InterCall Virtual Environments and Webcasting
|
|
- Homer Stafford
- 5 years ago
- Views:
Transcription
1 InterCall Virtual Environments and Webcasting Security, High Availability and Scalability Overview 1. Security 1.1. Policy and Procedures The InterCall VE ( Virtual Environments ) and Webcast Event IT team established its security policy in The policy was defined and approved by the management team of the company. The policy guides the different departments in the company methods relating to security and is used as a guide for the creation of the Information Security procedures Information Security Operational Committee The InterCall VE and Webcast Event Information Security Operational Committee which includes the director of engineering, IT manager and the information security officer is responsible for the technical aspects of securing the data and the services that the InterCall VE and Webcast Event teams maintain and provide for its customers. The committee meets every two months; it reviews new threats and vulnerabilities and plans the security controls and countermeasure that need to be placed to protect InterCall VE and Webcast Event assets. The committee monitors the implementation of the security controls and makes sure they mitigate the threats System Security Physical Security The InterCall VE and Webcast Event platform is hosted in the USA in a SAS70 certified data center that provides high physical and logical security controls. Strict policies and procedures ensure the utmost security which includes biometrics finger printing scan, card key access and video surveillance camera technology. Anyone visiting the datacenter facility must be escorted by the datacenter employee to a designated location. Visitors are required to sign the visitors log and obtain a visitor badge. Every visitor is matched against the pre-approved authorized listing. The datacenter is divided into several security zones, clients are permitted to access only the zone where their equipment is located. All cabinets are locked with individualized keys. Video cameras are strategically placed throughout the facility and are monitored 24x7. Historical video data is viewable at a minimum of fifteen days Network Security The InterCall VE and Webcast Event architecture incorporates Check Point Firewalls to protect the platform. Network traffic from the internet into the datacenter routes through firewalls which allow access only to a specific set of machines and services. The InterCall VE and Webcast Event architecture divides the datacenter into multiple network zones each containing a set of information services and information systems. Check Point firewalls control the network between the zones and allow access only to the relevant and desired services at each zone. In addition to the access control the firewalls isolate the internal network from the outside world using Network Address Translation. NAT ensures that the internal network addresses are not exposed to the external peer and can t be used to hack into the system. The firewalls are kept up to date with the latest security patches Antivirus INFO@INTERCALL.COM INTERCALL.COM
2 Antivirus systems operate on all the servers in the data center to prevent malicious code. The AV systems are being updated continuously Access Control Only the InterCall VE and Webcast Event IT team has administrative access to the servers and workstations in the datacenter. When an IT member leaves the company accounts are deactivated promptly. The administration access to the servers and systems in the datacenter is via Check Point VPN. The VPN authenticates the client by a client side certificate and encrypts all the network traffic between the client computer and the datacenter Change Management All the changes in the datacenter to hardware, software or a platform configuration change follow a Change Management procedure. The change must be planned in advanced checked in the QA environment and approved by the IT manager. Once the change is implemented in the datacenter it is verified by the QA team. The procedure assures that all changes to the production environments are controlled and documented Maintenance Maintenance of the InterCall VE and Webcast Event platform is done by the internal IT department or under its direct supervision. Most of the maintenance is done from the InterCall VE and Webcast Event offices using VPN. The redundancy at each layer enables hot deployment and configuration without a downtime Personnel Recruitment InterCall VE and Webcast Event perform reference checks for new employees. All new employees are required to sign a non-disclosure agreement during the hiring process Information Security awareness and training The InterCall VE and Webcast Event security team educates its employees about the importance of securing the data and the services it provides. All employees have an annual information security awareness session that reviews security threats and vulnerabilities that are relevant to every employee. The session gives the best practices for avoiding security pitfalls. There is a special training for developers. In their training the learn how to develop a secured application that will resist hacking attempts Leaving the company. When an employee leaves the company for any reason, his user account as well as his application account are disabled. He required returning his employee badge immediately. Any access s/he has to the company network is blocked Third Party. Contractors and third-parties are required to sign a non-disclosure agreement before they are granted any access to the data or services at InterCall VE and Webcast Event. They are granted access only to the required services and have the minimum privileges required for fulfilling their job duties. When the contract ends, their accounts are disabled and their access to the information and services is blocked Audit and Accountability Every user in the VE application has a unique user name and a password. Thus users are accountable for any activity that is done under their accounts. Administration actions are logged INFO@INTERCALL.COM INTERCALL.COM
3 in a separate log file and there is a separate log file for security related actions. The InterCall VE and Webcast Event security team retains the log files and can audit them if there is any suspicious for an unauthorized or a malicious activity Security Assessment The InterCall VE and Webcast Event security team uses an outside firm specializing in information security to assess its security. A thorough penetration test is executed annually at a minimum. The tests examine the platform infrastructure as well as the application and services and look for vulnerabilities. The results of the penetration tests are reviewed by the Information Security Council and by the IT and R&D departments. Based on the findings and their severity, InterCall VE and Webcast Event plans the fixes project. High severity issues are fixed and deployed as soon as possible Application Security The InterCall VE and Webcast Event platform was designed and developed with security concerns in mind. Authentication, Authorization, User Roles and Permissions have been part of the platform from the first day. Every new feature is checked at requirement and design phases to make sure it doesn t expose new vulnerability or break the defined policy OWASP InterCall VE and Webcast Event developers follow Open Web Application Secure Project recommendations for developing a secured application and avoiding the common security risks as SQL injection, Cross Site Scripting, Cross Site Request Forgery, Insecure direct object reference, URL access etc Development Life Cycle The development of the VE platform follows strict procedures and best practices that assure the product is at the highest level of quality and security Design Every new system, service, or feature is evaluated in the requirements and design phases in terms of information security and privacy. The Chief Information Security Officer reviews every major change in the system Development InterCall VE and Webcast Event developers are trained to develop a secured application using OWASP best practices and using industry tools and standards. In addition to the regular reviews during development, security related feature development is guided and mentored by the CISO Configuration Control The InterCall VE and Webcast Event Development team maintains the source code and the libraries used in development in a source control repository. The access to the repository is granted to developers only. Documentation of the requirements and the technical design are kept in a documentation repository QA Platform updates as well as patches and hot fixes are all deployed and tested thoroughly in a dedicated QA environment. The QA environment simulates the production environment in terms of tiers separations and high availability clusters. The QA environment is located at the development site and doesn t contain customer data Staging INFO@INTERCALL.COM INTERCALL.COM
4 When a new software version passes the testing in the QA environment and just before it deployed into the production environment, the software is deployed into a staging environment located at the datacenter. The staging environment has the same security controls and configuration as the production environment and is used to check the software on real data Authentication All the users of the InterCall VE and Webcast Event stakeholders as well as visitors must register and log in before they can access any resource or visit any event in the application. The regular authentication process is based on user name and a password. The default password policy is 8 characters in length, contains upper case and lower case characters and digits. After 5 failed login attempts, the account is locked for two minutes to prevent brute forcing and denial of service. In addition to the user/password authentication, InterCall VE and Webcast Event supports proprietary authentication methods as well as standards based authentication methods such as Facebook Connect and SAML (coming soon) Session Management Every time a user is logged in s/he is assigned a dedicated session. The platform keeps track of the active users and the users always have the option to explicitly logoff the application and end their sessions. The system automatically ends the session and logs off a user that is not active for a configurable time period Authorization The InterCall VE and Webcast Event platform checks and authorizes every incoming request based on the user role and scope, the type of the action and the targeted object. The VE platform has predefine roles and object ownership and the relevant interfaces and services are accessible only to the authorized users. In addition there are different permission per object thus some user may view a specific object while the owner of the object may update or even delete it Edge Authorization The InterCall VE and Webcast Event delivery strategy uses CDN facilities to serve static and dynamic / live streamed content with the smallest latency and unlimited capacity for end users all over the world. The InterCall VE and Webcast Event authentication functions make sure that the CDN servers are authorized for every access to restricted content Access Control The InterCall VE and Webcast Event platform has a built in access control mechanism and customers may define their own fine grain restrictions on top of it Application Access Control Most of the content that is published in a VE can be viewed by every registered user unless configurable access controls are used Only the owner of the content can update the content, publish, hide or delete it Configurable Access Control In addition to the predefined access controls, customers can create their own Access Control Lists by creating groups of objects that can only be accessed by a restricted list of users Registration ACL Customer can allow or prevent the registration of users with specific addresses or domains. Customers can create a list of specific users who can enter an event or restrict the event to users from a specific company. INFO@INTERCALL.COM INTERCALL.COM
5 Location ACL In addition to the control at the entrance point, customers can restrict the access to any location (e.g. Booth, Webcast, and Resource Center) and create a list of users which can enter the location and access the data it contains. The user list can be created base on any of the following characteristics of a user: Role, Address/Domain, Registration attributes Verification The customer can require verification of the registrant s address during the registration process. Only after the verification is completed successfully, the registrant may then access the event Audit and Accountability Every administration action is logged in a dedicated log which includes the action, user, time and date and the action parameters. There is an additional log that contains security related actions (login/logout, account and privileges management) Security Assessment The InterCall VE and Webcast Event application is tested annually by an external party. The results are reviewed by the management team. Findings are ordered by their severity and a plan is created to fix the vulnerabilities by their severity SSL and Encryption The InterCall VE and Webcast Event support full encryption of the client server channel. The platform also encrypts passwords in the DB Configurable Security The InterCall VE and Webcast Event security team recommends its customers use the highest level of security. Nevertheless, The InterCall VE and Webcast Event team lets the customers adjust the security configuration to meet their specific security requirements. The customer has the control of the password policy parameters, whether to enable guest account (with restricted permissions), encryption channels and more. 2. High Availability As the leading provider of virtual events and conferences InterCall VE and Webcast Event is committed to deliver it services 24 hours 356 days a year. InterCall VE and Webcast Event uses best tools and practices to make sure that the service won t be interrupted for any reason Redundancy All the servers in the InterCall VE and Webcast Event platform run in clusters. Wherever a server fails the traffic is automatically redirected to another server in the cluster Web Tier The web tier runs on a cluster of IIS servers. In case of a failure in one of the web servers the load balancer disables the routing of requests to that server until it is verified as active again Application Tier The InterCall VE and Webcast Event platform uses Oracle Weblogic to run the application. The Weblogic servers run in a cluster and each web server routes requests to any available INFO@INTERCALL.COM INTERCALL.COM
6 application server DB The InterCall VE and Webcast Event platform uses Oracle Enterprise edition in a Real Application Cluster configuration that allows it to run multiple active servers concurrently. In case of a failure in one of the DB servers the application servers are configure to route the queries to the other DB Streaming The InterCall VE and Webcast Event platform operates two separate routes for producing and broadcasting every single webcast. In case of failure with one of the lines the users are automatically redirected to the second line CDN The broadcasting of the live and on demand streaming is via the Akamai CDN. The InterCall VE and Webcast Event platform provides Akamai primary and secondary streams. In case of failure in the primary stream Akamai uses the secondary as the source. Akamai provides the stream to the end users via hundreds of media servers globally which are fully redundant Load Balancers The InterCall VE and Webcast Event platform uses two Radware App Director load balancers to route the traffic to the internal servers. The load balancers are synchronized and run in an active/passive mode where in case of a failure the passive server become active immediately No Single Point of Failure The InterCall VE and Webcast Event platform is fully redundant. Each server is connected to two power adapters and has network connectivity via two network interfaces. Each power adapter is connected to a different power source. Each network interface is connected to a different switch making every server available via two different routes Disaster Recovery The InterCall VE and Webcast Event architectural team will deploy a second datacenter in The second datacenter will extend the current capacity as well as provide failover and backup capabilities. The two datacenters will synchronize their data. Thus, in case of a disaster in one of the datacenters the second datacenter will serve promptly, the users of the datacenter that failed Storage The InterCall VE and Webcast Event platform uses IBM XIV storage. This storage has its own built it redundancy and high availability in terms of disks, controller, network interfaces and power supply Monitoring The InterCall VE and Webcast Event IT team monitors the availability and the performance of the system utilizing various automated tools. The tools monitor and access different components and different layers from the infrastructure level up to the application level. As a global communications technology leader the InterCall VE and Webcast Event architecture incorporates a worldwide monitoring system that measures the application availability from 5 different locations around the world. As part of the online monitoring, when an error occurs or a threshold is being reached an alert is send to the InterCall VE and Webcast Event IT team via and SMS. INFO@INTERCALL.COM INTERCALL.COM
7 3. Scalability The world of online meeting and conferencing grows fast. The amount of events and the number of users that attend each event increase every month. The InterCall VE and Webcast Event development team built the platform to support not only today and tomorrow s demands but to be able to quickly scale out and support huge growth Cluster Every tier in the InterCall VE and Webcast Event platform from the web tier to the persistence tier is built of a cluster of servers. Instead of scaling up by upgrading the server hardware, InterCall VE and Webcast Event extends it capacity easily and more cost effectively by adding additional servers to the relevant tier CDN The InterCall VE and Webcast Event platform uses CDN delivery as much as it can, the CDN infrastructure contains thousands of servers all over the world and allows the VE platform unlimited scale in terms of streaming and web content Load Test The InterCall VE and Webcast Event development team continually checks and enhances its capacity and its performance under heavy load by conducting massive load tests. Using Amazon cloud the InterCall VE and Webcast Event team tests its platform with more than 30,000 concurrent users including a short ramp up. InterCall VE and Webcast Event engineers monitor and review the load results and the matrix and measurements that were collected from the VE platform. The load results are scrutinized to make sure the system performance and behavior meet the requirements under load and identify any bottleneck in the hardware, software or the network that compose the VE platform. INFO@INTERCALL.COM INTERCALL.COM
Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationDocument Sub Title. Yotpo. Technical Overview 07/18/ Yotpo
Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationVMware vcloud Air SOC 1 Control Matrix
VMware vcloud Air SOC 1 Control Objectives/Activities Matrix VMware vcloud Air goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a
More informationSecurity and Compliance at Mavenlink
Security and Compliance at Mavenlink Table of Contents Introduction....3 Application Security....4....4....5 Infrastructure Security....8....8....8....9 Data Security.... 10....10....10 Infrastructure
More informationAWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Security Practices Freshservice Security Practices Freshservice is online IT service desk software that allows IT teams of organizations to support their users through email, phone, website and mobile.
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationRAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures
RAPID7 INFORMATION SECURITY An Overview of Rapid7 s Internal Security Practices and Procedures 060418 TABLE OF CONTENTS Overview...3 Compliance...4 Organizational...6 Infrastructure & Endpoint Security...8
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationIBM SmartCloud Notes Security
IBM Software White Paper September 2014 IBM SmartCloud Notes Security 2 IBM SmartCloud Notes Security Contents 3 Introduction 3 Service Access 4 People, Processes, and Compliance 5 Service Security IBM
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationCloud Security Whitepaper
Cloud Security Whitepaper Sep, 2018 1. Product Overview 3 2. Personally identifiable information (PII) 3 Using Lookback without saving any PII 3 3. Security and privacy policy 4 4. Personnel security 4
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationInfrastructure Security Overview
White Paper Infrastructure Security Overview Cisco IronPort Cloud Email Security combines best-of-breed technologies to provide the most scalable and sophisticated email protection available today. Based
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationFor Australia January 2018
For Australia January 2018 www.sysaid.com SysAid Cloud Architecture Including Security and Disaster Recovery Plan 2 This document covers three aspects of SysAid Cloud: Datacenters Network, Hardware, and
More informationFor USA & Europe January 2018
For USA & Europe January 2018 www.sysaid.com SysAid Cloud Architecture Including Security and Disaster Recovery Plan 2 This document covers three aspects of SysAid Cloud: Datacenters Network, Hardware,
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationAwareness Technologies Systems Security. PHONE: (888)
Awareness Technologies Systems Security Physical Facility Specifications At Awareness Technologies, the security of our customers data is paramount. The following information from our provider Amazon Web
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationWatson Developer Cloud Security Overview
Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationData Center Operations Guide
Data Center Operations Guide SM When you utilize Dude Solutions Software as a Service (SaaS) applications, your data is hosted in an independently audited data center certified to meet the highest standards
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationIBM SmartCloud Engage Security
White Paper March 2012 IBM SmartCloud Engage Security 2 IBM SmartCloud Engage Security Contents 3 Introduction 3 Security-rich Infrastructure 4 Policy Enforcement Points Provide Application Security 7
More informationSECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data
SECURITY STRATEGY & POLICIES Understanding How Swift Digital Protects Your Data Table of Contents Introduction 1 Security Infrastructure 2 Security Strategy and Policies 2 Operational Security 3 Threat
More informationHosted Testing and Grading
Hosted Testing and Grading Technical White Paper July 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationDooblo SurveyToGo: Security Overview
Dooblo SurveyToGo: Security Overview November, 2013 Written by: Dooblo Page 1 of 11 1 Table of Contents 1 INTRODUCTION... 3 1.1 OVERVIEW... 3 1.2 PURPOSE... 3 2 PHYSICAL DATA CENTER SECURITY... 4 2.1 OVERVIEW...
