User Group 2015. Security Best Practices



Similar documents
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Digi Device Cloud: Security You Can Trust

Projectplace: A Secure Project Collaboration Solution

Client Security Risk Assessment Questionnaire

CONTENTS. PCI DSS Compliance Guide

HOW SECURE IS YOUR PAYMENT CARD DATA?

Cloud Vendor Evaluation

Implementing Managed Services in the Data Center and Cloud Space

Logicalis Enterprise Cloud Frequently Asked Questions

Vendor Audit Questionnaire

Infrastructure as a Service (IaaS) Dancik International and Peak 10

PCI Requirements Coverage Summary Table

Small Business IT Risk Assessment

Cbeyond Cloud Server Packages

Mini-Sentinel Distributed Query Tool. System Description and Technical Documentation

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

GoodData Corporation Security White Paper

Key Enablers for the Cloud Service Broker: Identity, Privacy, and Security

OPEN FOR EDUCATION. CampusNet - Managed Hosting services for Higher Education

Ovation Security Center Data Sheet

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Whitepaper. NetTec NSI Philosophy. Best Practices

SOC & HIPAA Compliance

PCI Requirements Coverage Summary Table

Cloud Services. May 28 th, 2014 Athens, Greece

STATE OF NEW JERSEY Security Controls Assessment Checklist

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

security in the cloud White Paper Series

INFORMATION SECURITY TRAINING CATALOG (2015)

HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS

USING GENIE REMOTELY

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

JOHNSON COUNTY COMMUNITY COLLEGE College Blvd., Overland Park, KS Ph Fax

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER

PortWise Access Management Suite

Deploying Cisco ASA VPN Solutions Exam.

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

Vendor Risk Assessment Questionnaire

The Education Fellowship Finance Centralisation IT Security Strategy

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

Hosted SharePoint: Questions every provider should answer

BMC s Security Strategy for ITSM in the SaaS Environment

TRG Clients in the Cloud Today

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

CHOOSE CONNECTRIA CLOUD AND MANAGED HOSTING

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

Accessing the Media General SSL VPN

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

SAS 70 Type II Audits

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

Deploying ArcGIS for Server Using Managed Services

Chapter 1 The Principles of Auditing 1

Global ediscovery Client Data Security. Managed technology for the global legal profession

Overcoming PCI Compliance Challenges

Response of bidders' queries for RFP for Hosting of Website(s) of PNB on Dedicated Server

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

HIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered.

Third Party Security: Are your vendors compromising the security of your Agency?

With Eversync s cloud data tiering, the customer can tier data protection as follows:

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

ACME Enterprises IT Infrastructure Assessment

StratusLIVE for Fundraisers Cloud Operations

All your apps & data in the cloud, all in one place.

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

Introduction to Cyber Security / Information Security

PortWise Access Management Suite

Hosting Services VITA Contract VA AISN (Statewide contract available to any public entity in the Commonwealth)

GTS Software Remote Desktop Services

TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS

How To Understand Your Potential Customer Opportunity Profile (Cop) From A Profit Share To A Profit Profit (For A Profit)

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Corporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA Office: Fax:

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

Cloud Security Trust Cisco to Protect Your Data

How To Get Atos Paas For Free

For windows erver, Which edition of Windows server 2008 is required ( i. e. Web / Standard / Enterprise )?? Kindly suggest.

Required Software Product List

SecureSend File Transfer Portal Usage Guide

PCI DSS COMPLIANCE DATA

Pricing Guide. Service Overview

TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE AUSTRALIA

MANAGED EXCHANGE SOLUTIONS Secure, Scalable and Compliant Hosted Environments

Unified Threat Management, Managed Security, and the Cloud Services Model

Ovation Security Center Data Sheet

Birst Security and Reliability

Secure Hosting Solutions For SAGE Energy Management

Appendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD)

Digital Pathways. Penetration Testing

SaaS Security for the Confirmit CustomerSat Software

Transcription:

User Group 2015 Security Best Practices

Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations in industrial robotics, medical devices, software development and IT services consulting businesses. Steve has extensive experience in networking, quality assurance, software development, disaster recovery services, and project management. He has worked with FDA GMP/GCP, FDA 21 CFR 820, SOX/SSAE16, FISMA, and HIPAA regulatory environments. Steve and Rob have worked together for over 20 years in several successful entrepreneurial ventures. Glen Balestrieri, Director of Managed Services With 26 years of management experience in Information Technology and Direct Sales allows, Glen is directly responsible for regulatory compliance, information systems security, systems engineering, systems maintenance and customer service. Glen holds a degree from American International College, with concentrations in networking, Linux, and Microsoft systems.

