Best IT Documents.com Blog


Technical and Security Challenges in Cloud Computing from the Industry (Providers)

Posted in Visio Samples - Stencils (457) by Guest on the October 22nd, 2017
Comments Off on Technical and Security Challenges in Cloud Computing from the Industry (Providers)

PCI DSS, SOX (CobiT) and HIPAA & HITECH simplified

Posted in Health Care HIPAA - HITECH - HITECH (98),Visio Samples - Stencils (457) by Guest on the October 22nd, 2017

PCI DSS SOX (CobiT)
HIPAA & HITECH
Penalties: Fines, loss of credit card processing and level 1 merchant requirements
Penalties: Fines up to $5M and
up to 10 years in prison
Penalties and fees
up to $1.5M for neglect
5.1.1  Monitor zero day attacks not covered by anti-virus

6.2 Identify newly discovered security vulnerabilities

11.2   Perform network vulnerability scans quarterly by an ASV

11.4   Maintain edge IDS and IPS’s to monitor and alert personnel; keep engines up to date
DS 5.9 Malicious Software Prevention, Detection and Correction “Put preventive, detection and corrective measures in place (especially up-to-date security patches and virus control) across the organization to protect information systems and technology from malware (e.g., viruses, worms, spyware, spam).”

DS 5.6 Security Incident Definition

“Clearly define and communicate the characteristics of potential security incidents so that they can be properly classified and treated by the incident and problem management process.”

164.308 (a)(1)(ii)(A)

Risk Analysis – Conduct Vulnerability Assessment

164.308 (a)(1)(ii)(B)

Risk Management — Implement security measures to reduce risk of security breaches

164.308 (a)(5)(ii)(B)

DS 5.10 Network Security

“Use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks.”

“Use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks.”
Protection from Malicious Software — Procedures to guard against malicious software host/network IPS

164.308 (a)(6)(iii)

Response & Reporting — Mitigate and document security incidents
10.2   Automated audit trails

10.6   Review logs at least daily

10.3   Capture audit trails
DS 5.5 Security Testing, Surveillance and Monitoring “… a logging and monitoring function will enable the early prevention and/or detection and subsequent timely reporting of unusual and/or abnormal activities that may need to be addressed.”
164.308 (a)(1)(ii)(D)

Information System Activity Review — Procedures to review system activity
10.5   Secure logs

10.7   Retain audit trail for at least one year

10.7   Maintain logs online for three months

164.308 (a)(6)(i)

Login Monitoring — Procedures and monitoring for login attempts on host IDS

164.312 (b) Audit Controls — Procedures and mechanisms for monitoring system activity
6.6 Address new threats and vulnerabilities on an ongoing basis by installing a web application firewall in front of public-facing web applications.
DS 5.10 Network Security

“Use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks

AI3.2  Infrastructure resource protection and availability
164.308(a)(1)

Security Management Process — Implement policies and procedures to prevent, detect, contain and correct security violations.

164.308(a)(6)

Security Incident Procedures

Implement policies and procedures to address security incidents.

Comments Off on PCI DSS, SOX (CobiT) and HIPAA & HITECH simplified

Sample – Priority Disaster Recovery Matrix

Posted in Sample - IT Spreadsheets - PowerPoints (251),Security (1500) by Guest on the October 17th, 2017

Priority Disaster Recovery Matrix

www.bestitdocuments.com

 

 

Comments Off on Sample – Priority Disaster Recovery Matrix

Sample – Patch Vulnerability Scoring

Posted in Sample - IT Spreadsheets - PowerPoints (251),Security (1500) by Guest on the October 11th, 2017

Sample Patch Vulnerability Scoring

www.bestitdocuments.com

 

Comments Off on Sample – Patch Vulnerability Scoring

Sample – Patch Vulnerability Management Progress

Posted in Sample - IT Spreadsheets - PowerPoints (251),Security (1500) by Guest on the October 6th, 2017

Patch Vulnerability Management Progress

www.bestitdocuments.com

Comments Off on Sample – Patch Vulnerability Management Progress

Sample – System Ranking Recovery Classifications

Posted in Sample - IT Spreadsheets - PowerPoints (251),Security (1500) by Guest on the October 2nd, 2017

System Ranking Recovery Classifications

www.bestitdocuments.com

 

Comments Off on Sample – System Ranking Recovery Classifications