Tag: Security (1500)

Infrastructure Mainframe Support SOW Files

Infrastructure Mainframe Support SOW.zip Infrastructure Mainframe Support SOW.docxService Change Procedure.docxInformation Security Table of Roles and Responsibilities.docxKey Customer Roles and Responsibilities.docxMiddleware Support.docxSample SOW Service Charges.docxKPI or CPI Performance Indicators.docxMessaging Support Services.docxMidrange Storage Management Services.docxRACF – Use Cases for Security Access Reports.docxActive Directory Services.docxInformation Security Requirements.docxPolicies Procedures Processes and Controls.docxProprietary Software.docxWebSphere MQ.docxDisaster Recovery.docx Download file here…. .zip… Continue reading Infrastructure Mainframe Support SOW Files

Application Scanner – Fortify

Source Code Analyzer (SCA) – Rational equivalent is AppScan Source Edition The core product for static source code analysis Program Trace Analyzer (PTA) – Rational equivalent is AppScan Standard or Enterprise They claim to be able to do dynamic analysis with PTA (& RTA below), but it only analyzes the application while its running and… Continue reading Application Scanner – Fortify

Application Scanner – Veracode

§Services offering 4Binary Analysis Pros –Scan third party binaries and your own code –Provide blackbox scanning –Veracode security experts review the results and provides sanitized report to clients –They do all the work Cons –Difficult to do, requires people in the backend at Veracode to go through the results –Not integrated into the SDLC –It’s… Continue reading Application Scanner – Veracode

Endpoint Protection Field Notes

The primary focus at this level should be on beginning to invest in people and process. Begin a conversation with the business about the type of threats that are reasonable to expect and the corporate resources that are most critical to business goals. Establish an end goal and a timetable, and budget to get to… Continue reading Endpoint Protection Field Notes

ZScaler Endpoint Security

Endpoints are a primary target in common and advanced cyberattacks Security and risk management leaders should use this guide to evaluate the quality of their current endpoint protection and identify next steps to improve their resilience. Key Challenges Recommendations Security and risk management leaders responsible for endpoint security:

Federal Information Security Management Act (FISMA) Compliance Reports

All government agencies, government contractors, and organizations that deal and exchange data with government systems must follow FISMA compliance guidelines. Organizations have to monitor, retain and maintain audit records of all security events as per FISMA (Federal Information Security Management Act). The objective of FISMA compliance is to ensure that Federal departments and agencies observe… Continue reading Federal Information Security Management Act (FISMA) Compliance Reports