SlideShare ist ein Scribd-Unternehmen logo

White Paper: Windstream's Position on Security Compliance

Windstream Enterprise
Windstream Enterprise
Technologie
1 von 4
Downloaden Sie, um offline zu lesen
WHITE PAPER Windstream’s Position on Security Compliance Compliance In General Our customers are under increasing §§ Government Mandated Privacy Acts pressure to adhere to numerous security (Massachusetts, California, and compliance standards and design Minnesota, with others to follow) – networks that address the best practices Applies to anyone doing business in associated with these standards. As these states any healthcare provider can tell you, the §§ Health Insurance Portability and content of the standards themselves can Accountability Act (HIPAA) – be daunting to understand and apply, Applies to the healthcare vertical which has driven organizations to look §§ Gramm-Leach-Bliley Act (GLBA) – outside for assistance. Applies to the financial vertical §§ Sarbanes-Oxley Act (SOX) – Top Five Industry Compliance Applies to public companies Standards §§ Payment Card Industry Digital Security Standard (PCI DSS) – Applies to any company processing, transporting, or storing credit card information Overview of Standards PCI DSS – The goal of PCI DSS 1, 2010. It applies generally to those is to create a framework for good businesses that own or license personal security practice around the handling information about Massachusetts of cardholder data. A PCI-compliant residents. Personal information includes operating environment is one in which Massachusetts residents’ first and last the cardholder data exists (i.e., it does names, or first initials and last names, in NOT refer to the whole corporate combination with any of the following: network), and PCI DSS defines the Social Security number, driver’s license requirements for how access to this data number or state-issued identification must be controlled, monitored, logged, card number, financial account and audited. number, or credit or debit card number. Therefore, if you have any employees, Government Mandated Privacy Acts receive payments from individuals (Massachusetts) – The Massachusetts (whether by check or credit card), or Data Privacy Act (201 CMR 17), now send out 1099s, your business owns or recently revised, went into effect March licenses personal information and, thus, © Windstream 2012 DATE: 3.27.12 | REVISION: 2 | 009574_Windstream’s_Position | CREATIVE: MF | JOB#: 9574 - Windstream’s Position on Security Compliance | COLOR: GS | TRIM: 8.5” x 11”
WHITE PAPER Overview of Standards must comply with the law. Minnesota applies to information of any consumers (Cont.) and California recently passed similar past or present of the financial laws and it’s expected that this trend institution’s products or services.) will continue for the remaining 47 This plan must include: states in the near future. §§ Denoting at least one employee to manage the safeguards HIPAA – HIPAA covers a number of §§ Constructing thorough risk healthcare standards, one of which management on each department is the HIPAA Security Rule, which handling the non-public information requires implementation of three types §§ Developing, monitoring, and testing a of safeguards: program to secure the information §§ Modifying the safeguards as needed §§ Administrative with the changes in how information is §§ Physical collected, stored, and used §§ Technical This rule is intended to do what most In addition, it imposes other businesses should already be doing: organizational requirements and protecting their clients. The Safeguards a need to document processes Rule forces financial institutions to analogous to the Privacy Rule. take a closer look at how they manage Implementing within and adhering private data and to do a risk analysis to this rule is extremely difficult due on their current processes. No process to the highly technical nature of the is perfect, so this has meant that every contents of the rule. financial institution has had to make some effort to comply with the GLBA. GLBA – The Safeguards Rule, a part of the GLB Act, requires SOX – The impact of IT security within financial institutions to develop a SOX is somewhat indirect since the law written information security plan is primarily focused on the accuracy of that describes how the company is financial reporting data. IT security is prepared for, and plans to continue to important under SOX only to the extent protect clients’ non-public personal that it enhances the reliability and information. (The Safeguards Rule integrity of that reporting. © Windstream 2012
WHITE PAPER Windstream’s Strategy Around The Internet Service Provider (ISP) 10. Continuous Vulnerability Assessment Compliance has an interesting role in compliance. and Remediation Since the essential underlying focus of 11. Account Monitoring and Control popular compliance standards today 12. Malware Defenses is on individual enterprise context, it’s 13. Limitation and Control of Network impossible for Windstream to provide Ports, Protocols, and Services “instant on” compliance. However, with 14. Wireless Device Control our Security Consultation services, as 15. Data Loss Prevention well as the best practices that we’ve 16. Secure Network Engineering implemented internally and consult 17. Penetration Tests and Red Team our customers to follow, Windstream Exercises has made it as easy as possible for 18. Incident Response Capability customers from all verticals to meet and 19. Data Recovery Capability exceed the standards laid out for them 20. Security Skills Assessment and by the various regulatory bodies. Each Appropriate Training to Fill Gaps compliance standard is built around a foundation of concepts best outlined Furthermore, Windstream is actively by the SANS Institute and mirrored by taking advantage of the SAS 70 auditing Windstream’s business best practices. process to provide customers with the They include: necessary information to inform their auditors and planners of compliance- 1. Inventory of Authorized and friendly topologies and practices. A Unauthorized Devices SAS 70 is performed by a third party 2. Inventory of Authorized and that reviews our security controls, then Unauthorized Software verifies that we’re adhering to them by 3. Secure Configurations for Hardware reviewing, auditing, and scoring our and Software on Laptops, performance. Since our customers are Workstations, and Servers under a myriad of compliance standards, 4. Secure Configurations for Network we developed our controls based upon Devices such as Firewalls, Routers, the best practices mentioned above and Switches and mapped our practices to PCI 5. Boundary Defense DSS and other compliance standards. 6. Maintenance, Monitoring, and This way, we can present our SAE Analysis of Audit Logs 16 documentation to any customer 7. Application Software Security who needs to prove that Windstream 8. Controlled Use of Administrative practices security standards which Privileges exceed the compliance standards to 9. Controlled Access Based on Need which they’re being held. This approach to Know makes the most sense for both Windstream and our customers. © Windstream 2012
WHITE PAPER Things We’re Watching & Since Windstream’s role is central to there are a number of best practices What We’re Doing customer network security, we as an ISP and technologies that we’re focusing and Managed Security Service Provider on to control access, then monitor and (MSSP) must be “ahead of the curve” to equip zones within the organization with maintain our position within the confines legitimate access to these services to of the popular compliance standards properly handle threats. because the overwhelming buying triggers for our services surround these Enclaving – There is no ‘silver bullet’ in standards. We see emerging threats and security. If there were, this multi-billion general business practices that require dollar industry would not exist. Given review and standards application on a that reality, it’s becoming increasingly regular basis. more prudent to design networks (LAN and WAN) that are zoned (or Top Three Emerging Trends enclaved) in such a way that in the event of a successful attack or breach, §§ Best practices surrounding safe and the impact to the organization as a secure utilization of social media whole is minimized. As threats grow in §§ Best practices incorporating enclaving complexity, best practices around this of network elements to reduce the concept are increasing in value. impact of a breach or incident §§ Best practices surrounding the Mobile Devices – Innovation and deployment, control, and risk incorporation of mobile devices is mitigation associated with mobile skyrocketing across all industries. Mobile technology (Android, iPad, iPhone, device security, as a result, is becoming WiFi, etc.) a targeted focus for our customers and our organization. The development of Social Media – Malware and bot-net best practices and the deployment threats are synonymous with social of security technology with a focus media. While it’s a well known best on mobile device risk reduction and practice to develop Web acceptable mitigation is a top priority at Windstream. use policies that block access to these services, an increasing number of organizations use social media as an advertising and information distribution outlet. With this trend, 009574 | 3/12 © Windstream 2012

Empfohlen

White Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWhite Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWindstream Enterprise
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedVISTA InfoSec
 
SAS Forum India: Building for Success: The Foundation for Achievable Master D...
SAS Forum India: Building for Success: The Foundation for Achievable Master D...SAS Forum India: Building for Success: The Foundation for Achievable Master D...
SAS Forum India: Building for Success: The Foundation for Achievable Master D...SAS Institute India Pvt. Ltd
 
Breached! The First 48
Breached! The First 48Breached! The First 48
Breached! The First 48Resilient Systems
 
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...SAS Institute India Pvt. Ltd
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
Task 3
Task 3Task 3
Task 3BIBEKCHAUDHARYBScHon
 

Empfohlen

White Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWhite Paper: Windstream's Position on Security Compliance
White Paper: Windstream's Position on Security ComplianceWindstream Enterprise
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Pci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedPci dss scoping and segmentation with links converted-converted
Pci dss scoping and segmentation with links converted-convertedVISTA InfoSec
 
SAS Forum India: Building for Success: The Foundation for Achievable Master D...
SAS Forum India: Building for Success: The Foundation for Achievable Master D...SAS Forum India: Building for Success: The Foundation for Achievable Master D...
SAS Forum India: Building for Success: The Foundation for Achievable Master D...SAS Institute India Pvt. Ltd
 
Breached! The First 48
Breached! The First 48Breached! The First 48
Breached! The First 48Resilient Systems
 
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...SAS Institute India Pvt. Ltd
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
Task 3
Task 3Task 3
Task 3BIBEKCHAUDHARYBScHon
 
Threat Detect Hipaa Compliance
Threat Detect Hipaa ComplianceThreat Detect Hipaa Compliance
Threat Detect Hipaa Compliancetbeckwith
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Task 2
Task 2Task 2
Task 2BIBEKCHAUDHARYBScHon
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk ManagementRahul Bhan (CA, CIA, MBA)
 
Riskpro information risk management
Riskpro information risk managementRiskpro information risk management
Riskpro information risk managementRahul Bhan (CA, CIA, MBA)
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk ManagementRahul Bhan (CA, CIA, MBA)
 
Interlace bfsi
Interlace bfsiInterlace bfsi
Interlace bfsiInterlace
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trendswardell henley
 
task 1
task 1task 1
task 1BIBEKCHAUDHARYBScHon
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security GovernanceLeo de Sousa
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copySandra (Sandy) Dunn
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013Rahul Bhan (CA, CIA, MBA)
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Erik Ginalick
 
Black ice technologies rdas (finance)
Black ice technologies rdas (finance)Black ice technologies rdas (finance)
Black ice technologies rdas (finance)phillyjevs
 
Interconnected Health 2012 Examining The Privacy Considerations For Secondary...
Interconnected Health 2012 Examining The Privacy Considerations For Secondary...Interconnected Health 2012 Examining The Privacy Considerations For Secondary...
Interconnected Health 2012 Examining The Privacy Considerations For Secondary...privacypros
 
Brave new world of encryption v1
Brave new world of encryption v1Brave new world of encryption v1
Brave new world of encryption v1Khazret Sapenov
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditSecurityMetrics
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkDivya Kothari
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 

Weitere ähnliche Inhalte

Was ist angesagt?

Threat Detect Hipaa Compliance
Threat Detect Hipaa ComplianceThreat Detect Hipaa Compliance
Threat Detect Hipaa Compliancetbeckwith
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Interlace bfsi
Interlace bfsiInterlace bfsi
Interlace bfsiInterlace
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trendswardell henley
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security GovernanceLeo de Sousa
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copySandra (Sandy) Dunn
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Erik Ginalick
 
Black ice technologies rdas (finance)
Black ice technologies rdas (finance)Black ice technologies rdas (finance)
Black ice technologies rdas (finance)phillyjevs
 
Interconnected Health 2012 Examining The Privacy Considerations For Secondary...
Interconnected Health 2012 Examining The Privacy Considerations For Secondary...Interconnected Health 2012 Examining The Privacy Considerations For Secondary...
Interconnected Health 2012 Examining The Privacy Considerations For Secondary...privacypros
 
Brave new world of encryption v1
Brave new world of encryption v1Brave new world of encryption v1
Brave new world of encryption v1Khazret Sapenov
 

Was ist angesagt? (19)

Threat Detect Hipaa Compliance
Threat Detect Hipaa ComplianceThreat Detect Hipaa Compliance
Threat Detect Hipaa Compliance
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
Task 2
Task 2Task 2
Task 2
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Riskpro information risk management
Riskpro information risk managementRiskpro information risk management
Riskpro information risk management
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Interlace bfsi
Interlace bfsiInterlace bfsi
Interlace bfsi
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance Requirements
 
Outlook emerging security_technology_trends
Outlook emerging security_technology_trendsOutlook emerging security_technology_trends
Outlook emerging security_technology_trends
 
task 1
task 1task 1
task 1
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security Governance
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copy
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_security
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010
 
Black ice technologies rdas (finance)
Black ice technologies rdas (finance)Black ice technologies rdas (finance)
Black ice technologies rdas (finance)
 
Interconnected Health 2012 Examining The Privacy Considerations For Secondary...
Interconnected Health 2012 Examining The Privacy Considerations For Secondary...Interconnected Health 2012 Examining The Privacy Considerations For Secondary...
Interconnected Health 2012 Examining The Privacy Considerations For Secondary...
 
Brave new world of encryption v1
Brave new world of encryption v1Brave new world of encryption v1
Brave new world of encryption v1
 

Ähnlich wie White Paper: Windstream's Position on Security Compliance

How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditSecurityMetrics
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkDivya Kothari
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...The Harvey Company Insurance Services
 
Pci compliance without compensating controls how to take your mainframe out ...
Pci compliance without compensating controls how to take your mainframe out ...Pci compliance without compensating controls how to take your mainframe out ...
Pci compliance without compensating controls how to take your mainframe out ...Ulf Mattsson
 
PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance ReportHolly Vega
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
Jelecos: Achieving Compliance with Axcient
Jelecos: Achieving Compliance with AxcientJelecos: Achieving Compliance with Axcient
Jelecos: Achieving Compliance with AxcientErin Olson
 
2007 issa journal-building a comprehensive security control framework
2007 issa journal-building a comprehensive security control framework2007 issa journal-building a comprehensive security control framework
2007 issa journal-building a comprehensive security control frameworkasundaram1
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Ergmjschreck
 
Independent Banker
Independent BankerIndependent Banker
Independent BankerPatrick Roch
 
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROPCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROFitCEO, Inc. (FCI)
 
Infographic-2-MainFrame-Compliance-Standards
Infographic-2-MainFrame-Compliance-StandardsInfographic-2-MainFrame-Compliance-Standards
Infographic-2-MainFrame-Compliance-StandardsClint Walker
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...David Sweigert
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementNeira Jones
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 

Ähnlich wie White Paper: Windstream's Position on Security Compliance (20)

How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. Framework
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
 
Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...
 
Pci compliance without compensating controls how to take your mainframe out ...
Pci compliance without compensating controls how to take your mainframe out ...Pci compliance without compensating controls how to take your mainframe out ...
Pci compliance without compensating controls how to take your mainframe out ...
 
PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance Report
 
2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?2015 09-22 Is it time for a Security and Compliance Assessment?
2015 09-22 Is it time for a Security and Compliance Assessment?
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
Jelecos: Achieving Compliance with Axcient
Jelecos: Achieving Compliance with AxcientJelecos: Achieving Compliance with Axcient
Jelecos: Achieving Compliance with Axcient
 
2007 issa journal-building a comprehensive security control framework
2007 issa journal-building a comprehensive security control framework2007 issa journal-building a comprehensive security control framework
2007 issa journal-building a comprehensive security control framework
 
crucet1crucet2crucet
crucet1crucet2crucetcrucet1crucet2crucet
crucet1crucet2crucet
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Erg
 
Independent Banker
Independent BankerIndependent Banker
Independent Banker
 
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROPCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMRO
 
Infographic-2-MainFrame-Compliance-Standards
Infographic-2-MainFrame-Compliance-StandardsInfographic-2-MainFrame-Compliance-Standards
Infographic-2-MainFrame-Compliance-Standards
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
 
Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk Management
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 

Mehr von Windstream Enterprise

Windstream Webinar: Maximizing Your IT Budget
Windstream Webinar: Maximizing Your IT BudgetWindstream Webinar: Maximizing Your IT Budget
Windstream Webinar: Maximizing Your IT BudgetWindstream Enterprise
 
Windstream Webinar: Making Your Business More Productive With MPLS Networking...
Windstream Webinar: Making Your Business More Productive With MPLS Networking...Windstream Webinar: Making Your Business More Productive With MPLS Networking...
Windstream Webinar: Making Your Business More Productive With MPLS Networking...Windstream Enterprise
 
Windstream Webinar: Demystifying VoIP for Business
Windstream Webinar: Demystifying VoIP for BusinessWindstream Webinar: Demystifying VoIP for Business
Windstream Webinar: Demystifying VoIP for BusinessWindstream Enterprise
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Enterprise
 
Windstream Webinar: The Evolution of the Data Center
Windstream Webinar: The Evolution of the Data CenterWindstream Webinar: The Evolution of the Data Center
Windstream Webinar: The Evolution of the Data CenterWindstream Enterprise
 
Windstream Webinar: Debunking Network Security Myths
Windstream Webinar: Debunking Network Security MythsWindstream Webinar: Debunking Network Security Myths
Windstream Webinar: Debunking Network Security MythsWindstream Enterprise
 
Windstream Webinar: “Data Centers: Outsource or Own?” with Forrester Research
Windstream Webinar: “Data Centers: Outsource or Own?” with Forrester ResearchWindstream Webinar: “Data Centers: Outsource or Own?” with Forrester Research
Windstream Webinar: “Data Centers: Outsource or Own?” with Forrester ResearchWindstream Enterprise
 
White Paper: Windstream Leveraging Funding for EHR While Meeting HIPAA Requir...
White Paper: Windstream Leveraging Funding for EHR While Meeting HIPAA Requir...White Paper: Windstream Leveraging Funding for EHR While Meeting HIPAA Requir...
White Paper: Windstream Leveraging Funding for EHR While Meeting HIPAA Requir...Windstream Enterprise
 
White Paper: Leveraging Funding for EHR
White Paper: Leveraging Funding for EHRWhite Paper: Leveraging Funding for EHR
White Paper: Leveraging Funding for EHRWindstream Enterprise
 
White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?Windstream Enterprise
 
White Paper: Analyzing MPLS from an ROI Perspective
White Paper: Analyzing MPLS from an ROI PerspectiveWhite Paper: Analyzing MPLS from an ROI Perspective
White Paper: Analyzing MPLS from an ROI PerspectiveWindstream Enterprise
 
Case Study: Windstream Healthcare Christus St. Michael
Case Study: Windstream Healthcare Christus St. MichaelCase Study: Windstream Healthcare Christus St. Michael
Case Study: Windstream Healthcare Christus St. MichaelWindstream Enterprise
 
Case Study: Windstream Capitol Broadcasting
Case Study: Windstream Capitol BroadcastingCase Study: Windstream Capitol Broadcasting
Case Study: Windstream Capitol BroadcastingWindstream Enterprise
 

Mehr von Windstream Enterprise (15)

Windstream Webinar: Maximizing Your IT Budget
Windstream Webinar: Maximizing Your IT BudgetWindstream Webinar: Maximizing Your IT Budget
Windstream Webinar: Maximizing Your IT Budget
 
Windstream Webinar: Making Your Business More Productive With MPLS Networking...
Windstream Webinar: Making Your Business More Productive With MPLS Networking...Windstream Webinar: Making Your Business More Productive With MPLS Networking...
Windstream Webinar: Making Your Business More Productive With MPLS Networking...
 
Windstream Webinar: Demystifying VoIP for Business
Windstream Webinar: Demystifying VoIP for BusinessWindstream Webinar: Demystifying VoIP for Business
Windstream Webinar: Demystifying VoIP for Business
 
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
Windstream Webinar: The Latest Trends in Virtualization: Is the cloud right f...
 
Maximizing it budget
Maximizing it budgetMaximizing it budget
Maximizing it budget
 
Windstream Webinar: The Evolution of the Data Center
Windstream Webinar: The Evolution of the Data CenterWindstream Webinar: The Evolution of the Data Center
Windstream Webinar: The Evolution of the Data Center
 
Windstream Webinar: Debunking Network Security Myths
Windstream Webinar: Debunking Network Security MythsWindstream Webinar: Debunking Network Security Myths
Windstream Webinar: Debunking Network Security Myths
 
Windstream Webinar: “Data Centers: Outsource or Own?” with Forrester Research
Windstream Webinar: “Data Centers: Outsource or Own?” with Forrester ResearchWindstream Webinar: “Data Centers: Outsource or Own?” with Forrester Research
Windstream Webinar: “Data Centers: Outsource or Own?” with Forrester Research
 
White Paper: Windstream Leveraging Funding for EHR While Meeting HIPAA Requir...
White Paper: Windstream Leveraging Funding for EHR While Meeting HIPAA Requir...White Paper: Windstream Leveraging Funding for EHR While Meeting HIPAA Requir...
White Paper: Windstream Leveraging Funding for EHR While Meeting HIPAA Requir...
 
Product Information: Cloud Services
Product Information: Cloud ServicesProduct Information: Cloud Services
Product Information: Cloud Services
 
White Paper: Leveraging Funding for EHR
White Paper: Leveraging Funding for EHRWhite Paper: Leveraging Funding for EHR
White Paper: Leveraging Funding for EHR
 
White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?White Paper: Is Your Network Safe Behind Just a Firewall?
White Paper: Is Your Network Safe Behind Just a Firewall?
 
White Paper: Analyzing MPLS from an ROI Perspective
White Paper: Analyzing MPLS from an ROI PerspectiveWhite Paper: Analyzing MPLS from an ROI Perspective
White Paper: Analyzing MPLS from an ROI Perspective
 
Case Study: Windstream Healthcare Christus St. Michael
Case Study: Windstream Healthcare Christus St. MichaelCase Study: Windstream Healthcare Christus St. Michael
Case Study: Windstream Healthcare Christus St. Michael
 
Case Study: Windstream Capitol Broadcasting
Case Study: Windstream Capitol BroadcastingCase Study: Windstream Capitol Broadcasting
Case Study: Windstream Capitol Broadcasting
 

Kürzlich hochgeladen

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 

Kürzlich hochgeladen (20)

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 

White Paper: Windstream's Position on Security Compliance

  • 1. WHITE PAPER Windstream’s Position on Security Compliance Compliance In General Our customers are under increasing §§ Government Mandated Privacy Acts pressure to adhere to numerous security (Massachusetts, California, and compliance standards and design Minnesota, with others to follow) – networks that address the best practices Applies to anyone doing business in associated with these standards. As these states any healthcare provider can tell you, the §§ Health Insurance Portability and content of the standards themselves can Accountability Act (HIPAA) – be daunting to understand and apply, Applies to the healthcare vertical which has driven organizations to look §§ Gramm-Leach-Bliley Act (GLBA) – outside for assistance. Applies to the financial vertical §§ Sarbanes-Oxley Act (SOX) – Top Five Industry Compliance Applies to public companies Standards §§ Payment Card Industry Digital Security Standard (PCI DSS) – Applies to any company processing, transporting, or storing credit card information Overview of Standards PCI DSS – The goal of PCI DSS 1, 2010. It applies generally to those is to create a framework for good businesses that own or license personal security practice around the handling information about Massachusetts of cardholder data. A PCI-compliant residents. Personal information includes operating environment is one in which Massachusetts residents’ first and last the cardholder data exists (i.e., it does names, or first initials and last names, in NOT refer to the whole corporate combination with any of the following: network), and PCI DSS defines the Social Security number, driver’s license requirements for how access to this data number or state-issued identification must be controlled, monitored, logged, card number, financial account and audited. number, or credit or debit card number. Therefore, if you have any employees, Government Mandated Privacy Acts receive payments from individuals (Massachusetts) – The Massachusetts (whether by check or credit card), or Data Privacy Act (201 CMR 17), now send out 1099s, your business owns or recently revised, went into effect March licenses personal information and, thus, © Windstream 2012 DATE: 3.27.12 | REVISION: 2 | 009574_Windstream’s_Position | CREATIVE: MF | JOB#: 9574 - Windstream’s Position on Security Compliance | COLOR: GS | TRIM: 8.5” x 11”
  • 2. WHITE PAPER Overview of Standards must comply with the law. Minnesota applies to information of any consumers (Cont.) and California recently passed similar past or present of the financial laws and it’s expected that this trend institution’s products or services.) will continue for the remaining 47 This plan must include: states in the near future. §§ Denoting at least one employee to manage the safeguards HIPAA – HIPAA covers a number of §§ Constructing thorough risk healthcare standards, one of which management on each department is the HIPAA Security Rule, which handling the non-public information requires implementation of three types §§ Developing, monitoring, and testing a of safeguards: program to secure the information §§ Modifying the safeguards as needed §§ Administrative with the changes in how information is §§ Physical collected, stored, and used §§ Technical This rule is intended to do what most In addition, it imposes other businesses should already be doing: organizational requirements and protecting their clients. The Safeguards a need to document processes Rule forces financial institutions to analogous to the Privacy Rule. take a closer look at how they manage Implementing within and adhering private data and to do a risk analysis to this rule is extremely difficult due on their current processes. No process to the highly technical nature of the is perfect, so this has meant that every contents of the rule. financial institution has had to make some effort to comply with the GLBA. GLBA – The Safeguards Rule, a part of the GLB Act, requires SOX – The impact of IT security within financial institutions to develop a SOX is somewhat indirect since the law written information security plan is primarily focused on the accuracy of that describes how the company is financial reporting data. IT security is prepared for, and plans to continue to important under SOX only to the extent protect clients’ non-public personal that it enhances the reliability and information. (The Safeguards Rule integrity of that reporting. © Windstream 2012
  • 3. WHITE PAPER Windstream’s Strategy Around The Internet Service Provider (ISP) 10. Continuous Vulnerability Assessment Compliance has an interesting role in compliance. and Remediation Since the essential underlying focus of 11. Account Monitoring and Control popular compliance standards today 12. Malware Defenses is on individual enterprise context, it’s 13. Limitation and Control of Network impossible for Windstream to provide Ports, Protocols, and Services “instant on” compliance. However, with 14. Wireless Device Control our Security Consultation services, as 15. Data Loss Prevention well as the best practices that we’ve 16. Secure Network Engineering implemented internally and consult 17. Penetration Tests and Red Team our customers to follow, Windstream Exercises has made it as easy as possible for 18. Incident Response Capability customers from all verticals to meet and 19. Data Recovery Capability exceed the standards laid out for them 20. Security Skills Assessment and by the various regulatory bodies. Each Appropriate Training to Fill Gaps compliance standard is built around a foundation of concepts best outlined Furthermore, Windstream is actively by the SANS Institute and mirrored by taking advantage of the SAS 70 auditing Windstream’s business best practices. process to provide customers with the They include: necessary information to inform their auditors and planners of compliance- 1. Inventory of Authorized and friendly topologies and practices. A Unauthorized Devices SAS 70 is performed by a third party 2. Inventory of Authorized and that reviews our security controls, then Unauthorized Software verifies that we’re adhering to them by 3. Secure Configurations for Hardware reviewing, auditing, and scoring our and Software on Laptops, performance. Since our customers are Workstations, and Servers under a myriad of compliance standards, 4. Secure Configurations for Network we developed our controls based upon Devices such as Firewalls, Routers, the best practices mentioned above and Switches and mapped our practices to PCI 5. Boundary Defense DSS and other compliance standards. 6. Maintenance, Monitoring, and This way, we can present our SAE Analysis of Audit Logs 16 documentation to any customer 7. Application Software Security who needs to prove that Windstream 8. Controlled Use of Administrative practices security standards which Privileges exceed the compliance standards to 9. Controlled Access Based on Need which they’re being held. This approach to Know makes the most sense for both Windstream and our customers. © Windstream 2012
  • 4. WHITE PAPER Things We’re Watching & Since Windstream’s role is central to there are a number of best practices What We’re Doing customer network security, we as an ISP and technologies that we’re focusing and Managed Security Service Provider on to control access, then monitor and (MSSP) must be “ahead of the curve” to equip zones within the organization with maintain our position within the confines legitimate access to these services to of the popular compliance standards properly handle threats. because the overwhelming buying triggers for our services surround these Enclaving – There is no ‘silver bullet’ in standards. We see emerging threats and security. If there were, this multi-billion general business practices that require dollar industry would not exist. Given review and standards application on a that reality, it’s becoming increasingly regular basis. more prudent to design networks (LAN and WAN) that are zoned (or Top Three Emerging Trends enclaved) in such a way that in the event of a successful attack or breach, §§ Best practices surrounding safe and the impact to the organization as a secure utilization of social media whole is minimized. As threats grow in §§ Best practices incorporating enclaving complexity, best practices around this of network elements to reduce the concept are increasing in value. impact of a breach or incident §§ Best practices surrounding the Mobile Devices – Innovation and deployment, control, and risk incorporation of mobile devices is mitigation associated with mobile skyrocketing across all industries. Mobile technology (Android, iPad, iPhone, device security, as a result, is becoming WiFi, etc.) a targeted focus for our customers and our organization. The development of Social Media – Malware and bot-net best practices and the deployment threats are synonymous with social of security technology with a focus media. While it’s a well known best on mobile device risk reduction and practice to develop Web acceptable mitigation is a top priority at Windstream. use policies that block access to these services, an increasing number of organizations use social media as an advertising and information distribution outlet. With this trend, 009574 | 3/12 © Windstream 2012