Best IT Documents.com Blog


Sample – Asset Rating

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the September 3rd, 2016

Purpose

This document provides guidelines / instructions that enable Symantec users or the Technology Services Group members to developed, identify, evaluate and remediate system and application vulnerabilities in order to prevent a catastrophic systems failure.

 

Background

This document defines accountability and a process that coordinates the patch and vulnerability management effort to include communication, documentation and reporting requirements. By adhering to the following guidelines, Symantec can reduce risks that can lead to adverse security incidents. The primary parties responsible for complying with these procedures include key Information Technology (IT) managers and Risk Management’s Information Security Officer (ISO).

 

Technical Impact 1 – 5:       A measure of how important a device is to the communications of the network.

 

Threat 1 – 5:                          An activity that has either the potential of causing harm to a computer or a network.

 

Vulnerability 1 – 5:               A flaw, mis-configuration, or weakness that allows the security of the system to be violated.

 

Criticality 1 – 5: A measure of how important a system is to the organization’s mission.

 

1 – lowest – no risk or does not apply

 

2 – Low risk – little or no impact

 

3 – Would cause damage

 

4 – Would cause serious damage

 

5 – Would cause exceptionally grave damage

Comments Off on Sample – Asset Rating

Patch and Vulnerability Research Resources

Overview

This procedure was developed to identify and evaluate system and application vulnerabilities through research. This document defines accountability and a process that shows where to look for vulnerabilities that affect [Client] and how to access [Client] personalized resources. By adhering to the following guidelines, [Client] keep abreast of new vulnerabilities, exploits, viruses and worms. The primary party responsible for complying with these procedures is the Risk Management’s Information Security Officer (ISO). Instructions for the frequency at which the ISO (or designee) should be checking these resources is listed below.

 

Source Documentation/Information

  • Cassandra Incident Response Databasehttps://cassandra.cerias.purdue.edu/user/logout.php A website developed by the Center for Education and Research in Information Assurance and Security (CERIAS). This site allows security professionals to build a profile that lists the vendors and OS’ that apply to their infrastructure. The site gets its information from the ICAT database maintained by NIST. This site is secured using SSL 128 bit encryption.

 

  • The Internet Storm Centerhttp://isc.incidents.org/ Supported by the SysAdmin Audit Network Security Institute (SANS), a website that takes volunteered IDS logs from around the world (Over 3 million) and makes the statistics available on the internet free of charge. This web site is good to see what the top ten scanned ports are and the top ten IPs they are coming from.

 

  • CERT Current Activityhttp://www.cert.org/current/current_activity.html The CERT Coordination Center (CERT/CC) was formed by the Defense Advanced Research Projects Agency (DARPA) in November 1988 in response to the needs identified during an Internet security incident. The CERT/CC is part of the Networked Systems Survivability (NSS) Program at the Software Engineering Institute (SEI), Carnegie Mellon University. The primary goal of the NSS Program is to ensure that appropriate technology and systems management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of successful attacks.

 

  • Secuniahttp://www.secunia.com/advisories The Secunia Security Advisories list is free and designed for the IT professional who wants one source of information about the latest software vulnerabilities and security fixes. This site ranks the vulnerability based on a 1 – 5 ranking. Outstanding site for justifying the need for patches or mitigation.

 

  • SecureFocus BugTraq Vulnerability Forumhttp://online.securityfocus.com/archive/1 The Bugtraq forum is a site that lists all correspondence relating to vulnerabilities that may or may not be verified. There is a process once items are entered into the Bugtraq Forum where CERT reviews submitted issues, evaluates them and gives them a candidate number. After thorough evaluation, if the candidate is a true vulnerability, it will receive a CVE (Common Vulnerabilities and Exposures) designation.


  • Microsoft Security Notification Service – http://www.microsoft.com/security/security_bulletins/decision.asp Microsoft TechNet offers the Microsoft Security Notification Service. These e-mail messages are geared toward IT professionals and contain in-depth technical information. This information will state the date the problem was found, what the problem is and how to mitigate the problem. In many cases the bulletins list “Mitigating Factors” that may make the vulnerability non-applicable or may heighten the need for action. The bulletins also have patch information available such as if a patch is available, where to get the patch and what the patch does.

 

  • SANS Newsbites – http://portal.sans.org/register.php The SANS NewsBites is a weekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible. Spend five minutes per week to keep up with the high-level perspective of all the latest security news. Each issue is delivered weekly by email, Free.

 

  • ICAT Databasehttp://icat.nist.gov/icat.cfm The ICAT Metabase is a searchable index of computer vulnerabilities. ICAT links users into a variety of publicly available vulnerability databases and patch sites. ICAT indexes the information available in CERT advisories, ISS X-Force, Security Focus, NT Bugtraq, Bugtraq, and a variety of vendor security and patch bulletins. ICAT is maintained by the National Institute of Standards and Technology. The ICAT DB is Uses the CVE naming standard.
Comments Off on Patch and Vulnerability Research Resources

Sample – Sample VM Compliance Tracking Spreadsheet

Posted in Compliances (1300),O S (375),Sample - IT Spreadsheets - PowerPoints (251) by Guest on the February 25th, 2016

Sample VM Compliance Tracking Spreadsheet

Sample_VM_Compliance_Tracking.xlsx

Comments Off on Sample – Sample VM Compliance Tracking Spreadsheet

Sample Word – Visio RSA – ESI Event Source Integration

Sample Word and Vision document download

RSA – ESI Event Source Integration

 

 

Comments Off on Sample Word – Visio RSA – ESI Event Source Integration

Sample Word – POC Imprivata Hardware – Software Resources

Comments Off on Sample Word – POC Imprivata Hardware – Software Resources

Sample Word – POC Clinical Application VDI Desktop Integration

Free Word Document Download

POC Clinical Application VDI Desktop Integration

 

Comments Off on Sample Word – POC Clinical Application VDI Desktop Integration
Next Page »