PARSEC Technical Information

User Tools

Site Tools

Trace:
version_locking_legacy_environments

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
version_locking_legacy_environments [2019/01/23 22:37] sgriggsversion_locking_legacy_environments [2019/01/23 22:40] – [Version Locking for GLBA] sgriggs
Line 50: Line 50:
 Creating a formal audit-document that records your results will also prove to be an advantage come audit-time. The outside auditors will be able to use your work as a reference. If they can see you did a thorough job, they are more likely to sign off on their own audit results because their confidence is higher. If you were an inspector looking for asbestos insulation, who would you be more likely to trust, the guy who shrugs and says "I don't know where it is or if we even have asbestos." or would you rather deal with someone who hands you a list of all the places they know about and exactly when & how they plan to mitigate or remove the asbestos? Sure, you'd still do the inspection in both cases, but one seems a lot easier than the other, not to mention being proactive and cooperative will help. Creating a formal audit-document that records your results will also prove to be an advantage come audit-time. The outside auditors will be able to use your work as a reference. If they can see you did a thorough job, they are more likely to sign off on their own audit results because their confidence is higher. If you were an inspector looking for asbestos insulation, who would you be more likely to trust, the guy who shrugs and says "I don't know where it is or if we even have asbestos." or would you rather deal with someone who hands you a list of all the places they know about and exactly when & how they plan to mitigate or remove the asbestos? Sure, you'd still do the inspection in both cases, but one seems a lot easier than the other, not to mention being proactive and cooperative will help.
  
- +__Audit These Yourself__
-Audit These Yourself+
  
   * Application software names and versions.   * Application software names and versions.
Line 99: Line 98:
 Let's take a moment to discuss "methods and sources" for auditing tools. First, let's examine some different options in each class of penetration scanner. Let's take a moment to discuss "methods and sources" for auditing tools. First, let's examine some different options in each class of penetration scanner.
  
-Penetration Scanners+__Penetration Scanners__ 
   * NMAP   * NMAP
   * Kali Linux   * Kali Linux
Line 134: Line 134:
 So, for each vulnerability that you've determined is potentially valid put on your auditor hat and ask several questions. So, for each vulnerability that you've determined is potentially valid put on your auditor hat and ask several questions.
  
-Audit Questions about Vulnerabilities+__Audit Questions about Vulnerabilities__
   * Do you have a policy about vulnerabilities?   * Do you have a policy about vulnerabilities?
   * Do you have a policy about this vulnerability?   * Do you have a policy about this vulnerability?
Line 178: Line 178:
  
  
-Requirements for HIPAA Security Rule+__Requirements for HIPAA Security Rule__
  
   * You've got to have an IT security policy.   * You've got to have an IT security policy.
Line 226: Line 226:
 In the GLBA there is something called the "Safeguards Rule" This is where IT professionals will want to focus.  It says that a financial institution handling sensitive customer financial information (accounts, names, social security numbers, transaction details, etc..) will need to do the following four things In the GLBA there is something called the "Safeguards Rule" This is where IT professionals will want to focus.  It says that a financial institution handling sensitive customer financial information (accounts, names, social security numbers, transaction details, etc..) will need to do the following four things
  
-GLBA Safeguard Requirements+__GLBA Safeguard Requirements__
  
   * You must have an actively maintained plan to secure the data and that plan must be documented.   * You must have an actively maintained plan to secure the data and that plan must be documented.
version_locking_legacy_environments.txt · Last modified: 2019/01/25 21:20 by sgriggs
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki