InterCall Virtual Environments and Webcasting

Size: px
Start display at page:

Download "InterCall Virtual Environments and Webcasting"

Transcription

1 InterCall Virtual Environments and Webcasting Security, High Availability and Scalability Overview 1. Security 1.1. Policy and Procedures The InterCall VE ( Virtual Environments ) and Webcast Event IT team established its security policy in The policy was defined and approved by the management team of the company. The policy guides the different departments in the company methods relating to security and is used as a guide for the creation of the Information Security procedures Information Security Operational Committee The InterCall VE and Webcast Event Information Security Operational Committee which includes the director of engineering, IT manager and the information security officer is responsible for the technical aspects of securing the data and the services that the InterCall VE and Webcast Event teams maintain and provide for its customers. The committee meets every two months; it reviews new threats and vulnerabilities and plans the security controls and countermeasure that need to be placed to protect InterCall VE and Webcast Event assets. The committee monitors the implementation of the security controls and makes sure they mitigate the threats System Security Physical Security The InterCall VE and Webcast Event platform is hosted in the USA in a SAS70 certified data center that provides high physical and logical security controls. Strict policies and procedures ensure the utmost security which includes biometrics finger printing scan, card key access and video surveillance camera technology. Anyone visiting the datacenter facility must be escorted by the datacenter employee to a designated location. Visitors are required to sign the visitors log and obtain a visitor badge. Every visitor is matched against the pre-approved authorized listing. The datacenter is divided into several security zones, clients are permitted to access only the zone where their equipment is located. All cabinets are locked with individualized keys. Video cameras are strategically placed throughout the facility and are monitored 24x7. Historical video data is viewable at a minimum of fifteen days Network Security The InterCall VE and Webcast Event architecture incorporates Check Point Firewalls to protect the platform. Network traffic from the internet into the datacenter routes through firewalls which allow access only to a specific set of machines and services. The InterCall VE and Webcast Event architecture divides the datacenter into multiple network zones each containing a set of information services and information systems. Check Point firewalls control the network between the zones and allow access only to the relevant and desired services at each zone. In addition to the access control the firewalls isolate the internal network from the outside world using Network Address Translation. NAT ensures that the internal network addresses are not exposed to the external peer and can t be used to hack into the system. The firewalls are kept up to date with the latest security patches Antivirus INTERCALL.COM

2 Antivirus systems operate on all the servers in the data center to prevent malicious code. The AV systems are being updated continuously Access Control Only the InterCall VE and Webcast Event IT team has administrative access to the servers and workstations in the datacenter. When an IT member leaves the company accounts are deactivated promptly. The administration access to the servers and systems in the datacenter is via Check Point VPN. The VPN authenticates the client by a client side certificate and encrypts all the network traffic between the client computer and the datacenter Change Management All the changes in the datacenter to hardware, software or a platform configuration change follow a Change Management procedure. The change must be planned in advanced checked in the QA environment and approved by the IT manager. Once the change is implemented in the datacenter it is verified by the QA team. The procedure assures that all changes to the production environments are controlled and documented Maintenance Maintenance of the InterCall VE and Webcast Event platform is done by the internal IT department or under its direct supervision. Most of the maintenance is done from the InterCall VE and Webcast Event offices using VPN. The redundancy at each layer enables hot deployment and configuration without a downtime Personnel Recruitment InterCall VE and Webcast Event perform reference checks for new employees. All new employees are required to sign a non-disclosure agreement during the hiring process Information Security awareness and training The InterCall VE and Webcast Event security team educates its employees about the importance of securing the data and the services it provides. All employees have an annual information security awareness session that reviews security threats and vulnerabilities that are relevant to every employee. The session gives the best practices for avoiding security pitfalls. There is a special training for developers. In their training the learn how to develop a secured application that will resist hacking attempts Leaving the company. When an employee leaves the company for any reason, his user account as well as his application account are disabled. He required returning his employee badge immediately. Any access s/he has to the company network is blocked Third Party. Contractors and third-parties are required to sign a non-disclosure agreement before they are granted any access to the data or services at InterCall VE and Webcast Event. They are granted access only to the required services and have the minimum privileges required for fulfilling their job duties. When the contract ends, their accounts are disabled and their access to the information and services is blocked Audit and Accountability Every user in the VE application has a unique user name and a password. Thus users are accountable for any activity that is done under their accounts. Administration actions are logged INTERCALL.COM

3 in a separate log file and there is a separate log file for security related actions. The InterCall VE and Webcast Event security team retains the log files and can audit them if there is any suspicious for an unauthorized or a malicious activity Security Assessment The InterCall VE and Webcast Event security team uses an outside firm specializing in information security to assess its security. A thorough penetration test is executed annually at a minimum. The tests examine the platform infrastructure as well as the application and services and look for vulnerabilities. The results of the penetration tests are reviewed by the Information Security Council and by the IT and R&D departments. Based on the findings and their severity, InterCall VE and Webcast Event plans the fixes project. High severity issues are fixed and deployed as soon as possible Application Security The InterCall VE and Webcast Event platform was designed and developed with security concerns in mind. Authentication, Authorization, User Roles and Permissions have been part of the platform from the first day. Every new feature is checked at requirement and design phases to make sure it doesn t expose new vulnerability or break the defined policy OWASP InterCall VE and Webcast Event developers follow Open Web Application Secure Project recommendations for developing a secured application and avoiding the common security risks as SQL injection, Cross Site Scripting, Cross Site Request Forgery, Insecure direct object reference, URL access etc Development Life Cycle The development of the VE platform follows strict procedures and best practices that assure the product is at the highest level of quality and security Design Every new system, service, or feature is evaluated in the requirements and design phases in terms of information security and privacy. The Chief Information Security Officer reviews every major change in the system Development InterCall VE and Webcast Event developers are trained to develop a secured application using OWASP best practices and using industry tools and standards. In addition to the regular reviews during development, security related feature development is guided and mentored by the CISO Configuration Control The InterCall VE and Webcast Event Development team maintains the source code and the libraries used in development in a source control repository. The access to the repository is granted to developers only. Documentation of the requirements and the technical design are kept in a documentation repository QA Platform updates as well as patches and hot fixes are all deployed and tested thoroughly in a dedicated QA environment. The QA environment simulates the production environment in terms of tiers separations and high availability clusters. The QA environment is located at the development site and doesn t contain customer data Staging INTERCALL.COM

4 When a new software version passes the testing in the QA environment and just before it deployed into the production environment, the software is deployed into a staging environment located at the datacenter. The staging environment has the same security controls and configuration as the production environment and is used to check the software on real data Authentication All the users of the InterCall VE and Webcast Event stakeholders as well as visitors must register and log in before they can access any resource or visit any event in the application. The regular authentication process is based on user name and a password. The default password policy is 8 characters in length, contains upper case and lower case characters and digits. After 5 failed login attempts, the account is locked for two minutes to prevent brute forcing and denial of service. In addition to the user/password authentication, InterCall VE and Webcast Event supports proprietary authentication methods as well as standards based authentication methods such as Facebook Connect and SAML (coming soon) Session Management Every time a user is logged in s/he is assigned a dedicated session. The platform keeps track of the active users and the users always have the option to explicitly logoff the application and end their sessions. The system automatically ends the session and logs off a user that is not active for a configurable time period Authorization The InterCall VE and Webcast Event platform checks and authorizes every incoming request based on the user role and scope, the type of the action and the targeted object. The VE platform has predefine roles and object ownership and the relevant interfaces and services are accessible only to the authorized users. In addition there are different permission per object thus some user may view a specific object while the owner of the object may update or even delete it Edge Authorization The InterCall VE and Webcast Event delivery strategy uses CDN facilities to serve static and dynamic / live streamed content with the smallest latency and unlimited capacity for end users all over the world. The InterCall VE and Webcast Event authentication functions make sure that the CDN servers are authorized for every access to restricted content Access Control The InterCall VE and Webcast Event platform has a built in access control mechanism and customers may define their own fine grain restrictions on top of it Application Access Control Most of the content that is published in a VE can be viewed by every registered user unless configurable access controls are used Only the owner of the content can update the content, publish, hide or delete it Configurable Access Control In addition to the predefined access controls, customers can create their own Access Control Lists by creating groups of objects that can only be accessed by a restricted list of users Registration ACL Customer can allow or prevent the registration of users with specific addresses or domains. Customers can create a list of specific users who can enter an event or restrict the event to users from a specific company. INTERCALL.COM

5 Location ACL In addition to the control at the entrance point, customers can restrict the access to any location (e.g. Booth, Webcast, and Resource Center) and create a list of users which can enter the location and access the data it contains. The user list can be created base on any of the following characteristics of a user: Role, Address/Domain, Registration attributes Verification The customer can require verification of the registrant s address during the registration process. Only after the verification is completed successfully, the registrant may then access the event Audit and Accountability Every administration action is logged in a dedicated log which includes the action, user, time and date and the action parameters. There is an additional log that contains security related actions (login/logout, account and privileges management) Security Assessment The InterCall VE and Webcast Event application is tested annually by an external party. The results are reviewed by the management team. Findings are ordered by their severity and a plan is created to fix the vulnerabilities by their severity SSL and Encryption The InterCall VE and Webcast Event support full encryption of the client server channel. The platform also encrypts passwords in the DB Configurable Security The InterCall VE and Webcast Event security team recommends its customers use the highest level of security. Nevertheless, The InterCall VE and Webcast Event team lets the customers adjust the security configuration to meet their specific security requirements. The customer has the control of the password policy parameters, whether to enable guest account (with restricted permissions), encryption channels and more. 2. High Availability As the leading provider of virtual events and conferences InterCall VE and Webcast Event is committed to deliver it services 24 hours 356 days a year. InterCall VE and Webcast Event uses best tools and practices to make sure that the service won t be interrupted for any reason Redundancy All the servers in the InterCall VE and Webcast Event platform run in clusters. Wherever a server fails the traffic is automatically redirected to another server in the cluster Web Tier The web tier runs on a cluster of IIS servers. In case of a failure in one of the web servers the load balancer disables the routing of requests to that server until it is verified as active again Application Tier The InterCall VE and Webcast Event platform uses Oracle Weblogic to run the application. The Weblogic servers run in a cluster and each web server routes requests to any available INTERCALL.COM

6 application server DB The InterCall VE and Webcast Event platform uses Oracle Enterprise edition in a Real Application Cluster configuration that allows it to run multiple active servers concurrently. In case of a failure in one of the DB servers the application servers are configure to route the queries to the other DB Streaming The InterCall VE and Webcast Event platform operates two separate routes for producing and broadcasting every single webcast. In case of failure with one of the lines the users are automatically redirected to the second line CDN The broadcasting of the live and on demand streaming is via the Akamai CDN. The InterCall VE and Webcast Event platform provides Akamai primary and secondary streams. In case of failure in the primary stream Akamai uses the secondary as the source. Akamai provides the stream to the end users via hundreds of media servers globally which are fully redundant Load Balancers The InterCall VE and Webcast Event platform uses two Radware App Director load balancers to route the traffic to the internal servers. The load balancers are synchronized and run in an active/passive mode where in case of a failure the passive server become active immediately No Single Point of Failure The InterCall VE and Webcast Event platform is fully redundant. Each server is connected to two power adapters and has network connectivity via two network interfaces. Each power adapter is connected to a different power source. Each network interface is connected to a different switch making every server available via two different routes Disaster Recovery The InterCall VE and Webcast Event architectural team will deploy a second datacenter in The second datacenter will extend the current capacity as well as provide failover and backup capabilities. The two datacenters will synchronize their data. Thus, in case of a disaster in one of the datacenters the second datacenter will serve promptly, the users of the datacenter that failed Storage The InterCall VE and Webcast Event platform uses IBM XIV storage. This storage has its own built it redundancy and high availability in terms of disks, controller, network interfaces and power supply Monitoring The InterCall VE and Webcast Event IT team monitors the availability and the performance of the system utilizing various automated tools. The tools monitor and access different components and different layers from the infrastructure level up to the application level. As a global communications technology leader the InterCall VE and Webcast Event architecture incorporates a worldwide monitoring system that measures the application availability from 5 different locations around the world. As part of the online monitoring, when an error occurs or a threshold is being reached an alert is send to the InterCall VE and Webcast Event IT team via and SMS. INTERCALL.COM

