available in India to be conducted for the following application vs
|
|
- Blake Taylor
- 5 years ago
- Views:
Transcription
1 Review/ Audit of Please mention which of the in-scope applications are deployed in India visà-vis, Test system will be the international locations and whether the test systems for all the in- Business Software available in India to be conducted for the following application vs scope applications will be available to the auditor in India for performing the test work Territory : 2 Section 11 (Pt no. 11a) Please let us know if we can provide a bank guarantee of INR 50,000 as the NO Earnest Money Deposit in lieu of the Demand Draft 3 Section A. Threat & Vulnerability Analysis audit of customer facing Web based Please provide us the following details related to the scope of the vulnerability assessment / penetration testing to be performed: 1. Number of external facing IP addresses / URLs for which the ethical hacking / penetration testing is to be performed 2. With respect to the ethical hacking, please clarify if the testing needs to be done as black box (without any credentials) or as a limited knowledge test (username/password to be provided by the bank for the respective applications) 3. Number and model of the routers, switches and perimeter security devices for which the vulnerability assessment is to be performed 4. Details on the IT infrastructure for which the security parameter review / vulnerability assessment is to be performed as provided below: 1 Name Location(s) where application is hosted Information on servers in-scope for VA (including primary, standby, DR etc) Number and operating system version of application servers Number and operating system version of database servers Informat in-sc prim Number of the da 1. Will be available during review. 2. SP has to conduct Black box and grey box testing 3. Will be available during review. However assumption can be made by load of 3000 Plus branches and 21 foreign territory. 4. Refer point no Actual Details of IT infrastructure will be available during actual review.
2 B) Security and controls review of the ATM, Internet Banking, On-line Please provide us details on the number and type of interfaces in the IT environment of the Bank: Details will be available during review. Trading, Cash Management, Depository services and Name of interface Purpose (Nature of information passing Source Destination Ty Channel banking through the (M Encompassing interface etc) A Review/ Audit of Business Software to be conducted for the following application vs Territory For the banking A. Threat & Vulnerability Analysis audit of customer facing Web based 1 The following items in the RFP for Selection of service provider for conducting comprehensive audit of banking application systems (India and foreign territories) under Section A are similar to the items in the RFP for Selection of service provider for conducting comprehensive audit of IT infrastructure (DC / DRC) under section 2.2.2(b) and 2.2.2(c). Similar items in scope of work of the 2 RFPs Selection of service provider for conducting comprehensive audit of banking application systems (India and foreign territories) Selection of service provider fo comprehensive audit of IT infr DRC) The Points covered in A are for Conducting Vulnerability Assessment for all Web Facing applications which is required to be carried out in addition to the scope referred in the RFP of Infrastructure review (2.2.2 (a,b,c,i). Please Note that Both are mutually exclusively.
3 Section Items in the scope of work Section Items in the scope of work A Review of security assessment of the technology platforms at the Data Center Review of security and parameter setting for all IT Infrastructure within the Data Centre including review of Placement of security equipments, network equipments for securing database, application, web servers of various applications housed at Data Centre Switch Diagnostic review Router Diagnostic review Switch Diagnostic review 2.2.2(b) 2.2.2(c) Vulnerabilities in OS are being taken care off. Compensatory controls for known vulnerabilities are in place Review of Operating system and Database Hardening and document verification of OS/DB Hardening Conduct an internal vulnerability assessment for reviewing the database security setting Review of switches, routers configuration, scalability and port management A Review of Configuration and Monitoring of logs of Intrusion Prevention System, firewalls and response capabilities Review of periodic analysis of logs to bring in changes to the security posture to mitigate risks from newly identified threats Check for existence of proper guidelines to retire any infrastructure. It is to be ensured that the data on such asset is backed up and is removed from the asset before it is retired. Data that becomes inconsequential or irrelevant due to various factors must be archived using a proper archival mechanism. Data, which needs to be destroyed, 2.2.2(c) 2.2.2(a) Monitoring of logs (i.e trace log, CDCI Logs, fatal logs, archive logs, SU logs, Syslog, alert log, last log, application log, Security log, System log, File retention logs, file replication service log, DNS Logs, IDS log, AIPS Logs, event Log, access log, ISS log, AV Log etc) Acquisition in DC/DR, installation, Up gradation, Movement, usage and disposal procedures
4 must be destroyed immediately and proper guidelines need to be defined as a process for the same A Pro-active virus prevention and detection procedures are in place and implemented. Virus definitions are updated regularly Procedures for monitoring of Updation of virus definitions 2.2.2(i) (i) Others - Review of anti virus Core Banking Solution- Finacle : Domestic & International Core Banking Solution- Finacle : Domestic & International For the banking Please clarify under which RFP the Bank expects the service provider to perform vulnerability assessment / security review of the IT infrastructure including operating systems, database, networking devices (Routers / switches). As we are responding to both the RFPs, this clarification will help us include the effort estimates for the above activities in the relevant proposal. Please clarify if the service provider is expected to audit manual compensating controls for areas where systemic controls are determined to be inadequate Please clarify the name of all the modules of Finacle Core Banking solution that the Bank wishes to cover as part of the application controls review The scope of work includes the following items: 1. To review effectiveness and efficiency of the Software 2. To understand and appreciate the Strengths, Flexibility and Weakness of the all System as implemented and constraints imposed by system on user. 3. To review the Proper MIS reporting in case where manual control during life cycle of product. Please elaborate the expectations of the Bank with respect to these line All the Module as implemented in Bank of Baroda. As per standard audit & Review Process.
5 items For the banking The scope of work includes Review of application response time from end user perspective in comparison with peer bank/ industry best practice. Please clarify the following points: 1. Which are the applications for which the application response time is to be tested by the service provider 2. Please list the peer banks that need to be considered for this particular point 3. Will the Bank provide the information on the peer bank / industry best practice as this information is not readily available in the public domain 1. Applicable to all application. 2. You may consider top 5 peer bank in India. 3. No, Bank will not provide the information For the banking The scope of work includes To Review application control of all data upload/download. Please mention the number of instances of data upload/download which need to be reviewed 11 Clause 4 point no. 3 on page 4 : vendor has asked his Balance sheet and Profit & Loss Account Statement do not carry a head that identifies the income earned from consulting and testing services. However, Vendor is in the business of consulting and testing and therefore, the revenue of the vendor can be attributed to consulting and testing. Please confirm if a self declaration along with the P&L account statements would suffice Will be provided during review. Vendor to Submit Certificate from his auditor that his income from Consulting and testing services is more than 25% of his gross Revenue 12 Clause 1.1 paragraph 3 on page 18: The paragraph reads The selected service provider is required to provide service of comprehensive audit including the following services: performance testing (PT), optimization testing, high availability testing, scalability testing with reference to the four core architectural principles performance, scalability, high availability, investment protection. Please confirm that BoB wants the SP to review the methodology, planning The Service Provider has to conduct all test Independently irrespective of those done by System Integrator.
6 13 Clause on page 19: 14 The second line on page 20 process and outcome of the above tests which the system integrator would have already performed while installing the banking application system, ie does not expect the SP to perform the tests as part of the proposed audit. Please confirm if BoB expects the SP to perform three VA/ PT tests at an interval of six months. - Review of periodic analysis of logs to bring in changes to the security posture to mitigate risks from newly identified threats. Does BoB have a defined framework to identify new threats and therefore identify resolution measures for the same? Please elaborate this point and clarify expectation from SP as part of the proposed audit., Bank has a defined framework and expects the recommendation for improvement in existing methodology. 15 Clause B last line on page 20: a. This line leads the bidder to assume that BoB have a defined IT Risk Management Framework. Please confirm. b. If yes, will BoB share the complete IT Risk Management framework with the bidder? with the successful bidder. 16 Clause B first line on page 21: c. Does BoB have defined security and control objectives? d. If yes, will BoB share these objectives with the selected SP? 17 Clause on page First line on page 22: 19 Point 6 on page 23: : Does BoB envisage any trips overseas? The line reads Review / audit of application which will be implemented in next 24 months. This is an open statement which makes effort estimate difficult. Please provide more specific information of which applications are going live in the next 24 months with a timeline for each respective application. The line reads Adherence to legal and statutory requirements. Please confirm if BoB shall provide a comprehensive list of legal and statutory requirements that the banking application system needs to adhere to, to the Please refer Bank will provide the web site address details of the Banking Regulators of respective
7 selected SP for each of the international geographies. territory only. 20 Clause 11 on page 29: e. Please confirm that expenses accrued by the selected SP on travel outside of Mumbai, wherever necessary, shall be reimbursed by BoB and shall therefore, not be included by the SP in their commercial quotes. f. The clause mentions that the settlement of bills shall be done at mutually agreed rates. Please quantify the rates to avoid any miscalculation. yes Will be finalized with the successful bidder on case to case basis. 21 Is there any change in eligibility Criteria? No
DENA BANK INFORMATION TECHNOLOGY DEPARTMENT, HO, MUMBAI.
Replies to Queries during the Pre-bid meeting held on 12 th May, 2015 for Tender Managed Security Services [Tender Ref: HO/ITD/206/2015 Dated 06/05/2015]. Sr. No. RFP Reference No. Query Clarification/
More informationRESERVE BANK OF INDIA
भ रत य रज़वर ब क स चन गक वभ ग Corporate Communications Division RESERVE BANK OF INDIA Department of Information Technology Annexure-A RFP for RFP for providing certification services under ISO 27001:2013
More informationRFP FOR INFORMATION SYSTEM AUDIT
RFP FOR INFORMATION SYSTEM AUDIT 2018-19 I. Introduction II. The Kerala State Cooperative Bank Ltd. is the apex bank of the Cooperative Banking structure in Kerala that is approved by the Registrar of
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationRequest for Proposal (RFP)
Request for Proposal (RFP) BOK PENETRATION TESTING Date of Issue Closing Date Place Enquiries Table of Contents 1. Project Introduction... 3 1.1 About The Bank of Khyber... 3 1.2 Critical Success Factors...
More informationIDBI BANK LIMITED IDBI TOWER, WTC COMPLEX, CUFFE PARADE MUMBAI
IDBI BANK LIMITED IDBI TOWER, WTC COMPLEX, CUFFE PARADE MUMBAI 400 005 Invitation for EXPRESSION OF INTEREST (EOI) From Telecom Service Providers For MPLS Network Connectivity in India Address communication
More informationStandard CIP 007 4a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationREQUEST FOR EXPRESSIONS OF INTEREST
REQUEST FOR EXPRESSIONS OF INTEREST (CONSULTING SERVICES FIRMS SELECTION) Country : INDIA Project : FINANCING PUBLIC PRIVATE PARTNERSHIP THROUGH SUPPORT TO THE INDIA INFRASTRUCTURE FINANCE COMPANY LIMITED
More informationTiger Scheme QST/CTM Standard
Tiger Scheme QST/CTM Standard Title Tiger Scheme Qualified Security Tester Team Member Standard Version 1.2 Status Public Release Date 21 st June 2011 Author Professor Andrew Blyth (Tiger Technical Panel)
More informationPRE BID REPLIES FOR NPCI:RFP: /0020 DATED RFQ FOR SMS GATEWAY SERVICES FOR INTEGRATION WITH FRM SOLUTIONS
PRE BID REPLIES FOR NPCI:RFP:2012-13/0020 DATED 27.11.2012 RFQ FOR SMS GATEWAY SERVICES FOR INTEGRATION WITH FRM SOLUTIONS SR.No Document Ref Page No Clause No Description in RFQ Clarification Sought Addittional
More informationManchester Metropolitan University Information Security Strategy
Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationInformation Security Continuous Monitoring (ISCM) Program Evaluation
Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationFundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
More informationNetwork Security Review Approach. Network Security Approach Page 1
Network Security Review Approach Page 1 CONTENTS Section Page No. 1. Introduction 3 2. The need to Network Security 7 3. What is Network Security 9 4. Methodology 11 Page 2 1. INTRODUCTION Web Application
More informationRFQ OIT-1 Q&A. Questions and Answers, in the order received.
