Presentation is loading. Please wait.

Presentation is loading. Please wait.

Blueberry Software IT Security Audit Results. Results: Good.

Published byJonas Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "Blueberry Software IT Security Audit Results. Results: Good."— Presentation transcript:

1 Blueberry Software IT Security Audit Results

2 Results: Good

3 Strong Areas ●Security Organization o Strong and organized security infrastructure ●Access Control & A.C. Procedures o Strong password controls/Rotation o Files well-protected o Procedures in place for authorization

4 Strong Areas (Cont’d) ●Vendor Management o Management must approve third-party connectivity o Third-party connections are monitored ●Virus Protection o Protection/Detection software on all devices o E-mail attachments pre-screened ●Strong Security Policies/Standards

5 Weak Areas ●Computer and Network Management o Vulnerabilities/Exploits not prioritized ●Compliance o No compliance checks in place ●Business Continuity & B.C. Plans o Backup procedures not documented

6 Weak Areas (Cont’d) ●Patch Management Processes o High priority patches take 48 hours for implementation ●Security Testing o Security Test results not well-documented

7 Suggested Improvements ●Identify and prioritize patches daily ●Enforce policy compliance w/ checking tools o e.g. eTrust ●Document Restore/Backup procedures ●Produce and Retain written results of Security Tests

Download ppt "Blueberry Software IT Security Audit Results. Results: Good."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
MSIA 711 1 Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.

MSIA Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Network security policy: best practices

Network security policy: best practices
Information about the computer By Sophia and Christina 2-9-11 4C.

Information about the computer By Sophia and Christina C.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
Corporate Information Systems Delivery of Infrastructure IT Services.

Corporate Information Systems Delivery of Infrastructure IT Services.
Information Technology Controls and Sarbanes-Oxley ISACA Roundtable Discussion April 15, 2004.

Information Technology Controls and Sarbanes-Oxley ISACA Roundtable Discussion April 15, 2004.
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Similar presentations

Ads by Google