SlideShare a Scribd company logo

Chamber Technology Committee Presentation

Tony DeGonia (LION)
Tony DeGonia (LION)

This is another compliance presentation that I did for the Tyler Chamber of Commerce Technology Committee.

Technology
1 of 23
Download to read offline
The State of Security and Compliance Exceptional Technology Solutions, LLC Tyler Chamber of Commerce Technology Committee
Social Media SPAM – Spyware - Malware Social Engineering
• Federal Bureau of Investigation – Criminal Justice Information Systems • Health Insurance Portability and Accountability Act • Payment Card Industry - Data Security Standard • The Sarbanes-Oxley Act of 2002
What is PCI-DSS • PCI DSS applies to organizations that “store, process or transmit cardholder data” for credit cards. One of the requirements of PCI DSS is to “track…all access to network resources and cardholder data”.
PCI DSS 2.0 Requirements Penalties: Fines, loss of credit card processing and level 1 merchant requirements • 5.1.1 - Monitor zero day attacks not covered by antivirus • 6.5 - Identify newly discovered security vulnerabilities • 11.2 - Perform network vulnerability scans quarterly by ASV • 11.4 - Maintain IDS/IPS to monitor and alert personnel; keep engines up to date • 10.2 - Automated audit trails • 10.3 - Capture audit trails • 10.5 - Secure Logs • 10.6 - Review logs at least daily • 10.7 - Maintain logs online for three months • 10.7 - Retain audit trail for at least one year • 6.6 - Install a web application firewall
HIPAA • HIPAA includes security standards for certain health information. NIST SP 800-66, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, lists HIPAA-related log management needs. For example, Section 4.1 of NIST SP 800-66 describes the need to perform regular reviews of audit logs and access reports. Also, Section 4.22 specifies that documentation of actions and activities need to be retained for at least six years.
• 164.308 (a)(1)(ii)(A): Risk Analysis—Conducts vulnerability assessment • 164.308 (a))1)(ii)(B): Risk Management—Implements security measures to reduce risk of security breaches • 164.308 (a)(5)(ii)(B): Protection from Malicious Software—Procedures to guard against malicious software host/network IPS • 164.308(a)(6)(iii): Response & Reporting—Mitigates and documents security incidents • 164.308 (a)(1)(ii)(D): Information System Activity Review—Procedures to review system activity • 164.308 (a)(6)(i): Log-in Monitoring—Procedures and monitoring log for log-in attempts on host IDS • 164.312 (b): Audit Controls—Procedures and mechanisms for monitoring system activity • 164.308 (a)(1): Security management process—Implement policies and procedures to prevent, detect, contain and correct security violations • 164.308 (a)(6): Incident Procedures (R)— Implement policies and procedures to address security incidents
Sarbanes-Oxley • Although SOX applies primarily to financial and accounting practices, it also encompasses the information technology (IT) functions that support these practices. SOX can be supported by reviewing logs regularly to look for signs of security violations, including exploitation, as well as retaining logs and records of log reviews for future review by auditors.
• DS5.3 Identity Management • DS5.4 User Account Management • DS5.5 Security Testing, Surveillance and Monitoring • DS5.6 Security Incident Definition • DS5.7 Protection of Security Technology • DS5.9 Malicious Software Prevention, Detection and Correction • DS5.10 Network Security • DS5.11 Exchange of Sensitive Data • ME1 Monitor and Evaluate IT Performance • ME1.4 Performance Assessment • ME1.5 Board and Executive Reporting • ME1.6 Remedial Actions
• Since July 2010 ETS has been approved to work with Police Departments, Fire Departments, EMT and 911 Data Centers through the Texas Department of Public Safety and the Federal Bureau of Investigation. All of our managers, technicians and engineers are required to be approved by TLETS/CJIS before we allow them to work on any of our clients.
