Best IT Documents.com Blog


Logrythm Architecture and Design 7.x Notes

ü  Dashboard

ü  Searching

ü  Review of alarms

 

ü  Qualify – to investigate (establish root cause)

ü  Then mitigate

 

ü  Html5 coded

 

ü  Risk based alarms

ü  Case workflow

 

ü  Realtime data 

ü  DoubleClick drill down

ü  Underlying log data.

 

Logviewer to analyst grid – access

Low footprint on the browser (Client)

 

Activities represented

Pivot sort of data / datasets

 

Widgets to customize dashboard 

Edit widgets, more advanced filters

 

Threat activity map

Drill down create a task on another task to free up resources

 

Flow data – Network monitor

Deep packet analytics (rule protocol mismatch) 

Packet captures – Session based

 

Case management

Tagging for cases (searchable and filter with dashboards)

Create new tags

 

Log contains

Search contextualized content for

Finance

SSN

 

Search contains:   (filter on classified actions (750 devices application and systems)

Pre-created processing rules 

Structure and unstructured searches

 

End point monitoring

File integrity monitoring

Watchlist users 

o   Account takeovers

·         Precision searches

·         Alarms page (tab)

·         Fired alarms and risk based fired

·         Entity logical segmentation of the network

·         Other filtering and sorting by risk by date

o   Smart responses based on activity (actions – multiple responses)

·         Disable accounts or quarantine devices

·         Corroborated alarms (supporting activities that are, 3 or more behavioral anomalies from the user)

·         Associate logs and alarms into cases

·          

o   Drill down into data sets associated with the activities

·         Watchlist or searches (criteria, source with host) 

Single host or distributed host for performance.

 

AI Engine

Desktop console

 

System (Windows, Unix, remotely (no agent directly installed) Local and remote log collections

Non Server log server performance file integrity

Comments Off on Logrythm Architecture and Design 7.x Notes

Healthcare IT Technology Issues to consider

Healthcare IT Technology Issues to consider

www.bestitdocuments.com

 

Comments Off on Healthcare IT Technology Issues to consider

Microsoft Patch Matrix Analysis

Posted in O S (375),Policies - Standards (600),Security (1500) by Guest on the September 19th, 2016

This information allows you to see at a glance which Microsoft Security Bulletins apply to which products and the Severity Rating for each bulletin.  Each Security Bulletin is listed complete with links to the full bulletin on Microsoft’s website. You can view Security Bulletins sorted in reverse numerical order or by the date the Bulletin was last updated.
Microsoft believe you should always apply patches to any software you’re using for which they issue a patch with either a Critical or Important rating and these patches should be applied as soon as is practically possible (especially Critical ones). For patches rated as either Moderate or Low Microsoft recommend you read the related security bulletin to decide whether you should apply the patch to your environment. Personally if Microsoft issues a patch for something I’d seriously consider installing it (after testing) regardless of the Rating.  Easier said than done I know in a lot of environments but if you don’t patch you’re asking for trouble.

 

Severity Ratings Microsoft use the following system to rate the severity for each vulnerability.  This information has been reproduced from the “Microsoft Security Response Center Security Bulletin Severity Rating System” which you can find at:

 

https://technet.microsoft.com/en-us/security/hh314216.aspx

 

We’ve added the “Color” column onto the end of the table so that you can tell at a glance what Severity Rating Microsoft have assigned to the software affected by each vulnerability.

Rating Definition Color
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action Red
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources. Orange
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation Green
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal. Black

 

Security Vulnerabilities by Number

The following is a list of Security Vulnerabilities issued year-to-date (dd/mm/yy) with the most recent first.

Patch No. Title Affects/ Severity Issued/ Updated
Comments Off on Microsoft Patch Matrix Analysis

Sample – Asset Rating

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the September 3rd, 2016

Purpose

This document provides guidelines / instructions that enable Symantec users or the Technology Services Group members to developed, identify, evaluate and remediate system and application vulnerabilities in order to prevent a catastrophic systems failure.

