Inventory and Reporting Security Q&A
|
|
- Samuel Johnson
- 6 years ago
- Views:
Transcription
1 Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes Cisco network devices and provides various detailed reports on the devices deployed in customer networks. To help ensure customers stay informed about important alerts announced by Cisco, Inventory Reporting, Collection, and Analysis also includes a Product Alerts/Advisory report displaying Cisco alerts that affect devices in customer networks. Inventory Reporting, Collection, and Analysis also allows customers to customize reports displaying only the inventory data that is of most interest and importance and omit the information that is not relevant. Q. What is the Inventory Collection, Reporting, and Analysis deployment model? A. Inventory Reporting, Collection, and Analysis is a system composed of Cisco Network Collector; Transport Gateway; Inventory Reporting, Collection, and Analysis; and the Inventory Reporting, Collection, and Analysis portal. The Cisco Network Collector collects network device inventory and network device configuration data based on product and collection rules from the customer network and uploads the data securely to the Cisco back end (that is, Inventory and Reporting) for analysis and reporting. Cisco Network Collector relies on Transport Gateway, which securely transports customer network data collected by Cisco Network Collector to Inventory and Reporting, which resides in the Cisco back-end system (that is, behind the Cisco firewall). The Inventory Reporting, Collection, and Analysis web portal enables the Inventory Reporting, Collection, and Analysis user to register other users for access to Inventory Reporting, Collection, and Analysis and to securely view reports of a user s network devices and configuration. The Inventory Reporting, Collection, and Analysis web portal is the only mechanism from which a user can generate and view various reports and export the reports to PDF or CSV format. Q. What security policy does Inventory Reporting, Collection, and Analysis address? A. Inventory Reporting, Collection, and Analysis security covers data use and data security measures for customer network data collected by Cisco Network Collector and processed by Inventory Reporting, Collection, and Analysis. Q. What is considered customer network data? A. Customer network data includes network inventory, configuration, syslog, audit, and diagnostic data collected and analyzed by Cisco Service Technology Solutions (STS) tools. Also included within scope is the customer seedfile data identifying customer network hostnames, IP addresses, and device accounts and passwords, which is gathered prior to the collection process Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 7
2 Q. What is Security Alert Manager? A. Security Alert Manager is a web-based threat and vulnerability intelligence service that provides early warning, analysis, decision support, and threat management tools to aid our clients in protecting their electronic infrastructure. It issues alerts that cover the entire threat landscape: security vulnerabilities, malicious codes (worms, viruses, and Trojans), and global security trends. IntelliShield Alert Manager enables you to filter out all of the "noise" and only receive information on technologies that are relevant to your environment. Q. How do I access Security Alert Manager? A. Security Alert Manager can be accessed at Similar to Inventory Reporting, Collection, and Analysis, a username and password pair is required to access Security Alert Manager. Unlike Inventory Reporting, Collection, and Analysis, Security Alert Manager does not depend on the user s Cisco.com ID and requires a user to create username and password pair to log in the IntelliShield portal. Q. Is the connection to the IntelliShield web portal secure? A. Yes. Connection to the Security Alert Manager web portal is over HTTPS to protect the privacy and confidentiality of the reporting data. Q. What are your sources for Security Alert Manager? A. Security Alert Manager obtains alerts from public and private sources, including product vendors, government agencies, security firms, and more. Q. How quickly does Security Alert Manager publish alerts compared to other companies, like antivirus vendors? A. Cisco puts alerts out in as timely a fashion as possible. Our goal is to provide a more complete picture than any single source. Q. Why was Security Alert Manager not the first to come out with information on a threat or vulnerability? A. We cannot be first to publish every alert although we do strive to do so. We firmly believe that our content and our multiple sources, as well as our ongoing analysis, allow us to produce firstclass intelligence in a timely manner. Our multisource approach enables us to validate and verify information before we publish it as intelligence. Data Use Q. How does Cisco use customer network data? A. All customer network raw data collected by Cisco tools for service delivery will be used in the delivery of contracted services as well as for Cisco downstream services and business functions supporting Cisco customers and business. Q. Who at Cisco has access to customer network data? A. Customer network data is available to Cisco internal personnel for use in approved business functions that include but are not limited to product development, product testing, integration testing, HW replacement, and contract renewal. Q. How does Cisco control access to customer network data? A. All data use is controlled via individual user authentication with use limited to the stated business purpose. All use of customer network data for downstream services and businesses must be approved by Cisco STS and Legal Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 7
3 Data Collection Q. Where does the data collection take place? A. All data collection is done on the customer premises by Cisco Network Collector, which is installed on a server inside the customer network. Q. How is security controlled during the collection? A. Since the collection is done inside the customer network, data security from the customer network to Cisco Network Collector is controlled by the customer. Q. Is the customer responsible for the security of the data collected by Cisco Network Collector? A. Yes, until the data reaches Cisco Network Collector, the data security is now shifted to Cisco or the partner during the storage, transmission, and processing of the data. Data Transmission Q. Is the customer data secured when transmitting data from the customer network to Cisco back end? A. Yes. Prior to transmission, customer raw data is packaged and encrypted using the AES-128 encryption algorithm. The encrypted data is also signed using PKI. This extra effort helps ensure a customer cannot view other customers data except his/her own. The encrypted and signed package is then transported via the secured HTTPS to the Cisco back end for service processing. By using HTTPS, the customer data is again encrypted before it reaches the upload server in the Cisco back-end system. Q. What is AES-128 encryption? A. The Advanced Encryption Standard (AES) is adopted as an encryption standard by the U.S. government. This encryption algorithm is fast in both software and hardware, relatively easy to implement, and requires little memory. AES has been deployed on a large scale and offers strong encryption of the data to be transmitted. Q. What is PKI? A. PKI stands for Public Key Infrastructure. It is a system for managing public-key encryption and digital certificates or signature services. By managing keys and certificates through a PKI, an organization establishes and maintains a trustworthy networking environment. A PKI enables the use of encryption and digital signature services across a wide variety of applications. Q. Why is PKI important? A. To protect the security and privacy of customer network data, a digital certificate with digital signature containing: The user's name in the format of a distinguished name. The distinguished name specifies the user's name and any additional attributes required to uniquely identify the user (for example, the distinguished name could contain the user's employee number). A public key of the user. The public key is required so that others can encrypt for the user or verify the user's digital signature. The validity period (or lifetime) of the certificate (a start date and an end date). The specific operations for which the public key is to be used (whether for encrypting data, verifying digital signatures, or both). By using PKI, Cisco provides customer the confidence that the key obtained from the certificate is valid and can be used only in the manner for which it is intended Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 7
4 Q. Why does Cisco use HTTPS to transmit customer network data? A. HTTPS encrypts and decrypts the information between the client and server using SSL. By using SSL, the customer network data is again encrypted, thus adding more security to the data during the transmission. Data Storage Q. After collection, where is the customer network data stored? A. Cisco Network Collector performs data collection on the customer premises only. Cisco Network Collector may reside on Cisco and partner laptops and notebooks or on dedicated collector servers at the customer premises. In order to protect against inappropriate access or use of the collector technology, Cisco Network Collector and the server it runs on are protected via security mechanisms including but not limited to the following: Passwords are kept in encoded state in the db to minimize vulnerability. Cisco Network Collector services are performed via unprivileged user accounts (no read/write access to the db). Cisco Network Collector technology is access-restricted via CLI and/or web interfaces. Q. After the customer network data is transmitted to Cisco back-end system, where is it stored? A. When the customer network data reaches the Cisco back end, it is stored in an upload server. The data will be automatically purged three weeks after it is uploaded. Q. When does Inventory Collection, Reporting, and Analysis retrieve the data from the upload server? A. Inventory Reporting, Collection, and Analysis polls the upload server every minute to identify and pull over the newly collected data. Q. How secure is the upload server? A. There is strict access control to the upload server. The only persons who can log in to the upload servers are within Cisco (limited to a few user IDs who provide support from STS/IT). Servers are also monitored by Infosec/IT for inappropriate activity (since they're within Cisco DMZ) and do have firewall protection to help ensure no new ports are opened up on the server. Q. Is the customer network data on the Inventory Reporting, Collection, and Analysis server encrypted? A. Data stored on Inventory Reporting, Collection, and Analysis server is not encrypted. However, Cisco complies with stringent requirements and internal policies for data protection of all internal Cisco servers. Inventory Reporting, Collection, and Analysis will validate the signature on the encrypted data before starting the decryption. If Inventory Reporting, Collection, and Analysis detects any discrepancy with the signature, it will not decrypt the data and notify the user about the problem. The user then has an option to reupload the data or investigate the root cause of the problem Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 7
5 Data Access Q. What is Cisco s policy to protect the security and privacy of customer network data? A. Cisco is committed to protecting the privacy and confidentiality of the customer data we store. To help ensure this the following steps are taken: The Inventory Reporting, Collection, and Analysis application that processes customer data is located behind the Cisco firewalls and on a secure switched segment of the network. The data that resides on these production machines is managed and controlled by Cisco IT. The installation process for all Cisco IT machines follows a rigorous standard of security. This includes the installation of titan scripts to harden these machines. The machines are kept in a lock-and-key facility where access is restricted to Cisco IT administrators only. These machines are distributed in numerous geographical locations. The data is backed up daily. The uploaded customer network information is uncompressed and decrypted only on Cisco production machines inside the Cisco firewalls. Additional steps are taken to help ensure the signature on the encrypted data matches with the signature maintained in Inventory Reporting, Collection, and Analysis for the entitled company. If Inventory Reporting, Collection, and Analysis detects any change or mismatch of the signature, it will not decrypt the data. Moreover, Cisco intrusion detection systems are deployed throughout the corporate network and the restricted network on which the back-end data is stored. Q. Who has access to the raw customer network data? A. The Inventory Reporting, Collection, and Analysis server automates many tasks to process customer network data. If needed, only authorized staff is allowed to access the data. Moreover, all Cisco employees are required to protect and preserve the privacy of customer network data. Reports Q. How do customers access their data reports? A. After Inventory Collection, Reporting, and Analysis processes the customer network data, users can access the Inventory Reporting, Collection, and Analysis web portal to generate reports. The web portal provides a secure interface that lets users select a variety of reports in several different format types. Reports can also be exported to CSV or PDF format. Q. Who has access to customer network data? A. To access the Inventory Reporting, Collection, and Analysis portal, a user must have been registered for the data of the entitled company whose data reports the user wishes to access. Q. Can a registered user access reports of another user s network data? A. No, each user has a profile created in Inventory Reporting, Collection, and Analysis, and the profile dictates the entitled company for which the user can gain access. Furthermore, in order to register with Inventory Reporting, Collection, and Analysis, the user must have a valid Cisco.com ID, which is mapped to the entitled company of the user Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 7
6 Q. Is the connection to the Inventory Reporting, Collection, and Analysis web portal secure? A. Connection to the Inventory Reporting, Collection, and Analysis web portal is over HTTPS to protect the privacy and confidentiality of the reporting data. Q. Are the reports kept on the Inventory Reporting, Collection, and Analysis server? A. No, the Inventory Reporting, Collection, and Analysis reports are generated dynamically and are not kept on the Inventory Reporting, Collection, and Analysis servers. Data Management Q. How often does Cisco back up the customer network data? A. Cisco supports regular daily backups for raw customer data stored on the Inventory Reporting, Collection, and Analysis server residing inside the Cisco firewall. First, the data is backed up to a second disk. Periodically, the data on the second disk is stored on backup media and shipped to a third-party security vendor for storage in compliance with government regulatory standards. Q. Does Inventory Reporting, Collection, and Analysis back up the raw data stored on the Cisco Network Collector server? A. No. Raw customer data stored on local collection Cisco laptops/notebooks residing in the customer facility is not backed up. Q. How long does the upload server keep the uploaded customer network data? A. The data residing in the upload server will be purged after three weeks, starting from the time it was uploaded to the Cisco back-end system. A nightly job is run by Cisco IT to detect and purge data that resides in the upload servers for three weeks or longer. Q. How long does the Inventory Reporting, Collection, and Analysis server retain the processed customer network data? A. At the present time there is no policy in place to purge this data with any regularity. However, this data can be purged manually if the customer requests Cisco to delete the data. Customer data is stored on the Inventory Reporting, Collection, and Analysis server inside the Cisco firewall. Q. Is the customer network data covered under the Cisco disaster recovery policy? A. Yes. Cisco supports an enterprisewide disaster recovery plan for all data stored and managed inside the Cisco firewall. Inventory Reporting, Collection, and Analysis subscribes to Cisco disaster recovery and business continuity info/guidelines Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 7
7 Printed in USA C / Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 7
Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds
EXECUTIVE BRIEF SHAREBASE BY HYLAND Automate sharing. Empower users. Retain control. With ShareBase by Hyland, empower users with enterprise file sync and share (EFSS) technology and retain control over
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationCloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017
Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationSmart Net Total Care SNTC Deployment, Demo and Features. Hernani Crespi Technical Engagement Manager Oct 2014
Smart Net Total Care SNTC Deployment, Demo and Features Hernani Crespi Technical Engagement Manager Oct 2014 Customer Challenges Smart Net Total Care Service Smart Net Total Care Overview How It Works
More informationIBM SmartCloud Notes Security
IBM Software White Paper September 2014 IBM SmartCloud Notes Security 2 IBM SmartCloud Notes Security Contents 3 Introduction 3 Service Access 4 People, Processes, and Compliance 5 Service Security IBM
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationIBM SmartCloud Engage Security
White Paper March 2012 IBM SmartCloud Engage Security 2 IBM SmartCloud Engage Security Contents 3 Introduction 3 Security-rich Infrastructure 4 Policy Enforcement Points Provide Application Security 7
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationWHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution
WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. We have been
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationUnleash the Power of Secure, Real-Time Collaboration
White Paper Unleash the Power of Secure, Real-Time Collaboration This paper includes security information for Cisco WebEx Meeting Center, Cisco WebEx Training Center, Cisco WebEx Support Center and Cisco
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationRADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE
ADIAN6 SECUITY, PIVACY, AND ACHITECTUE Last Updated: May 6, 2016 Salesforce s Corporate Trust Commitment Salesforce is committed to achieving and maintaining the trust of our customers. Integral to this
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationAUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE
AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated
More informationHIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationHybrid Data Security Overview
From day one, data security has been the primary focus in designing Cisco Webex Teams. The cornerstone of this security is end-to-end content encryption, enabled by Webex Teams clients interacting with
More informationUniversity of Colorado
University of Colorado Information Technology Services 2007 CU-Boulder Restricted Data System Security Requirements Table of Contents 1 GE ERAL COMPLIA CE... 1 2 ETWORK SECURITY... 1 3 PROTECT STORED DATA...
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationCONNX SECURITY OVERVIEW
CONNX SECURITY OVERVIEW ConnX is a web-based application which can be installed in a variety of technical environments. This purpose of this document is to advise you on the security aspects that are provided
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationPCI Compliance Assessment Module with Inspector
Quick Start Guide PCI Compliance Assessment Module with Inspector Instructions to Perform a PCI Compliance Assessment Performing a PCI Compliance Assessment (with Inspector) 2 PCI Compliance Assessment
More informationSecurity and Certificates
Encryption, page 1 Voice and Video Encryption, page 6 Federal Information Processing Standards, page 6 Certificate Validation, page 6 Required Certificates for On-Premises Servers, page 7 Certificate Requirements
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationIBM Security Intelligence on Cloud
Service Description IBM Security Intelligence on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationCloud-Based Data Security
White Paper Cloud-Based Data Security SaaS-built Galileo collects and analyzes customized performance data efficiently, on-demand, via a secure Internet connection. About Galileo Created by the ATS Group,
More informationPillar 4: Be Accountable: Implement your Privacy & Data Protection (PDP) Measures Legal Basis: Sec. 20.a-e, 22 and 24 of the DPA, Sections of
Pillar 4: Be Accountable: Implement your Privacy & Data Protection (PDP) Measures Legal Basis: Sec. 20.a-e, 22 and 24 of the DPA, Sections 25-29 of the IRR, Circular 16-01 DICT Circular 2017-002 RA 10173,
More informationISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo
ISC2 Exam Questions CISSP Certified Information Systems Security Professional (CISSP) Version:Demo 1. How can a forensic specialist exclude from examination a large percentage of operating system files
More informationIBM Case Manager on Cloud
Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients of the
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationData Protection Policy
Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,
More informationData Center Operations Guide
Data Center Operations Guide SM When you utilize Dude Solutions Software as a Service (SaaS) applications, your data is hosted in an independently audited data center certified to meet the highest standards
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationSAS SOLUTIONS ONDEMAND
DECEMBER 4, 2013 Gary T. Ciampa SAS Solutions OnDemand Advanced Analytics Lab Birmingham Users Group, 2013 OVERVIEW SAS Solutions OnDemand Started in 2000 SAS Advanced Analytics Lab (AAL) Created in 2007
More informationMYOB Advanced SaaS. Why choose MYOB Advanced? Fact Sheet. What is MYOB Advanced SaaS?
Fact Sheet MYOB Advanced SaaS Why choose MYOB Advanced? When you re considering a cloud-based ERP system for your business, you can be overwhelmed with the copious amount of options. Before selecting the
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationPoint ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core Version 1.02 POINT TRANSACTION SYSTEMS AB Box 92031,
More informationBest Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter
White Paper Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter Overcoming Security, Privacy & Compliance Concerns 333 W. San Carlos Street San Jose, CA 95110 Table of Contents
More informationSecurity and Compliance at Mavenlink
Security and Compliance at Mavenlink Table of Contents Introduction....3 Application Security....4....4....5 Infrastructure Security....8....8....8....9 Data Security.... 10....10....10 Infrastructure
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationReady Theatre Systems RTS POS
Ready Theatre Systems RTS POS PCI PA-DSS Implementation Guide Revision: 2.0 September, 2010 Ready Theatre Systems, LLC - www.rts-solutions.com Table of Contents: Introduction to PCI PA DSS Compliance 2
More informationTRACKVIA SECURITY OVERVIEW
TRACKVIA SECURITY OVERVIEW TrackVia s customers rely on our service for many mission-critical applications, as well as for applications that have various compliance and regulatory obligations. At all times
More informationAuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives
AuthAnvil for Retail IT Exploring how AuthAnvil helps to reach compliance objectives AuthAnvil for Retail IT Exploring how AuthAnvil helps to reach compliance objectives As companies extend their online
More informationSAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2
APPENDIX 2 SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION This document contains product information for the Safecom SecureWeb Custom service. If you require more detailed technical information,
More informationWHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group
WHITE PAPER: BEST PRACTICES Sizing and Scalability Recommendations for Symantec Rev 2.2 Symantec Enterprise Security Solutions Group White Paper: Symantec Best Practices Contents Introduction... 4 The
More informationOverview Brosix stringent corporate security requirements.
Brosix Security Data security is a high priority at Brosix, enabling us to con nue achieving the goal of providing efficient and secure online real me communica on services. Table of Contents Overview
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationFive Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer
Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer INTRODUCTION Meeting HIPAA and HITECH security and compliance requirements is a formidable challenge.
More informationHIPAA Technical Safeguards and (a)(7)(ii) Administrative Safeguards
HIPAA Compliance HIPAA and 164.308(a)(7)(ii) Administrative Safeguards FileGenius is compliant with all of the below. First, our data center locations (DataPipe) are fully HIPAA compliant, in the context
More informationOUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE
CONTENTS 1 ABOUT THIS PART... 2 2 GENERAL... 2 3 CLOUD INFRASTRUCTURE (FORMERLY UTILITY HOSTING)... 2 4 TAILORED INFRASTRUCTURE (FORMERLY DEDICATED HOSTING)... 3 5 COMPUTE... 3 6 BACKUP & RECOVERY... 8
More informationefolder White Paper: HIPAA Compliance
efolder White Paper: HIPAA Compliance November 2015 Copyright 2015, efolder, Inc. Abstract This paper outlines how companies can use certain efolder services to facilitate HIPAA and HITECH compliance within
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationCloud FastPath: Highly Secure Data Transfer
Cloud FastPath: Highly Secure Data Transfer Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. Tervela has been creating high performance
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationThe simplified guide to. HIPAA compliance
The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act
More informationEllipse Support. Contents
Ellipse Support Ellipse Support Contents Ellipse Support 2 Commercial In Confidence 3 Preface 4 Mission 5 Scope 5 Introduction 6 What do you need to know about tuning and configuration? 6 How does a customer
More informationNetwork Performance, Security and Reliability Assessment
Network Performance, Security and Reliability Assessment Presented to: CLIENT NAME OMITTED Drafted by: Verteks Consulting, Inc. 2102 SW 20 th Place, Suite 602 Ocala, Fl 34474 352-401-0909 ASSESSMENT SCORECARD
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationManaging Certificates
CHAPTER 12 The Cisco Identity Services Engine (Cisco ISE) relies on public key infrastructure (PKI) to provide secure communication for the following: Client and server authentication for Transport Layer
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationWhat can the OnBase Cloud do for you? lbmctech.com
What can the OnBase Cloud do for you? lbmctech.com The OnBase Cloud by Hyland When it comes to cloud deployments, experience matters. With experience comes more functionality, long tracks of outstanding
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationCloud Security Whitepaper
Cloud Security Whitepaper Sep, 2018 1. Product Overview 3 2. Personally identifiable information (PII) 3 Using Lookback without saving any PII 3 3. Security and privacy policy 4 4. Personnel security 4
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationInterCall Virtual Environments and Webcasting
InterCall Virtual Environments and Webcasting Security, High Availability and Scalability Overview 1. Security 1.1. Policy and Procedures The InterCall VE ( Virtual Environments ) and Webcast Event IT
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationAppPulse Point of Presence (POP)
AppPulse Point of Presence Micro Focus AppPulse POP service is a remotely delivered solution that provides a managed environment of Application Performance Management. AppPulse POP service supplies real-time
More informationPCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity
Kaspersky Enterprise Cybersecurity Kaspersky Endpoint Security v3.2 Mapping 3.2 regulates many technical security requirements and settings for systems operating with credit card data. Sub-points 1.4,
More informationState of Colorado Cyber Security Policies
TITLE: State of Colorado Cyber Security Policies Access Control Policy Overview This policy document is part of the State of Colorado Cyber Security Policies, created to support the State of Colorado Chief
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.
Security In today s world, the requirement to focus on building secure solutions and infrastructure has become an important part of the value that businesses deliver to customers and resellers. This document
More informationThe following security and privacy-related audits and certifications are applicable to the Lime Services:
LIME SECURITY, PRIVACY, AND ARCHITECTURE Last Updated: September 26, 2016 FinAccel s Corporate Trust Commitment FinAccel (FinAccel Pte Ltd) is committed to achieving and maintaining the trust of our customers.
More informationRMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS
RMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS RMS REPORT PAGE 1 Confidentiality Notice Recipients of this documentation and materials contained herein are subject to the restrictions
More informationData Classification, Security, and Privacy
Data Classification, Security, and Privacy Jennifer Bayuk Securities Industry and Financial Markets Association Internal Audit Division October, 2007 Overview of Information Classification Logical Relationship
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationCommon Services Platform Collector Overview
Common Services Platform Collector Overview Highlights CSP-C can run on Windows or Linux The three main tasks of the CSP-C are network discovery, data collection and data upload Security is of utmost importance
More informationGateHouse Logistics. GateHouse Logistics A/S Security Statement. Document Data. Release date: 7 August Number of pages: Version: 3.
Document Data Release date: Number of pages: Version: 7 August 2018 11 3.1 Version: 3.1 I Page 1/11 Table of Contents 1 Policies and Procedures... 4 1.1 Information Security Management... 4 1.2 Human Resources
More informationIPM Secure Hardening Guidelines
IPM Secure Hardening Guidelines Introduction Due to rapidly increasing Cyber Threats and cyber warfare on Industrial Control System Devices and applications, Eaton recommends following best practices for
More informationSafeguarding Cardholder Account Data
Safeguarding Cardholder Account Data Attachmate Safeguarding Cardholder Account Data CONTENTS The Twelve PCI Requirements... 1 How Reflection Handles Your Host-Centric Security Issues... 2 The Reflection
More information