CONTENT SECURITY BEST PRACTICES POST-PRODUCTION SUPPLEMENTAL



Similar documents
Security and Privacy Controls for Federal Information Systems and Organizations

PII Compliance Guidelines

CONTENT SECURITY BEST PRACTICES COMMON GUIDELINES

Looking at the SANS 20 Critical Security Controls

C-TPAT Importer Security Criteria

Importers must have written and verifiable processes for the selection of business partners including manufacturers, product suppliers and vendors.

Security Criteria for C-TPAT Foreign Manufacturers in English

Rx-360 Supply Chain Security White Paper: Audits and Assessments of Third Party Warehousing and Distribution Facilities

A Message for Warehouse Operators And Security Guidelines for Warehouse Operators

SUPPLIER SECURITY STANDARD

Global Supply Chain Security Recommendations

welcome to Telect s Minimum Security Criteria for Customs-Trade Partnership Against Terrorism (C-TPAT) Foreign Manufacturers Training Presentation

Remote Guarding. The traditional guarding functions that you depend on can now be performed remotely.

Intermec Security Letter of Agreement

BERMUDA MONETARY AUTHORITY

COORDINATION DRAFT. FISCAM to NIST Special Publication Revision 4. Title / Description (Critical Element)

Privacy + Security + Integrity

Supplier Information Security Addendum for GE Restricted Data

Sample CDC Certification and Accreditation Checklist For an Application That Is Considered a Moderate Threat

Partners in Protection / C-TPAT Supply Chain Security Questionnaire

Customs & Trade Partnership Against Terrorism (C TPAT)

NIST A: Guide for Assessing the Security Controls in Federal Information Systems. Samuel R. Ashmore Margarita Castillo Barry Gavrich

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Music Recording Studio Security Program Security Assessment Version 1.1

Security Compliance In a Post-ACA World

Customs-Trade Partnership Against Terrorism (C-TPAT) Security Guidelines for Suppliers/Shippers

Return the attached PPG Supply Chain Security Acknowledgement by , fax, or mail within two weeks from receipt.

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

Altius IT Policy Collection Compliance and Standards Matrix

Industrial Security Field Operations

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

C-TPAT Security Criteria Sea Carriers

NIST Rev4 AT-2 AT-3 PM-1 PM-2 PM-6. AWS PCI v SOC1 1.1 SOC1 1.2 SOC2 9.1

Security Controls Assessment for Federal Information Systems

Supplier Security Assessment Questionnaire

INFORMATION SYSTEMS. Revised: August 2013

Report of Evaluation OFFICE OF INSPECTOR GENERAL. OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s. Management Act.

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Seventh Avenue Inc. 1

Security Features in Password Manager

CRR-NIST CSF Crosswalk 1

Security Control Standard

Envera Security Solution for Via Sol CDD Community.

SECURITY SURVEY AND RISK ASSESSMENT. any trends or patterns in the incidents occurring at the school; the efficiency of the chosen security measures.

Supply Chain Security Audit Tool - Warehousing/Distribution

SITECATALYST SECURITY

Information Technology

Remote Management Services Portfolio Overview

System Security Plan University of Texas Health Science Center School of Public Health

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

White Paper. Information Security -- Network Assessment

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Security Self-Assessment Tool

Securing Remote Vendor Access with Privileged Account Security

HHS Information System Security Controls Catalog V 1.0

ISO 27002:2013 Version Change Summary

Improving the Effectiveness of Retail Video Surveillance

WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

Security in Space: Intelsat Information Assurance

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]

DUUS Information Technology (IT) Incident Management Standard

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Physical Security Assessment Form

View. Select View Managed Video Services ADT

Risk Management of Outsourced Technology Services. November 28, 2000

Customs-Trade Partnership Against Terrorism (C-TPAT) Minimum Security Criteria Third Party Logistics Providers (3PL)

Attachment A. Identification of Risks/Cybersecurity Governance

IT Security Management Risk Analysis and Controls

Building tomorrow s solutions.

Third Party Security: Are your vendors compromising the security of your Agency?

DISCLAIMER This report was prepared as an account of work sponsored by an agency of the U.S. Government. Neither the U.S. Government nor any agency

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Access Control in Surveillance Station 7.0

ISO IEC ( ) INFORMATION SECURITY AUDIT TOOL

Deriving Software Security Measures from Information Security Standards of Practice

THE BLUENOSE SECURITY FRAMEWORK

C-TPAT Self-Assessment - Manufacturing & Warehousing

Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

Technical Standards for Information Security Measures for the Central Government Computer Systems

IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009

SHARED ASSESSMENTS PROGRAM STANDARDIZED INFORMATION GATHERING (SIG) QUESTIONNAIRE

C C T V S E C U R I T Y C A M E R A S : Ten Questions to Ask Yourself Before Buying a New System

How To Protect A Water System

ManageEngine Desktop Central Training

N a t i o n a l F u n e r a l D i r e c t o r s A s s o c i a t i o n

Transcription:

MPAA Site Program SECURITY BEST PRACTICES POST-PRODUCTION SUPPLEMENTAL Version 2.0 May 15, 2011

DOCUMENT HISTORY Version Date Description Author 1.0 December 31, 2009 Initial Public Release Deloitte & Touche LLP MPAA MPAA Member Companies 2.0 May 15, 2011 Updates and Revisions Consolidation into Common Guidelines and Supplementals PwC LLP MPAA MPAA Member Companies

I. POST-PRODUCTION OVERVIEW General Description Post Production facilities are responsible for many services such as digitization of content, sound and video editing, color correction and grading, quality control and digital mastering. Facility The following table describes the attributes of the content generally held at this facility type: Typical Risks Typical security and content protection risks for this facility type include, but are not limited to, the following: Loss, interception, or theft of sensitive content such as: - Finishing, clean, high resolution content - Master audio files - Complete musical score Type of Content Outsourcing to other third party facilities and individuals that the studios have no visibility into Stills Weak physical access controls Script Audio Only Video and Audio Unrestricted outbound Internet access on media transfer systems and devices Lack of network segregation that allows unauthorized access to content Video Attribute Completeness Description Full Partial Facilities with limited resources that may discourage or limit the ability to implement security controls such as: - Physical security at entry and exit points Resolution Quality High Low Clean Watermarked Spoiled - Chain of custody - Segregation of duties - Other advanced security controls MPAA Best Practices Supplemental Guidelines Page 1

II. BEST PRACTICE SUPPLEMENTAL GUIDELINES ORGANIZATION AND SYSTEM PHYSICAL SECURITY DIGITAL SECURITY COMPETENCY FACILITY ASSET TRANSPORT INFRASTRUCTURE TRANSFER No. Topic Best Practice Implementation Guidance MS.S-1.0 Executive Awareness / Oversight Establish an information security management system that implements a control framework (e.g., IS0 27001) for information security which is approved by executive management / owner(s) MS.S-3.0 Organization Establish a security team that is responsible for proactively monitoring information systems and physical security to identify and respond to any suspicious activity Monitor information systems regularly throughout the day to detect possible incidents Incorporate the incident response process to handle detected incidents Consider implementing automatic notification to the team when suspicious activity involving information systems is detected Implement a periodic review process to monitor the effectiveness of monitoring processes MPAA Best Practices Supplemental Guidelines Page 2

ORGANIZATION AND SYSTEM PHYSICAL SECURITY DIGITAL SECURITY COMPETENCY FACILITY ASSET TRANSPORT INFRASTRUCTURE TRANSFER No. Topic Best Practice Implementation Guidance MS.S-12.0 Content and Piracy Awareness Provide in-depth training specific to the content handled by the facility Include security training on risks surrounding the transport and handling of content Emphasize the individual responsibilities of each job function to protect content and mitigate piracy issues Integrate training material to include the MPAA "Report Piracy" website and studio/client contact information Provide internal anonymous telephone number and/or website to report piracy MS.S-13.0 Third Party Use and Screening Communicate to clients the use of third-party storage providers for physical assets Provide clients with due diligence reports for third party storage companies Require clients to approve and sign-off on the use of third party storage companies MS.S-13.3 Review access to third-party content delivery systems and websites annually Implement procedures to evaluate user access, such as: - Terminated users - Authorization levels - E-mail account validation MPAA Best Practices Supplemental Guidelines Page 3

ORGANIZATION AND SYSTEM PHYSICAL SECURITY DIGITAL SECURITY COMPETENCY FACILITY ASSET TRANSPORT INFRASTRUCTURE TRANSFER No. Topic Best Practice Implementation Guidance PS.S-4.1 Perimeter Lock perimeter gates at all times and dedicate an on-site employee to handle remote unlocking capabilities Assign the front desk personnel the responsibility of managing visitor requests for entry Place cameras at perimeter gates to verify visitor identity PS.S-10.1 Cameras Designate an employee or group of employees to monitor surveillance footage during operating hours and immediately investigate detected security incidents Incorporate the incident response process for handling detected security incidents MPAA Best Practices Supplemental Guidelines Page 4

ORGANIZATION AND SYSTEM PHYSICAL SECURITY DIGITAL SECURITY COMPETENCY FACILITY ASSET TRANSPORT INFRASTRUCTURE TRANSFER No. Topic Best Practice Implementation Guidance PS.S-13.0 Inventory Tracking Use automated notification for assets that have been out of the vault for extended periods of time Establish expected check-out durations for each type of asset Configure the content asset management system to automatically notify vault personnel when assets have not been returned within the expected timeframe MPAA Best Practices Supplemental Guidelines Page 5

APPENDIX A MAPPING OF SUPPLEMENTAL CONTROLS TO REFERENCES The following table provides a general mapping of the best practices to the ISO 27001/27002 and NIST 800-53 standards. These standards can be referenced for further information on the implementation of the provided security controls. No. Topic ISO 27002 Reference MS.S-1.0 MS.S-3.0 Executive Awareness / Oversight Organization MS.S-12.0 Content and Piracy Awareness NIST Reference 6.1.1, 6.1.2 PM-1, PM-2 6.1.3 PE-6, PM-2, SI-4 8.2.2 AT-3, CP-3 MS.S-13.0 Third Party Use 6.2.1 MS.S-13.3 and Screening 6.2.3, 8.3.3, 10.2, 11.2.4 PS.S-4.1 Perimeter 9.1.1 PE-3 AC-2, PS-4, PS-5, PS- 7, SA-9 PS.S-10.1 Cameras 6.1.3, 9.1.1 IR-5, IR-6, PE-3, PE-6 PS.S-13.0 Inventory Tracking SI-5 MPAA Best Practices Supplemental Guidelines Page 6

End of Document MPAA Best Practices Supplemental Guidelines Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information