Information Security Guide
|
|
- Madlyn Beatrice Chapman
- 6 years ago
- Views:
Transcription
1 Broadband Kit Information Security Guide Broadband Kit ISO IS
2 Broadband Kit Information Security Guide CONTENTS 1. Introduction Target audience Overview of St. Jude Medical equipment Security Threats Network security Data protection Threat summary Clinical Considerations Physical protection of products and information Technology configurations Contact Us... 5 Broadband Kit Information Security 2
3 Information Security Guide Executive Summary This document provides an overview of Information Security controls implemented by St. Jude Medical to support the connectivity of its remote monitoring system as it communicates with its Merlin.net Patient Care Network (PCN). The St. Jude Medical Global Information Protection Assurance (GIPA) Department is responsible for the release, control and maintenance of this document. St. Jude Medical utilizes a holistic approach to protecting the confidentiality, integrity and availability of health information by addressing the risks to the entire information lifecycle, thereby providing high levels of security and compliance. Merlin.net PCN is the first medical device network to be awarded ISO/IEC 27001:2005 certification, a stringent worldwide information security standard. 1. Introduction The purpose of this document is to describe security controls implemented to address information security risks related to the St. Jude Medical broadband kit, which allows the Merlin@home transmitter to send data securely via a wireless network connection to the Merlin.net PCN. To accomplish this, the broadband kit must securely connect to the local networks. The content of this document describes the breadth and impact of implementing this technology. 1.1 Target audience This document was created for the benefit of IT and security personnel supporting physicians and clinical staff responsible for monitoring St. Jude Medical implanted pacemakers and defibrillators. This document will provide information about security controls relative to the connectivity and network reliability of the Merlin@home transmitter. 1.2 Overview of St. Jude Medical equipment St. Jude Medical is among a number of medical device manufacturers producing implantable pacemakers and defibrillators for cardiac care. These devices are specifically focused toward cardiac rhythm management. The implantable cardiac rhythm management devices from all manufacturers are managed by clinicians and physicians using two types of equipment: the in-clinic programmer and the smaller transmitter that can only interrogate devices. This document focuses on the transmitter. St. Jude Medical Merlin@home Transmitter and Merlin.net PCN St. Jude Medical provides a two-part remote care system: the Merlin@home transmitter collects diagnostics from implanted devices; and, the Merlin.net PCN stores and presents the data to patient care providers. The latter service, Merlin.net PCN, is a Web portal available to authenticated users. The Merlin@home transmitter is intended for the following: Remote daily monitoring Scheduled transmissions of information pertaining to patients disease status and device performance On-demand transmissions of information pertaining to patients disease status and device performance (MerlinOnDemand capability and MerlinOnDemand HF capability) used in a hospital or clinic setting, as opposed to in a patient s home Cellular Adapter With access to landlines diminishing and some patients choosing to forego a home phone in favor of a cellular one, the cellular adapter is increasingly becoming an important portable accessory. It can give both patient and physician the confidence of connectivity whether a landline is available or not. The cellular adapter also delivers superior performance transmitting data digitally rather than over traditional analog landlines. The cellular adapter connects the Merlin@home transmitter to the Merlin.net PCN via cellular networks. The below bulleted points describe the functionality of the cellular adapter: Automatically searches for and connects to the cellular network for use in areas where a landline is either unavailable or inconvenient Does not require any additional hardware and operates on the power supply of the Merlin@home transmitter Transmits data digitally on the 3G and GSM bands of the cellular network for exceptional global coverage and rapid data transfer Broadband Kit The St. Jude Medical broadband kit consists of a wireless router and wireless USB adapter. This kit allows Merlin@home transmitters to send data securely to the Merlin.net PCN from a home, hospital or other local area network connection. Broadband Kit Information Security 3
4 2. Security Threats Evaluated and Solutions Implemented by St. Jude Medical transmitters are used in a variety of environments, including clinic settings, home or office. This section explains mitigating controls implemented by St. Jude Medical to protect patient privacy, device integrity and customer network availability. 2.1 Network security The wireless router provided has been configured to disable all unnecessary services and change any default settings. A firewall has been enabled on the wireless router only to allow ports used for system administration. System administration requires authentication via a username and randomly generated password. The Merlin@home transmitter only establishes a network connection during required data transmissions. This connection is via SSL to the Merlin.net PCN. The Merlin@home transmitter is configured only to allow outbound connections for data transmission. All inbound services are disabled. Once the data transmission is completed, the network connection is terminated and a new connection is established as needed. 2.2 Data protection Patient data transferred over the Internet to the Merlin.net PCN are protected using Transport Layer Security (TLS) encryption of the channel; X509 certificates are unique for each device. Data residing on the Merlin@home transmitter are sent to the Merlin.net PCN. Only St. Jude Medical external media containing the company s signature in the boot record may be used to export the data. All other media are not recognized, and connections are not established for export. 2.3 Threat summary A summary of the threats, vulnerabilities and security measures analyzed and implemented by St. Jude Medical are listed in Table 1. Table 1: Summary of Threats, Vulnerabilities and Security Measures Vulnerability Attack Vector Security Measure Data Protection System Boot System access via a command prompt The maintenance boot is enabled only for St. Jude Medical managed media External Media System Disassembly Network Security Network Access SSL Certificates Patient Information Breach Boot from unknown external media and obtain access to internal storage Obtain access to data by removing it from the Merlin@home transmitter and attaching it to another computer System access via the network connection to obtain a shell prompt, escalation of privileges, or introduction of malware St. Jude Medical network breach using stolen certificates Analysis of network traffic Analysis of media used to export data Merlin@home transmitter will only boot from media that contains the company s signature in the boot record No local storage can be easily removed to access data Only outbound connections are established Outbound connections are closed after transmission No inbound services are enabled Each system has a unique centrally managed certificate Certificates may be revoked in the event of compromise SSL encryption of network traffic Merlin@home transmitter will only export to media that contains the St. Jude Medical signature in the boot record Broadband Kit Information Security 4
5 3. Clinic Considerations 3.1 Physical protection of products and information Protecting St. Jude Medical products and the data stored on them is the shared responsibility of clinics and St. Jude Medical. St. Jude Medical has implemented measures to address securing these systems, but it is up to the clinics using them to make sure they are kept physically safe. 3.2 Technology configurations The St. Jude Medical transmitter requires specific network configurations in order to properly communicate with back-end support infrastructure. This document lists the requirements needed for uninterrupted communication. Please note: Due to variations in customers networked environments, not all configurations will be needed for successful communications. The information provided herein should be used respective to each customer s network infrastructure. Firewall - Any firewall needs to be configured to whitelist (allow) all traffic from St. Jude Medical products outbound to St. Jude Medical external IP address range. St. Jude Medical systems use the following encrypted protocol and port: - TCP port 443 (SSL) St. Jude Medical external destination network: /24 (ARIN reference) Intrusion Detection/Prevention System Any network layer IDS/IPS (intrusion prevention/intrusion detection system) needs to be configured to whitelist all St. Jude Medical products internal IP addresses. Web Proxy Servers Any Web proxy configuration needs to whitelist all St. Jude Medical products internal IP addresses. SSL Proxy Due to tighter security configurations within St. Jude Medical products, SSL proxy servers would need to exempt them from packet inspection. Proxy Firewalls Any proxy firewall would need to allow IP traffic from all St. Jude Medical products internal IP addresses outbound to St. Jude Medical external IP address range. 4. Contact Us For questions regarding Merlin.net PCN or this white paper, please contact: Remote Care Technical Support (US): MyMerlin ( ) MyMerlin@sjm.com Device Monitoring (Non-US): Contact your local representative or (+46) Global Headquarters One St. Jude Medical Drive St. Paul, Minnesota Fax St. Jude Medical Cardiovascular & Ablation Technologies 5050 Nathan Lane North Plymouth, Minnesota Fax St. Jude Medical Implantable Electronic Systems Valley View Court Sylmar, California Fax U.S. Division 6300 Bee Cave Road Bldg. Two, Suite 100 Austin, TX Fax SJM Coordination Center BVBA The Corporate Village Da Vincilaan 11 Box F Zaventem, Belgium Fax St. Jude Medical Brasil Ltda. Rua Itapeva, 538 5º ao 8º andar São Paulo SP Brazil Fax St. Jude Medical (Hong Kong) Ltd. Suite 1608, 16/F Exchange Tower 33 Wang Chiu Road Kowloon Bay, Kowloon Hong Kong SAR Fax St. Jude Medical Australia Pty, Ltd. 17 Orion Road Lane Cove, NSW 2066 Australia Fax SJMprofessional.com Rx Only Brief Summary: Prior to using these devices, please review the Instructions for Use for a complete listing of indications, contraindications, warnings, precautions, potential adverse events and directions for use. Unless otherwise noted, indicates that the name is a trademark of, or licensed to, St. Jude Medical or one of its subsidiaries. ST. JUDE MEDICAL and the nine-squares symbol are trademarks and service marks of St. Jude Medical, Inc. and its related companies St. Jude Medical, Inc. All Rights Reserved. GMCRM1205EN
Confirm Rx Insertable Cardiac Monitor
Confirm Rx Insertable Cardiac Monitor Setup Device View Demo INTRODUCING THE WORLD S FIRST AND ONLY SMARTPHONE COMPATIBLE INSERTABLE CARDIAC MONITOR CONFIRM Rx ICM FROM ST. JUDE MEDICAL For detailed training
More informationSTART HERE. CardioMEMS Patient Electronics System QUICK START GUIDE COMPONENTS: WATCH FIRST: Patient Electronics System Training Video DVD.
START HERE CardioMEMS Patient Electronics System QUICK START GUIDE Pillow Rear Panel Electronics Handheld Unit COMPONENTS: WATCH FIRST: Patient Electronics System Training Video DVD Power Adaptor Telephone
More informationEnSite Precision Cardiac Mapping System
EnSite Precision Cardiac Mapping System EnSite Precision Cardiac Mapping System AUTOMATED. FLEXIBLE. PRECISE. Map the Most Complex Cases 1,2 The EnSite Precision cardiac mapping system answers your need
More informationCONFIRM Rx TM INSERTABLE CARDIAC MONITOR WORLD S FIRST AND ONLY SMARTPHONE-COMPATIBLE ICM CONVENIENT. CONNECTED. CONTINUOUS.
CONFIRM Rx TM INSERTABLE CARDIAC MONITOR WORLD S FIRST AND ONLY SMARTPHONE-COMPATIBLE ICM CONVENIENT. CONNECTED. CONTINUOUS. IDENTIFY DIFFICULT TO DETECT ARRHYTHMIAS, INCLUDING ATRIAL FIBRILLATION Indications:
More informationNetwork and Connectivity
OPERATOR S MANUAL Network and Connectivity Application for use with the LATITUDE Programming System 3924 Network and Connectivity 3300 LATITUDE Programming System TABLE OF CONTENTS INFORMATION FOR USE...
More informationPatient Manual. Confirm Rx Insertable Cardiac Monitor System
Confirm Rx Insertable Cardiac Monitor System Confirm Rx Insertable Cardiac Monitor Model DM3500 mymerlin Mobile Application Models APP1000, APP1001 Patient Manual CAUTION: Federal (USA) law restricts this
More informationOne-screen Follow-up Reference Guide. Merlin.net Patient Care Network (PCN)
One-screen Follow-up Reference Guide Merlin.net Patient Care Network (PCN) One-screen Follow-up One-screen follow-up via the Recent Transmissions screen allows you to: View and print selected transmissions
More informationinstallation and operation guide LATITUDE Link data management system 6215 LATITUDE Link Viewer 6216 LATITUDE Link Import Utility
installation and operation guide LATITUDE Link data management system 6215 LATITUDE Link Viewer 6216 LATITUDE Link Import Utility TABLE OF CONTENTS LATITUDE LINK DATA MANAGEMENT SYSTEM OVERVIEW Intended
More informationNetwork and Connectivity
OPERATOR S MANUAL Network and Connectivity Application 3924 for use with the LATITUDE Programming System, 3300 TABLE OF CONTENTS INFORMATION FOR USE... 1 Trademark Statement... 1 Description and Use...
More informationPatient Data Management
OPERATOR S MANUAL Patient Data Management Application for use with the LATITUDE Programming System Model 3931 Patient Data Management Model 3300 LATITUDE Programming System CAUTION: Federal law (USA) restricts
More informationDocument Number: rev D Intuitive Surgical, Inc. OnSite Overview. for the da Vinci Xi and da Vinci Si Surgical System.
OnSite Overview for the da Vinci Xi and da Vinci Si Surgical System Page 1 Table of Contents 1. OnSite for the da Vinci Xi and Si System Overview... 3 2. Requirements... 5 3. Detailed Hardware, Software
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationPaceart Optima System 1.4 TECHNICAL REQUIREMENTS
Paceart Optima System 1.4 TECHNICAL REQUIREMENTS Paceart System Configuration #1: Distributed Model with HL7 Multiple workstations connecting to a central database Mainspring Data Express installed using
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationTECHNICAL REQUIREMENTS
TECHNICAL REQUIREMENTS Paceart Optima System 1.8 PACEART SYSTEM CONFIGURATION #1: DISTRIBUTED MODEL WITH HL7 Multiple workstations connecting to a central database Mainspring Data Express installed using
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationImportant Medical Device Advisory
Important Medical Device Advisory Battery Performance Alert and Cybersecurity Firmware Updates for Certain ICD & CRT-D Devices April 16, 2018 Dear Doctor, As part of a planned series of system updates
More informationComplete document security
DOCUMENT SECURITY Complete document security Protect your valuable data at every stage of your workflow Toshiba Security Solutions DOCUMENT SECURITY Without a doubt, security is one of the most important
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Hundreds of hospitals, clinics and healthcare networks across the globe prevent successful cyberattacks with our Next-Generation Security Platform. Palo Alto
More informationWHITE PAPER. PCI and PA DSS Compliance with LogRhythm
PCI and PA DSS Compliance with LogRhythm April 2011 PCI and PA DSS Compliance Assurance with LogRhythm The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance
More informationOne Touch W800 Quick Guide
One Touch W800 Quick Guide 0 Contents Safety and use... 2 1. Overview... 4 1.1 Contents inside this package... 4 1.2 Getting to Know Your Modem... 4 1.3 How to start your modem... 5 1.4 LED Indicates...
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationCARELINK NETWORK UPDATES SUMMARY OF ENHANCEMENTS May 2017
CARELINK NETWORK UPDATES SUMMARY OF ENHANCEMENTS May 2017 Quick Look Update for Reveal LINQ ICM Patient Monitoring CareLink Network Experience With feedback from over 200 clinicians worldwide, Medtronic
More informationJudiciary Judicial Information Systems
Audit Report Judiciary Judicial Information Systems August 2016 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning this report
More informationSimplify Your Network Security with All-In-One Unified Threat Management
Singtel Business Product Factsheet Brochure Managed Defense Unified Services Management Simplify Your Network Security with All-In-One Unified Management Singtel Managed Unified Management (UTM) Services,
More informationCoordinated Threat Control
Application Note Coordinated Threat Control Juniper Networks Intrusion Detection and Protection (IDP) and Secure Access SSL VPN Interoperability Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,
More informationInventory and Reporting Security Q&A
Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationRICOH Unified Communication System. Security White Paper (Ver. 3.5) RICOH Co., Ltd.
