Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Group 2015 Security Best Practices. Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations.

Published byMadison Gregory Modified over 8 years ago

Similar presentations

Presentation on theme: "User Group 2015 Security Best Practices. Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations."— Presentation transcript:

1 User Group 2015 Security Best Practices

2 Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations in industrial robotics, medical devices, software development and IT services consulting businesses. Steve has extensive experience in networking, quality assurance, software development, disaster recovery services, and project management. He has worked with FDA GMP/GCP, FDA 21 CFR 820, SOX/SSAE16, FISMA, and HIPAA regulatory environments. Steve and Rob have worked together for over 20 years in several successful entrepreneurial ventures. Glen Balestrieri, Director of Managed Services With 26 years of management experience in Information Technology and Direct Sales allows, Glen is directly responsible for regulatory compliance, information systems security, systems engineering, systems maintenance and customer service. Glen holds a degree from American International College, with concentrations in networking, Linux, and Microsoft systems.

3 Security Best Practices Session Directives To discuss the security, speed and usability of the PopMedNet Private Cloud hosted at Lincoln Peak Partners. Session length is 35-45 minutes including introductions, overview, presentation and Q&A. Q&A session will start 15 minutes before session ending

4 Presentation Overview In this presentation we will discuss: Securing the cloud. The Infrastructure behind the curtain Encryption systems in play, both at rest and in transit Compliance and what that means to PopMedNet Redundancy Application Data Flow and its Security

5 PMN Infrastructure and Security

6 Code Security Assessment

7 July 2, 2015 In June of 2015, Pivot Point Security conducted a static code review of Lincoln Peak Partner’s PopMedNet applications as part of their software assurance process to provide assurance that the source code follows secure coding practices. Our code review methodology follows the testing approach recommended by the OWASP Application Security Verification Standard (ASVS). Findings are mapped to both the OWASP Top 10 and the Common Weakness Enumeration (CWE) project. We determined that the applications are secured in a manner consistent with secure coding practices and on par with similar applications that we have tested. While we did not identify any critical vulnerabilities during our testing, we did identify two areas of concern. After reviewing the issues with Lincoln Peak Partners, they indicated that these issues are actually mitigated by outside controls. Pivot Point Security has been architected to provide maximum levels of independent and objective information security expertise to our varied client base. The team responsible for conducting security assessments of this nature is led by a Certified Information Security Auditor/IRCA ISO 27001 Auditor and includes personnel appropriately qualified to render this opinion (e.g., Certified Information System Security Professionals, Microsoft Certified System Engineers, Certified Ethical Hackers, etc.) John Verry, 27001-CLA/CISA/CRISC Principal Enterprise Security Co nsultant

8

9 Security Overview Examples Redundant Firewalls Intrusion Detection Systems 24/7 Live Monitoring and Response Endpoint Security Antivirus and Malware Encryption in Use, at Rest and in Transit Vulnerability Scans Manual and Automatic Weekly Log File Auditing Third Party Pen Testing

10

11 Application Redundancy

12 Backup with Redundanc y Backup Policies Lincoln Peak Standard Operation Policy Backup and retention outlines the follow in the flow chart. Redundant backups assure your data remains intact during crisis situations. Lincoln Peak recognizes the need to customize policies for each individual customer. We can provide the flexibility you need to feel secure. All database backup are encrypted at rest and all data is encrypted in transit. This is an automated and monitored process.

13 Carpathia Hosting VLAN 2 VLAN 1 PMN Web Service PMN Web Service Single Sign On Option PMN Database PopMedNet Portal Firewall Overview of Data Flow Internet Ask a question Response Internet PMN Web Browser Administrators End User Web Browser Investigators Data Provider DataMart Desktop Client DataMart Desktop Client Model Adaptors Data Mart Administrators Internet Firewall Response Ask a question Response https/TLS 1.0-1.2 https/TLS 1.2 https/TLS 1.0- 1.2

14 User Group 2015 Security Best Practices

Download ppt "User Group 2015 Security Best Practices. Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations."

Similar presentations

Innovating Since 1998 Direct EDJE, we make A World of Difference Direct Response Order Management Software A Proven Solution Since.

Innovating Since 1998 Direct EDJE, we make A World of Difference Direct Response Order Management Software A Proven Solution Since.
Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.

Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.
1 Vendor Evaluation: Selecting for Success Dana McCormick Wells Fargo Home Mortgage Delivery Services Baltimore PCC Education Seminar April 27, 2007.

1 Vendor Evaluation: Selecting for Success Dana McCormick Wells Fargo Home Mortgage Delivery Services Baltimore PCC Education Seminar April 27, 2007.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
Security Controls – What Works

Security Controls – What Works
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
EarthLink Business IT Services. EarthLink Business IT Services Snapshot Comprehensive IT services portfolio −Data center, virtualization, IT security,

EarthLink Business IT Services. EarthLink Business IT Services Snapshot Comprehensive IT services portfolio −Data center, virtualization, IT security,
Step 1: A.User enters id/pw for FI: encrypted in Quicken PIN vault B.Id/pw transmitted to Intuit CustomerCentral Servers at NCR using 128 bit SSL Step.

Step 1: A.User enters id/pw for FI: encrypted in Quicken PIN vault B.Id/pw transmitted to Intuit CustomerCentral Servers at NCR using 128 bit SSL Step.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.

PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Similar presentations

Ads by Google