Question Does the system have an existing SSP? Do they use a system like Xacta or CSAM to generate the SSP. Will they provide us the current POAM list? Will they provide scanning tools or we have to bring
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationPre Bid Query Response. Request for Proposal for Procurement of Cloud Services
S No Section Existing Clause Revised Clause 1 Section 4 Calendar of Last Date & Time for Bid Submission : 5 th May Last Date & Time for Bid Submission : events 2018 : 3:30 pm or before 30 th April : 4:00
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationPayment Card Industry Internal Security Assessor: Quick Reference V1.0
PCI SSC by formed by: 1. AMEX 2. Discover 3. JCB 4. MasterCard 5. Visa Inc. PCI SSC consists of: 1. PCI DSS Standards 2. PA DSS Standards 3. P2PE - Standards 4. PTS (P01,HSM and PIN) Standards 5. PCI Card
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationREPCO HOME FINANCE LIMITED
REPCO HOME FINANCE LIMITED REQUEST FOR PROPOSAL FOR CONDUCTING VULNERABILITY ASSESSMENT AND PENETRATION TESTING EDP Department Corporate Office Repco Home Finance Ltd., Alexander Square Third Floor, New
More informationDIPLOMA COURSE IN INTERNAL AUDIT
DIPLOMA COURSE IN INTERNAL AUDIT Course Objective: Internal Audit is an assurance and consulting service that reviews the efficiency and effectiveness of the internal control.. It assists management at
More informationPOLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents
POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND October 2005 Table of Contents Introduction... 1 Purpose Of This Policy... 1 Responsibility... 1 General Policy... 2 Data Classification Policy...
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationRequest for Proposal (RFP) for setting up a Security Operations Centre (SOC), SIEM and Security Tools Implementation
BANK OF INDIA HEAD OFFICE INFOSEC CELL RFP for setting up a SOC, SIEM and Security Tools Implementation 16.12.2015 CORRIGENDUM 8 Request for Proposal (RFP) for setting up a Security Operations Centre (SOC),
More informationObjectives of the Security Policy Project for the University of Cyprus
Objectives of the Security Policy Project for the University of Cyprus 1. Introduction 1.1. Objective The University of Cyprus intends to upgrade its Internet/Intranet security architecture. The University
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationRFQ OIT-1 Q&A. Questions and Answers, in the order received.
Question Does the system have an existing SSP? Do they use a system like Xacta or CSAM to generate the SSP. Will they provide us the current POAM list? Will they provide scanning tools or we have to bring
More informationPCI Time-Based Requirements as a Starting Point for Business-As-Usual Process Monitoring
PCI Time-Based Requirements as a Starting Point for Business-As-Usual Process Monitoring By Chip Ross February 1, 2018 In the Verizon Payment Security Report published August 31, 2017, there was an alarming
More informationAppendix 12 Risk Assessment Plan
Appendix 12 Risk Assessment Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A12-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationIndustry Classification Methodology Guide. ISE Cyber Security Industry Classification
Industry Classification Methodology Guide ISE Cyber Security Industry Classification 1 Table of Contents Chapter 1. Introduction... 3 Chapter 2. Industry Classification... 4 2.1. Structure and Changes...
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-1 3. Purpose: Standard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationTechnical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016
For Discussion Purposes Only Technical Reference [Draft] DRAFT CIP-013-1 Cyber Security - Supply Chain Management November 2, 2016 Background On July 21, 2016, the Federal Energy Regulatory Commission
More informationRequest for Proposal HIPAA Security Risk and Vulnerability Assessment. May 1, First Choice Community Healthcare
Request for Proposal HIPAA Security Risk and Vulnerability Assessment May 1, 2016 First Choice Community Healthcare Timeline The following Timeline has been defined to efficiently solicit multiple competitive
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationTraining of Trainers (TOT) Process Note SCOPE: Training of Trainers - RASCI Certified Trainers/ Experienced Trainers/ Fresh Trainers
Training of Trainers (TOT) Process Note SCOPE: Training of Trainers - RASCI Certified Trainers/ Experienced Trainers/ Fresh Trainers Objectives: To ensure that each trainer is certified on National Skill
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationAppendix 12 Risk Assessment Plan
Appendix 12 Risk Assessment Plan DRAFT December 13, 2006 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A12-1 RFP: TQC-JTB-05-0001 December 13, 2006 REVISION HISTORY
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationVol. 1 Technical RFP No. QTA0015THA
General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) Core Infrastructure IPSS Concept of Operations Per the IPSS requirements, we provide the ability to capture and store packet
More informationPCI Compliance Assessment Module with Inspector
Quick Start Guide PCI Compliance Assessment Module with Inspector Instructions to Perform a PCI Compliance Assessment Performing a PCI Compliance Assessment (with Inspector) 2 PCI Compliance Assessment
More informationCIP Cyber Security Configuration Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationSub : ADDENDUM/CORRIGENDUM for Request for Proposal for Providing Managed Networking Solutions using SDWAN Technology for ESIC Offices across India
EMPLOYEES STATE INSURANCE CORPORATION ESIC Hqrs. Extension office, Express Building, BSZ Marg, Ground Floor, New Delhi-02 VOIP No. 10011008/10011048 PH: 011-23701356, email: ac_icthq@esic.nic.in F. No.
More informationTraining of Trainers (TOT) Process Note SCOPE: Training of Trainers - RASCI Certified Trainers/ Experienced Trainers/ Fresh Trainers
Training of Trainers (TOT) Process Note SCOPE: Training of Trainers - RASCI Certified Trainers/ Experienced Trainers/ Fresh Trainers Objectives: To ensure that each trainer is certified on National Skill
More informationCanadian Technology Accreditation Criteria (CTAC) COMPUTER SYSTEMS TECHNOLOGY - TECHNICIAN Technology Accreditation Canada (TAC)
Canadian Technology Accreditation Criteria (CTAC) COMPUTER SYSTEMS TECHNOLOGY - TECHNICIAN Technology Accreditation Canada (TAC) Preamble These CTAC are applicable to programs having titles involving Computer
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27039 First edition 2015-02-15 Corrected version 2016-05-01 Information technology Security techniques Selection, deployment and operations of intrusion detection and prevention
More informationBOT Notification No (1 September 2017)-check
Unofficial Translation This translation is for the convenience of those unfamiliar with the Thai language Please refer to Thai text for the official version -------------------------------------- Notification
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationexisting customer base (commercial and guidance and directives and all Federal regulations as federal)
ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More informationInformation technology Security techniques Requirements for bodies providing audit and certification of information security management systems
Provläsningsexemplar / Preview INTERNATIONAL STANDARD ISO/IEC 27006 Third edition 2015-10-01 Information technology Security techniques Requirements for bodies providing audit and certification of information
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate
More informationAutobot - IoT enabled security. For Private circulation only October Risk Advisory
For Private circulation only October 2018 Risk Advisory Table of contents Background 02 Common Challenges 03 About the AutoBot 04 Capabilities of the AutoBot 05 Future of Autobot 06 The success story
More informationChapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC
Chapter 8: SDLC Reviews and Audit... 2 8.1 Learning objectives... 2 8.1 Introduction... 2 8.2 Role of IS Auditor in SDLC... 2 8.2.1 IS Auditor as Team member... 2 8.2.2 Mid-project reviews... 3 8.2.3 Post
More informationCritical Infrastructure Protection for the Energy Industries. Building Identity Into the Network
Critical Infrastructure Protection for the Energy Industries Building Identity Into the Network Executive Summary Organizations in the oil, gas, and power industries are under increasing pressure to implement
More informationReference Bidders Query RECTPCL response. 1. Kindly confirm the total No of Instances required?
Clarification to the Bidders Queries w.r.t the Bid Documents for Engagement of Agency for providing Cloud Hosting Space with Managed services, Operations & Maintenance support for hosting Application of
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationThe CEH exam (312-50) is available at the ECC Exam Centre and Pearson Vue testing centers.
What is an Ethical Hacker? To beat a hacker, you need to think like one! Ethical Hacking is often referred to as the process of penetrating one s own computer/s or computers to which one has official permission
More informationCLARIFICATION/AMENDMENTS REQUEST FOR PROPOSAL (RFP) FOR SUPPLY, IMPLEMENTATION AND MAINTENANCE OF SOLUTION
RFP Number: InfoTech Project SEWA 2015/Email/29.10.2015 Date: 19.11.2015 CLARIFICATION/AMENDMENTS REQUEST FOR PROPOSAL (RFP) FOR SUPPLY, IMPLEMENTATION AND MAINTENANCE OF EMAIL SOLUTION Agriculture Insurance
More informationVendor Security Questionnaire
Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information
More informationCorrigendum regarding Tender Document for providing three year licenses, installation, configuration, deployment,
National Bank for Agriculture and Rural Development, Department of Information Technology, 5th Floor, C Wing, Plot No C-24, G Block, Bandra-Kurla Complex, Bandra (East), Mumbai-400051 Corrigendum to Tender
More informationSCO Audit Tales. Chapter II Sonoma State University
SCO Audit Tales Chapter II Sonoma State University Agenda Why?? Timeline Scope Preparation Defining Parameters Audit Team Areas of SCO Interest Areas of Campus Concern Current Status Lessons Learned Why??
More informationInformation Technology Procedure IT 3.4 IT Configuration Management
Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationBusiness Accounts and Cash Management Solutions. Digital Deposit. Product Guide
Business Accounts and Cash Management Solutions Digital Deposit Product Guide Table of Contents General information... 1 Digital Deposit... 3 General information... 3 Subscribe to Internet Banking Solutions
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationCORRIGENDUM. Corrigendum to RFP No. SBI/GITC/PMD/ /402 dated
CORRIGENDUM Corrigendum to RFP No. SBI/GITC/PMD/2017-18/402 dated 30.06.2017 For procurement of services for setting up Transformation Management Office (TMO) and for providing services to the Enterprise
More informationTENDER FOR RENEWAL OF EXISTING KASPERSKY ANTIVIRUS LICENSES FOR USE AT NIT, KARACHI
1 TENDER FOR RENEWAL OF EXISTING KASPERSKY ANTIVIRUS LICENSES FOR USE AT NIT, KARACHI 2 NATIONAL INVESTMENT TRUST LIMITED TABLE OF CONTENTS PAGE No 1. INTRODUCTION 3 2 SCOPE OF WORK 3 3 INFORMATION FOR
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationTELECOMMUNICATIONS AND DATA CABLING BUSINESSES
DRAFT for RCWS, ADTIA & ICAA INDUSTRY CODE for TELECOMMUNICATIONS AND DATA CABLING BUSINESSES Registered by the ACMA on XX XXXXX 2016 TABLE OF CONTENTS TABLE OF CONTENTS 2 1. SCOPE AND OBJECTIVES 3 1.1
More information