Enterprise SM VOLUME 1, SECTION 5.7: SECURE MANAGED SERVICE

Similar documents
Enterprise SM VOLUME 1, SECTION 5.4: ANTI-VIRUS MANAGEMENT SERVICE

Symantec Protection Suite Add-On for Hosted Security

Tracking and Reporting

3.0 NETWORX ARCHITECTURE FOR IP-BASED SERVICES (L ) (M.2.1) (a), M.2.1.1(a))

CCISO Blueprint v1. EC-Council

Enterprise SM VOLUME 1, SECTION 4.3: COLLOCATED HOSTING SERVICES

Complete document security

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cloud Security & Advance Threat Protection. Cloud Security & Advance Threat Protection

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

UCOP ITS Systemwide CISO Office Systemwide IT Policy

GLBA. The Gramm-Leach-Bliley Act

Demonstrating Compliance in the Financial Services Industry with Veriato

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Why you MUST protect your customer data

IBM Managed Security Services for Security

Compliance in 5 Steps

MESSAGING SECURITY GATEWAY. Solution overview

Cybersecurity in Higher Ed

Acceptable Use and Publishing Policy

Glenwood Telecommunications, Inc. Acceptable Use Policy (AUP)

IBM Internet Security Systems October Market Intelligence Brief

HPE DATA PRIVACY AND SECURITY

Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Securing Information Systems

Electronic Network Acceptable Use Policy

Deployment Options for Exchange March 2006

IronPort C100 for Small and Medium Businesses

Symantec Security.cloud

On the Surface. Security Datasheet. Security Datasheet

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Information Security Risk Strategies. By

Office 365 Buyers Guide: Best Practices for Securing Office 365

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

ISAO SO Product Outline

Consolidated Hygiene and Encryption Service E-Hub. Slide 1

: Acceptable Use Policy

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule

Acceptable Use Policy

Modern attacks and malware

FRANKFORT PLANT BOARD CABLE MODEM INTERNET BROADBAND INTERNET SERVICE DISCLOSURES

Broadband Internet Access Disclosure

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

Acceptable Use Policy Document ID: SER-POL-001

CipherCloud CASB+ Connector for ServiceNow

Acceptable Use Policy

Oracle Database Vault

The Impact of Cybersecurity, Data Privacy and Social Media

Compliance with CloudCheckr

Cyber Risks in the Boardroom Conference

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Cisco Security: Advanced Threat Defense for Microsoft Office 365

USAGE POLICIES. is defamatory, offensive, abusive, indecent, obscene, or constitutes harassment;

Legal, Ethical, and Professional Issues in Information Security

PROFESSIONAL SERVICES (Solution Brief)

Acceptable Use Policy

Acceptable Use Policy

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Service Level Agreement for Microsoft Online Services

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Admin Guide Boundary Defense for Anti-Virus & Anti-Spam

GuardTower TM White Paper. Enterprise Security Management Systems

IBM Managed Security Services (Cloud Computing) hosted and Web security - express managed security

Acceptable Use Policy

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Acceptable Use Policy

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

Dell Service Level Agreement for Microsoft Online Services

Hart telephone company. Network TRANSPARENCY statement

SECURITY & PRIVACY DOCUMENTATION

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Cleveland State University General Policy for University Information and Technology Resources

locuz.com SOC Services

Seqrite Endpoint Security

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Achieving third-party reporting proficiency with SOC 2+

Sales Training for DataMotion Products. March, 2014

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

PTLGateway Acceptable Use Policy

Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators

Risk Assessment: Key to a successful risk management program

CA Security Management

Security Terminology Related to a SOC

Network TRANSPARENCY statement

Magna5 reserves the right to make modifications to this policy at any time.

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

Security and Privacy Governance Program Guidelines

HIPAA Compliance & Privacy What You Need to Know Now

Service Description Safecom Simple Mail Relay Version 3.5

DeMystifying Data Breaches and Information Security Compliance

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

WAFA X3 Evolution Grade of Service. 13 October 2008

Transcription:

VOLUME 1, SECTION 5.7: SECURE MANAGED EMAIL SERVICE

5.7 SECURE MANAGED EMAIL SERVICE (SMES) [C.2.10.8] The Level 3 Team s (SMES) will meet or exceed the Government s requirements for SMES, as defined in RFP Section C.2.10.8. This section provides a description of this service offering followed by responses to the specific requirements listed in RFP Section L.34.1.6.4, as they apply to this service. Our SMES offering is an outsourced email solution that will scan all incoming email before it reaches the agency network. As a result of scanning emails for viruses and spam prior to reaching the agency network, all viruses and spam will be blocked before entering the agency network. This will provide the agency with confidence that any spam and viruses will be blocked before they can cause damage to the network. 5.7.3 Service Requirements [C.2.10.8.1] The Level 3 SMES fulfills the mandatory service requirements defined in RFP Section C.2.10.8.1. This section demonstrates our capabilities in the following areas: Standards Connectivity Technical Capabilities Features Interfaces Volume 1, Section 5.7 Page 801 Rev. 3-5-2007

5.7.3.1 STANDARDS [C.2.10.8.1.2] The Level 3 SMES will comply with the required standards as delineated in RFP Section C.2.10.8.1.2. Members of our team are active in numerous industry forums and working groups, which demonstrates our commitment to implementing future standards as technologies are developed and standards are defined and become commercially available. Our memberships include: Network Service Provider Security Association (NSP-Sec) International Systems Security Association (ISSA) VoIP Security Association (VOIPSA) Intrusion Detection Systems Consortium National Infrastructure Advisory Council (NIAC) Department of Homeland Security (DHS) National Institute of Standards and Technology (NIST) National Information Assurance Partnership (NIAP) Federal Bureau of Investigation (FBI) National Association of State Chief Information Officers (NASCIO) Information Technology - Information Sharing and Analysis Center (IT-ISAC) Open Security Evaluation Criteria (OSEC) Intrusion Detection Exchange Format Working Group (IDWG) 5.7.3.2 CONNECTIVITY [C.2.10.8.1.3] Level 3 is a Tier 1 Internet Service Provider. Our SMES offering meets the connectivity requirements listed RFP Section C.2.10.8.1.3. Volume 1, Section 5.7 Page 802 Rev. 3-5-2007

5.7.3.3 TECHNICAL CAPABILITIES [C.2.10.8.1.4] This section demonstrates the Level 3 Team s capabilities to meet the technical requirements for SMES listed in RFP Section C.2.10.8.1.4. 5.7.3.3.1 Monitor Email in Real-Time, on a 24x7 Basis, for Timely and Accurate Detection of Harmful Traffic and Unwanted Content All of the Level 3 Managed Security Services are available to Networx customers 24x7. Section 5.7.3.3.2 below provides specifics of how we block harmful traffic and unwanted content. 5.7.3.3.2 Support Anti-Virus Scanning that Monitors all Inbound and Outbound Messages and Attachments The Level 3 SMES offers the most complete protection in the world from email borne viruses and malware. Our service will support Anti-Virus Scanning through a combination of techniques that will stop all known and unknown malware and virus threats from reaching a customer s network. To identify and stop the back-catalog of known viruses, our solution This technology will identify techniques Volume 1, Section 5.7 Page 803 Rev. 3-5-2007

or characteristics that are indicative of an email virus even if the virus is completely original in construction thereby protecting customers from zerohour outbreak attacks. The Anti-Virus technology uses in identification include: Acting as both a first, and last, line of defense, Level 3 offers both inbound and outbound protection, adding a much-needed additional layer of protection for the customer s network. 5.7.3.3.3 Support Anti-Spam Filtering that Prevents Unsolicited Marketing and Messages from Entering the Agency s Network, and Taxing Human, Bandwidth and Storage Resources. The Anti-Spam Service is comprised of industry techniques, customer preferences and proprietary technology for identifying and stopping Volume 1, Section 5.7 Page 804 Rev. 3-5-2007

unsolicited bulk email. A description of the anti-spam component or our SMES solution is described below. Volume 1, Section 5.7 Page 805 Rev. 3-5-2007

Volume 1, Section 5.7 Page 806 Rev. 3-5-2007

Append a Header and Redirect to Bulk Mail Address This option will allow an agency to divert all identified spam to an email address held within the agency s infrastructure to allow a customer to control the spam emails. This option is beneficial for customers who would like control of their identified spam. It allows an administrator to control which emails are released to the end users. This can be a large administrative overhead to organizations with large numbers of users. The benefit of using Append a Header but Allow Mail Through is that the administration is passed to the end user and the identified spam will be separated from the legitimate emails. The end user can then look through the identified spam in the separate folder if they have a false positive. Agencies may choose to use this option if they would like to take away any overhead of dealing with spam. The downside of using this method is that legitimate emails (false positives) could be deleted. Volume 1, Section 5.7 Page 807 Rev. 3-5-2007

5.7.3.3.4 Support Content Control, which screens inbound and outbound email for content that may signal system abuse or violation of agency communications policies Content control is essential to meeting compliance with the growing regulatory environment surrounding electronic communications. Recent regulations, including laws such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) and the Sarbanes-Oxley Act of 2003 (SOX Act), explicitly mention civil and criminal penalties for security and data protection breaches. Volume 1, Section 5.7 Page 808 Rev. 3-5-2007

In addition to compliance, agencies are facing other email security issues including threats to their employees, partners and customers. In an increasingly litigious world, it is essential that agencies protect themselves and their employees from internal and external email content threats by using the best solutions available. These threats include breach of confidentiality, loss of intellectual property, harassment of employees, defamation and obscenity, contractual liability, damage to business reputation not to mention wasted time and resources. Deployed across our dynamic global platform, our SMES proactively which will help agencies keep email clean and maintain agency integrity. Volume 1, Section 5.7 Page 809 Rev. 3-5-2007

5.7.3.3.5 Respond to email infections and agency policy violations Notifications will not be sent to senders when the virus detected is a known spoofing virus. We will not send notifications when a false from address is used to prevent a false alarm to the "forged" sender. Notifications will also be sent to the administrators at the client. Volume 1, Section 5.7 Page 810 Rev. 3-5-2007

Viruses are quarantined in advance of the network. allows us to quarantined viruses prior to reaching the agency s network. This 5.7.3.3.6 Support a secure web-based management interface Volume 1, Section 5.7 Page 811 Rev. 3-5-2007

5.7.3.3.7 Queue and Retain Email in the Event of an Agency Mail Server or Connection Failure, in Order to Prevent Messages from Bouncing, and Gradually Transmit Queued Email upon Resolution of the Problem to Avoid Overloading the Servers. The Level 3 SMES solution will queue mail for in the event of a server failure at the customer site. Once the problem has been resolved, the service will allow for the gradual transmission of queued emails. 5.7.1.3.8 Implement Security Procedures to Preserve the Confidentiality and Integrity of All Agency Email Traversing its Network and Data Center The privacy of agency emails will be paramount, and our security efforts will ensure that email passing through infrastructure is more secure than at any other stage in its travel across the Internet medium. Measures to maintain this privacy will include: Volume 1, Section 5.7 Page 812 Rev. 3-5-2007

5.7.3.3.9 Support Email Requirements of Varying Complexity, in Terms of Load and Volume The Level 3 SMES offering will accommodate a wide range of agency demands in terms of 5.7.3.4 FEATURES [C.2.10.8.2] RFP Section C.2.10.8.2 specifies no features for SMES. 5.7.3.5 INTERFACES [C.2.10.8.3] In compliance with RFP Section C.2.10.8.3, Level 3 s SMES will support the User-to-Network Interfaces (UNIs) defined in RFP Section C.2.4.1 Internet Protocol Service (IPS), as applicable. 5.7.4 Performance Metrics [C.2.10.8.4.1] In accordance with RFP Section C.2.10.8.4.1, Level 3 will provide the performance metrics shown in Table 5.7-1 for our SMES offering. We note that SMES is a service that does not include the use of customer premise equipment, so there will not be an instance where a dispatch is necessary. Volume 1, Section 5.7 Page 813 Rev. 3-5-2007

5.7.5 Proposed Performance Metrics Level 3 does not intend to exceed the AQLs in the KPIs at this time but would like to reserve the ability to do so with performance improvements that may be attained through the introduction of new technology. Level 3 believes in continuous improvement and will always strive to provide the highest quality services available. 5.7.6 Experience Delivering SMES Details are provided in Section 5.1.3.4 of this proposal volume. 5.7.7 Monitoring and Measuring KPIs and AQLs The Level 3 Network Operations Center will monitor all (3)Enterprise services using our IP backbone. Section 3.1.2.2 of this proposal volume describes the monitoring tools used by this organization that will allow for comprehensive visibility of numerous network elements and the ability to accurately measure AQLs for the applicable KPIs. Volume 1, Section 5.7 Page 814 Rev. 3-5-2007

5.7.8 Optional Service Impact on Network Architecture The SMES proposed by Level 3 will have little impact to a customer s network architecture. No additional network configuration will be required for this service. 5.7.9 NS/EP Functional Requirements Section 2.5 of this proposal volume addresses how NS/EP requirements will be met for services. 5.7.10 National Capital Region Service Section 2.5.4 of this proposal volume discusses this topic in detail for all of Level 3 s proposed services. 5.7.11 Meeting Section 508 Provisions Reports generated as a result of an SMES engagement will be posted on the portal. This portal meets most of the requirements outlined in Section 508. The Section 508 requirements that are not met today can be met, rather easily through simple modifications to the portal. Level 3 is committed to making these changes, should they be necessary. In compliance with Section C.6.4 of the Networx RFP, Level 3 has prepared for a Voluntary Product Assessment Template (VPAT) for SMES and supporting documentation for Section 508, Subpart B, Technical Standards, paragraph 1194.22, Web-based Intranet and Internet Information and Applications. This data is provided in Section 2.5.5 of this Technical Volume. Volume 1, Section 5.7 Page 815 Rev. 3-5-2007

5.7.12 Approach to SMES Technological Enhancements or Improvements Level 3 fully expects that there will be many upgrades to the software and improvements to the service in the coming years. The SMES service is set up to make upgrading a simple procedure. Prior to upgrading any component of the SMES service, the managed services team will fully test the upgrades to determine what impact, if any, the upgrade or change will have to the SMES environment. Once we determine the upgrade will not cause any negative impact on our SMES customer, we will roll out the update or improvement as part of the SMES offering. There is always the chance that new technological enhancements and improvements will cause compatibility issues with the SMES service. If this is the case, our Managed Security Services engineering team will work to overcome any compatibility issues and roll out new technology and capabilities to ensure the SMES is competitive in the marketplace. Volume 1, Section 5.7 Page 816 Rev. 3-5-2007

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback