ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER
|
|
- Constance Joseph
- 5 years ago
- Views:
Transcription
1 ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER IT Audit, Information Security & Risk Insight Africa 2014 Johnson Falana CISA,MIT,CEH,Cobit5
2 Overview Information technology (IT) processing facilities, usually referred to as data centers, are at the core of most modern organizations' operations, supporting almost all critical business activities. Ideally, data centers should be embedded with the following before a reliable business continuity could be achieved: Physical access control infrastructure Environmental controls Power and network connectivity Fire suppression systems Alarm systems
3 Outline Background Data Center & New Definition Need for Business Continuity Major Data Center Threats Auditor s Roles Data Center Auditing Essentials
4 Background Ever since the first general purpose electronic computer (the Electronic Numerical Integrator and Computer, or ENIAC) was created in 1946, computer systems have had specific environmental, power, and physical security requirements. Beginning in the late 1950s, as mainframe computers became more widely available, data centers were created for the express purpose of meeting these requirements. Now, most organizations have their own data centers or co-locate their systems in a shared facility. Mainframe computer - IBM 4
5 Data Center new A Data Center is where the necessary infrastructure such as computer hardware, security measures, temperature & humidity control and support engineers must all be in place before the servers and their connectivity can be made available for company use.? old A data center is a facility that is designed to house an organization s critical systems, which comprise computer hardware, operating systems, and applications. Difference Dedicated data center must be reliable providing uptime in excess of % 2012 Skybox Security 5
6 Data Center More correct new A Data Center is where the necessary infrastructure such as computer hardware, security measures, temperature & humidity control and support engineers must all be in place before the servers and their connectivity can be made available for company use. CONTROL old A data center is a facility that is designed to house an organization s critical systems, which comprise computer hardware, operating systems, and applications. correct Difference It has been estimated that there are approximately 75,000 major data centres in the United States alone, housing corporate, governmental and military operations; globally, the number of data centres likely extends into the hundreds of thousands 6
7 Need for Business Continuity Data centres have evolved into mission-critical facilities requiring business continuity on a basis. There was a time when temporary business interruptions were a minor and relatively inexpensive inconvenience to the operation of IT and telecommunication facilities. However, with modern society s reliance on the interconnected global IT infrastructure for much of what we consider everyday life, the loss of IT/telecommunications service can have a dramatic effect that extends well beyond the affected business, negatively impacting clients, suppliers, whole industries, and society at large. Modern data centres and telecommunications facilities house a vast array of expensive and sensitive electronic devices connected together and configured to analyze, collect, distribute, manage and store information. They are vital to business continuity and their protection needs careful thought.
8 Major Data Center Threats Natural such as weather events, flooding, earthquakes, and fire Manmade such as terrorist incidents, riots, theft, and sabotage, Threats Environmental hazards such as extreme temperatures and humidity Loss of utilities such as electrical power and telecommunications A threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm. It can be intentional or accidental.. 8
9 Data Center Fire
10 Auditor s Roles Disaster Preparedness The auditor's job is to identify and measure physical and administrative controls at the facility that mitigate the risk of data-processing disruptions, including the following: System resiliency Data backup and restore Disaster recovery planning
11 Data Center Auditing Essentials Test steps for auditing data centers. The following areas should be addressed during the data center audit: Neighborhood and external risk factors Physical access controls Environmental controls Power and electricity Fire suppression Data center operations System resiliency Data backup and restore Disaster recovery planning
12 Detailed steps 1. Review Data Center Exterior Lighting, Building Orientation, Signage, Fences, and Neighborhood Characteristics to Identify Facility Related Risks. 2. Research the Data Center Location for Environmental Hazards and to Determine the Distance to Emergency Services. 3. Review Data Center Doors and Walls to Determine Whether They Protect the Facilities Adequately. 4. Evaluate Physical Authentication Devices to Determine Whether They are Appropriate and are Working Properly. 5. Ensure that Physical Access Control Procedures are Comprehensive and Being Followed by Data Center and Security Staff.
13 Detailed steps 6. Ensure that Burglar Alarms and Surveillance Systems are Protecting the Data Center from Physical Intrusion. 7. Review Security Guard Building Round Logs and Other Documentation to Evaluate the Effectiveness of the Security Personnel Function. 8. Verify that HVAC Systems Maintain Constant Temperatures within the Data Center. 9. Ensure that a Water Alarm System is Configured to Detect Water in High- Risk Areas of the Data Center. 10. Determine Whether the Data Center Has Redundant Power Feeds.
14 Detailed steps 11. Verify that Ground-to-Earth Exists to Protect Computer Systems. 12. Ensure that Power is Conditioned to Prevent Data Loss. 13. Verify that Battery Backup Systems are Providing Continuous Power During Momentary Black-Outs and Brown-Outs. 14. Ensure that Generators Protect Against Prolonged Power Loss and are in Good Working Condition. 15. Ensure that Data Center Building Construction Incorporates Appropriate Fire Suppression Features.
15 Detailed steps 16. Ensure that Data Center Personnel are Trained Properly to Perform Their Job Functions. 17. Ensure that Data Center Capacity is Planned to Avoid Unnecessary Outages. 18. Verify that Procedures are Present to Ensure Secure Storage and Disposal of Electronic Media 19. Verify that Systems Can Be Restored from Backup Media 20. Ensure that Backup Media Can Be Retrieved Promptly from Off-Site Storage Facilities. 21. Ensure that a Disaster Recovery Plan (DRP) Exists and is Comprehensive and that Key Employees are Aware of Their Roles in the Event of a Disaster.
16 Thank You
17 Questions?
Information Technology Disaster Recovery Planning Audit Redacted Public Report
1200, Scotia Place, Tower 1 10060 Jasper Avenue Edmonton, Alberta T5J 3R8 edmonton.ca/auditor Information Technology Disaster Recovery Planning Audit Redacted Public Report June 12, 2018 City of Edmonton
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationU.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)
U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) Security Risk Assessment Tool Physical Safeguards Content Version Date:
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More information3.3 Understanding Disk Fault Tolerance Windows May 15th, 2007
3.3 Understanding Disk Fault Tolerance Windows May 15th, 2007 Fault tolerance refers to the capability of a computer or network to continue to function when some component fails. Disk fault tolerance refers
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationBusiness Continuity: How to Keep City Departments in Business after a Disaster
Business Continuity: How to Keep City Departments in Business after a Disaster Shannon Spence, PE Red Oak Consulting, an ARCADIS group Agenda Security, Resilience and All Hazards The Hazards Cycle and
More informationIT Service Delivery And Support Week Eight - Data Center
IT Service Delivery And Support Week Eight - Data Center IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Data Center 101 Facility-Based Controls Physical security HVAC Fire Suppression
More informationHIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationEPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS
EPRO Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS The Role of Systems Engineering in Addressing Black Sky Hazards
More informationPhysical and Environmental Security Policy Document Number: OIL-IS-POL-PES
Physical and Environmental Security Policy Document Number: OIL-IS-POL-PES Document Details Title Description Version 1.0 Author Classification Physical and Environmental Security Policy Physical and Environmental
More informationContinuity of Business
White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be
More informationIn this unit we are going to review a set of computer protection measures also known as countermeasures.
1 In this unit we are going to review a set of computer protection measures also known as countermeasures. A countermeasure can be defined as an action, device, procedure, or technique that reduces a threat,
More informationApplications/Data To Include in Survey (include applications that meet one or more of the following criteria)
Objective of Survey The purpose of this survey is to identify and understand 1) the nature of critical and sensitive campus-wide applications and/or data, 2) where the data is located, 3) how the data
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationPhysical and Environmental Security Standards
Physical and Environmental Security Standards Table of Contents 1. SECURE AREAS... 2 1.1 PHYSICAL SECURITY PERIMETER... 2 1.2 PHYSICAL ENTRY CONTROLS... 3 1.3 SECURING OFFICES, ROOMS AND FACILITIES...
More informationManagement Information Systems. B15. Managing Information Resources and IT Security
Management Information Systems Management Information Systems B15. Managing Information Resources and IT Security Code: 166137-01+02 Course: Management Information Systems Period: Spring 2013 Professor:
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationSTRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government
ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents
More informationMemorandum APPENDIX 2. April 3, Audit Committee
APPENDI 2 Information & Technology Dave Wallace, Chief Information Officer Metro Hall 55 John Street 15th Floor Toronto, Ontario M5V 3C6 Memorandum Tel: 416 392-8421 Fax: 416 696-4244 dwwallace@toronto.ca
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationBusiness Continuity Planning Keeping Pace with New Technology
Business Continuity Planning Keeping Pace with New Technology Old issues, new threats Force Majeure Increasing severe weather incidents, terrorist attacks Legacy modernization Cutover issues, system crashes,
More informationLeveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009
Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009
More informationBusiness Continuity Management Program Overview
Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this
More informationRFP Annex A Terms of Reference UNHCR HQ Data Centre Colocation Service
RFP 2017 845 Annex A Terms of Reference UNHCR HQ Data Centre Colocation Service Version 1 Contents Project objectives... 1 Background... 1 Scope... 1 Timeframe and Cost... 4 Stakeholders, roles and responsibilities...
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationStandard: Data Center Security
Standard: Data Center Security Page 1 Executive Summary The university data centers provide for the reliable operation of SJSU s computing systems, computing infrastructure, and communication systems.
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationAudit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015
Audit & Advisory Services IT Disaster Recovery Audit 2015 Report Date January 28, 2015 Audit & Advisory Services Mission and Function The JCCC Audit & Advisory Services department provides an independent
More informationPresented by Joe Burns Kentucky Rural Water Association July 19, 2005
Infrastructure Security for Public Water and Wastewater Utilities Presented by Joe Burns Kentucky Rural Water Association July 19, 2005 Public Health Security and Bioterrorism Preparedness and Response
More informationPhysical Security. Introduction. Brian LeBlanc
Physical Security Introduction 1 Physical Security Provides for the protection of property, personnel, facilities, and material against unauthorized entry, trespass, damage, sabotage, theft, or other criminal
More informationTUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY
JUNE 2017 TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the Tufts Health Plan Corporate
More informationA Practical Guide to Avoiding Disasters in Mission-Critical Facilities. What is a Disaster? Associated Business Issues.
A Practical Guide to Avoiding Disasters in Mission-Critical Facilities Todd Bermont What is a Disaster? An event that can unexpectedly impact the continuity of your business Anything that injures or has
More informationHazard Management Cayman Islands
Hazard Management Cayman Islands Strategic Plan 2012 2016 Executive Summary HMCI strategic plan outlines the agency s outlook in the next five years and illustrates the main strategies as goals that will
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationInformation Services IT Security Policies L. Network Management
Information Services IT Security Policies L. Network Management Version 1.1 Last updated: 11th August 2010 Approved by Directorate: 2nd July 2009 Review date: 1st August 2011 Primary owner of security
More informationDisaster Recovery Committee. Learning Resource Center Specialist
This document is intended to provide operational procedures and serve as a reference for the Key Information Technology Personnel at Community Higher Ed Disaster Recovery Community Higher Ed Disaster Recovery
More informationSecurity Guideline for the Electricity Sector: Business Processes and Operations Continuity
Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability
More informationL E C T U R E N O T E S : C O N T R O L T Y P E S A N D R I S K C A L C U L A T I O N
L E C T U R E N O T E S : C O N T R O L T Y P E S A N D R I S K C A L C U L A T I O N Revision Date: 7/31/2014 Time: 1 hour OBJECTIVES The following objectives are covered in this Lecture Note. These objectives
More informationCommunity-Based Water Resiliency
Community-Based Water Resiliency Helping Water Utilities Build Stronger Communities Presentation to the Mid-Atlantic APWA Chapter Conference Virginia Beach, VA May 10, 2013 What is Community-Based Water
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationPrinciples of Information Security, Fourth Edition. Chapter 1 Introduction to Information Security
Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Introduction Information security: a well-informed sense of assurance that the information risks and controls
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationINFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK
INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended
More informationIT your way - Hybrid IT FAQs
Hybrid IT IT your way - Hybrid IT FAQs Create a strategy that integrates in-house and outsourced IT services to meet ever-changing business requirements. Combine on-premise and off premise solutions Mix
More informationAljex Software, Inc. Business Continuity & Disaster Recovery Plan. Last Updated: 1/30/2017.
Aljex Software, Inc. Business Continuity & Disaster Recovery Plan Last Updated: 1/30/2017 Table of Contents Introduction... 3 Business Continuity... 3 Employee Structure... 3 On-Site Disruption Procedures...
More informationThe J100 RAMCAP Method
The J100 RAMCAP Method 2012 ORWARN Conference Kevin M. Morley, PhD Security & Preparedness Program Manager AWWA--Washington, DC Water is Key to Daily Life Potable drinking water Sanitation Public Health
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationCTS performs nightly backups of the Church360 production databases and retains these backups for one month.
Church360 is a cloud-based application software suite from Concordia Technology Solutions (CTS) that is used by churches of all sizes to manage their membership data, website, and financial information.
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationNERCPI Regional Cyber Disruption Planning.
NERCPI Regional Cyber Disruption Planning www.newenglandrcpi.org Cyber Disruption Planning Catastrophic cyber planning is an evolving concept True emergencies vs. inconveniences Fully interconnected world
More informationModule 4 STORAGE NETWORK BACKUP & RECOVERY
Module 4 STORAGE NETWORK BACKUP & RECOVERY BC Terminology, BC Planning Lifecycle General Conditions for Backup, Recovery Considerations Network Backup, Services Performance Bottlenecks of Network Backup,
More informationApril Appendix 3. IA System Security. Sida 1 (8)
IA System Security Sida 1 (8) Table of Contents 1 Introduction... 3 2 Regulatory documents... 3 3 Organisation... 3 4 Personnel security... 3 5 Asset management... 4 6 Access control... 4 6.1 Within AFA
More informationDude Solutions Business Continuity Overview
Dude Solutions Business Continuity Overview Table of Contents Overview.... 2 Primary and Disaster Recovery Data Centers.... 2 Network Infrastructure.... 3 Emergency Processes.... 3 Power and Cooling Systems....
More informationDISASTER PREPAREDNESS IN THE COUNTY: IMPROVEMENTS NEEDED
2006-2007 SANTA CLARA COUNTY CIVIL GRAND JURY REPORT Summary DISASTER PREPAREDNESS IN THE COUNTY: IMPROVEMENTS NEEDED Disaster events that have occurred in Santa Clara County (County) have heightened interest
More informationDATA CENTER OPERATIONS CALIFORNIA STATE UNIVERSITY, DOMINGUEZ HILLS. Audit Report June 15, 2012
DATA CENTER OPERATIONS CALIFORNIA STATE UNIVERSITY, DOMINGUEZ HILLS Audit Report 12-31 June 15, 2012 Henry Mendoza, Chair William Hauck Steven M. Glazer Glen O. Toney Members, Committee on Audit University
More informationHOTEL RESILIENT Plan ahead stay ahead. With support from the German Government through
HOTEL RESILIENT Plan ahead stay ahead With support from the German Government through WHAT CAN GO WRONG WILL GO WRONG Murphy s Law More than 40% of hotels do not reopen after large disasters FEMA 2010
More informationemarketeer Information Security Policy
emarketeer Information Security Policy Version Date 1.1 2018-05-03 emarketeer Information Security Policy emarketeer AB hereafter called emarketeer is a leading actor within the development of SaaS-service
More informationHIPAA RISK ADVISOR SAMPLE REPORT
HIPAA RISK ADVISOR SAMPLE REPORT HIPAA Security Analysis Report The most tangible part of any annual security risk assessment is the final report of findings and recommendations. It s important to have
More informationDisaster Recovery and Business Continuity
Disaster Recovery and Business A Rackspace White Paper Spring 2010 Summary The purpose of this guide is to cut through the jargon around Business and Disaster Recovery, explain the differences and help
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationNetwork Performance, Security and Reliability Assessment
Network Performance, Security and Reliability Assessment Presented to: CLIENT NAME OMITTED Drafted by: Verteks Consulting, Inc. 2102 SW 20 th Place, Suite 602 Ocala, Fl 34474 352-401-0909 ASSESSMENT SCORECARD
More informationHow Industrial PoE Switches Facilitate Reliable Outdoor IP Surveillance Networks. Jackey Hsueh Product Manager
How Industrial PoE Switches Facilitate Reliable Outdoor IP Surveillance Networks Jackey Hsueh Product Manager Abstract Outdoor IP surveillance networks can reap substantial benefits from PoE technologies.