Security Best Practices Session Directives To discuss the security, speed and usability of the PopMedNet Private Cloud hosted at Lincoln Peak Partners. Session length is 35-45 minutes including introductions, overview, presentation and Q&A. Q&A session will start 15 minutes before session ending

Presentation Overview In this presentation we will discuss: Securing the cloud. The Infrastructure behind the curtain Encryption systems in play, both at rest and in transit Compliance and what that means to PopMedNet Redundancy Application Data Flow and its Security

PMN Infrastructure and Security

Code Security Assessment

July 2, 2015 In June of 2015, Pivot Point Security conducted a static code review of Lincoln Peak Partner s PopMedNet applications as part of their software assurance process to provide assurance that the source code follows secure coding practices. Our code review methodology follows the testing approach recommended by the OWASP Application Security Verification Standard (ASVS). Findings are mapped to both the OWASP Top 10 and the Common Weakness Enumeration (CWE) project. We determined that the applications are secured in a manner consistent with secure coding practices and on par with similar applications that we have tested. While we did not identify any critical vulnerabilities during our testing, we did identify two areas of concern. After reviewing the issues with Lincoln Peak Partners, they indicated that these issues are actually mitigated by outside controls. Pivot Point Security has been architected to provide maximum levels of independent and objective information security expertise to our varied client base. The team responsible for conducting security assessments of this nature is led by a Certified Information Security Auditor/IRCA ISO 27001 Auditor and includes personnel appropriately qualified to render this opinion (e.g., Certified Information System Security Professionals, Microsoft Certified System Engineers, Certified Ethical Hackers, etc.) John Verry, 27001-CLA/CISA/CRISC Principal Enterprise Security Consultant

Security Overview Examples Redundant Firewalls Intrusion Detection Systems 24/7 Live Monitoring and Response Endpoint Security Antivirus and Malware Encryption in Use, at Rest and in Transit Vulnerability Scans Manual and Automatic Weekly Log File Auditing Third Party Pen Testing

Application Redundancy Lincoln Peak Partners FISMA Compliant Private Cloud Block Diagram MDPHnet / PopMedNet Users SSL Remote VPN Access INTERNET Admins SSL Remote VPN AccessLincoln Peak 10Mbps Commit (Burstable GB Segment) SSL/TLS SSL/TLS 1Mbps Commit (Burstable GB Segment) Dulles Vault DC Lincoln Peak Primary Phoenix DC Disaster Recovery Site Cold or Warm available SSL VPN Site to Site Tunnel Asynchronous Replication on Carpathia Backbone with RPO=15 minutes Lincoln Peak Partners partners with Carpathia Hosting to provide high reliability, secure managed services solution. Lincoln Peak is certified FISMA compliant and in process on SAS-70/SSAE-16. Carpathia Hosting is FISMA, SAS-70/SSAE-16, and SysTrust certified.

Backup with Redundancy Backup Policies Lincoln Peak Standard Operation Policy Backup and retention outlines the follow in the flow chart. Redundant backups assure your data remains intact during crisis situations. Lincoln Peak recognizes the need to customize policies for each individual customer. We can provide the flexibility you need to feel secure. All database backup are encrypted at rest and all data is encrypted in transit. This is an automated and monitored process.

Response Internet https/tls 1.0-1.2 Ask a question Overview of Data Flow Investigators End User Web Browser https/tls 1.0-1.2 Internet Ask a question Firewall VLAN 1 Response PMN Single Sign On Option PopMedNet Portal https/tls 1.0-1.2 Ask a question https/tls 1.0-1.2 Data Provider Data Mart Administrators Web Browser Administrators Firewall Firewall PMN Web Service https/tls 1.2 https/tls 1.2 VLAN 2 PMN Database Carpathia Hosting Firewall Firewall Response Internet DataMart Desktop Client Model Adaptors

User Group 2015 Security Best Practices

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information