HP Security Assessment Services



Similar documents
HP Device Manager 4.7

Cisco Advanced Services for Network Security

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

Red Hat Enterprise Linux open-source software services and support. Support solutions for an agile Linux industry-standard server environment

HP Insight Capacity Advisor Virtualization Services

HP Device Manager 4.7

HP Data Center Services

Models HP IMC MPLS VPN Software Module with 50-node E-LTU

HP Storage Data Migration Service

HP ProCurve Identity Driven Manager 3.0

HP OpenView Smart Plug-in for Microsoft Windows Data sheet

HP SiteScope software

Presales Certifications

HP Hardware Technical Support

Synchronizing ProCurve IDM and Windows Active Directory

Symantec Critical System Protection Configuration Monitoring Edition Release Notes

HP 3PAR Software Installation and Startup Service

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Installing and Configuring Windows Server 2012 (20410) H4D00S

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations

HP OpenView Service Desk Process Insight 2.10 software

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

HP ThinPro. Table of contents. Connection Configuration for RDP Farm Deployments. Technical white paper

Introduction to Computer Administration. System Administration

HP 3PAR 7000 Software Installation and Startup Service

Sharing Pictures, Music, and Videos on Windows Media Center Extender

HP EPICCenter Contact Center Software for VCX Solutions Overview

HP OpenView Performance Insight Report Pack for Databases

White Paper. Information Security -- Network Assessment

HP Virtualized Network Protection Service

HP One-Button Disaster Recovery (OBDR) Solution for ProLiant Servers

HP-UX 11i software deployment and configuration tools

HP Device Manager 4.6

Introduction to the HP Server Automation system security architecture

QuickSpecs. What's New HP 750GB 1.5G SATA 7.2K 3.5" Hard Disk Drive. HP Serial-ATA (SATA) Hard Drive Option Kits. Overview

Server Virtualization with Windows Server Hyper-V and System Center (20409) H8B93S

HP Service Manager Architecture and Security HP Software-as-a-Service

HP Intelligent Management Center User Access Management Software

HP Insight Diagnostics Online Edition. Featuring Survey Utility and IML Viewer

It is also available as part of the HP IS DVD and the Management DVD/HPSIM install.

HP ProLiant Essentials Vulnerability and Patch Management Pack Release Notes

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

HP Storage Virtual Volume Design and Implementation Service

HP OpenView Smart Plug-in for Microsoft Exchange

HP E-PCM Plus Network Management Software Series

HP Systems Insight Manager and HP OpenView

capacity management for StorageWorks NAS servers

HP EPICCenter Contact Center Software for VCX Solutions Series

USB Secure Management for ProCurve Switches

HP Insight Remote Support

Payment Card Industry Data Security Standard

ProCurve Mobility Manager 1.0

Red Hat Enterprise Linux and management bundle for HP BladeSystem TM

Information Security Policy

HP Windows 7 Onsite Upgrade Service

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

HP LeftHand SAN Solutions

DIR Contract Number DIR-TSO-2621 Appendix C Pricing Index

HP PCM Plus v3 Network Management Software Series Overview

HP Software as a Service

IBM Tivoli Endpoint Manager for Security and Compliance

How to configure 802.1X authentication with a Windows XP or Vista supplicant

HP Identity Driven Manager Software Series Overview

HP Intelligent Management Center Standard Software Platform

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Customer Education Services Course Overview

Dynamic Data Center Compliance with Tripwire and Microsoft

HP Application Security Center

HP SAN Deployment Service

HP network adapter teaming: load balancing in ProLiant servers running Microsoft Windows operating systems

HP StorageWorks EVA Hardware Providers quick start guide

HP Client Manager 6.2

HP Client Manager 6.1

HP ProLiant Cluster for MSA1000 for Small Business Hardware Cabling Scheme Introduction Software and Hardware Requirements...

Network Security Administrator

Protect Your Connected Business Systems by Identifying and Analyzing Threats

At a Glance. Key Benefits. Data sheet. A la carte User Module. Administration. Integrations. Enterprise SaaS

QuickSpecs HP Data Protector Express 4.0 Service Pack 1

APPENDIX 3 TO SCHEDULE 3.3 SECURITY SERVICES SOW

HP and Business Objects Transforming information into intelligence

QuickSpecs. Models HP ProLiant Storage Server iscsi Feature Pack. Overview

HP Software Technical Support

HP Hardware Support Onsite 6-Hour Call-to-Repair Service HP Customer Support Contractual Service Package

HP Global Call Management Service

Global Partner Management Notice

Requirements for Upgrading from MetaLib 3.13 to MetaLib 4. Version 4

Managed Security Services

ProLiant Essentials Intelligent Networking Active Path Failover in Microsoft Windows environments

HP OpenView AssetCenter

IPLocks Vulnerability Assessment: A Database Assessment Solution

Windows Least Privilege Management and Beyond

Directory-enabled Lights-Out Management

HP Fortify Software Security Center

HP Security Solutions for Microsoft

Transcription:

HP Security Assessment Services HP Data Center Services Technical data Your corporate information and intellectual property are important assets that you want to protect from unauthorized users. Developing and maintaining a sound security strategy may help you to manage your company's risks associated with network intrusion, data theft, system misuses, privilege abuse, tampering, fraud, or service interruption. HP Security Assessment Services will assist you in identifying the combination of technical, resource, and process controls that your company can use to manage security risks. Conducted by an HP security consultant, these in-depth assessments identify the strengths and weaknesses of your current security posture as well as vulnerabilities to security threats. Our security consultant works with you to determine the appropriate mix of security assessments to address your business needs. Because security threats and mitigation technologies change continually, HP recommends performing these services annually, and even more frequently for systems that are connected to the Internet. Regular security assessments will help you to become more aware of your potential security vulnerabilities, enabling you to address security risks proactively. Service benefits Assists you in identifying your company's exposure to security threats Identifies sound security policies and practices Provides an in-depth analysis of your current security posture Helps you to understand how your security measures compare to industry standards Enables more informed decisions, allowing you to better manage your company's exposure to threats associated with doing business over the Internet Provides recommendations for reducing exposure to currently identified security risks purchase agreement with HP.

Service feature highlights HP Security Assessment Services encompass the following offerings: The HP Security Quick Assessment Service provides an HP-facilitated self assessment of your security posture against industry best practices. HP security consultants will direct you through a criteria-based assessment and analyze your responses, identifying potential weaknesses in your information security management system. This service is intended to provide you with an awareness of potential vulnerabilities and to suggest priorities for service improvement. The HP Intranet Security Healthcheck Service provides a network-based vulnerability assessment for business-critical systems connected to your company s network. Network scanning targets devices connected to the network to identify security weaknesses through comprehensive, automated network security vulnerability detection and analysis. The service helps you understand the risks within the technology supporting your business-critical services and identifies the steps required to improve your security infrastructure. The HP System Security Healthcheck Service focuses on the operating-system level of your critical servers, using a host-based approach to detect platform security weaknesses that are not visible to network scanning. Your system-specific security risks are identified, analyzed, and prioritized. You receive recommendations for implementing the appropriate corrective actions. The HP Database Security Healthcheck Service assesses security vulnerabilities in business-critical databases. The assessment provides information that will assist you in improving data integrity, availability, access control, and security management of the databases used by your critical applications. The HP Custom Security Assessment Service provides a comprehensive review of security risks within your IT environment. The assessment takes a holistic approach to information security management across multiple IT components, including the status of your policy and procedures for information security management according to the BS7799 (ISO 17799) standard; the security posture of servers, storage, operating systems, applications, and databases; and the configuration and management of the physical environment. Fully customizable and defined in a Statement of Work, the service identifies key areas of risk and proposes practical and effective responses to those vulnerabilities. Specifications Table 1. Service features Feature HP Security Quick Assessment Service - HB069AE or HB069A1 HP Intranet Security HA190AE or HA190A1 HP System Security HA185AE or HA185A1 Delivery specifications The Security Quick Assessment Service is an HP-facilitated one-day workshop that allows Customers to compare their security practices, policies, processes, and IT infrastructure with industry best practices for information security management. It provides: A criteria-based questionnaire developed on the basis of industry standards and HP experience Awareness of security concepts and information security management best practices, identifying security strengths and potential weaknesses in the delivery of reliable IT services Analysis and presentation of workshop findings with best practice recommendations This service is recommended for Customers who are seeking awareness of potential security vulnerabilities in the people, processes, and technologies supporting their business. This service covers a selected set of IP addresses and provides: Scan of the identified devices attached to a network, including key servers, network switches, and routers, to identify security weaknesses Analysis of the results of the scan Presentation of a written report that details key findings and proposes a follow-up action plan This service covers a selected server and includes: Server-based security scan of the identified system(s), analyzing security weaknesses that are not visible to network scanning purchase agreement with HP. 2

Analysis of the results of the scan Presentation of a written report that details key findings and offers specific recommendations for improvements HP Database Security HA191AE or HA191A1 HP Custom Security Assessment Service - HA330AE or HA330A1 This service covers a selected database instance and provides: Assessment of security vulnerability and threats for business-critical databases Database scan to identify security vulnerabilities without affecting the Customer's production environment Presentation of a written report based on an analysis of the scan, outlining recommendations in the areas of authentication, authorization, and system integrity This service may be customized to the Customer's desired level of assessment for security risks. It provides assessment of the security risks associated with the Customer's IT infrastructure and business information environment, plus a structured Statement of Work process to identify key areas to be assessed. As specified in the Statement of Work, this service can encompass the examination of multiple security domains, such as security management, infrastructure, IT service management, user management, and system and service development. Typical service activities may include: Analysis of overall security posture and procedures, including policy (BS7799) analysis, process and procedure review, and staff training and awareness Review of physical security controls, including access controls, system location, security monitoring, and site security and layout Review of system-level security strengths and weaknesses, including physical console access, password management, existence of known system vulnerabilities, configuration issues, and redundant (unnecessary) Windows services system-level processes or daemons Review of internal and network boundary security, including dial-up access control, intrusion detection, existence of known vulnerabilities, network configuration issues, and traffic-related issues Review of firewall and defenses, including rule configuration, monitoring for alarms, virus protection, and real-time intrusion detection Review of application and database security, including hardening, password and user authentication, data integrity, backup procedures, and software development Review of client security, including desktop security, PDA and mobile management, access to the Internet, remote working practices, permissions, and virus protection Identification of security deficiencies based on a combination of interviews with key IT and security staff and audits, which may include assessment of compliance with the organization's security policies and procedures, configuration audit, and onsite review of physical security. Automated tools may be used to assess network, system, and database vulnerabilities and to assess online security and policy compliance. A written report that details the results of the security risk assessment, with recommendations for improvement Service limitations For all HP Security Assessment Services: The engagement is limited to identification of security issues. HP will not make changes to the Customer's configurations, hardware, or applications as a result of this review. Any corrective measures to mitigate the risks identified by this service are the responsibility of the Customer. The assessment is valid only for the time period in which it is performed. Because security threats and countermeasures are constantly changing, continued security vigilance is the responsibility of the Customer. The assessment will only address the Customer's applications, networks, and systems specifically designated for the service. These will be agreed upon between the Customer and HP. purchase agreement with HP. 3

HP does not guarantee that services will identify all security vulnerabilities. HP shall not be liable for any security breaches or for the security performance of the Customer s applications, networks, or systems. For the HP Intranet Security Healthcheck Service: This service provides an analysis of up to 30 nodes. For the HP System Security Healthcheck: This service is delivered on a per-system basis; one system consists of a single server configuration. The following operating systems are supported: - HP-UX and Tru64 UNIX - Windows NT 4.0, Windows 2000, and Windows Server 2003 - Red Hat Linux - Solaris and AIX For the HP Database Security Healthcheck: This service is delivered on a single server running the chosen database. Any of the following is supported: - Microsoft SQL Server - Oracle - Sybase Adaptive Server The Customer shall provide a TCP/IP network connection to the database. Customer responsibilities The Customer must assume the following responsibilities in order for HP to deliver any of the onsite HP Security Assessment Services: Ensure that appropriate IT staff members participate in meetings and interviews Assist in gathering the information required for the security analysis Provide appropriate access to the designated systems for the appropriate data collection, scanning, and analysis tasks Allow removal from the company premises of all collected system data and associated media for review by HP security consultants at HP facilities Assign a project manager at each reviewed site who has responsibility for coordinating all aspects of this engagement purchase agreement with HP. 4

For more information For more information on HP Services, contact any of our worldwide sales offices or visit our Web site at: www.hp.com/hps/support 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty or condition, express or implied, in fact or in law. HP shall not be liable for technical or editorial errors or omissions contained herein. purchase agreement with HP. Microsoft, Windows, and Windows NT are U.S. registered trademarks of Microsoft Corporation. Linux is a U.S. registered trademark of Linus Torvalds. Oracle is a registered U.S. trademark of 5982-4155ENN Rev. 2, September 2007

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information