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationemarketeer Information Security Policy
emarketeer Information Security Policy Version Date 1.1 2018-05-03 emarketeer Information Security Policy emarketeer AB hereafter called emarketeer is a leading actor within the development of SaaS-service
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationCisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures
Cisco Meraki Privacy and Security Practices List of Technical and Organizational Measures Introduction Meraki takes a systematic approach to data protection, privacy, and security. We believe a robust
More informationEXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
EXCERPT NIST Special Publication 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations An Excerpt Listing All: Security Requirement Families & Controls Security
More informationComptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam
Comptia.Certkey.SY0-401.v2014-09-23.by.SANFORD.362q Number: SY0-401 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Exam Code: SY0-401 Exam Name: CompTIA Security+ Certification Exam Exam A QUESTION
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More information<Document Title> INFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY 2018 DOCUMENT HISTORY DATE STATUS VERSION REASON NAME 24.03.2014 Draft 0.1 First draft Pedro Evaristo 25.03.2014 Draft 0.2 Refinement Pedro Evaristo 26.03.2014
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationCloud FastPath: Highly Secure Data Transfer
Cloud FastPath: Highly Secure Data Transfer Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. Tervela has been creating high performance
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationIntroduction to SURE
Introduction to SURE Contents 1. Introduction... 3 2. What is SURE?... 4 3. Aim and objectives of SURE... 4 4. Overview of the facility... 4 5. SURE operations and design... 5 5.1 Logging on and authentication...
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationCyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No
PROPOSAL FORM Cyber Insurance Underwritten by The Hollard Insurance Co. Ltd, an authorised Financial Services Provider www.itoo.co.za @itooexpert ITOO is an Authorised Financial Services Provider. FSP.
More informationKantanMT.com. Security & Infra-Structure Overview
KantanMT.com Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions...
More informationA (sample) computerized system for publishing the daily currency exchange rates
A (sample) computerized system for publishing the daily currency exchange rates The Treasury Department has constructed a computerized system that publishes the daily exchange rates of the local currency
More informationSecurity White Paper. Midaxo Platform Krutarth Vasavada
Security White Paper Midaxo Platform 2017-12-20 Krutarth Vasavada +358 40 866 8825 security@midaxo.com www.midaxo.com Kumpulantie 3 Helsinki, 00520, Finland Executive Summary Midaxo is committed to maintaining
More informationAfilias DNSSEC Practice Statement (DPS) Version
Afilias DNSSEC Practice Statement (DPS) Version 1.07 2018-02-26 Page 1 of 8 1. INTRODUCTION 1.1. Overview This document was created using the template provided under the current practicing documentation.
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationAutomate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds
EXECUTIVE BRIEF SHAREBASE BY HYLAND Automate sharing. Empower users. Retain control. With ShareBase by Hyland, empower users with enterprise file sync and share (EFSS) technology and retain control over
More informationSOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE
SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE SECURE AIRBORNE CONNECTIVITY: OVERVIEW Gogo Business Aviation realizes the ever-pressing need to be vigilant in staying ahead of potential
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationCloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017
Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationWHITEPAPER. Security overview. podio.com
WHITEPAPER Security overview Podio security White Paper 2 Podio, a cloud service brought to you by Citrix, provides a secure collaborative work platform for team and project management. Podio features
More informationLakeshore Technical College Official Policy
Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationCTS performs nightly backups of the Church360 production databases and retains these backups for one month.
Church360 is a cloud-based application software suite from Concordia Technology Solutions (CTS) that is used by churches of all sizes to manage their membership data, website, and financial information.
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Version 1.0 Release: December 2004 How to Complete the Questionnaire The questionnaire is divided into six sections. Each
More informationSecurity Principles for Stratos. Part no. 667/UE/31701/004
Mobility and Logistics, Traffic Solutions Security Principles for Stratos Part no. THIS DOCUMENT IS ELECTRONICALLY APPROVED AND HELD IN THE SIEMENS DOCUMENT CONTROL TOOL. All PAPER COPIES ARE DEEMED UNCONTROLLED
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More informationSecurity Note. BlackBerry Corporate Infrastructure
Security Note BlackBerry Corporate Infrastructure Published: 2017-03-02 SWD-20170302091637541 Contents Introduction... 5 History... 6 BlackBerry policies...7 Security organizations... 8 Cyber Security
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationHikCentral V.1.1.x for Windows Hardening Guide
HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote
More informationFormFire Application and IT Security
FormFire Application and IT Security White Paper Last Update: 2015-03- 04 Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 4 Infrastructure and Security Team...
More informationCompTIA CAS-002. CompTIA Advanced Security Practitioner (CASP) Download Full Version :
CompTIA CAS-002 CompTIA Advanced Security Practitioner (CASP) Download Full Version : http://killexams.com/pass4sure/exam-detail/cas-002 QUESTION: 517 A security engineer is a new member to a configuration
More informationDeep Freeze Cloud. Architecture and Security Overview
Deep Freeze Cloud Architecture and Security Overview 2018 Faronics Corporation or its affiliates. All rights reserved. NOTICE: This document is provided for informational purposes only. It represents Faronics
More informationCyber Essentials Questionnaire Guidance
Cyber Essentials Questionnaire Guidance Introduction This document has been produced to help companies write a response to each of the questions and therefore provide a good commentary for the controls
More informationGlobal Platform Hosting Hosting Environment Security White Paper
Global Platform Hosting Hosting Environment Security White Paper Contents January, 2010 2 Introduction 2 Physical Security 3 Environmental Controls 3 Network Security 4 System Security 5 Remote Management
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationAtmosphere Fax Network Architecture Whitepaper
Atmosphere Fax Network Architecture Whitepaper Contents Introduction... 3 The 99.99% Uptime Fax Network... 4 Reliability and High Availability... 5 Security... 7 Delivery... 9 Network Monitoring... 11
More informationOracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017
Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E87635-01 November 2017 Copyright 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation
More informationMigrationWiz Security Overview
MigrationWiz Security Overview Table of Contents Introduction... 2 Overview... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Data Security and Handling... 4 Database
More informationApril Appendix 3. IA System Security. Sida 1 (8)
IA System Security Sida 1 (8) Table of Contents 1 Introduction... 3 2 Regulatory documents... 3 3 Organisation... 3 4 Personnel security... 3 5 Asset management... 4 6 Access control... 4 6.1 Within AFA
More informationHikCentral V1.3 for Windows Hardening Guide
HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationThe following security and privacy-related audits and certifications are applicable to the Lime Services:
LIME SECURITY, PRIVACY, AND ARCHITECTURE Last Updated: September 26, 2016 FinAccel s Corporate Trust Commitment FinAccel (FinAccel Pte Ltd) is committed to achieving and maintaining the trust of our customers.
More informationTestpassport http://www.testpassport.net Exam : SY0-301 Title : Security+ Certification Exam 2011 version Version : Demo 1 / 5 1.Which of the following is the BEST approach to perform risk mitigation of
More informationZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.
Security In today s world, the requirement to focus on building secure solutions and infrastructure has become an important part of the value that businesses deliver to customers and resellers. This document
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More informationIBM Case Manager on Cloud
Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients of the
More information