Document Title: IT Security Assessment Questionnaire

Similar documents
Best Practices in Securing a Multicloud World

Data Security: Public Contracts and the Cloud

Data Security and Privacy at Handshake

Watson Developer Cloud Security Overview

The Nasuni Security Model

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Projectplace: A Secure Project Collaboration Solution

UCOP ITS Systemwide CISO Office Systemwide IT Policy

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

COMPLIANCE IN THE CLOUD

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes

Secure Esri Solutions in the AWS Cloud. CJ Moses, AWS Deputy CISO

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

01.0 Policy Responsibilities and Oversight

The simplified guide to. HIPAA compliance

SignalFx Platform: Security and Compliance MARZENA FULLER. Chief Security Officer

SoftLayer Security and Compliance:

Cloud Customer Architecture for Securing Workloads on Cloud Services

CLOUD COMPUTING READINESS CHECKLIST

VMware, SQL Server and Encrypting Private Data Townsend Security

You Might Know Us As. Copyright 2016 TierPoint, LLC. All rights reserved.

(Provide name and role/title as identified in the study protocol, (a backup data custodian is recommended but not required))

Access to University Data Policy

UCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:

DeMystifying Data Breaches and Information Security Compliance

[DATA SYSTEM]: Privacy and Security October 2013

Cloud Computing, SaaS and Outsourcing

Case Study. Medical Information Records, LLC. Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance

Attachment 3 (B); Security Exhibit. As of March 29, 2016

Accelerating the HCLS Industry Through Cloud Computing

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Tips for Passing an Audit or Assessment

Security and Compliance at Mavenlink

PCI DSS and the VNC SDK

The Multi Cloud Journey

Title: Planning AWS Platform Security Assessment?

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

Layer Security White Paper

Data Compromise Notice Procedure Summary and Guide

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

Welcome to IBM Security Guardium Analyzer!

VMware, SQL Server and Encrypting Private Data Townsend Security

CoreMax Consulting s Cyber Security Roadmap

Security & Compliance in the AWS Cloud. Amazon Web Services

Payment Card Acceptance - Exception Form

CipherCloud CASB+ Connector for ServiceNow

DATA STEWARDSHIP STANDARDS

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

APPLICATION & INFRASTRUCTURE SECURITY CONTROLS

Sales Training for DataMotion Products. March, 2014

Is Your Compliance Strategy Putting Your Business at Risk?

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

Effective Strategies for Managing Cybersecurity Risks

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Maintaining Security Parity in the Shift to Cloud and Mobile Applications. Jamie Yu, Clark Sessions Cisco Systems October 2016

SECURITY PRACTICES OVERVIEW

Oracle Audit Vault. Trust-but-Verify for Enterprise Databases. Tammy Bednar Sr. Principal Product Manager Oracle Database Security

Ready Theatre Systems RTS POS

10 Considerations for a Cloud Procurement. March 2017

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Security Information & Policies

MySQL Enterprise Security

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC

Cloud Security Whitepaper

Oracle Data Cloud ( ODC ) Inbound Security Policies

Study concluded that success rate for penetration from outside threats higher in corporate data centers

zsah Cloud Offering Security FAQ In partnership with Clearswift

10 Things Every Auditor Should Do Before Performing a Security Audit

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Provisioning IT at the Speed of Need with Microsoft Azure. Presented by Mark Gordon and Larry Kuhn Hashtag: #HAND5

Information Classification & Protection Policy

HOW SNOWFLAKE SETS THE STANDARD WHITEPAPER

IBM SmartCloud Notes Security

Questions Submitted Barry County Michigan Network Security Audit and Vulnerability Assessment RFP

TRACKVIA SECURITY OVERVIEW

PCI DSS Compliance and the Cloud

Locking Down the Cloud Security is Not a Myth

Daxko s PCI DSS Responsibilities

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

WHITE PAPER- Managed Services Security Practices

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

BLACKLINE PLATFORM INTEGRITY

Protecting Your Cloud

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

Cirius Secure Messaging Single Sign-On

NEXT GENERATION CLOUD SECURITY

Broward County RFP TEC P1

Compliance & Security in Azure. April 21, 2018

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

The Realities of Data Security and Compliance: Compliance Security

Single Sign-On. Introduction

Altius IT Policy Collection Compliance and Standards Matrix

Securing Data in the Cloud: Point of View

Securing Your Cloud Introduction Presentation

Transcription:

Page 1 of 5 Complete all required fields to the best of your knowledge; incomplete forms will not be reviewed. Project Summary Subject Matter Expert (SME) Information Name: Telephone Number: Email: Job Title: Project Name: Required Field <Provide Project Overview> Page 1 of 5

Page 2 of 5 Regulatory Compliance Will the application store, process, and/or transmit any of the following regulatory compliance data: Protected Health Information (PHI)? e.g. HIPAA Credit Cardholder Data (CHD)? e.g. PCI-DSS Personally Identifiable Information (PII)? Personally Identifiable Student Education Records? e.g. FERPA Clinical Research Data? e.g. FDA CFR 21 Part 11 Federally Funded or Contracted? e.g. FISMA Personally Identifiable Financial Information? e.g. GLBA Auditing and Reporting Does the application support audit/logging capabilities to a syslog/siem solution? Solution Infrastructure Provide a data flow diagram (DFD), which includes the following information: 1. Source and Destination IPs of all hosts involved in the solution 2. Any web page URLs 3. Ports involved with the solution 4. Any encryption being used 5. Any interfaces involved 6. Any crash report/metadata Required Field <Provide data flow diagram below (DFD) or attach as a separate document> Page 2 of 5

Page 3 of 5 Please enumerate all data points/fields (e.g. SSN, First Name, Last Name, etc.) <Required Field or attach as a separate document> Data Encryption Will the application data be encrypted at-rest using AES-128, RSA-3072, or SHA-256? <If, provide compensating controls> Will the application data be encrypted in-transit using SSL, TLS, or VPN? <If, provide compensating controls> Does the application leverage a back-end database? (Oracle, MS-SQL, MySQL, etc.) If, Can the database be encrypted at-rest? Page 3 of 5

Page 4 of 5 Support Will the application require remote access for technical support? Does the application use an embedded support tool that communicates in/outbound? (e.g., GoToMyPC, Team Viewer, VNC, etc.) <If, what is the name of the support tool?> What is the best time of the day for us to conduct periodic vulnerability scanning? <Provide details> Access Controls and Security For web based solutions, can it leverage UMIT SAML based authentication? Required Field <If, provide description of authentication mechanism and its security controls> For on-premise solutions, can it leverage Active Directory Federation Services (ADFS)? Required Field <If, provide compensating controls> Page 4 of 5

Page 5 of 5 Cloud Specific Questions Can you provide a third-party 3 rd audit report describing the security features in place at the organization? e.g. Service Organization Control (SOC) 2 Report, or equivalent attestation report <If you or your infrastructure provider are working towards any of these certifications please state that and give us a timeframe by which this certification will be accomplished.> Has the Contract/Agreement been reviewed and approved by UM General Counsel Office? Who is your Cloud Service Provider (CSP)? What is your Cloud Computing Architecture? <Provide specifics> SaaS Single-Tenancy SaaS Multi-Tenancy PaaS IaaS How is our data secured and segregated from that of other customers? In which country (or countries) will the data reside? USA Other, please indicate: Upon termination of the contract, will data be transition back to UM?, explain: Upon termination of the contract, will your process completely purge University information from your organization s/infrastructure provider s systems and backups?, explain: Do we have the right to audit, annual site visit?, explain: Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback