Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Security Best Practices

advertisement 
User Group 2015
Security Best
Practices
Presenters
Steve Kelley, COO
31 years experience building and managing operations and service delivery
organizations in industrial robotics, medical devices, software development and IT
services consulting businesses. Steve has extensive experience in networking, quality
assurance, software development, disaster recovery services, and project
management. He has worked with FDA GMP/GCP, FDA 21 CFR 820, SOX/SSAE16,
FISMA, and HIPAA regulatory environments. Steve and Rob have worked together for
over 20 years in several successful entrepreneurial ventures.
Glen Balestrieri, Director of Managed Services
With 26 years of management experience in Information Technology and Direct Sales
allows, Glen is directly responsible for regulatory compliance, information systems
security, systems engineering, systems maintenance and customer service. Glen holds
a degree from American International College, with concentrations in networking,
Linux, and Microsoft systems.
Security Best Practices
• Session Directives
• To discuss the security, speed and usability of the PopMedNet Private Cloud
hosted at Lincoln Peak Partners.
• Session length is 35-45 minutes including introductions, overview,
presentation and Q&A.
• Q&A session will start 15 minutes before session ending
Presentation Overview
• In this presentation we will discuss:
•
•
•
•
•
•
Securing the cloud.
The Infrastructure behind the curtain
Encryption systems in play, both at rest and in transit
Compliance and what that means to PopMedNet
Redundancy
Application Data Flow and its Security
PMN Infrastructure and Security
Code Security Assessment
July 2, 2015
In June of 2015, Pivot Point Security conducted a static code review of Lincoln Peak Partner’s PopMedNet applications as part of their software
assurance process to provide assurance that the source code follows secure coding practices.
Our code review methodology follows the testing approach recommended by the OWASP Application Security Verification Standard (ASVS). Findings
are mapped to both the OWASP Top 10 and the Common Weakness Enumeration (CWE) project.
We determined that the applications are secured in a manner consistent with secure coding practices and on par with similar applications that we have
tested. While we did not identify any critical vulnerabilities during our testing, we did identify two areas of concern. After reviewing the issues with
Lincoln Peak Partners, they indicated that these issues are actually mitigated by outside controls.
Pivot Point Security has been architected to provide maximum levels of independent and objective information security expertise to our varied client
base. The team responsible for conducting security assessments of this nature is led by a Certified Information Security Auditor/IRCA ISO 27001 Auditor
and includes personnel appropriately qualified to render this opinion (e.g., Certified Information System Security Professionals, Microsoft Certified
System Engineers, Certified Ethical Hackers, etc.)
John Verry, 27001-CLA/CISA/CRISC
Principal Enterprise Security Consultant
Security Overview Examples
• Redundant Firewalls
• Intrusion Detection Systems
• 24/7 Live Monitoring and Response
• Endpoint Security Antivirus and Malware
• Encryption in Use, at Rest and in Transit
• Vulnerability Scans Manual and Automatic
• Weekly Log File Auditing
• Third Party Pen Testing
Application Redundancy
Lincoln Peak Partners FISMA Compliant Private Cloud
Block Diagram
MDPHnet /
PopMedNet Users
INTERNET
SSL Remote VPN Acce
(B
SSL Remote VP
N Access
ss
mit
t)
Com gmen
ps
e
b
S
10M le GB
tab
urs
SSL/TLS
SSL/TLS
(Bur
1Mb
p
stab s Com
m
le G
B Se it
gme
nt)
Phoenix DC
Disaster Recovery Site
Cold or Warm available
Dulles Vault DC
Lincoln Peak Primary
SSL VPN Site to Site Tunnel
Asynchronous Replication on Carpathia Backbone with RPO=15 minutes
Lincoln Peak Partners partners with Carpathia Hosting to provide high reliability, secure managed services solution. Lincoln Peak is certified FISMA compliant and in process on
SAS-70/SSAE-16. Carpathia Hosting is FISMA, SAS-70/SSAE-16, and SysTrust certified.
Lincoln Peak
Admins
Backup with
Redundancy
Backup Policies
Lincoln Peak Standard Operation Policy Backup
and retention outlines the follow in the flow
chart.
Redundant backups assure your data remains
intact during crisis situations.
Lincoln Peak recognizes the need to customize
policies for each individual customer. We can
provide the flexibility you need to feel secure.
All database backup are encrypted at rest and
all data is encrypted in transit.
This is an automated and monitored process.
End User
Overview of
Data Flow
Investigators
Web Browser
https/TLS 1.0-1.2
Internet
Ask a question
Response
Firewall
Ask a question
https/TLS 1.0-1.2
Firewall
Firewall
https/TLS 1.2
Response
Internet
PMN
Web Service
Firewall
https/TLS 1.2
VLAN 2
PMN
Database
Carpathia Hosting
Firewall
https/TLS 1.0-1.2
https/TLS 1.0- 1.2
Response
Administrators
PopMedNet
Portal
Single Sign
On Option
Data Provider
Data Mart
Administrators
Internet
Web
Browser
Ask a question
PMN
VLAN 1
DataMart
Desktop
Client
Model Adaptors
User Group 2015
Security Best
Practices
Related documents
Unit 4 Study Guide --election of 1840 --Webster-Ashburton -
Unit 4 Study Guide --election of 1840 --Webster-Ashburton -
U.S. History Unit 5: Civil War Chapter 4 (pages 194
U.S. History Unit 5: Civil War Chapter 4 (pages 194
Graduate Trainee Siemens Industrial Turbomachinery Ltd | Lincoln
Graduate Trainee Siemens Industrial Turbomachinery Ltd | Lincoln
Charles William Nichols Jr
Charles William Nichols Jr
“Ellen Hunt” Lincoln K-8 Choice School Alumni Scholarship Appli
“Ellen Hunt” Lincoln K-8 Choice School Alumni Scholarship Appli
Download
advertisement