7 3. Scalability The world of online meeting and conferencing grows fast. The amount of events and the number of users that attend each event increase every month. The InterCall VE and Webcast Event development team built the platform to support not only today and tomorrow s demands but to be able to quickly scale out and support huge growth Cluster Every tier in the InterCall VE and Webcast Event platform from the web tier to the persistence tier is built of a cluster of servers. Instead of scaling up by upgrading the server hardware, InterCall VE and Webcast Event extends it capacity easily and more cost effectively by adding additional servers to the relevant tier CDN The InterCall VE and Webcast Event platform uses CDN delivery as much as it can, the CDN infrastructure contains thousands of servers all over the world and allows the VE platform unlimited scale in terms of streaming and web content Load Test The InterCall VE and Webcast Event development team continually checks and enhances its capacity and its performance under heavy load by conducting massive load tests. Using Amazon cloud the InterCall VE and Webcast Event team tests its platform with more than 30,000 concurrent users including a short ramp up. InterCall VE and Webcast Event engineers monitor and review the load results and the matrix and measurements that were collected from the VE platform. The load results are scrutinized to make sure the system performance and behavior meet the requirements under load and identify any bottleneck in the hardware, software or the network that compose the VE platform. INTERCALL.COM

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

VMware vcloud Air SOC 1 Control Matrix

VMware vcloud Air SOC 1 Control Matrix VMware vcloud Air SOC 1 Control Objectives/Activities Matrix VMware vcloud Air goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a

More information

Security and Compliance at Mavenlink

Security and Compliance at Mavenlink Security and Compliance at Mavenlink Table of Contents Introduction....3 Application Security....4....4....5 Infrastructure Security....8....8....8....9 Data Security.... 10....10....10 Infrastructure

More information

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Security Practices Freshservice Security Practices Freshservice is online IT service desk software that allows IT teams of organizations to support their users through email, phone, website and mobile.

More information

Data Security and Privacy Principles IBM Cloud Services

Data Security and Privacy Principles IBM Cloud Services Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer

More information

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures RAPID7 INFORMATION SECURITY An Overview of Rapid7 s Internal Security Practices and Procedures 060418 TABLE OF CONTENTS Overview...3 Compliance...4 Organizational...6 Infrastructure & Endpoint Security...8

More information

Twilio cloud communications SECURITY

Twilio cloud communications SECURITY WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and

More information

IBM SmartCloud Notes Security

IBM SmartCloud Notes Security IBM Software White Paper September 2014 IBM SmartCloud Notes Security 2 IBM SmartCloud Notes Security Contents 3 Introduction 3 Service Access 4 People, Processes, and Compliance 5 Service Security IBM

More information

Information Security Policy

Information Security Policy April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING

More information

Cloud Security Whitepaper

Cloud Security Whitepaper Cloud Security Whitepaper Sep, 2018 1. Product Overview 3 2. Personally identifiable information (PII) 3 Using Lookback without saving any PII 3 3. Security and privacy policy 4 4. Personnel security 4

More information

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains

More information

QuickBooks Online Security White Paper July 2017

QuickBooks Online Security White Paper July 2017 QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a

More information

Infrastructure Security Overview

Infrastructure Security Overview White Paper Infrastructure Security Overview Cisco IronPort Cloud Email Security combines best-of-breed technologies to provide the most scalable and sophisticated email protection available today. Based

More information

SECURITY PRACTICES OVERVIEW

SECURITY PRACTICES OVERVIEW SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim

More information

AUTHORITY FOR ELECTRICITY REGULATION

AUTHORITY FOR ELECTRICITY REGULATION SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...

