the Client Site Administrator adds to or edits the Client Team Members list, each individual user is systematically added to or removed from specific permission groups based on the selections made by the Client Site Administrator. When individual users are added to the Client Team Members list, system generated invitations are sent requesting registration. Upon successful registration, the user will be granted access to the site. When individual users are removed from the Client Team Members list, all permissions to the site are systematically removed. More information about setting up Client Team Members can be found in the BKDconnect Basic User Manual.
4 Each site created by a BKD Site Administrator is for a specific client, and only accessible to the team members assigned to that client site. Team members are assigned by the BKD Site Administrator for BKD personnel and the Client Site Administrator for client personnel. 2 Security Design 2.1 Confidentiality Confidentiality ensures that client data is only accessible by authorized entities. BKD provides confidentially in the following ways: Least Privilege and Role Based Security Least privilege is widely accepted as a best practice, and as such BKD has implemented role based security within and around BKDconnect to enforce least privilege. This includes to the extent that the client has the ability to assign specific access permissions to their staff. BKD recommends all clients take advantage of this granular security feature whenever possible. The following roles have been created and are currently used: Infrastructure Team Internal BKD IT personnel responsible for the hardware and operating system of the application. This team is responsible for system stability and maintenance and does not have access to the BKDconnect application or data. System Administrator These are internal BKD IT personnel responsible for the BKDconnect application and underlying databases. They are responsible for patching and maintaining the stability of the application. Additionally, they assign users to the Site Administrator group. BKD Site Administrator These are trained internal BKD personnel that are responsible for managing client engagements and the client s site. The BKD Site Administrator creates the Client Site Administrator account and assigns BKD staff as BKD Team Members. Client Site Administrator This account is the account used by the client to assign Client Team Members from client staff. Additionally, this account can set access permissions (applicable to the specific site only) for the accounts they create. Team Member These are the individual (BKD and/or client staff) assigned to work on the project in some fashion. They can only access what the Site/Client Administrator account has granted them access to TLS Authentication and Communication All communications, including the registration and authentication processes are protected with TLS 1.0. These certificates are issued by the certificate authority GoDaddy.
5 2.1.3 Access Controls in BKDconnect Within the BKDconnect application itself, access controls have been implemented. Each site is locked down and only accessible by the accounts assigned specifically to that site. This disallows the ability for an account to log in and then through nefarious means, gain access to other sites VLAN s VLAN s are used to segregate the BKDconnect systems and databases from the rest of the network. VLAN s disallow traffic to pass between them without going through a router. This keeps nodes on the network from broadcasting attacks or eavesdropping on communications to these systems Separate Authentication Mechanisms The systems managing authentication for BKD personnel and client personnel are separate and isolated. This ensures that BKD personnel cannot create client accounts, nor can clients create BKD accounts in an attempt to circumvent security controls and gain unauthorized access to data. Additionally, this allows each client to implement role based security for their personnel that matches their in house designated roles. This flexibility and security should be taken advantage of as much as possible Encryption Encryption of data both at rest and in motion are utilized with BKDconnect. All communication is encrypted with TLS and all data is stored in an encrypted database. All communication and data encryption is compliant with the FIPS standards Content Retention Data is stored in BKDconnect through the life of the project. At the completion of the project, data is exported into BKD s corporate data repository where it is retained for 7 years (per AICPA requirements). While reports and project results may be retained in BKDconnect longer at the client s request, data not in use is removed from the system and no longer accessible. All non-deliverable type content stored on BKDconnect, i.e. working drafts, task lists, comments, etc. is purged 60 days after the engagement completion. 2.2 Integrity Integrity refers to the trustworthiness of the information. This is that data has not been changed inappropriately, whether by accident or intentionally. BKD tries to ensure integrity through:
6 2.2.1 Audit Trails BKDconnect is configured to generate extremely detailed audit logs. These logs record account actions such as, who accesses data, when they accessed the data, what they did with the data they accessed, etc. These logs are retained within the encrypted database and accessible by the System Administrator Version Control Version control has been enabled on all lists and libraries. The system will create a new version of the item any time the item is updated or replaced by another item with the same name or title. If a different name or title is used, then a new record is created and the original record remains in place until it is deleted. 2.3 Availability Integrity refers to the ability to access and use the data resource when needed and to protect against unplanned failures in service. BKD tries to ensure availability by: Segregated Environments BKD utilizes a dedicated Development environment for implementing new code and changes to the BKDconnect system. Once these have been enacted and appear stable, it is moved to the Quality Assurance instance where it is thoroughly tested and reviewed. Once all testing has been performed and the new code/changes have passed, it is uploaded into the production instance during a maintenance cycle. This ensures that unstable or malicious code doesn t go into production. This is a standard best practice of SDLC Redundant Systems BKD utilizes redundant best in class systems and network devices to provide BKDconnect. This includes redundant Internet connections, routers, firewalls and servers. BKD has made a conscience effort to remove all single points of failure from BKDconnect Load Balancers BKD utilizes enterprise class load balancers to ensure that high volumes of traffic do not limit service or reduce functionality Backups BKDconnect resides on redundant servers at a secure underground facility in Springfield Missouri. Utilizing BKD s enterprise backup solution, all BKDconnect servers and databases are backed up.