What is CJIS/TLETS • TLETS provides intrastate interconnectivity for criminal justice agencies to a variety of local, state, and federal data base systems. Additionally, TLETS’ link with Nlets, the International Justice and Public Safety Network, facilitates exchange between criminal justice agencies across the state of Texas to their counterparts in other states. The link with Nlets allows DPS to provide critical information to the national criminal justice community and allows TLETS operators to obtain information from a variety of data base services from other states, Canada, Interpol, and private companies.
The CJIS Addendum requirements are outlined in a 46 page addendum published by the FBI and collaboratively though the Texas Department of Public Safety TLETS agency. The Addendum outlines every aspect of IT security: • User security and access • Logging • Hardware management • Software management • Mobility • BYOD • Mobile data terminals • Firewall and Workstation Security and updates… And Many more.
Comparing Compliances COMPLIANCE POINT COMPARISON 140 128 120 100 80 60 40 20 0 11 9 11 PCI - DSS HIPAA Sarbanes-Oxley Compliance Points TLETS/CJIS
How to get compliant. • Attaining and Maintaining any of the compliances we have talked about today can be a daunting, scary proposition. • Especially with the constant threat of the government handing out charges, fines and in some cases the threat of the loss of your business. • Here are a few suggestions to help you get started.
How to get Compliant Work with an Industry Consultant. The task of getting and staying compliant can be a long, difficult and expensive road. Consultants are going to be able to tell you what you need, when you need it and what you can safely disregard. Good consultant services are going to stand by you if and when you have an audit to assist you in getting through audit and take care of any failure points the audit may draw out. 1
How to get Compliant • Partner with a good, well respected Authorized Scanning Vendor. • ETS Partners with AlertLogic because they are located in Texas, they have one of the best reputations in the industry and they have a broad transparent base of services that cover all the major compliances that are out today.
How to get Compliant • Install a really good firewall. This will not be cheap. If you would buy it to put it in your house, you need to leave it there. • A good firewall with provide, Gateway AV, Spam-handling, Intrusion Prevention, Zero Day Protection, Multi-Layer Packet Scanning. Compliance with one of the major national compliance standard. Watchguard is our preferred firewall and it is FIPS-140-2 compliant as well as CIPA compliant.
How to get Compliant • Get good solid, backup, offsite backup. The more secure the better. The encryption on the backup should be no less that 128bit AES encryption. • Make sure that you can access your backups realtime. • Make sure the backup company practices their recoveries. • Make sure the transmission from your site to the backup site is encrypted at least 128 bit AES encrypted. • Discuss a Disaster and Recovery plan with your backup provider and get it in writing to ensure that everyone is on the same sheet of paper when the inevitable happens.
How to get Compliant • GET GOOD ANTI-VIRUS… If it has the word FREE anywhere in it your are most likely violating the EULA by using it in a business environment. • Free Anti-virus has it’s place. Not it a secure audited business network. • Make sure you set your patches and updates to run when new software comes out so you always have the latest security updates. If you have a good IT Company or person they should be making sure that is done for your. Ask for proof it is being done. • Anti-Virus is like a FLU shot. It is your best defense against having a sick computer.
To Wrap Up… • ETS is a Premier East Texas Based IT Solutions Company that specializes in Managed Services, Cloud Services and Advanced Professional Services. • At ETS we do not sell products… We partner with our clients to provide the best solutions, from hardware to the software to the financial services and everywhere in between. Because a solution is not a solution unless it’s a total fit. • ETS has a very robust security and compliance offering with various best of breed partners to further strengthen our efforts to keep your business secure and compliant.
Any Questions? Exceptional Technology Solutions, LLC 419 Rice Road Tyler, Texas 75703 903 509 0008 Local 877 281 0008 Toll Free http://www.etstexas.com

Recommended

Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology ExpoTony DeGonia (LION)
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawSynopsys Software Integrity Group
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from SymantecArrow ECS UK
 

Recommended

Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology ExpoTony DeGonia (LION)
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawSynopsys Software Integrity Group
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from SymantecArrow ECS UK
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Pci dss-for-it-providers
Pci dss-for-it-providersPci dss-for-it-providers
Pci dss-for-it-providersCalyptix Security
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTicTac Data Recovery
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)Trustmarque
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 
Fort Meade ACAP October Newsletter
Fort Meade ACAP October NewsletterFort Meade ACAP October Newsletter
Fort Meade ACAP October NewsletterACAP20755
 
Como eram os servicos de bordo antigamente
Como eram os servicos de bordo antigamenteComo eram os servicos de bordo antigamente
Como eram os servicos de bordo antigamenteActa Turismo
 

More Related Content

What's hot

Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTicTac Data Recovery
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)Trustmarque
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 

What's hot (20)

The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Pci dss-for-it-providers
Pci dss-for-it-providersPci dss-for-it-providers
Pci dss-for-it-providers
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security Services
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. Compliance
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 

Viewers also liked

Fort Meade ACAP October Newsletter
Fort Meade ACAP October NewsletterFort Meade ACAP October Newsletter
Fort Meade ACAP October NewsletterACAP20755
 
Como eram os servicos de bordo antigamente
Como eram os servicos de bordo antigamenteComo eram os servicos de bordo antigamente
Como eram os servicos de bordo antigamenteActa Turismo
 
Printing techniques
Printing techniquesPrinting techniques
Printing techniquesnananejad
 
Understanding printing techniques
Understanding printing techniquesUnderstanding printing techniques
Understanding printing techniquesaanmolgudka
 
Tendencias y Reflexiones de las TIC's
Tendencias y Reflexiones de las TIC'sTendencias y Reflexiones de las TIC's
Tendencias y Reflexiones de las TIC'sAlberto Mejía
 
Basics of offset printing and other printing techniques
Basics of offset printing and other printing techniquesBasics of offset printing and other printing techniques
Basics of offset printing and other printing techniquesSappiHouston
 

Viewers also liked (7)

Fort Meade ACAP October Newsletter
Fort Meade ACAP October NewsletterFort Meade ACAP October Newsletter
Fort Meade ACAP October Newsletter
 
Como eram os servicos de bordo antigamente
Como eram os servicos de bordo antigamenteComo eram os servicos de bordo antigamente
Como eram os servicos de bordo antigamente
 
Lektion 6
Lektion 6Lektion 6
Lektion 6
 
Printing techniques
Printing techniquesPrinting techniques
Printing techniques
 
Understanding printing techniques
Understanding printing techniquesUnderstanding printing techniques
Understanding printing techniques
 
Tendencias y Reflexiones de las TIC's
Tendencias y Reflexiones de las TIC'sTendencias y Reflexiones de las TIC's
Tendencias y Reflexiones de las TIC's
 
Basics of offset printing and other printing techniques
Basics of offset printing and other printing techniquesBasics of offset printing and other printing techniques
Basics of offset printing and other printing techniques
 

Similar to Chamber Technology Committee Presentation

Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis Belsis MPhil/MRes/BSc
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposalDale White
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency SolutionsAnthony Dials
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabiltiesSneha .
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeBrenda Majewski
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowAlienVault
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliancerhanna11
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business SolutionsAnthony Dials
 

Similar to Chamber Technology Committee Presentation (20)

It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposal
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
 
MEDS
MEDSMEDS
MEDS
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliance
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business Solutions
 

More from Tony DeGonia (LION)

Jimbob's Towing and Wrecker Services Presentation
Jimbob's Towing and Wrecker Services PresentationJimbob's Towing and Wrecker Services Presentation
Jimbob's Towing and Wrecker Services PresentationTony DeGonia (LION)
 
Lenovo Presentation for Sys Logic Lunch and Learn
Lenovo Presentation for Sys Logic Lunch and LearnLenovo Presentation for Sys Logic Lunch and Learn
Lenovo Presentation for Sys Logic Lunch and LearnTony DeGonia (LION)
 

More from Tony DeGonia (LION) (8)

Jimbob's Towing and Wrecker Services Presentation
Jimbob's Towing and Wrecker Services PresentationJimbob's Towing and Wrecker Services Presentation
Jimbob's Towing and Wrecker Services Presentation
 
Lenovo Presentation for Sys Logic Lunch and Learn
Lenovo Presentation for Sys Logic Lunch and LearnLenovo Presentation for Sys Logic Lunch and Learn
Lenovo Presentation for Sys Logic Lunch and Learn
 
DNA Cloud Backup
DNA Cloud BackupDNA Cloud Backup
DNA Cloud Backup
 
DNA Cloud Office
DNA Cloud OfficeDNA Cloud Office
DNA Cloud Office
 
ETS Sales Process Training
ETS Sales Process TrainingETS Sales Process Training
ETS Sales Process Training
 
ETS Services Outline
ETS Services OutlineETS Services Outline
ETS Services Outline
 
Who is ETS?
Who is ETS?Who is ETS?
Who is ETS?
 
Partner program presentation
Partner program presentationPartner program presentation
Partner program presentation
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Chamber Technology Committee Presentation

  • 1. The State of Security and Compliance Exceptional Technology Solutions, LLC Tyler Chamber of Commerce Technology Committee
  • 2. Social Media SPAM – Spyware - Malware Social Engineering
  • 3.
  • 4.
  • 5. • Federal Bureau of Investigation – Criminal Justice Information Systems • Health Insurance Portability and Accountability Act • Payment Card Industry - Data Security Standard • The Sarbanes-Oxley Act of 2002
  • 6. What is PCI-DSS • PCI DSS applies to organizations that “store, process or transmit cardholder data” for credit cards. One of the requirements of PCI DSS is to “track…all access to network resources and cardholder data”.
  • 7. PCI DSS 2.0 Requirements Penalties: Fines, loss of credit card processing and level 1 merchant requirements • 5.1.1 - Monitor zero day attacks not covered by antivirus • 6.5 - Identify newly discovered security vulnerabilities • 11.2 - Perform network vulnerability scans quarterly by ASV • 11.4 - Maintain IDS/IPS to monitor and alert personnel; keep engines up to date • 10.2 - Automated audit trails • 10.3 - Capture audit trails • 10.5 - Secure Logs • 10.6 - Review logs at least daily • 10.7 - Maintain logs online for three months • 10.7 - Retain audit trail for at least one year • 6.6 - Install a web application firewall
  • 8. HIPAA • HIPAA includes security standards for certain health information. NIST SP 800-66, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, lists HIPAA-related log management needs. For example, Section 4.1 of NIST SP 800-66 describes the need to perform regular reviews of audit logs and access reports. Also, Section 4.22 specifies that documentation of actions and activities need to be retained for at least six years.
  • 9. • 164.308 (a)(1)(ii)(A): Risk Analysis—Conducts vulnerability assessment • 164.308 (a))1)(ii)(B): Risk Management—Implements security measures to reduce risk of security breaches • 164.308 (a)(5)(ii)(B): Protection from Malicious Software—Procedures to guard against malicious software host/network IPS • 164.308(a)(6)(iii): Response & Reporting—Mitigates and documents security incidents • 164.308 (a)(1)(ii)(D): Information System Activity Review—Procedures to review system activity • 164.308 (a)(6)(i): Log-in Monitoring—Procedures and monitoring log for log-in attempts on host IDS • 164.312 (b): Audit Controls—Procedures and mechanisms for monitoring system activity • 164.308 (a)(1): Security management process—Implement policies and procedures to prevent, detect, contain and correct security violations • 164.308 (a)(6): Incident Procedures (R)— Implement policies and procedures to address security incidents
  • 10. Sarbanes-Oxley • Although SOX applies primarily to financial and accounting practices, it also encompasses the information technology (IT) functions that support these practices. SOX can be supported by reviewing logs regularly to look for signs of security violations, including exploitation, as well as retaining logs and records of log reviews for future review by auditors.
  • 11. • DS5.3 Identity Management • DS5.4 User Account Management • DS5.5 Security Testing, Surveillance and Monitoring • DS5.6 Security Incident Definition • DS5.7 Protection of Security Technology • DS5.9 Malicious Software Prevention, Detection and Correction • DS5.10 Network Security • DS5.11 Exchange of Sensitive Data • ME1 Monitor and Evaluate IT Performance • ME1.4 Performance Assessment • ME1.5 Board and Executive Reporting • ME1.6 Remedial Actions
  • 12. • Since July 2010 ETS has been approved to work with Police Departments, Fire Departments, EMT and 911 Data Centers through the Texas Department of Public Safety and the Federal Bureau of Investigation. All of our managers, technicians and engineers are required to be approved by TLETS/CJIS before we allow them to work on any of our clients.
  • 13. What is CJIS/TLETS • TLETS provides intrastate interconnectivity for criminal justice agencies to a variety of local, state, and federal data base systems. Additionally, TLETS’ link with Nlets, the International Justice and Public Safety Network, facilitates exchange between criminal justice agencies across the state of Texas to their counterparts in other states. The link with Nlets allows DPS to provide critical information to the national criminal justice community and allows TLETS operators to obtain information from a variety of data base services from other states, Canada, Interpol, and private companies.
  • 14. The CJIS Addendum requirements are outlined in a 46 page addendum published by the FBI and collaboratively though the Texas Department of Public Safety TLETS agency. The Addendum outlines every aspect of IT security: • User security and access • Logging • Hardware management • Software management • Mobility • BYOD • Mobile data terminals • Firewall and Workstation Security and updates… And Many more.
  • 15. Comparing Compliances COMPLIANCE POINT COMPARISON 140 128 120 100 80 60 40 20 0 11 9 11 PCI - DSS HIPAA Sarbanes-Oxley Compliance Points TLETS/CJIS
  • 16. How to get compliant. • Attaining and Maintaining any of the compliances we have talked about today can be a daunting, scary proposition. • Especially with the constant threat of the government handing out charges, fines and in some cases the threat of the loss of your business. • Here are a few suggestions to help you get started.
  • 17. How to get Compliant Work with an Industry Consultant. The task of getting and staying compliant can be a long, difficult and expensive road. Consultants are going to be able to tell you what you need, when you need it and what you can safely disregard. Good consultant services are going to stand by you if and when you have an audit to assist you in getting through audit and take care of any failure points the audit may draw out. 1
  • 18. How to get Compliant • Partner with a good, well respected Authorized Scanning Vendor. • ETS Partners with AlertLogic because they are located in Texas, they have one of the best reputations in the industry and they have a broad transparent base of services that cover all the major compliances that are out today.
  • 19. How to get Compliant • Install a really good firewall. This will not be cheap. If you would buy it to put it in your house, you need to leave it there. • A good firewall with provide, Gateway AV, Spam-handling, Intrusion Prevention, Zero Day Protection, Multi-Layer Packet Scanning. Compliance with one of the major national compliance standard. Watchguard is our preferred firewall and it is FIPS-140-2 compliant as well as CIPA compliant.
  • 20. How to get Compliant • Get good solid, backup, offsite backup. The more secure the better. The encryption on the backup should be no less that 128bit AES encryption. • Make sure that you can access your backups realtime. • Make sure the backup company practices their recoveries. • Make sure the transmission from your site to the backup site is encrypted at least 128 bit AES encrypted. • Discuss a Disaster and Recovery plan with your backup provider and get it in writing to ensure that everyone is on the same sheet of paper when the inevitable happens.
  • 21. How to get Compliant • GET GOOD ANTI-VIRUS… If it has the word FREE anywhere in it your are most likely violating the EULA by using it in a business environment. • Free Anti-virus has it’s place. Not it a secure audited business network. • Make sure you set your patches and updates to run when new software comes out so you always have the latest security updates. If you have a good IT Company or person they should be making sure that is done for your. Ask for proof it is being done. • Anti-Virus is like a FLU shot. It is your best defense against having a sick computer.
  • 22. To Wrap Up… • ETS is a Premier East Texas Based IT Solutions Company that specializes in Managed Services, Cloud Services and Advanced Professional Services. • At ETS we do not sell products… We partner with our clients to provide the best solutions, from hardware to the software to the financial services and everywhere in between. Because a solution is not a solution unless it’s a total fit. • ETS has a very robust security and compliance offering with various best of breed partners to further strengthen our efforts to keep your business secure and compliant.
  • 23. Any Questions? Exceptional Technology Solutions, LLC 419 Rice Road Tyler, Texas 75703 903 509 0008 Local 877 281 0008 Toll Free http://www.etstexas.com