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 13 Business Continuity
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 13 Business Continuity Objectives Define business continuity Describe the components of redundancy planning List disaster recovery
More informationKeys To Disaster Preparedness
Keys To Disaster Preparedness Presented By: Rob Robbins 2012 Setting up your Chess Board Identify your Queen Decide who s going to be King How many assets to protect and in what order (moving your pieces)
More informationInfrastructure Security Overview
White Paper Infrastructure Security Overview Cisco IronPort Cloud Email Security combines best-of-breed technologies to provide the most scalable and sophisticated email protection available today. Based
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationAll-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011
All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011 Copyright 2009 American Water Works Association Copyright 2011 American Water Works Association Security
More informationData Centers & Technology:
Data Centers & Technology: Risk in the digital landscape Presented by; Ralph de Mesquita Principal Risk Analyst, Risk Engineering UK Agenda Rise of cloud providers Four scenarios: where are the insurable
More informationIXcellerate Moscow One Datacentre - Phase 1 & 2 Overview
Contents 1. Document Purpose... 2 2. Facility Overview... 2 2.1 Technical Space... 2 2.2 Load Density... 2 2.3 Resilience... 2 2.4 Engineering Plant Maintenance & Service Restoration... 3 3. Engineering
More informationData Center Operations Guide
Data Center Operations Guide SM When you utilize Dude Solutions Software as a Service (SaaS) applications, your data is hosted in an independently audited data center certified to meet the highest standards
More informationCANVAS DISASTER RECOVERY PLAN AND PROCEDURES
CANVAS DISASTER RECOVERY PLAN AND PROCEDURES Instructure Security, Engineering, and Operations INSTRUCTURE, INC. 6330 South 3000 East Salt Lake City, Utah 84121 Table of Contents Disaster Plan and Procedures...
More informationCritical Infrastructure
Critical Infrastructure 1 Critical Infrastructure Can be defined as any facility, system, or function which provides the foundation for national security, governance, economic vitality, reputation, and
More informationDemand The Best. A guide to help select an Offsite Information Management Company
Demand The Best A guide to help select an Offsite Information Management Company 2 Because information is vital to the livelihood of your business, it is essential that you make the most knowledgeable
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationWhat can the OnBase Cloud do for you? lbmctech.com
What can the OnBase Cloud do for you? lbmctech.com The OnBase Cloud by Hyland When it comes to cloud deployments, experience matters. With experience comes more functionality, long tracks of outstanding
More informationAwareness Technologies Systems Security. PHONE: (888)
Awareness Technologies Systems Security Physical Facility Specifications At Awareness Technologies, the security of our customers data is paramount. The following information from our provider Amazon Web
More informationwww. continuitymauritius.com Continuitymauritius
focuses on Business Management and helps clients prepare for any potential threat to their business as a result of unforeseen or sudden disruptions. DISASTER MANAGEMENT The core of the highly skilled and
More informationCloud-Based Data Security
White Paper Cloud-Based Data Security SaaS-built Galileo collects and analyzes customized performance data efficiently, on-demand, via a secure Internet connection. About Galileo Created by the ATS Group,
More informationTB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored
the onbase cloud ONBASE CLOUD // Experience Matters The OnBase Cloud by Hyland When it comes to cloud deployments, experience matters. With experience comes more functionality, an established history of
More informationCorporate Security & Emergency Management Summary of Submitted 2015 Budget From Rates
Corporate Security & Emergency Management Summary of Submitted 2015 From Rates Service Expense 2014 2015 Revised Non Tax Revenue Net Tax Supported Expense Draft Non Tax Revenue Net Tax Supported Increase
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationWhy the Threat of Downtime Should Be Keeping You Up at Night
Why the Threat of Downtime Should Be Keeping You Up at Night White Paper 2 Your Plan B Just Isn t Good Enough. Learn Why and What to Do About It. Server downtime is an issue that many organizations struggle
More informationIBM Security Intelligence on Cloud
Service Description IBM Security Intelligence on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients
More informationDISASTER RESPONSE & RECOVERY PLANNING. Information Technology Services
DISASTER RESPONSE & RECOVERY PLANNING Information Technology Services Review Frequency: Annual Review Schedule: March 2016 ADDITIONAL DETAILS Vendor list details redacted from this version. Effective:
More informationPower Audit & Thermography Test
CHOICE SOLUTIONS LIMITED REFERENCE BOOKLET Power Audit & Thermography Test Inside This Reference Booklet Power Quality 1 Power Audit Objectives 1 Power Audit Process 1 The Process 2 Equipment 3 Standards
More informationAirport Security & Safety Thales, Your Trusted Hub Partner
Airport Security & Safety Thales, Your Trusted Hub Partner www.thalesgroup.com/shield Securing People Ensuring Business Continuity Protecting Assets Thales Credentials Thales is a leading international
More informationCLOUD COMPUTING READINESS CHECKLIST
CLOUD COMPUTING READINESS DAVE WILLIS STEPHEN GOLDSMITH SUBJECT MATTER EXPERTS, CLOUD COMPUTING DENOVO DAVE WILLIS STEPHEN GOLDSMITH SUBJECT MATTER EXPERTS, CLOUD COMPUTING DENOVO 1 CONTENTS INTRODUCTION
More informationInfocomm Professional Development Forum 2011
Infocomm Professional Development Forum 2011 1 Agenda Brief Introduction to CITBCM Certification Business & Technology Impact Analysis (BTIA) Workshop 2 Integrated end-to-end approach in increasing resilience
More informationBUSINESS CONTINUITY. Topics covered in this checklist include: General Planning
BUSINESS CONTINUITY Natural and manmade disasters are happening with alarming regularity. If your organization doesn t have a great business continuity plan the repercussions will range from guaranteed
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationBusiness Continuity Planning. PDI January 14 th, 2018
Business Continuity Planning PDI January 14 th, 2018 Presenters Sally Alexander, Director & CRO Office of Risk Management & Insurance Tel: 970 491 7726 Email sally.alexander@colostate.edu Angela Gray,
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Advisors and Special Event Domestic Incident Tracker Overview Federal
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationChapter X Security Performance Metrics
DRAFT February 19, 15 BES Security s Working Group Page 1 of 7 Chapter X Security Performance s 1 3 3 3 3 0 Background The State of Reliability 1 report noted that the NERC PAS was collaborating with the
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationPower Outages and the Hosted VOIP Option
Power Outages and the Hosted VOIP Option What happens to your business when the POWER is OUT? Office 1: On-Premise VOIP Voice applications are lost when grid and UPS backup fail. Without power to your
More informationDisaster Recovery Plan. Serving Community Care College Clary Sage College Oklahoma Technical College
2018 Disaster Recovery Plan Serving Community Care College Clary Sage College Oklahoma Technical College 1 Introduction Information Technology Statement of Intent Policy Statement Objectives Key Personnel
More informationWHITE PAPER BCDR: 4 CRITICAL QUESTIONS FOR YOUR COMMUNICATIONS PROVIDER
WHITE PAPER BCDR: 4 CRITICAL QUESTIONS FOR YOUR COMMUNICATIONS PROVIDER Insurance for IT Infrastructure? We can buy insurance for contract performance, pitching arms and even vacations. But when it comes
More information