7 Incremental backups are performed nightly and full backups performed weekly. These backups are rotated offsite to a secure location. 3 Security Operations While not necessarily specific to BKDconnect, many security controls within BKD contribute to the overall security of the BKDconnect system. 3.1 Physical Security BKD utilizes a best in class data center to house their systems. This facility provides protection from all but the most severe natural disasters. The facility is staffed 24x7 and provides physical access restrictions through a dead man room, electronic access controls and remote monitoring via cameras. Additionally, it provides the environmental controls necessary for a continuous computing environment (redundant power, HVAC, fire suppression, etc.). 3.2 Personnel and Processes BKD not only utilizes best in class systems, but enterprise class personnel. With over 50 dedicated trained IT personnel, BKD ensures stable and secure system operations through the use of best practice process; such as change control, patch management, SDLC, etc. 3.3 Additional Security Controls Dedicated IT Security BKD has a dedicated IT security team responsible for overseeing and ensuring the confidentiality, integrity and availability of BKD s systems and data. Information Security Program BKD has a formalized and robust Information Security Program that consists of formalized policies and procedures, incident response and IT continuity and recovery plans. Penetration Testing BKD performs routine vulnerability assessments against internal and external systems. Additionally, BKD has penetration testing performed annually. Application Testing BKDconnect has undergone an independent application test by an industry recognized application testing company. Intrusion Detection BKD utilizes enterprise class IDS with 24 X 7 monitoring and alerting services. SIEM BKD has implemented a Security Information and Event Management solutions BKDconnect. This includes in-depth log reviews every 24 hours.
8 Anti-Virus BKD uses enterprise class anti-virus at both the operating system and application level to protect against malicious software.
IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationCollaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%
Security overview Collaborate on your projects in a secure environment Thousands of businesses, including Fortune 500 corporations, trust Wrike for managing their projects through collaboration in the
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationFormFire Application and IT Security. White Paper
FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire
ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire Overview This pre-implementation questionnaire is designed to provide the Boston College Internal Audit Department with a general understanding
More informationUNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1
UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationTeleran PCI Customer Case Study
Teleran PCI Customer Case Study Written by Director of Credit Card Systems for Large Credit Card Issuer Customer Case Study Summary A large credit card issuer was engaged in a Payment Card Industry Data
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationCLOUD FRAMEWORK & SECURITY OVERVIEW
CLOUD FRAMEWORK & OVERVIEW From small businesses to the largest Fortune 500 Enterprises, customers trust the irise cloud infrastructure when collaborating to define and design their applications. This
More informationPierianDx - Clinical Genomicist Workstation Software as a Service FAQ s
PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s Network Security Please describe the preferred connection method(s) between the PierianDx network and a healthcare organization s
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationName: Position held: Company Name: Is your organisation ISO27001 accredited:
Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationA Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER
A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER 1 Agenda Audits Articles/Examples Classify Your Data IT Control
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationPCI DSS Requirements - Security Controls and Processes
1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data
More informationDooblo SurveyToGo: Security Overview
Dooblo SurveyToGo: Security Overview May, 2012 Written by: Dooblo Page 1 of 10 1 Table of Contents 1 INTRODUCTION... 3 1.1 OVERVIEW... 3 1.2 PURPOSE... 3 2 PHYSICAL DATA CENTER SECURITY... 4 2.1 OVERVIEW...