More information

Keys to a more secure data environment

Keys to a more secure data environment Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting

More information

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below

More information

Juniper Vendor Security Requirements

Juniper Vendor Security Requirements Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks

More information

For Australia January 2018

For Australia January 2018 For Australia January 2018 www.sysaid.com SysAid Cloud Architecture Including Security and Disaster Recovery Plan 2 This document covers three aspects of SysAid Cloud: Datacenters Network, Hardware, and

More information

For USA & Europe January 2018

For USA & Europe January 2018 For USA & Europe January 2018 www.sysaid.com SysAid Cloud Architecture Including Security and Disaster Recovery Plan 2 This document covers three aspects of SysAid Cloud: Datacenters Network, Hardware,

More information

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC

More information

Awareness Technologies Systems Security. PHONE: (888)

Awareness Technologies Systems Security.   PHONE: (888) Awareness Technologies Systems Security Physical Facility Specifications At Awareness Technologies, the security of our customers data is paramount. The following information from our provider Amazon Web

More information

Projectplace: A Secure Project Collaboration Solution

Projectplace: A Secure Project Collaboration Solution Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the

More information

Watson Developer Cloud Security Overview

Watson Developer Cloud Security Overview Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for

More information

Solutions Business Manager Web Application Security Assessment

Solutions Business Manager Web Application Security Assessment White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security

More information

Oracle Data Cloud ( ODC ) Inbound Security Policies

Oracle Data Cloud ( ODC ) Inbound Security Policies Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...

More information

SDR Guide to Complete the SDR

SDR Guide to Complete the SDR I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock

More information

WHITE PAPER- Managed Services Security Practices

WHITE PAPER- Managed Services Security Practices WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to

More information

Data Center Operations Guide

Data Center Operations Guide Data Center Operations Guide SM When you utilize Dude Solutions Software as a Service (SaaS) applications, your data is hosted in an independently audited data center certified to meet the highest standards

More information

Layer Security White Paper

Layer Security White Paper Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY

More information

IBM SmartCloud Engage Security

IBM SmartCloud Engage Security White Paper March 2012 IBM SmartCloud Engage Security 2 IBM SmartCloud Engage Security Contents 3 Introduction 3 Security-rich Infrastructure 4 Policy Enforcement Points Provide Application Security 7

More information

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data SECURITY STRATEGY & POLICIES Understanding How Swift Digital Protects Your Data Table of Contents Introduction 1 Security Infrastructure 2 Security Strategy and Policies 2 Operational Security 3 Threat

More information

Hosted Testing and Grading

Hosted Testing and Grading Hosted Testing and Grading Technical White Paper July 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or

More information

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore

More information

Dooblo SurveyToGo: Security Overview

Dooblo SurveyToGo: Security Overview Dooblo SurveyToGo: Security Overview November, 2013 Written by: Dooblo Page 1 of 11 1 Table of Contents 1 INTRODUCTION... 3 1.1 OVERVIEW... 3 1.2 PURPOSE... 3 2 PHYSICAL DATA CENTER SECURITY... 4 2.1 OVERVIEW...

More information

WORKSHARE SECURITY OVERVIEW

WORKSHARE SECURITY OVERVIEW WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625

More information

emarketeer Information Security Policy

emarketeer Information Security Policy emarketeer Information Security Policy Version Date 1.1 2018-05-03 emarketeer Information Security Policy emarketeer AB hereafter called emarketeer is a leading actor within the development of SaaS-service

More information

Security Information & Policies

Security Information & Policies Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER

More information

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures Cisco Meraki Privacy and Security Practices List of Technical and Organizational Measures Introduction Meraki takes a systematic approach to data protection, privacy, and security. We believe a robust

More information

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations EXCERPT NIST Special Publication 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations An Excerpt Listing All: Security Requirement Families & Controls Security

More information

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam Comptia.Certkey.SY0-401.v2014-09-23.by.SANFORD.362q Number: SY0-401 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Exam Code: SY0-401 Exam Name: CompTIA Security+ Certification Exam Exam A QUESTION

More information

Trust Services Principles and Criteria

Trust Services Principles and Criteria Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access

More information

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure

More information

<Document Title> INFORMATION SECURITY POLICY

<Document Title> INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY 2018 DOCUMENT HISTORY DATE STATUS VERSION REASON NAME 24.03.2014 Draft 0.1 First draft Pedro Evaristo 25.03.2014 Draft 0.2 Refinement Pedro Evaristo 26.03.2014

More information

Cyber security tips and self-assessment for business

Cyber security tips and self-assessment for business Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this

More information

Security Architecture

Security Architecture Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to

More information

MEETING ISO STANDARDS

MEETING ISO STANDARDS WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced

More information

epldt Web Builder Security March 2017

epldt Web Builder Security March 2017 epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication

More information

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013 Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security

More information

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security

More information

Cloud FastPath: Highly Secure Data Transfer

Cloud FastPath: Highly Secure Data Transfer Cloud FastPath: Highly Secure Data Transfer Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. Tervela has been creating high performance

More information

CYBERSECURITY RISK LOWERING CHECKLIST

CYBERSECURITY RISK LOWERING CHECKLIST CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they

More information

Introduction to SURE

Introduction to SURE Introduction to SURE Contents 1. Introduction... 3 2. What is SURE?... 4 3. Aim and objectives of SURE... 4 4. Overview of the facility... 4 5. SURE operations and design... 5 5.1 Logging on and authentication...

More information

PCI DSS Compliance. White Paper Parallels Remote Application Server

PCI DSS Compliance. White Paper Parallels Remote Application Server PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3

More information

A company built on security

A company built on security Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for

More information

Cyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No

Cyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No PROPOSAL FORM Cyber Insurance Underwritten by The Hollard Insurance Co. Ltd, an authorised Financial Services Provider www.itoo.co.za @itooexpert ITOO is an Authorised Financial Services Provider. FSP.

More information

KantanMT.com. Security & Infra-Structure Overview

KantanMT.com. Security & Infra-Structure Overview KantanMT.com Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions...

More information

A (sample) computerized system for publishing the daily currency exchange rates

A (sample) computerized system for publishing the daily currency exchange rates A (sample) computerized system for publishing the daily currency exchange rates The Treasury Department has constructed a computerized system that publishes the daily exchange rates of the local currency

More information

Security White Paper. Midaxo Platform Krutarth Vasavada

Security White Paper. Midaxo Platform Krutarth Vasavada Security White Paper Midaxo Platform 2017-12-20 Krutarth Vasavada +358 40 866 8825 security@midaxo.com www.midaxo.com Kumpulantie 3 Helsinki, 00520, Finland Executive Summary Midaxo is committed to maintaining

More information

Afilias DNSSEC Practice Statement (DPS) Version

Afilias DNSSEC Practice Statement (DPS) Version Afilias DNSSEC Practice Statement (DPS) Version 1.07 2018-02-26 Page 1 of 8 1. INTRODUCTION 1.1. Overview This document was created using the template provided under the current practicing documentation.

More information

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision

More information

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds EXECUTIVE BRIEF SHAREBASE BY HYLAND Automate sharing. Empower users. Retain control. With ShareBase by Hyland, empower users with enterprise file sync and share (EFSS) technology and retain control over

More information

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE SECURE AIRBORNE CONNECTIVITY: OVERVIEW Gogo Business Aviation realizes the ever-pressing need to be vigilant in staying ahead of potential

More information

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES 002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission

More information

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017 Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and

More information

WHITEPAPER. Security overview. podio.com

WHITEPAPER. Security overview. podio.com WHITEPAPER Security overview Podio security White Paper 2 Podio, a cloud service brought to you by Citrix, provides a secure collaborative work platform for team and project management. Podio features

More information

Lakeshore Technical College Official Policy

Lakeshore Technical College Official Policy Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director

More information

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045 Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that

More information

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

CTS performs nightly backups of the Church360 production databases and retains these backups for one month. Church360 is a cloud-based application software suite from Concordia Technology Solutions (CTS) that is used by churches of all sizes to manage their membership data, website, and financial information.

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Version 1.0 Release: December 2004 How to Complete the Questionnaire The questionnaire is divided into six sections. Each

More information

Security Principles for Stratos. Part no. 667/UE/31701/004

Security Principles for Stratos. Part no. 667/UE/31701/004 Mobility and Logistics, Traffic Solutions Security Principles for Stratos Part no. THIS DOCUMENT IS ELECTRONICALLY APPROVED AND HELD IN THE SIEMENS DOCUMENT CONTROL TOOL. All PAPER COPIES ARE DEEMED UNCONTROLLED

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

Introduction. The Safe-T Solution

Introduction. The Safe-T Solution Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,

More information

Security Note. BlackBerry Corporate Infrastructure

Security Note. BlackBerry Corporate Infrastructure Security Note BlackBerry Corporate Infrastructure Published: 2017-03-02 SWD-20170302091637541 Contents Introduction... 5 History... 6 BlackBerry policies...7 Security organizations... 8 Cyber Security

More information

IoT & SCADA Cyber Security Services

IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au

More information

HikCentral V.1.1.x for Windows Hardening Guide

HikCentral V.1.1.x for Windows Hardening Guide HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote

More information

FormFire Application and IT Security

FormFire Application and IT Security FormFire Application and IT Security White Paper Last Update: 2015-03- 04 Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 4 Infrastructure and Security Team...

More information

CompTIA CAS-002. CompTIA Advanced Security Practitioner (CASP) Download Full Version :

CompTIA CAS-002. CompTIA Advanced Security Practitioner (CASP) Download Full Version : CompTIA CAS-002 CompTIA Advanced Security Practitioner (CASP) Download Full Version : http://killexams.com/pass4sure/exam-detail/cas-002 QUESTION: 517 A security engineer is a new member to a configuration

More information

Deep Freeze Cloud. Architecture and Security Overview

Deep Freeze Cloud. Architecture and Security Overview Deep Freeze Cloud Architecture and Security Overview 2018 Faronics Corporation or its affiliates. All rights reserved. NOTICE: This document is provided for informational purposes only. It represents Faronics

More information

Cyber Essentials Questionnaire Guidance

Cyber Essentials Questionnaire Guidance Cyber Essentials Questionnaire Guidance Introduction This document has been produced to help companies write a response to each of the questions and therefore provide a good commentary for the controls

More information

Global Platform Hosting Hosting Environment Security White Paper

Global Platform Hosting Hosting Environment Security White Paper Global Platform Hosting Hosting Environment Security White Paper Contents January, 2010 2 Introduction 2 Physical Security 3 Environmental Controls 3 Network Security 4 System Security 5 Remote Management

More information

Sparta Systems TrackWise Digital Solution

Sparta Systems TrackWise Digital Solution Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities

More information

Atmosphere Fax Network Architecture Whitepaper

Atmosphere Fax Network Architecture Whitepaper Atmosphere Fax Network Architecture Whitepaper Contents Introduction... 3 The 99.99% Uptime Fax Network... 4 Reliability and High Availability... 5 Security... 7 Delivery... 9 Network Monitoring... 11

More information

Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017

Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017 Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E87635-01 November 2017 Copyright 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation

More information

MigrationWiz Security Overview

MigrationWiz Security Overview MigrationWiz Security Overview Table of Contents Introduction... 2 Overview... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Data Security and Handling... 4 Database

More information

April Appendix 3. IA System Security. Sida 1 (8)

April Appendix 3. IA System Security. Sida 1 (8) IA System Security Sida 1 (8) Table of Contents 1 Introduction... 3 2 Regulatory documents... 3 3 Organisation... 3 4 Personnel security... 3 5 Asset management... 4 6 Access control... 4 6.1 Within AFA

More information

HikCentral V1.3 for Windows Hardening Guide

HikCentral V1.3 for Windows Hardening Guide HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

The following security and privacy-related audits and certifications are applicable to the Lime Services:

The following security and privacy-related audits and certifications are applicable to the Lime Services: LIME SECURITY, PRIVACY, AND ARCHITECTURE Last Updated: September 26, 2016 FinAccel s Corporate Trust Commitment FinAccel (FinAccel Pte Ltd) is committed to achieving and maintaining the trust of our customers.

More information

Testpassport http://www.testpassport.net Exam : SY0-301 Title : Security+ Certification Exam 2011 version Version : Demo 1 / 5 1.Which of the following is the BEST approach to perform risk mitigation of

More information

ZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.

ZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure. Security In today s world, the requirement to focus on building secure solutions and infrastructure has become an important part of the value that businesses deliver to customers and resellers. This document

More information

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program

More information

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client

More information

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010 Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at

More information

IBM Case Manager on Cloud

IBM Case Manager on Cloud Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients of the

More information