 

Background

This document defines accountability and a process that coordinates the patch and vulnerability management effort to include communication, documentation and reporting requirements. By adhering to the following guidelines, Symantec can reduce risks that can lead to adverse security incidents. The primary parties responsible for complying with these procedures include key Information Technology (IT) managers and Risk Management’s Information Security Officer (ISO).

 

Technical Impact 1 – 5:       A measure of how important a device is to the communications of the network.

 

Threat 1 – 5:                          An activity that has either the potential of causing harm to a computer or a network.

 

Vulnerability 1 – 5:               A flaw, mis-configuration, or weakness that allows the security of the system to be violated.

 

Criticality 1 – 5: A measure of how important a system is to the organization’s mission.

 

1 – lowest – no risk or does not apply

 

2 – Low risk – little or no impact

 

3 – Would cause damage

 

4 – Would cause serious damage

 

5 – Would cause exceptionally grave damage

Comments Off on Sample – Asset Rating

Patch and Vulnerability Research Resources

Overview

This procedure was developed to identify and evaluate system and application vulnerabilities through research. This document defines accountability and a process that shows where to look for vulnerabilities that affect [Client] and how to access [Client] personalized resources. By adhering to the following guidelines, [Client] keep abreast of new vulnerabilities, exploits, viruses and worms. The primary party responsible for complying with these procedures is the Risk Management’s Information Security Officer (ISO). Instructions for the frequency at which the ISO (or designee) should be checking these resources is listed below.

 

Source Documentation/Information

  • Cassandra Incident Response Databasehttps://cassandra.cerias.purdue.edu/user/logout.php A website developed by the Center for Education and Research in Information Assurance and Security (CERIAS). This site allows security professionals to build a profile that lists the vendors and OS’ that apply to their infrastructure. The site gets its information from the ICAT database maintained by NIST. This site is secured using SSL 128 bit encryption.

 

  • The Internet Storm Centerhttp://isc.incidents.org/ Supported by the SysAdmin Audit Network Security Institute (SANS), a website that takes volunteered IDS logs from around the world (Over 3 million) and makes the statistics available on the internet free of charge. This web site is good to see what the top ten scanned ports are and the top ten IPs they are coming from.

 

  • CERT Current Activityhttp://www.cert.org/current/current_activity.html The CERT Coordination Center (CERT/CC) was formed by the Defense Advanced Research Projects Agency (DARPA) in November 1988 in response to the needs identified during an Internet security incident. The CERT/CC is part of the Networked Systems Survivability (NSS) Program at the Software Engineering Institute (SEI), Carnegie Mellon University. The primary goal of the NSS Program is to ensure that appropriate technology and systems management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of successful attacks.

 

  • Secuniahttp://www.secunia.com/advisories The Secunia Security Advisories list is free and designed for the IT professional who wants one source of information about the latest software vulnerabilities and security fixes. This site ranks the vulnerability based on a 1 – 5 ranking. Outstanding site for justifying the need for patches or mitigation.

 

  • SecureFocus BugTraq Vulnerability Forumhttp://online.securityfocus.com/archive/1 The Bugtraq forum is a site that lists all correspondence relating to vulnerabilities that may or may not be verified. There is a process once items are entered into the Bugtraq Forum where CERT reviews submitted issues, evaluates them and gives them a candidate number. After thorough evaluation, if the candidate is a true vulnerability, it will receive a CVE (Common Vulnerabilities and Exposures) designation.


  • Microsoft Security Notification Service – http://www.microsoft.com/security/security_bulletins/decision.asp Microsoft TechNet offers the Microsoft Security Notification Service. These e-mail messages are geared toward IT professionals and contain in-depth technical information. This information will state the date the problem was found, what the problem is and how to mitigate the problem. In many cases the bulletins list “Mitigating Factors” that may make the vulnerability non-applicable or may heighten the need for action. The bulletins also have patch information available such as if a patch is available, where to get the patch and what the patch does.

 

  • SANS Newsbites – http://portal.sans.org/register.php The SANS NewsBites is a weekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible. Spend five minutes per week to keep up with the high-level perspective of all the latest security news. Each issue is delivered weekly by email, Free.

 

  • ICAT Database – http://icat.nist.gov/icat.cfm The ICAT Metabase is a searchable index of computer vulnerabilities. ICAT links users into a variety of publicly available vulnerability databases and patch sites. ICAT indexes the information available in CERT advisories, ISS X-Force, Security Focus, NT Bugtraq, Bugtraq, and a variety of vendor security and patch bulletins. ICAT is maintained by the National Institute of Standards and Technology. The ICAT DB is Uses the CVE naming standard.
Comments Off on Patch and Vulnerability Research Resources

Sample – Word – Microsoft Desktop Patching Policy

Posted in Policies - Standards (600) by Guest on the October 27th, 2015

Sample – Microsoft Desktop Patching Policy

Microsoft_Desktop_Patching.doc

Comments Off on Sample – Word – Microsoft Desktop Patching Policy

Sample Word – Visio RSA – ESI Event Source Integration

Sample Word and Vision document download

RSA – ESI Event Source Integration

 

 

Comments Off on Sample Word – Visio RSA – ESI Event Source Integration

Sample Word – Clinical Access SSO Test Cases

Free Word document download

Clinical Access SSO Test Cases

 

Comments Off on Sample Word – Clinical Access SSO Test Cases

Sample Word – Single Sign-on Application Wrapper Standard Specifications

Posted in Information Rights Management (100),Policies - Standards (600) by Guest on the August 16th, 2015
Comments Off on Sample Word – Single Sign-on Application Wrapper Standard Specifications

Sample Excel – Performance and Development Appraisal Spreadsheet

Comments Off on Sample Excel – Performance and Development Appraisal Spreadsheet

Sample Word – Regulation and compliance log retention best practices

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the August 6th, 2015

Free word document downloads

The Basel II Accord,

FISMA,

GLBA,

HIPAA,

NERC

NISPOM,

PCI

SOX

EU

 

Comments Off on Sample Word – Regulation and compliance log retention best practices

Sample Excel – High-Level Small Business Security tracking

Free Excel document download

High-Level Small Bus Sec Audit

 

Comments Off on Sample Excel – High-Level Small Business Security tracking

Sample Excel – Qualys External Scanner Tracking

Free Excel document download

Qualys External Scanner Tracking

Comments Off on Sample Excel – Qualys External Scanner Tracking

McKesson Information Solutions

McKesson produces many Healthcare applications including Series 2000, STAR, Care Manager and Image Manager. There are many more applications in their portfolio, but these are the prime applications that we find at healthcare facilities when we present eTrust Single Sign-on and Admin.

Each of these applications incorporates their own user and group management paradigm and authorization and authentication tables.

This document addresses the Series 2000 application with regards to building a custom option for provisioning users from eTrust Admin. Ken Lee and Mark Wettlaufer traveled to Lake Mary, FL to meet with the Series 2000 Development Group on 10 May 2004 and came away with a positive feeling about the chance of success in developing a custom option.

Key findings for Series 2000

  • Runs on the iSeries AS/400 hardware from IBM
  • Utilizes the iSeries DB2 UDB database
  • User tables address authorization (ACLs) while authentication is handled by OS/400 security
  • Application is heavily customizable and dynamic based on client needs
  • Security Code is another name for the password sting for the Series 2000 account and is currently stored in clear text with future plans for some sort of encryption
  • Password refers to the OS/400 account password
  • A user within Series 2000 is uniquely identified by:
    • library name for database instance
    • hospital code
    • 4 character “printed code”
  • All user information is primarily stored in three (3) tables and has a very simple structure
  • Client customizations (the dynamic nature of the application) are stored in fixed, known table names and/or “flat” files
  • Database tables accessible from Win32 applications with an ODBC connector (there is also a JDBC connector)
  • A user is defined to belong to a group code AND can have additional individual function codes authorizing additional functions

Concerns for developing a Custom Option for eTrust Admin

  • Dynamic / customizable nature of Series 2000 – every Series 2000 environment will be different, so our option needs to be able to read the tables / flat files where these customizations are stored and be dynamic / flexible
  • Sanity edits – our option will need to emulate the input edits performed by the user management interface of Series 2000. For example, individual users can be assigned certain rights based on the nursing station or clinic codes being used.       Series 2000 performs a “sanity” check to ensure that a nursing station or clinic code is already defined in the system before being assigned to a user. Since we will be accessing the tables via ODBC, we could store anything in any field, but that “garbage data” could have adverse effects on the system
  • Security Code storage – currently in clear text so this is not a concern but we will require commitment from McKesson to either disclose the encryption algorithm / key or provide a trusted connection or API mechanism once they implement encryption of the Security Code.