More informationMusic Recording Studio Security Program Security Assessment Version 1.1
Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND
More informationHIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS AT STATE MEDICAID AGENCIES Inquiries
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationBlackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security
Overview Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Blackboard Collaborate web conferencing is available in a hosted environment and this document
More informationCybersecurity Health Check At A Glance
This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not
More informationOPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSecure, Scalable and Reliable Cloud Analytics from FusionOps
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationSecurity from a customer s perspective. Halogen s approach to security
September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationBest Practices For Department Server and Enterprise System Checklist
Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationGOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS
GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS A White Paper by i2c, Inc. 1300 Island Drive Suite 105 Redwood City, CA 94065 USA +1 650-593-5400 sales@i2cinc.com www.i2cinc.com Table of
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More information6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING
6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information
More informationSNAP WEBHOST SECURITY POLICY
SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationHow To Control Vcloud Air From A Microsoft Vcloud 1.1.1 (Vcloud)
SOC 1 Control Objectives/Activities Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a variety of industry standard audits,
More informationIT SERVICE MANAGEMENT FAQ
IT SERVICE MANAGEMENT FAQ Version: 1.3 Date: February 2011 Page 1 Table of Contents 1.0 Introduction... 3 2.0 Data Stewardship... 4 2.1 Where is the data stored?... 4 2.2 Who controls the data?... 4 2.2
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationStratusLIVE for Fundraisers Cloud Operations
6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace
More informationHosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com
Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on
More informationGAO INFORMATION SECURITY. Weak Controls Place Interior s Financial and Other Data at Risk. Report to the Secretary of the Interior
GAO United States General Accounting Office Report to the Secretary of the Interior July 2001 INFORMATION SECURITY Weak Controls Place Interior s Financial and Other Data at Risk GAO-01-615 United States
More informationExhibit to Data Center Services Service Component Provider Master Services Agreement
Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information
More informationDetermine if the expectations/goals/strategies of the firewall have been identified and are sound.
Firewall Documentation Develop background information about the firewall(s) in place: Segment diagrams Software Hardware Routers Version levels Host names IP addresses Connections Specific policies for
More informationSAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP
SAQ D Compliance Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP Ground Rules WARNING: Potential Death by PowerPoint Interaction Get clarification Share your institution s questions, challenges,
More informationYou Can Survive a PCI-DSS Assessment
WHITE PAPER You Can Survive a PCI-DSS Assessment A QSA Primer on Best Practices for Overcoming Challenges and Achieving Compliance The Payment Card Industry Data Security Standard or PCI-DSS ensures the
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationSilent Safety: Best Practices for Protecting the Affluent
Security Checklists Security Checklists 1. Operational Security Checklist 2. Physical Security Checklist 3. Systems Security Checklist 4. Travel Protocol Checklist 5. Financial Controls Checklist In a
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationSmall Business IT Risk Assessment
Small Business IT Risk Assessment Company name: Completed by: Date: Where Do I Begin? A risk assessment is an important step in protecting your customers, employees, and your business, and well as complying
More informationSRA International Managed Information Systems Internal Audit Report
SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...
More informationUCS Level 2 Report Issued to
UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationThis document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.
SERVICEPOINT SECURING CLIENT DATA This document and the information contained herein are the property of and should be considered business sensitive. Copyright 2006 333 Texas Street Suite 300 Shreveport,
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationWhite Paper: Librestream Security Overview
White Paper: Librestream Security Overview TABLE OF CONTENTS 1 SECURITY OVERVIEW... 3 2 USE OF SECURE DATA CENTERS... 3 3 SECURITY MONITORING, INTERNAL TESTING AND ASSESSMENTS... 4 3.1 Penetration Testing
More informationPaxata Security Overview
Paxata Security Overview Ensuring your most trusted data remains secure Nenshad Bardoliwalla Co-Founder and Vice President of Products nenshad@paxata.com Table of Contents: Introduction...3 Secure Data
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationSecurity Tool Kit System Checklist Departmental Servers and Enterprise Systems
Security Tool Kit System Checklist Departmental Servers and Enterprise Systems INSTRUCTIONS System documentation specifically related to security controls of departmental servers and enterprise systems
More informationLibrary Systems Security: On Premises & Off Premises
Library Systems Security: On Premises & Off Premises Guoying (Grace) Liu University of Windsor Leddy Library Huoxin (Michael) Zheng Castlebreck Inc. CLA 2015 Annual Conference, Ottawa, June 5, 2015 Information
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More information1B1 SECURITY RESPONSIBILITY
(ITSP-1) SECURITY MANAGEMENT 1A. Policy Statement District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure,
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationPROTECTING YOUR VOICE SYSTEM IN THE CLOUD
PROTECTING YOUR VOICE SYSTEM IN THE CLOUD Every enterprise deserves to know what its vendors are doing to protect the data and systems entrusted to them. Leading IVR vendors in the cloud, like Angel, consider
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationWoodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview
Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationOur Cloud Offers You a Brighter Future
Our Cloud Offers You a Brighter Future Qube Global Software Cloud Services are used by many diverse organisations including financial institutions, international service providers, property companies,
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationSecurity & Infra-Structure Overview
Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions... 4
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More information