Best IT Documents.com Blog


Sample Visio – Cloud Service Delivery Framework

Comments Off on Sample Visio – Cloud Service Delivery Framework

Sample Visio – Cloud Security Responsibilities

Posted in Security (1500),Virtual - VMWare (30),Visio Samples - Stencils (457) by Guest on the November 25th, 2017
Comments Off on Sample Visio – Cloud Security Responsibilities

Single Sign-On – SSO Sample Web Standards

Posted in Application,Visio Samples - Stencils (457),Web Services (250) by Guest on the November 15th, 2017

Sample Visio Web Standards

www.bestitdocuments.com

Comments Off on Single Sign-On – SSO Sample Web Standards

Technical and Security Challenges in Cloud Computing Sample Visio

Posted in Visio Samples - Stencils (457) by Guest on the October 22nd, 2017
Comments Off on Technical and Security Challenges in Cloud Computing Sample Visio

PCI DSS, SOX (CobiT) and HIPAA & HITECH simplified

Posted in Health Care HIPAA - HITECH - HITECH (98),Visio Samples - Stencils (457) by Guest on the October 22nd, 2017

PCI DSS SOX (CobiT)
HIPAA & HITECH
Penalties: Fines, loss of credit card processing and level 1 merchant requirements
Penalties: Fines up to $5M and
up to 10 years in prison
Penalties and fees
up to $1.5M for neglect
5.1.1  Monitor zero day attacks not covered by anti-virus

6.2 Identify newly discovered security vulnerabilities

11.2   Perform network vulnerability scans quarterly by an ASV

11.4   Maintain edge IDS and IPS’s to monitor and alert personnel; keep engines up to date
DS 5.9 Malicious Software Prevention, Detection and Correction “Put preventive, detection and corrective measures in place (especially up-to-date security patches and virus control) across the organization to protect information systems and technology from malware (e.g., viruses, worms, spyware, spam).”

DS 5.6 Security Incident Definition

“Clearly define and communicate the characteristics of potential security incidents so that they can be properly classified and treated by the incident and problem management process.”

164.308 (a)(1)(ii)(A)

Risk Analysis – Conduct Vulnerability Assessment

164.308 (a)(1)(ii)(B)

Risk Management — Implement security measures to reduce risk of security breaches

164.308 (a)(5)(ii)(B)

DS 5.10 Network Security

“Use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks.”

“Use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks.”
Protection from Malicious Software — Procedures to guard against malicious software host/network IPS

164.308 (a)(6)(iii)

Response & Reporting — Mitigate and document security incidents
10.2   Automated audit trails

10.6   Review logs at least daily

10.3   Capture audit trails
DS 5.5 Security Testing, Surveillance and Monitoring “… a logging and monitoring function will enable the early prevention and/or detection and subsequent timely reporting of unusual and/or abnormal activities that may need to be addressed.”
164.308 (a)(1)(ii)(D)

Information System Activity Review — Procedures to review system activity
10.5   Secure logs

10.7   Retain audit trail for at least one year

10.7   Maintain logs online for three months

164.308 (a)(6)(i)

Login Monitoring — Procedures and monitoring for login attempts on host IDS

164.312 (b) Audit Controls — Procedures and mechanisms for monitoring system activity
6.6 Address new threats and vulnerabilities on an ongoing basis by installing a web application firewall in front of public-facing web applications.
DS 5.10 Network Security

“Use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks

AI3.2  Infrastructure resource protection and availability
164.308(a)(1)

Security Management Process — Implement policies and procedures to prevent, detect, contain and correct security violations.

164.308(a)(6)

Security Incident Procedures

Implement policies and procedures to address security incidents.

Comments Off on PCI DSS, SOX (CobiT) and HIPAA & HITECH simplified

Understanding Cloud Security Alliance – Cloud Security Domains

Posted in Security (1500),Virtual - VMWare (30),Visio Samples - Stencils (457) by Guest on the September 10th, 2017

Architecture

Establish guidance, direction, advisement, reference architectures, ensures alignment to business requirements.

 

Governance

Governance and Enterprise Risk Management

The ability of an organization to govern and measure enterprise risk introduced by Cloud computing. Items such as legal precedence for agreement breaches, ability of user organizations to adequately assess risk of a Cloud provider, responsibility to protect sensitive data when both user and provider may be at fault, and how international boundaries may affect these issues.

 

Legal issues; Contracts and Electronic Discovery

Potential legal issues when using Cloud computing. Issues touched on in this section include protection requirements for information and computer systems, security breach disclosure laws, regulatory requirements, privacy requirements, international laws etc…

 

Compliance and Audit Management

Maintaining and proving compliance when using Cloud computing. Issues dealing with evaluating how Cloud computing affects compliance with Internal Security Policies, as well as various compliance requirements (regulatory, legislative and otherwise) discussed here. This domain includes some direction on proving compliance during an audit.

 

Data Governance

Governing data that is placed in the Cloud, items surrounding the identification and control of data in the Cloud, as well as compensating controls that can be used to deal with loss of physical control when moving data to the cloud, are discussed here. Other items, such as who is responsible for data confidentiality, integrity, and availability are mentioned.

 

 

Operations

Manage Plan and Business Continuity

Securing the management plan and administrative interfaces used when accessing the Cloud, including both web consoles and API’s. Ensuring business continuity for Cloud deployments.

 

Infrastructure Security

Core Cloud infrastructure security, including networking, workload security and hybrid Cloud considerations. This domain also includes security fundamentals for private Clouds.

 

Virtualization and Containers

Security for hypervisors, containers and software defined networks.

 

Incident Response Notification and Remediation

Proper and adequate incident detection, response, notification and remediation. This attempts to address items that should be in place at both provider and user levels to enable proper incident handling and forensics. This domain will help you understand the complexities the Cloud brings to your current incident handling program.

 

Application Security

Securing application software that is running on or being developed in the cloud. This includes items such as whether it’s appropriate to migrate or design an application to run in the cloud, and if so, what type of Cloud platform is most appropriate (SaaS, PaaS, IaaS).

 

Data Security and Encryption

Implementing data security and encryption, and ensuring scalable key management.

Identity, entitlement, and Access Management

Managing identities and leveraging directory services to provide access control. The focus is on issues encountered when extending an organization identity into the Cloud. This section provides insight into assessing an organization’s readiness to conduct Cloud-based identity, entitlement, and Access Management (IDM).

 

Security as a Service

Providing third party facilitated security assurance, incident management, compliance attestation, and Identity and Access oversight.

 

Related Technologies

Established and emerging technologies with a close relationship to Cloud computing, including Big Data, Internet of things, and mobile computing.

Comments Off on Understanding Cloud Security Alliance – Cloud Security Domains
« Previous PageNext Page »