YOUR QUALITY PARTNER FOR SOFTWARE SOLUTIONS TMA SOLUTIONS

Similar documents
CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ]

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

WHITE PAPER- Managed Services Security Practices

VMware vcloud Air SOC 1 Control Matrix

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Information Technology General Control Review

Certified Information Systems Auditor (CISA)

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

Trust Services Principles and Criteria

Online Services Security v2.1

Security Architecture

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Watson Developer Cloud Security Overview

RFP # QUESTIONS AND ANSWERS Posted: February 5, 2016

Changing face of endpoint security

ISO27001 Preparing your business with Snare

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Juniper Vendor Security Requirements

CyberSecurity: Top 20 Controls

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

CompTIA SY CompTIA Security+

Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

SUMMARY OF SERVICES PROVIDED

1 Data Center Requirements

Payment Card Industry (PCI) Data Security Standard

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Goal 1: Maintain Security of ITS Enterprise Systems

PCI Time-Based Requirements as a Starting Point for Business-As-Usual Process Monitoring

University of Sunderland Business Assurance PCI Security Policy

Defensible Security DefSec 101

The Common Controls Framework BY ADOBE

SoftLayer Security and Compliance:

ConRes IaaS Management Services for Microsoft Azure

IBM SmartCloud Notes Security

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

DATA BACKUP AND RECOVERY POLICY

OUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE

Cyber security tips and self-assessment for business

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Seqrite TERMINATOR (UTM) Unified Threat Management Solution.

Massimo Nardone, TKK, S Security of Communication Protocols

IBM Case Manager on Cloud

Daxko s PCI DSS Responsibilities

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

QuickBooks Online Security White Paper July 2017

IBM Security Intelligence on Cloud

Job Specification & Recruiting Profile of Vacancy

Cloud Security Whitepaper

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

IC32E - Pre-Instructional Survey

SONICWALL SECURITY HEALTH CHECK SERVICE

SONICWALL SECURITY HEALTH CHECK SERVICE

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Protecting Your Cloud

Information Security at the IEA DPC. IEA General Assembly October 10 12, 2011 Malahide, Ireland

Projectplace: A Secure Project Collaboration Solution

Checklist: Credit Union Information Security and Privacy Policies

Education Network Security

Cyber Criminal Methods & Prevention Techniques. By

Vendor Security Questionnaire

An Introduction to the ISO Security Standards

WELCOME ISO/IEC 27001:2017 Information Briefing

Cybersecurity Overview

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

INFORMATION ASSET MANAGEMENT POLICY

InterCall Virtual Environments and Webcasting

Canada Life Cyber Security Statement 2018

Certified SonicWALL Security Administrator (CSSA) Instructor-led Training

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

The IS Audit Process Part-1 Four key objectives

ISO & ISO & ISO Cloud Documentation Toolkit

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

WORKSHARE SECURITY OVERVIEW

Apex Information Security Policy

INTERNATIONAL SOS. Information Security Policy. Version 2.00

SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2

AUTHORITY FOR ELECTRICITY REGULATION

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Infrastructure Security Overview

Security Principles for Stratos. Part no. 667/UE/31701/004

Training for the cyber professionals of tomorrow

Tips for Passing an Audit or Assessment

ISE North America Leadership Summit and Awards

SAS SOLUTIONS ONDEMAND

RADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE

HikCentral V1.3 for Windows Hardening Guide

CLOUD COMPUTING READINESS CHECKLIST

IT Administrator Templates

Security and Compliance at Mavenlink

McAfee Network Security Platform Administration Course

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

Cisco Secure Ops Solution

HikCentral V.1.1.x for Windows Hardening Guide

Security Policies and Procedures Principles and Practices

Transcription:

YOUR QUALITY PARTNER FOR SOFTWARE SOLUTIONS TMA SOLUTIONS Security & Intellectual Property Protection

Overview Certified ISO 27001:2013 Meet security requirements from global clients Passed all security audits from large clients Dedicated security group and regular audits Certificates: CEH, CISA, CISM

Summary Physical Security 24/7 security guards 24/7 power supply Magnetic ID card authentication CCTV Network Security Secured, separate subnet for each client (VLAN level),, no crosssubnet access VPN available between TMA and client Firewall with integrated IPS (Intrusion Protection System) Anti-virus software for all computers Virus screening of all incoming & outgoing emails All software are scanned for virus before delivery Human Resources & Organization Mandatory security training for all new hires NDA agreement signed by all staff Dedicated security group (certified CEH, CISA, CISM) and regular audits Data Security No storage media (USB, CD, DVD) allowed File transfer outside the company not permitted Firewall system and log checking Backup/Recovery Business Continuity Plan (BCP) for the whole company and Operational Continuity Plans (OCP) for each project Data backup plan for each project Redundant network backbone and Internet links Network based backup system, cross-site storage TMA SOLUTIONS

Multi tenancy policy and setup Physical security Separated and secured working room with magnetic card authentication Only authorized employees are allowed to access the room Access rights are reviewed quarterly Network security Separated and secured IP subnet at VLAN level Network gateway (EdgeRouter) with built-in firewall, no cross subnet access is allowed Site-to-site IPSec VPN for direct access to/from customer site

Data sovereignty and protection Information assets are classified, labeled and handled according to Asset Management Policy Responsibility for assets Information classification Information labeling and handling Only authorized staffs are allowed to access data of customers according to Access Control Policy All employees have to sign NDA on first day All data is stored on on-premises server Currently, we are not handling for kinds of private data of customers

Network infrastructure security Firewall infrastructure: external (internet facing) with DMZ using Fortigate, internal firewall in front of every subnet using Linux iptables Fortigate network based IDS/IPS for external firewall, DMZ. Snort network IDS for corporate servers. OSSEC host based IDS for DMZ servers Antivirus: MacAfee AV on all Windows PCs/servers, centralized managed, automatically update daily, scheduled scan weekly Centralized logging system with syslog-ng Network monitoring and alerting with Nagios Monthly vulnerability scan with Nessus, OpenVAS Data-Loss-Prevention at external firewall level (Fortigate) and desktop level (McAfee HostDLP)

Business Continuity Planning Corporate Business Continuity plan includes detail of: Response plan Critical business missions Risk Assessment Preventive/Mitigation plan Resumption plan Restoration plan Operation Continuity Plan (OCP) list BCP team members BCP calling tree Backup and recovery Automated backup system with cross-site storage BCP and DRP are tested annually

Security Topology TMA SOLUTIONS Separate sub-net for each customer Multi-layers security

Information Security Management System (ISMS)

Security Procedures & Guidelines

Physical Security GOALS Secure working environment Control access to building office Monitor access to restricted area PRACTICES 24x7 security guards Magnetic ID card authentication CCTV monitoring

Human Resources & Organization Ensure all employees are educated and GOALS fully aware about security requirements Ensure information security is managed effectively PRACTICES Mandatory security awareness training for all new hires NDA agreement signed by all staff Dedicated security group (certified CEH, CISA, CISM) and regular audits

Data Security GOALS Control access to data Maintain security of data in processing and exchange PRACTICES Secured and separate subnet for each client VPN available between TMA and client Firewall with integrated IPS (Intrusion Protection System) No USB storage or CD, DVD allowed on workstation Anti-virus software for all computers Internet access is controlled via firewall, proxy

Backup/Recovery GOALS Maintain availability of data Ensure continuity of business in case of disaster PRACTICES Business Continuity Plan (BCP) for the whole company and Operational Continuity Plans (OCP) for each project 24x7 power supply Data backup plan for each project Automatic backup system with cross-sites storage

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback