Category : Network Security

QSA’s are friendly… As long as you pick the right one… (Part 2)

QSA Partner. Continuation from Part 1…

Selecting a QSA partner

Back to the joys of selecting a QSA partner!  I know when I contact them they are all going to want to know a lot of details about my business, including technical configurations.  This is because of a PCI audit like many other audit frameworks needs to verify the policy and configuration details of just about, every component of your business and networks to properly scope the amount of work for your environment.  This includes standard server images hardening process to firewalls, antivirus, change management, software development, physical access, visitors, vendors, policies, etc.

read more

QSA’s are friendly… As long as you pick the right one… (Part 1)

It’s that time again. Yes, time to find this year’s auditor.  You’d think that after 10 years of contacting, meeting with, planning and doing in-depth level 1 audits for multiple customers per year, for ZZ Servers a managed private cloud provider for PCI & HIPAA businesses, finding a Qualified Security Assessor (QSA) to work with would be easy.  Maybe it would be especially easy because, before ZZ, I was a PCI QSA doing the level 1 audits/code reviews/penetration tests myself!

read more

Thoughts about Network Security and Policy Accountability

Network Security Definition

What does Network Security mean? Network security is an over-arching term that describes that the policies and procedures implemented by a network administrator to avoid and keep track of unauthorized access, exploitation, modification, or denial of the network and network resources. This means that a well-implemented network security blocks viruses, malware, hackers, etc. from accessing or altering secure information. Health Check: The first layer of network security is enforced through a username/password mechanism, which only allows access to authenticated users with customized privileges. When a user is authenticated and granted specific system access, the configured firewall enforces network policies, that is, accessible user services. However, firewalls do not always detect and stop viruses or harmful malware, which may lead to data loss. An anti-virus software or an intrusion prevention system (IPS) is implemented to prevent the virus and/or harmful malware from entering the network. Network security is sometimes confused with information security, which has a different scope and relates to data integrity of all forms, print or electronic.

Policies and practices

Compaines must adapt to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Policy and Accountability

When the organization’s policy structure sets clear accountabilities for risk and the compensation system reinforces those accountabilities, there is a positive impact on the organization’s risk awareness and culture. Effectively articulated risk accountabilities lay the groundwork for balancing the entrepreneurial, revenue-generation side of the business and the control, risk oversight side of the business, so that neither one is too disproportionately strong relative to the other. This balance is elusive, which is why a strong foundation of clear accountabilities is vital to any organization.

 

http://blog.redlion.io/aide-digital-evidence/

read more