RICOH Unified Communication System Security White Paper (Ver. 3.5) - UCS terminals P3500, P1000 P3000, S7000 - Apps (for Windows) (for ipad/iphone) (for Mac) (for Android) - UCS for IWB RICOH Co., Ltd.
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationESM Release Notes. ISO standard-based best practice policy for Solaris 2.6, 7, and 8 operating systems
ESM Release Notes ISO 17799 standard-based best practice policy for Solaris 2.6, 7, and 8 operating systems ESM Release Notes -- Solaris 2.6-8 best practice policy The software described in this book is
More informationTraining UNIFIED SECURITY. Signature based packet analysis
Training UNIFIED SECURITY Signature based packet analysis At the core of its scanning technology, Kerio Control integrates a packet analyzer based on Snort. Snort is an open source IDS/IPS system that
More informationCalifornia State Polytechnic University, Pomona. Server and Network Security Standard and Guidelines
California State Polytechnic University, Pomona Server and Network Security Standard and Guidelines Version 1.7 April 4, 2008 Table of Contents OVERVIEW...3 AUDIENCE...3 MINIMUM NETWORK AND SERVER SECURITY
More informationEnSite Precision Cardiac Mapping System v2.0 Addendum to the Instructions for Use (IFU)
EnSite Precision Cardiac Mapping System v2.0 Addendum to the Instructions for Use (IFU) St. Jude Medical One St. Jude Medical Drive St. Paul, MN 55117-9913 USA +1 855 478 5833 +1 651 756 5833 sjm.com St.
More information12. Mobile Devices and the Internet of Things. Blase Ur, May 3 rd, 2017 CMSC / 33210
12. Mobile Devices and the Internet of Things Blase Ur, May 3 rd, 2017 CMSC 23210 / 33210 1 Today s class Security and privacy for: mobile devices the IoT safety-critical devices Discuss midterm 2 Mobile
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationDECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT
DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT SUMMARY Industry Federal Government Use Case Prevent potentially obfuscated successful cyberattacks against federal agencies using
More informationWireless LAN Security (RM12/2002)
Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For
More informationINFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT
INFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT Policy UT Health San Antonio shall adopt and document Standards and Procedures to define and manage a secured operating configuration for all
More informationWhat is an application delivery controller?
What is an application delivery controller? ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery
More informationMedical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.
Medical Devices and Cyber Issues JANUARY 23, 2018 AHA and Cybersecurity Policy Approaches Role of the FDA FDA Guidance and Roles Pre-market Post-market Assistance during attack Recent AHA Recommendations
More informationCloud Computing Lectures. Cloud Security
Cloud Computing Lectures Cloud Security 1/17/2012 Why security is important for cloud computing? Multi Tenancy, that is same infrastructure, platform, Service is shared among vendors. It is accessed over
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationSecurity Logging and Monitoring Standard
Security Logging and Monitoring Standard Version: 1.8 Document ID: 3542 Copyright Notice Copyright 2018, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including
More informationDooblo SurveyToGo: Security Overview
Dooblo SurveyToGo: Security Overview November, 2013 Written by: Dooblo Page 1 of 11 1 Table of Contents 1 INTRODUCTION... 3 1.1 OVERVIEW... 3 1.2 PURPOSE... 3 2 PHYSICAL DATA CENTER SECURITY... 4 2.1 OVERVIEW...
More informationMinimum Security Standards for Networked Devices
University of California, Merced Minimum Security Standards for Networked Devices Responsible Official: Chief Information Officer Responsible Office: Information Technology Issuance Date: Effective Date:
More informationWhite Paper February McAfee Network Protection Solutions. Encrypted Threat Protection Network IPS for SSL Encrypted Traffic.
White Paper February 2005 McAfee Network Protection Solutions Encrypted Threat Protection Network IPS for SSL Encrypted Traffic Network IPS for SSL Encrypted Traffic 2 Introduction SSL Encryption Overview
More informationSECURITY AND DATA REDUNDANCY. A White Paper
SECURITY AND DATA REDUNDANCY A White Paper Security and Data Redundancy Whitepaper 2 At MyCase, Security is Our Top Priority. Here at MyCase, we understand how important it is to keep our customer s data
More informationAwareness Technologies Systems Security. PHONE: (888)
Awareness Technologies Systems Security Physical Facility Specifications At Awareness Technologies, the security of our customers data is paramount. The following information from our provider Amazon Web
More informationAutomate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds
EXECUTIVE BRIEF SHAREBASE BY HYLAND Automate sharing. Empower users. Retain control. With ShareBase by Hyland, empower users with enterprise file sync and share (EFSS) technology and retain control over
More informationRev.1 Solution Brief
FISMA-NIST SP 800-171 Rev.1 Solution Brief New York FISMA Cybersecurity NIST SP 800-171 EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker delivers business critical
More informationJUST WHAT THE DOCTOR ORDERED: A SOLUTION FOR SMARTER THERAPEUTIC DEVICES PLACEHOLDER IMAGE INNOVATORS START HERE.
JUST WHAT THE DOCTOR ORDERED: A SOLUTION FOR SMARTER THERAPEUTIC DEVICES PLACEHOLDER IMAGE INNOVATORS START HERE. EXECUTIVE SUMMARY There s little question that advances in therapeutic technologies have
More informationApril 28, Division of Dockets Management (HFA-305) Food and Drug Administration 5630 Fishers Lane, Room 1061 Rockville, MD 20852
701 Pennsylvania Avenue, NW Suite 800 Washington, D.C. 20004 2654 Tel: 202 783 8700 Fax: 202 783 8750 www.advamed.org Division of Dockets Management (HFA-305) Food and Drug Administration 5630 Fishers
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationTexas Health Resources
Texas Health Resources POLICY NAME: Remote Access Page 1 of 7 1.0 Purpose: To establish security standards for remote electronic Access to Texas Health Information Assets. 2.0 Policy: Remote Access to
More informationADTRAN: Real Solutions. Healthcare
ADTRAN: Real Solutions Healthcare Transforming Healthcare Networks Productivity Meeting the Challenge to Change: Understanding the U.S. HITECH ACT As part of the recently defined United States American
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationAN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers
AN IPSWITCH WHITEPAPER 7 Steps to Compliance with GDPR How the General Data Protection Regulation Applies to External File Transfers Introduction Stolen personal data drives a thriving black market for
More informationPROService REMOTE SERVICE APPLICATION. Frequently asked questions
PROService REMOTE SERVICE APPLICATION Frequently asked questions MORE WAYS TO INCREASE UPTIME AND IMPROVE PRODUCTIVITY GENERAL INFORMATION Q: What is PROService? A: PROService is Beckman Coulter s remote
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationSafeguarding Cardholder Account Data
Safeguarding Cardholder Account Data Attachmate Safeguarding Cardholder Account Data CONTENTS The Twelve PCI Requirements... 1 How Reflection Handles Your Host-Centric Security Issues... 2 The Reflection
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationFirewall Configuration and Management Policy
Firewall Configuration and Management Policy Version Date Change/s Author/s Approver/s 1.0 01/01/2013 Initial written policy. Kyle Johnson Dean of Information Services Executive Director for Compliance
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationBest Practice Guide. Encryption and Secure File Transfer
Best Practice Guide Email Encryption and Secure File Transfer Email Encryption and Secure File Transfer Table of Contents Introduction Encryption Transport Layer Security (TLS) Message Encryption (S/MIME,
More informationProtecting Your Cloud
WHITE PAPER Protecting Your Cloud Maximize security in cloud-based solutions EXECUTIVE SUMMARY With new cloud technologies introduced daily, security remains a key focus. Hackers and phishers capable of
More informationOnline Services Security v2.1
Online Services Security v2.1 Contents 1 Introduction... 2 2... 2 2.1... 2 2.2... 2 2.3... 3 3... 4 3.1... 4 3.2... 5 3.3... 6 4... 7 4.1... 7 4.2... 7 4.3... 7 4.4... 7 4.5... 8 4.6... 8 1 Introduction
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationAccessEnforcer Version 4.0 Features List
AccessEnforcer Version 4.0 Features List AccessEnforcer UTM Firewall is the simple way to secure and manage your small business network. You can choose from six hardware models, each designed to protect
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationCrises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.
Crises Control Cloud Security Principles Transputec provides ICT Services and Solutions to leading organisations around the globe. As a provider of these services for over 30 years, we have the credibility
More informationCTS performs nightly backups of the Church360 production databases and retains these backups for one month.
Church360 is a cloud-based application software suite from Concordia Technology Solutions (CTS) that is used by churches of all sizes to manage their membership data, website, and financial information.
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationConfiguring LATITUDE NXT Wave Communicators. Bottom View
A Closer Look SUMMARY Boston Scientific s LATITUDE NXT Patient Management System enables a clinician to periodically monitor patient and device information remotely via a LATITUDE NXT Wave Communicator
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860/1660/2560/2560G) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content
More informationAdministration of Symantec Cyber Security Services (July 2015) Sample Exam
Administration of Symantec Cyber Security Services (July 2015) Sample Exam Contents SAMPLE QUESTIONS... 1 ANSWERS... 6 Sample Questions 1. Which DeepSight Intelligence Datafeed can be used to create a
More informationDIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018
DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL June 14, 2018 A. Overriding Objective 1.1 This Directive establishes the rules and instructions for Bank Personnel with respect to Information
More informationIntegrated Cloud Environment Security White Paper
Integrated Cloud Environment Security White Paper 2012-2016 Ricoh Americas Corporation R i c o h A m e r i c a s C o r p o r a t i o n R i c o h A m e r i c a s C o r p o r a t i o n It is the reader's
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Port Security Port Security helps to control access to logical and physical ports, protocols, and services. This
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationTechnical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems
Technical Overview of in Windows 7 and Windows Server 2008 R2 Microsoft Windows Family of Operating Systems Published: January 2009 This document supports a preliminary release of a software product that
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationXerox Audio Documents App
Xerox Audio Documents App Additional information, if needed, on one or more lines Month 00, 0000 Information Assurance Disclosure 2018 Xerox Corporation. All rights reserved. Xerox, Xerox,
More informationSpring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention
Spring 2010 CS419 Computer Security Vinod Ganapathy Lecture 14 Chapters 6 and 9 Intrusion Detection and Prevention Firewalls and IPSes effective means of protecting LANs internet connectivity essential
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationCyber Security and Data Protection: Huge Penalties, Nowhere to Hide
Q3 2016 Security Matters Forum Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Alan Calder Founder & Executive Chair IT Governance Ltd July 2016 www.itgovernance.co.uk Introduction
More informationCertification Report
Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation
More informationYOUR APP-BASED DEVICE MANAGEMENT SOLUTION
YOUR APP-BASED DEVICE MANAGEMENT SOLUTION Reveal LINQ Mobile Manager For the Reveal LINQ Insertable Cardiac Monitor ios 1.03.03 & Android 1.05.03 FOLLOW-UP WORKFLOW APP-BASED DEVICE MANAGEMENT A Streamlined
More informationEnforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance
Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance Iliana Peters, JD, LLM, HHS Office for Civil Rights Kevin
More information