SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

Similar documents
Cybersecurity program & best practices

Layer Security White Paper

QuickBooks Online Security White Paper July 2017

The Common Controls Framework BY ADOBE

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Troubleshooting and Cyber Protection Josh Wheeler

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

PREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation

ISE North America Leadership Summit and Awards

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

K12 Cybersecurity Roadmap

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

What It Takes to be a CISO in 2017

Security Architecture

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Designing and Building a Cybersecurity Program

RMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Sage Data Security Services Directory

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Twilio cloud communications SECURITY

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

NEN The Education Network

Cyber Security Requirements for Electronic Safety and Security

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Education Network Security

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Information Technology General Control Review

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

WHITE PAPER- Managed Services Security Practices

CompTIA Cybersecurity Analyst+

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

April Appendix 3. IA System Security. Sida 1 (8)

Protecting your data. EY s approach to data privacy and information security

Symantec Security Monitoring Services

NOTICE TO ALL PROSPECTIVE RESPONDENTS RFP 18-ITSS/CY. Addendum No. 1 issued September 7, RFI responses are in red bold print

Infrastructure Security Overview

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

Carbon Black PCI Compliance Mapping Checklist

InterCall Virtual Environments and Webcasting

Heavy Vehicle Cyber Security Bulletin

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Cyber Security Program

locuz.com SOC Services

ADIENT VENDOR SECURITY STANDARD

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM

Changing the Game: An HPR Approach to Cyber CRM007

Altius IT Policy Collection

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Continuous protection to reduce risk and maintain production availability

CYBERSECURITY RISK LOWERING CHECKLIST

Vendor Security Questionnaire

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Unlocking the Power of the Cloud

Online Services Security v2.1

SECURITY & PRIVACY DOCUMENTATION

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Juniper Vendor Security Requirements

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

CCNA Cybersecurity Operations 1.1 Scope and Sequence

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Table of Contents. Sample

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

NW NATURAL CYBER SECURITY 2016.JUNE.16

SOLUTION BRIEF Virtual CISO

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Canada Life Cyber Security Statement 2018

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

WHITE PAPER. HELPING BANKS SECURE DATA DURING AND AFTER DIGITIZATION An Infosys solution

Strategies for Maritime Cyber Security Leveraging the Other Modes

Projectplace: A Secure Project Collaboration Solution

YOUR QUALITY PARTNER FOR SOFTWARE SOLUTIONS TMA SOLUTIONS

Cyber Resilience. Think18. Felicity March IBM Corporation

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

FIS Global Partners with Asigra To Provide Financial Services Clients with Enhanced Secure Data Protection that Meets Compliance Mandates

Cisco Self Defending Network

Illinois Cyber Navigator Program

CCISO Blueprint v1. EC-Council

Position Title: IT Security Specialist

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

SECURITY PRACTICES OVERVIEW

Transcription:

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

SECURE AIRBORNE CONNECTIVITY: OVERVIEW Gogo Business Aviation realizes the ever-pressing need to be vigilant in staying ahead of potential threats to the security of airborne connectivity. Since our beginning, we have been proactive in designing and building security into our products, networks and services. Whether through our own standards or in partnership with the FAA and other aviation stakeholders, Gogo seeks to lead in defining and implementing best practices for airborne cybersecurity. Gogo leverages state-of-the-art enterprise networking designs to provide comprehensive security for its network and inflight connections. These designs are continuously monitored and analyzed for potential security risks, and also to ensure system robustness. We strive for constant awareness and understanding of the latest innovations in secure network design. Gogo s Network Operations Center (NOC) provides continuous monitoring and troubleshooting of our broadband network, enabling us to quickly identify, detect, respond to and recover from potential cybersecurity threats. Figure: Secure links within the Gogo airborne connectivity network Air-to-Ground (ATG) network secured through Gogo cybersecurity practices and policies. Satellite network(s) secured by trusted third-party providers. Gogo Network Operations Center (NOC) Satellite ground station Gogo Data Center Includes multiple data centers for redundancy and failover. Gogo Biz Network Your personal life Internet Your work life Securely shop, bank, share, and send messages online. Securely send emails, presentations, spreadsheets, and conduct video conferences. Supports access to VPN. GOGO AIRBORNE SECURITY SUMMARY: 2017 Q3 RELEASE 2

SECURE NETWORK DESIGN: DETAILS Gogo Business Aviation follows a thorough process to design and build security into its products, networks and services from the ground up. The following information details how Gogo provides secure airborne connections 24/7/365 through its ATG (air to ground) network communications, onboard aircraft equipment configurations and the Gogo NOC. GOGO BIZ AIR-TO-GROUND (ATG) NETWORK COMMUNICATIONS: Gogo secures all communications transferred on its Gogo Biz ATG network. This includes any data transferred between the aircraft, network ground stations and the Gogo Data Center. All data transfers over the airborne network are secured through licensed spectrum with proprietary link layer encapsulation for secure air-to-ground communications. The Gogo Biz network adheres to up-to-date, state-of-the-art enterprise networking design: Sound network design with Linux firewall protection. Terrestrial network with two stateful firewalls, plus security measures (network address port translation and radio network IP concealment). Utilizes multiple data centers for redundancy and failover, and resiliency in the face of cyber threats or natural disasters. ONBOARD AIRCRAFT EQUIPMENT: Gogo secures all onboard aircraft equipment that is manufactured and delivered as part of the Gogo Business Aviation inflight connectivity system. By design, Gogo onboard aircraft equipment is secured through isolation, which includes: Open 802.11 and secure 802.11 Wi-Fi/wireless via WPA2. Aircraft system intrusion security is provided by the Gogo-supplied router. Other airborne system components are inaccessible from the Wi-Fi clients due to network isolation. GOGO NETWORK OPERATIONS CENTER (NOC): The Gogo Network Operations Center (NOC) provides Tier 1 & Tier 2 monitoring and troubleshooting of all elements of the Gogo Business Aviation mobile broadband network. Located in Chicago, Illinois, the NOC provides continuous operations support. The NOC staff consists of data systems, wireless and IP support analysts. Security is assured through industry-grade secured networking between the access-controlled NOC and the secured Gogo Data Center. GOGO AIRBORNE SECURITY SUMMARY: 2017 Q3 RELEASE 3

GOGO CYBERSECURITY BEST PRACTICES Gogo Business Aviation adheres to the following best practices to ensure security at all stages in design and development of its network, products and processes. This is not intended to be a comprehensive list of all activities performed by Gogo s cybersecurity personnel. MONTHLY SYSTEM VULNERABILITY ASSESSMENTS Independent third party security firms perform monthly external and internal assessments against Gogo s assets. Results of these assessments are reviewed and any noted deficiencies are tracked and remediated. ROUTINE PENETRATION TESTS AND FIRE- WALL ANALYSIS Independent third party security firms perform routine external and internal penetration tests against Gogo s assets. Results of these penetration tests are reviewed and any noted deficiencies are tracked and remediated. MONTHLY FIREWALL AUDITS Security audits are performed monthly against all production firewalls. Both a manual review process and automated toolsets are utilized to ensure configurations are secure. Online backups of firewall configurations are maintained to make sure a rapid rollback can be performed successfully if there are any issues identified. GENERAL SECURITY AWARENESS TRAINING Both full time employees and contractors are required to attend security awareness training within 30 days of their hire date and again at least annually. SECURE CODING AWARENESS TRAINING Both full time employees and contractors who are members of the application development departments are required to attend annual awareness training focused on secure coding standards and best practices. FAA CYBERSECURITY Gogo works closely with the FAA and other aviation stakeholders to define new cybersecurity standards to anticipate and protect against current and future cyber threats. Gogo s certification process follows the latest FAA and RTCA policies to ensure safety of flight for Gogo-equipped aircraft. COMPLIANCE CERTIFICATIONS Gogo is PCI:DSS Level 1 Certified and in the process of renewing an ISO 27001:2013 certification for Gogo s credit card processing environment. Copies of these certificates are available upon request. SECURITY POLICIES Cybersecurity policies are maintained and updated on an internal corporate site which is accessible to all employees and contractors. The policies, standards, and configuration guide are based on requirements sourced from the NIST CSF and ISO 27001:2016 frameworks. GOGO AIRBORNE SECURITY SUMMARY: 2017 Q3 RELEASE 4

Gogo cybersecurity best practices (continued) EVENT LOG MONITORING Gogo utilizes a trusted third-party security firm s Security Operations Center (SOC) to monitor production system event logs 24/7/365. Any anomalies are reported immediately and thoroughly investigated. ENDPOINT SECURITY All Gogo employee workstations are encrypted and have updated anti-virus, anti-malware, intrusion prevention and firewall technology installed. PRIVILEGED USER ACCESS REVIEWS Ongoing user access reviews are performed against production systems. Business stakeholders verify appropriate access levels for identified users. CYBERSECURITY STEERING COMMITTEE Ongoing meetings of key business stakeholders ensure security is addressed from various departments of the organization. Updates are provided to key business stakeholders from the Cybersecurity team and takeaways are implemented based on the criticality of the information provided. RISK ASSESSMENTS Ongoing risk assessments ensure new risks to Gogo are quickly identified and remediation efforts are prioritized and implemented. GOGO AIRBORNE SECURITY SUMMARY: 2017 Q3 RELEASE 5

FOR MORE INFORMATION For more information about Gogo Business Aviation and the solutions we provide for your inflight connectivity and entertainment needs, visit our website at: business.gogoair.com/solutions. 2017 Gogo Business Aviation LLC. All rights reserved. Gogo Business Aviation & Gogo Biz are registered trademarks of Gogo Business Aviation LLC and its affiliates. All other trademarks are the property of their respective owners. GOGO AIRBORNE SECURITY SUMMARY: 2017 Q3 RELEASE 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback