User Group 2015 Security Best Practices. Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations.

Slides:

Advertisements

Similar presentations

Innovating Since 1998 Direct EDJE, we make A World of Difference Direct Response Order Management Software A Proven Solution Since.

Advertisements

Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.

1 Vendor Evaluation: Selecting for Success Dana McCormick Wells Fargo Home Mortgage Delivery Services Baltimore PCC Education Seminar April 27, 2007.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

Security Controls – What Works

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

EarthLink Business IT Services. EarthLink Business IT Services Snapshot Comprehensive IT services portfolio −Data center, virtualization, IT security,

Step 1: A.User enters id/pw for FI: encrypted in Quicken PIN vault B.Id/pw transmitted to Intuit CustomerCentral Servers at NCR using 128 bit SSL Step.

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Chapter 7 Database Auditing Models

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Cloud Computing Kwangyun Cho v=8AXk25TUSRQ.

Confidentiality Integrity Accountability Communications Data Hardware Software Next.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.

Chapter 6 of the Executive Guide manual Technology.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

UnitedLayer Managed Private Cloud Saad Saleem Director of Customer Engineering.

Auditing Information Systems (AIS)

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Information Assurance Policy Tim Shimeall

AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

Note1 (Admi1) Overview of administering security.

Wireless Intrusion Prevention System

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

5/18/2006 Department of Technology Services Security Architecture.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Copyright 2013 FairPoint Communications Network safety and security – Protecting your communications resources Karen Romano, Vice President, Government.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

Managed IT Services JND Consulting Group LLC

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

Avtec Inc Virtualization - Securely Moving to the Cloud.

Security and resilience for Smart Hospitals Key findings

Microsoft Azure Virtual Machines

Avenues International Inc.

INFORMATION SYSTEMS SECURITY AND CONTROL.

Azure Infrastructure for SAP®

Cybersecurity - What’s Next? June 2017

Cloud Security– an overview Keke Chen

DIRECTOR OF CLOUD SERVICES

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Assessing the Security of the Cloud

National Cyber Security

Healthcare Cloud Security Stack for Microsoft Azure

The business view Operations Business processes Productivity

Security week 1 Introductions Class website Syllabus review

PLANNING A SECURE BASELINE INSTALLATION

Microsoft Data Insights Summit

Capitalize on Your Business’s Technology

WPIC Department of Psychiatry Office of Academic Computing

IT Management, Simplified

IT Management, Simplified

Presentation transcript:

User Group 2015 Security Best Practices

Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations in industrial robotics, medical devices, software development and IT services consulting businesses. Steve has extensive experience in networking, quality assurance, software development, disaster recovery services, and project management. He has worked with FDA GMP/GCP, FDA 21 CFR 820, SOX/SSAE16, FISMA, and HIPAA regulatory environments. Steve and Rob have worked together for over 20 years in several successful entrepreneurial ventures. Glen Balestrieri, Director of Managed Services With 26 years of management experience in Information Technology and Direct Sales allows, Glen is directly responsible for regulatory compliance, information systems security, systems engineering, systems maintenance and customer service. Glen holds a degree from American International College, with concentrations in networking, Linux, and Microsoft systems.

Security Best Practices Session Directives To discuss the security, speed and usability of the PopMedNet Private Cloud hosted at Lincoln Peak Partners. Session length is minutes including introductions, overview, presentation and Q&A. Q&A session will start 15 minutes before session ending

Presentation Overview In this presentation we will discuss: Securing the cloud. The Infrastructure behind the curtain Encryption systems in play, both at rest and in transit Compliance and what that means to PopMedNet Redundancy Application Data Flow and its Security

PMN Infrastructure and Security

Code Security Assessment

July 2, 2015 In June of 2015, Pivot Point Security conducted a static code review of Lincoln Peak Partner’s PopMedNet applications as part of their software assurance process to provide assurance that the source code follows secure coding practices. Our code review methodology follows the testing approach recommended by the OWASP Application Security Verification Standard (ASVS). Findings are mapped to both the OWASP Top 10 and the Common Weakness Enumeration (CWE) project. We determined that the applications are secured in a manner consistent with secure coding practices and on par with similar applications that we have tested. While we did not identify any critical vulnerabilities during our testing, we did identify two areas of concern. After reviewing the issues with Lincoln Peak Partners, they indicated that these issues are actually mitigated by outside controls. Pivot Point Security has been architected to provide maximum levels of independent and objective information security expertise to our varied client base. The team responsible for conducting security assessments of this nature is led by a Certified Information Security Auditor/IRCA ISO Auditor and includes personnel appropriately qualified to render this opinion (e.g., Certified Information System Security Professionals, Microsoft Certified System Engineers, Certified Ethical Hackers, etc.) John Verry, CLA/CISA/CRISC Principal Enterprise Security Co nsultant

Security Overview Examples Redundant Firewalls Intrusion Detection Systems 24/7 Live Monitoring and Response Endpoint Security Antivirus and Malware Encryption in Use, at Rest and in Transit Vulnerability Scans Manual and Automatic Weekly Log File Auditing Third Party Pen Testing

Application Redundancy

Backup with Redundanc y Backup Policies Lincoln Peak Standard Operation Policy Backup and retention outlines the follow in the flow chart. Redundant backups assure your data remains intact during crisis situations. Lincoln Peak recognizes the need to customize policies for each individual customer. We can provide the flexibility you need to feel secure. All database backup are encrypted at rest and all data is encrypted in transit. This is an automated and monitored process.

Carpathia Hosting VLAN 2 VLAN 1 PMN Web Service PMN Web Service Single Sign On Option PMN Database PopMedNet Portal Firewall Overview of Data Flow Internet Ask a question Response Internet PMN Web Browser Administrators End User Web Browser Investigators Data Provider DataMart Desktop Client DataMart Desktop Client Model Adaptors Data Mart Administrators Internet Firewall Response Ask a question Response https/TLS https/TLS 1.2 https/TLS

User Group 2015 Security Best Practices