Where do we go next? Recommendations

Series 2000 looks like a very good candidate for developing a custom option for eTrust Admin. CA has many common customers with McKesson that have Series 2000 and therefore, have the pain of user management within this application. A custom option would allow our common customers to achieve all the values that eTrust Admin can provide.

The interface appears to be simple. We can get to the tables via ODBC and from McKesson’s own admission, the user tables are an extremely simple format.

To proceed, we should

  • Secure the source for the one custom option being developed for Cingular Wireless (if legally possible). The CARE option at Cingular seems like it could be a very good model for the Series 2000 option because CARE is also table driven (the dynamic, customizable nature of Series 2000)
  • Arrange another meeting with the Development Group at McKesson to arrange transfer of user table schemas and source code fragments of the “sanity” edits
  • Arrange a contact point at McKesson for questions as we proceed
  • Arrange for testing at McKesson
  • Develop a prototype of the management screens within the Admin Win32 GUI to demonstrate to McKesson and two or three prime customers for comment
  • Target two or three prime customers for beta testing this option
  • Secure agreement from McKesson to be ready to provide an API or disclose the encryption algorithm / key once they institute Security Code encryption
Comments Off on McKesson Information Solutions

Sample Word – How does x.509 differ from PGP?

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the July 18th, 2015

Free Word document download

How does x.509 differ from PGP?

Comments Off on Sample Word – How does x.509 differ from PGP?

Sample Word – Sample HIPAA Application Software Systems

Posted in Health Care HIPAA - HITECH - HITECH (98),Policies - Standards (600) by Guest on the July 15th, 2015

Free Word document

Sample Application Software Systems

 

Comments Off on Sample Word – Sample HIPAA Application Software Systems

Sample Word – Employee Commendation Form

Posted in Business (600),Policies - Standards (600) by Guest on the July 4th, 2015

Free Word document download

Employee Commendation Form

Comments Off on Sample Word – Employee Commendation Form

Sample Word – Guidelines For Creating an Employment Development Plan

Posted in Business (600),Policies - Standards (600) by Guest on the July 3rd, 2015

Free Word document download

Guidelines For Creating A Development Plan

 

Comments Off on Sample Word – Guidelines For Creating an Employment Development Plan

Sample Word – Student Parent – Laptop Use Policy

Posted in Business (600),Compliances (1300),Policies - Standards (600) by Guest on the April 25th, 2015

Free MS Word Document download

Student  Parent – Laptop Use Policy

Comments Off on Sample Word – Student Parent – Laptop Use Policy

Sample Word – Harvest Service Desk Integration with Clarity document

Posted in Policies - Standards (600) by Guest on the March 12th, 2015
Comments Off on Sample Word – Harvest Service Desk Integration with Clarity document

Sample Word – Employee Internet Usage Policies

Posted in Compliances (1300),Policies - Standards (600) by Guest on the February 14th, 2015

Sample Word document download

Employee Internet Usage Policy

Comments Off on Sample Word – Employee Internet Usage Policies

Sample Word – Information Security Policy Statements

Posted in Compliances (1300),Policies - Standards (600) by Guest on the February 2nd, 2015

Free Word Document download

Information Security Policy Statement

Comments Off on Sample Word – Information Security Policy Statements

Sample Word – Physical Data Center Local Recovery Considerations

Posted in Policies - Standards (600),Security (1500) by Guest on the January 28th, 2015
Comments Off on Sample Word – Physical Data Center Local Recovery Considerations

Sample Excel – Part2 Application Load Balancing Profile

Free Excel document download

Part2 Application Load Balancing Profile

 

Comments Off on Sample Excel – Part2 Application Load Balancing Profile

Sample Excel – DNS Change Form

Free Excel document download

 DNS Change Form

 

Comments Off on Sample Excel – DNS Change Form
Next Page »