SlideShare a Scribd company logo

Information Security Whitepaper

run_frictionless
run_frictionless

Today, Information Security has to be at the heart of the modern SAAS organization. At Speakap, we’ve always held the view that our customers should own their data, and thus have always fiercely protected data privacy, so we see the increased attention on these topics as being great for all companies and consumers. https://runfrictionless.com/b2b-white-paper-service/

Business
1 of 13
Download to read offline

 Security White Paper How we maintain the confidentiality, integrity and availability of information at Speakap Version 4.0 - Jul 2020

 Speakap Security White Paper / 2 13 TABLE OF CONTENTS Introduction Application Security Web Security Malware Protection Authentication and Passwords Encryption Email Protection Protection of Servers and Infrastructure Logging and Monitoring Disaster Recovery, Backup and Redundancy Data Centers Security During Development Security Audits, Penetration Tests and Automated Tests Organization and Management Incident Response Compliance 3 4 5 5 5 7 7 7 9 9 9 10 10 11 12 12

 Speakap Security White Paper / 3 13 INTRODUCTION Today, Information Security has to be at the heart of the modern SAAS organization. 
 At Speakap, we’ve always held the view that our customers should own their data, and thus have always fiercely protected data privacy, so we see the increased attention on these topics as being great for all companies and consumers. Information Security has always been an important aspect of all processes at Speakap, but as our company and list of customers has grown, the need for a more formalized Information Security Management System (ISMS) became more and more clear. Over the past few years, we’ve documented procedures and policies, setting up regular checks and audits. We've also reviewed our systems and assets and assigned owners with specific, documented responsibilities. Finally, we've introduced a risk assessment procedure, which helps us to direct our efforts when it comes to improving and implementing information security controls. Having an ISO 27001 compliant management system helps us to comply with regulations such as GDPR, but it also ensures that we fulfill our contractual obligations with clients and suppliers. On the following pages, you will find a summary of all the organizational and technical measures that Speakap has taken in relation to information security. Bart van Wissen
 CTO Our risk-based approach allows us to continuously improve information security in the areas where it matters the most. “

 Speakap Security White Paper / 4 13 Applica'on security Speakap ensures that users of the platform have access to precisely the data which they are authorized to access. The security model of the application is based on: • Users: the members of your organization, managed by designated administrators within the organization. All members of the organization (the 'network') have a role which determines the users' rights at the network level. • Messages: Shared privately in private messages, meaning only sender and recipient have access, or shared with a group or with the entire network. • Timelines on which data can be shared in the form of messages. • Groups with memberships managed by designated administrators within the group or at the organization level. All members of a group have a role within that group, which determines their privileges. Groups have their own timelines, and content shared in the group (depending on the type of group) is only accessible to members of the group.
Speakap Security White Paper / 5 13 Web security • All connections to and from the service use https with the TLS 1.2 protocol, using 2048 bit RSA keys and AES encryption, provided that clients support this as well (most modern 
 clients do). • The older and weaker SSL protocol is disabled. • Sensitive cookies are set with secure- and HTTP-only flags. • All user input is validated before processing. Special care is taken to prevent Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) and SQL Injection. Malware Protec'on • User-uploaded files are automatically scanned for malware upon upload and rejected if malware is found. • Malware definitions are updated regularly and automatically. Authen'ca'on and Passwords • Speakap API Authentication is based on OAuth 2.0. Access tokens have a length of 100 bytes, generated using OpenSSL's pseudo-random byte-string generator and have a lifetime of 
 1 hour, after which they need to be refreshed. • All active access tokens are revoked when a user changes his or her password. • SAML 2.0 can be used for Single Sign-On. • Devices can be logged out remotely. • Passwords have a minimum length of 10 characters, must contain at least one lowercase character, one uppercase character, and one non-alphabetic character. • Passwords are stored as salted hashes using the BCrypt algorithm, so Speakap has no knowledge of the actual passwords. • In order to change a password, a user must always provide the old password. 

Speakap Security White Paper / 6 13 • When a password is forgotten, a user can request a password reset. A secret link to reset 
 the password is sent to the user's primary email address. • Email addresses need to be verified using a secret token before they can be used as primary email address. • Passwords are never stored on the user's device or in the browser. Instead, an OAuth token is stored securely. • The token is cleared on mobile devices when the user logs out or uninstalls the app. • Authentication tokens expire automatically when not used for a longer amount of time.

Speakap Security White Paper / 7 13 Encryp'on • Data is encrypted in transit and at rest. • All communication over public networks uses HTTPS with TLS 1.2 (where supported by the client). RSA keys have a length of 2048 bits. • The older, weaker SSL protocol is disabled. • Customer data is encrypted at rest using the AES-256 algorithm. • Passwords are stored as hashes, using the highly secure BCrypt algorithm. Email Protec'on • Outgoing transactional email is handled by our ISO 27001:2013 certified email delivery partners: Tripolis (for customers hosted in the EU) and Amazon Web Services (for customers hosted in the US). • DKIM signing is applied to all outgoing email. • Sender forgery is prevented using SPF. Protec'on of Servers and Infrastructure • The production environments are divided up into multiple secure zones with firewall rules protecting traffic between them. • Access to the production environments requires a VPN connection with mandatory 2-factor authentication. • A limited group of senior system engineers has access to the servers in the production environments. • Least-privilege principle is applied. • All services are protected by firewalls.
Speakap Security White Paper / 8 13 • On all servers, all ports and services are blocked by default and only opened when services are required. • Speakap servers are provisioned using a centralized configuration management system which ensures unified secure configuration across all servers. Version control is applied to all configuration data. • Security-critical patches are installed within 24 hours of availability. • Speakap servers are automatically protected against DDoS attacks.
Speakap Security White Paper / 9 13 Logging and Monitoring • Operations performed by users in the application are logged to a centralized audit log. • Server logs which are relevant to security are stored in a centralized way and are subject to analysis and automated alerting. • 24/7 monitoring and automated alerting ensure Speakap system engineers can act quickly 
 in case of service disruptions.
 Disaster Recovery, Backup and Redundancy • Speakap guarantees 99.8% uptime, excluding scheduled maintenance windows. • All critical services are set up redundantly to ensure high availability, in most cases with fully automatic failover. • All customer data is backed up multiple times a day and kept for one month so that data can be restored in case of an emergency. • Encrypted backups are stored off-site. For customers hosted in the EU these are stored in a separate data center located in Germany. For customers hosted in the US, these are stored in a separate AWS availability zone. • Speakap's disaster recovery plan helps to quickly recover services in the event of a disaster.
 Data Centers • The data centers in which Speakap is hosted are ISO 27001:2013 certified. • Speakap's primary EU data center is operated by Leaseweb in The Netherlands. • Speakap's US data center is operated by Amazon Web Services, Inc. • Customer data resides either in the EU data center or in the US datacenter. There is no transfer of data between these and the customer is in full control of the geographical location of the data. • Physical access to data centers and servers is restricted to authorized data center personnel.

Speakap Security White Paper / 10 13 Security during Development • Speakap development environments are separated from testing and production environments. • Production data is never used for testing purposes. • Production data is never transferred out of the production environment to test environments. • Automated test suites are run for every change to Speakap code, and changes are not deployed until all tests pass. In addition, manual testing and quality assurance are done in an isolated testing environment that is not accessible to normal users. • All changes to Speakap code are peer-reviewed by senior developers who have extensive knowledge of application security. The application is developed according to industry best practices and measures are taken to prevent vulnerabilities such as those listed in the OWASP Top 10. Security Audits, Penetra'on Tests and Automated Tests • At least once a year, a series of penetration tests is carried out by an external independent security firm. • In addition, a Security Bug Bounty program is run, facilitated by an ethical hacker platform. • Daily automated SSL server tests ensure our SSL configuration stays up to industry standard. • The access controls of the application are subject to automated tests which are run on every change and every release. • All changes to the application are subject to an extensive suite of API and integration tests as well as unit tests and static analysis. • Customers are permitted to conduct their own penetration tests on request.
Speakap Security White Paper / 11 13 Organiza'on and Management • Risk assessment and business impact analysis are carried out regularly. • The ISMS is audited both internally and externally on a yearly basis as required by the 
 ISO 27001:2013 standard. • Information Security Awareness training ensures awareness of security risks and controls among all personnel. • Personnel with access to customer data is screened prior to employment. • Developers are required to demonstrate in-depth knowledge of security topics prior 
 to employment. • To protect sensitive data, Speakap employees sign a non-disclosure agreement upon employment. • Clean desk and clear screen policies ensure confidentiality at the Speakap offices. • Employee workstations are required to have strong passwords, full-disk encryption and automatic screen-lock. • Speakap's Password Policy requires that employees use strong, unique passwords for all systems used and that additional measures such as 2-factor authentication are applied 
 when possible. • Information classification policies, together with documented information and asset handling procedures ensure confidentiality, integrity and availability of sensitive information. • All policies have identified owners and are reviewed regularly. • Access Management procedures ensure that employee access to systems is granted and revoked when changes occur, such as onboarding, changes in roles within the organization 
 or termination of employment.


 Speakap Security White Paper / 12 13 Incident Response • Speakap has a documented Information Security Incident Response Procedure to ensure that responsibilities are clearly defined and the correct actions are taken in case of security incidents. • Speakap has a documented Personal Data Breach Notification Procedure which ensures that the correct people are notified in accordance with GDPR articles 33 and 34. Compliance • Speakap maintains an Information Security Management System and is ISO 27001:2013 certified. • Speakap is NEN 7510 certified, making our platform available for the health sector. • Speakap is GDPR compliant. • Speakap has undergone a successful SOC 2 Type II audit by an independent auditor regarding the design, implementation and operational effectiveness of the internal control measures. • Speakap is HIPAA compliant by meeting the requirements of the HIPAA Security Controls. • Data Processing Agreements are in place with all sub-processors. • Speakap has appointed a Data Protection Officer (DPO). • Speakap will direct law enforcement requests to the customer unless legally prohibited, 
 so that the customer can decide whether to produce the requested information or oppose the request.
www.speakap.com

Recommended

Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliancerun_frictionless
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0Rasmi Swain
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
Arcsight explained
Arcsight explainedArcsight explained
Arcsight explainedanilkumar484492
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 

Recommended

Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliancerun_frictionless
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0Rasmi Swain
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
Arcsight explained
Arcsight explainedArcsight explained
Arcsight explainedanilkumar484492
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
GDPR
GDPRGDPR
GDPRRajivarnan R
 
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAASecuring Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAAAlert Logic
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
Cybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationCybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationMonchai Phaichitchan
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight Mohamed Zohair
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseWinWire Technologies Inc
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersAlgoSec
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfProtect724v2
 
Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSightSridhar Karnam
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruMarketingArrowECS_CZ
 
Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet
 

More Related Content

What's hot

More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAASecuring Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAAAlert Logic
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
Cybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationCybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationMonchai Phaichitchan
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseWinWire Technologies Inc
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersAlgoSec
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSightSridhar Karnam
 

What's hot (20)

More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
GDPR
GDPRGDPR
GDPR
 
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAASecuring Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAA
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud Attacks
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
Cybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationCybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentation
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
 
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and RoutersEnsuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdf
 
Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSight
 

Similar to Information Security Whitepaper

Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruMarketingArrowECS_CZ
 
Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Datasheet: Security
Datasheet: SecurityDatasheet: Security
Datasheet: SecurityVoIPstudio
 
https://spotintelligence.com
https://spotintelligence.comhttps://spotintelligence.com
https://spotintelligence.comNeriVanOtten1
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
SecureTower General Info
SecureTower General InfoSecureTower General Info
SecureTower General InfoAnton Lishchuk
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Sophos Benelux
 
SnapComms Technical overview
SnapComms Technical overviewSnapComms Technical overview
SnapComms Technical overviewSnapComms
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overviewleanne_abarro
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxssuser20fcbe
 
Make the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudMake the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudErik Von Schlehenried
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...Amazon Web Services Korea
 
NetExplorer security leaflet
NetExplorer security leafletNetExplorer security leaflet
NetExplorer security leafletNetExplorer
 
Infrastructure and security (2)
Infrastructure and security (2)Infrastructure and security (2)
Infrastructure and security (2)revathipqr
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNicholas Davis
 

Similar to Information Security Whitepaper (20)

Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
 
Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet Security Presentation 2017
Mailjet Security Presentation 2017
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Datasheet: Security
Datasheet: SecurityDatasheet: Security
Datasheet: Security
 
"EL ATAQUE INTERNO"
"EL ATAQUE INTERNO""EL ATAQUE INTERNO"
"EL ATAQUE INTERNO"
 
https://spotintelligence.com
https://spotintelligence.comhttps://spotintelligence.com
https://spotintelligence.com
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
SecureTower General Info
SecureTower General InfoSecureTower General Info
SecureTower General Info
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
 
SnapComms Technical overview
SnapComms Technical overviewSnapComms Technical overview
SnapComms Technical overview
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overview
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptx
 
Make the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudMake the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloud
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
 
NetExplorer security leaflet
NetExplorer security leafletNetExplorer security leaflet
NetExplorer security leaflet
 
Infrastructure and security (2)
Infrastructure and security (2)Infrastructure and security (2)
Infrastructure and security (2)
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
 

More from run_frictionless

The 25 Most Beautiful B2B White Papers On The Planet
The 25 Most Beautiful B2B White Papers On The PlanetThe 25 Most Beautiful B2B White Papers On The Planet
The 25 Most Beautiful B2B White Papers On The Planetrun_frictionless
 
Pharma Marketing: Get Started on Creating Great Customer Experiences with Jou...
Pharma Marketing: Get Started on Creating Great Customer Experiences with Jou...Pharma Marketing: Get Started on Creating Great Customer Experiences with Jou...
Pharma Marketing: Get Started on Creating Great Customer Experiences with Jou...run_frictionless
 
Overcoming Business Challenges with Azure
Overcoming Business Challenges with AzureOvercoming Business Challenges with Azure
Overcoming Business Challenges with Azurerun_frictionless
 
Maximising value while migrating your Oracle Estate to Microsoft Azure
Maximising value while migrating your Oracle Estate to Microsoft AzureMaximising value while migrating your Oracle Estate to Microsoft Azure
Maximising value while migrating your Oracle Estate to Microsoft Azurerun_frictionless
 
AWS Well-Architected Framework
AWS Well-Architected FrameworkAWS Well-Architected Framework
AWS Well-Architected Frameworkrun_frictionless
 
LinkedIn Marketing Solutions Affluent Millennials Research Whitepaper
LinkedIn Marketing Solutions Affluent Millennials Research WhitepaperLinkedIn Marketing Solutions Affluent Millennials Research Whitepaper
LinkedIn Marketing Solutions Affluent Millennials Research Whitepaperrun_frictionless
 
Charting a Way Forward Online Content Regulation
Charting a Way Forward Online Content RegulationCharting a Way Forward Online Content Regulation
Charting a Way Forward Online Content Regulationrun_frictionless
 
Electronic contracts and electronic signatures under Australian law
Electronic contracts and electronic signatures under Australian lawElectronic contracts and electronic signatures under Australian law
Electronic contracts and electronic signatures under Australian lawrun_frictionless
 
Mac Pro Technology Overview
Mac Pro Technology OverviewMac Pro Technology Overview
Mac Pro Technology Overviewrun_frictionless
 
The Google Cloud Adoption Framework
The Google Cloud Adoption FrameworkThe Google Cloud Adoption Framework
The Google Cloud Adoption Frameworkrun_frictionless
 
Google's guide to innovation: How to unlock strategy, resources and technology
Google's guide to innovation: How to unlock strategy, resources and technologyGoogle's guide to innovation: How to unlock strategy, resources and technology
Google's guide to innovation: How to unlock strategy, resources and technologyrun_frictionless
 
Google Cloud Industries: The impact of COVID-19 on manufacturers
Google Cloud Industries: The impact of COVID-19 on manufacturersGoogle Cloud Industries: The impact of COVID-19 on manufacturers
Google Cloud Industries: The impact of COVID-19 on manufacturersrun_frictionless
 
Transforming specialty retail with AI
Transforming specialty retail with AITransforming specialty retail with AI
Transforming specialty retail with AIrun_frictionless
 
Six Must-Haves When Using Slack
Six Must-Haves When Using SlackSix Must-Haves When Using Slack
Six Must-Haves When Using Slackrun_frictionless
 
Journey mapping in banking & finance
Journey mapping in banking & financeJourney mapping in banking & finance
Journey mapping in banking & financerun_frictionless
 
Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...run_frictionless
 

More from run_frictionless (20)

The 25 Most Beautiful B2B White Papers On The Planet
The 25 Most Beautiful B2B White Papers On The PlanetThe 25 Most Beautiful B2B White Papers On The Planet
The 25 Most Beautiful B2B White Papers On The Planet
 
Pharma Marketing: Get Started on Creating Great Customer Experiences with Jou...
Pharma Marketing: Get Started on Creating Great Customer Experiences with Jou...Pharma Marketing: Get Started on Creating Great Customer Experiences with Jou...
Pharma Marketing: Get Started on Creating Great Customer Experiences with Jou...
 
Overcoming Business Challenges with Azure
Overcoming Business Challenges with AzureOvercoming Business Challenges with Azure
Overcoming Business Challenges with Azure
 
Maximising value while migrating your Oracle Estate to Microsoft Azure
Maximising value while migrating your Oracle Estate to Microsoft AzureMaximising value while migrating your Oracle Estate to Microsoft Azure
Maximising value while migrating your Oracle Estate to Microsoft Azure
 
How AWS Pricing Works
How AWS Pricing WorksHow AWS Pricing Works
How AWS Pricing Works
 
AWS Well-Architected Framework
AWS Well-Architected FrameworkAWS Well-Architected Framework
AWS Well-Architected Framework
 
LinkedIn Marketing Solutions Affluent Millennials Research Whitepaper
LinkedIn Marketing Solutions Affluent Millennials Research WhitepaperLinkedIn Marketing Solutions Affluent Millennials Research Whitepaper
LinkedIn Marketing Solutions Affluent Millennials Research Whitepaper
 
Charting a Way Forward Online Content Regulation
Charting a Way Forward Online Content RegulationCharting a Way Forward Online Content Regulation
Charting a Way Forward Online Content Regulation
 
Electronic contracts and electronic signatures under Australian law
Electronic contracts and electronic signatures under Australian lawElectronic contracts and electronic signatures under Australian law
Electronic contracts and electronic signatures under Australian law
 
Mac Pro Technology Overview
Mac Pro Technology OverviewMac Pro Technology Overview
Mac Pro Technology Overview
 
Sidecar
SidecarSidecar
Sidecar
 
The Google Cloud Adoption Framework
The Google Cloud Adoption FrameworkThe Google Cloud Adoption Framework
The Google Cloud Adoption Framework
 
Google's guide to innovation: How to unlock strategy, resources and technology
Google's guide to innovation: How to unlock strategy, resources and technologyGoogle's guide to innovation: How to unlock strategy, resources and technology
Google's guide to innovation: How to unlock strategy, resources and technology
 
Google Cloud Industries: The impact of COVID-19 on manufacturers
Google Cloud Industries: The impact of COVID-19 on manufacturersGoogle Cloud Industries: The impact of COVID-19 on manufacturers
Google Cloud Industries: The impact of COVID-19 on manufacturers
 
Transforming specialty retail with AI
Transforming specialty retail with AITransforming specialty retail with AI
Transforming specialty retail with AI
 
Six Must-Haves When Using Slack
Six Must-Haves When Using SlackSix Must-Haves When Using Slack
Six Must-Haves When Using Slack
 
Social Selling at Scale
Social Selling at ScaleSocial Selling at Scale
Social Selling at Scale
 
Journey mapping in banking & finance
Journey mapping in banking & financeJourney mapping in banking & finance
Journey mapping in banking & finance
 
Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...Strengthening Operational Resilience in Financial Services by Migrating to Go...
Strengthening Operational Resilience in Financial Services by Migrating to Go...
 
Inclusive Fintech 50
Inclusive Fintech 50Inclusive Fintech 50
Inclusive Fintech 50
 

Recently uploaded

8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024Matteo Carbone
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncrdollysharma2066
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 

Recently uploaded (20)

8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 

Information Security Whitepaper

  • 1. 
 Security White Paper How we maintain the confidentiality, integrity and availability of information at Speakap Version 4.0 - Jul 2020
  • 2. 
 Speakap Security White Paper / 2 13 TABLE OF CONTENTS Introduction Application Security Web Security Malware Protection Authentication and Passwords Encryption Email Protection Protection of Servers and Infrastructure Logging and Monitoring Disaster Recovery, Backup and Redundancy Data Centers Security During Development Security Audits, Penetration Tests and Automated Tests Organization and Management Incident Response Compliance 3 4 5 5 5 7 7 7 9 9 9 10 10 11 12 12
  • 3. 
 Speakap Security White Paper / 3 13 INTRODUCTION Today, Information Security has to be at the heart of the modern SAAS organization. 
 At Speakap, we’ve always held the view that our customers should own their data, and thus have always fiercely protected data privacy, so we see the increased attention on these topics as being great for all companies and consumers. Information Security has always been an important aspect of all processes at Speakap, but as our company and list of customers has grown, the need for a more formalized Information Security Management System (ISMS) became more and more clear. Over the past few years, we’ve documented procedures and policies, setting up regular checks and audits. We've also reviewed our systems and assets and assigned owners with specific, documented responsibilities. Finally, we've introduced a risk assessment procedure, which helps us to direct our efforts when it comes to improving and implementing information security controls. Having an ISO 27001 compliant management system helps us to comply with regulations such as GDPR, but it also ensures that we fulfill our contractual obligations with clients and suppliers. On the following pages, you will find a summary of all the organizational and technical measures that Speakap has taken in relation to information security. Bart van Wissen
 CTO Our risk-based approach allows us to continuously improve information security in the areas where it matters the most. “
  • 4. 
 Speakap Security White Paper / 4 13 Applica'on security Speakap ensures that users of the platform have access to precisely the data which they are authorized to access. The security model of the application is based on: • Users: the members of your organization, managed by designated administrators within the organization. All members of the organization (the 'network') have a role which determines the users' rights at the network level. • Messages: Shared privately in private messages, meaning only sender and recipient have access, or shared with a group or with the entire network. • Timelines on which data can be shared in the form of messages. • Groups with memberships managed by designated administrators within the group or at the organization level. All members of a group have a role within that group, which determines their privileges. Groups have their own timelines, and content shared in the group (depending on the type of group) is only accessible to members of the group.
  • 5. Speakap Security White Paper / 5 13 Web security • All connections to and from the service use https with the TLS 1.2 protocol, using 2048 bit RSA keys and AES encryption, provided that clients support this as well (most modern 
 clients do). • The older and weaker SSL protocol is disabled. • Sensitive cookies are set with secure- and HTTP-only flags. • All user input is validated before processing. Special care is taken to prevent Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) and SQL Injection. Malware Protec'on • User-uploaded files are automatically scanned for malware upon upload and rejected if malware is found. • Malware definitions are updated regularly and automatically. Authen'ca'on and Passwords • Speakap API Authentication is based on OAuth 2.0. Access tokens have a length of 100 bytes, generated using OpenSSL's pseudo-random byte-string generator and have a lifetime of 
 1 hour, after which they need to be refreshed. • All active access tokens are revoked when a user changes his or her password. • SAML 2.0 can be used for Single Sign-On. • Devices can be logged out remotely. • Passwords have a minimum length of 10 characters, must contain at least one lowercase character, one uppercase character, and one non-alphabetic character. • Passwords are stored as salted hashes using the BCrypt algorithm, so Speakap has no knowledge of the actual passwords. • In order to change a password, a user must always provide the old password. 

  • 6. Speakap Security White Paper / 6 13 • When a password is forgotten, a user can request a password reset. A secret link to reset 
 the password is sent to the user's primary email address. • Email addresses need to be verified using a secret token before they can be used as primary email address. • Passwords are never stored on the user's device or in the browser. Instead, an OAuth token is stored securely. • The token is cleared on mobile devices when the user logs out or uninstalls the app. • Authentication tokens expire automatically when not used for a longer amount of time.

  • 7. Speakap Security White Paper / 7 13 Encryp'on • Data is encrypted in transit and at rest. • All communication over public networks uses HTTPS with TLS 1.2 (where supported by the client). RSA keys have a length of 2048 bits. • The older, weaker SSL protocol is disabled. • Customer data is encrypted at rest using the AES-256 algorithm. • Passwords are stored as hashes, using the highly secure BCrypt algorithm. Email Protec'on • Outgoing transactional email is handled by our ISO 27001:2013 certified email delivery partners: Tripolis (for customers hosted in the EU) and Amazon Web Services (for customers hosted in the US). • DKIM signing is applied to all outgoing email. • Sender forgery is prevented using SPF. Protec'on of Servers and Infrastructure • The production environments are divided up into multiple secure zones with firewall rules protecting traffic between them. • Access to the production environments requires a VPN connection with mandatory 2-factor authentication. • A limited group of senior system engineers has access to the servers in the production environments. • Least-privilege principle is applied. • All services are protected by firewalls.
  • 8. Speakap Security White Paper / 8 13 • On all servers, all ports and services are blocked by default and only opened when services are required. • Speakap servers are provisioned using a centralized configuration management system which ensures unified secure configuration across all servers. Version control is applied to all configuration data. • Security-critical patches are installed within 24 hours of availability. • Speakap servers are automatically protected against DDoS attacks.
  • 9. Speakap Security White Paper / 9 13 Logging and Monitoring • Operations performed by users in the application are logged to a centralized audit log. • Server logs which are relevant to security are stored in a centralized way and are subject to analysis and automated alerting. • 24/7 monitoring and automated alerting ensure Speakap system engineers can act quickly 
 in case of service disruptions.
 Disaster Recovery, Backup and Redundancy • Speakap guarantees 99.8% uptime, excluding scheduled maintenance windows. • All critical services are set up redundantly to ensure high availability, in most cases with fully automatic failover. • All customer data is backed up multiple times a day and kept for one month so that data can be restored in case of an emergency. • Encrypted backups are stored off-site. For customers hosted in the EU these are stored in a separate data center located in Germany. For customers hosted in the US, these are stored in a separate AWS availability zone. • Speakap's disaster recovery plan helps to quickly recover services in the event of a disaster.
 Data Centers • The data centers in which Speakap is hosted are ISO 27001:2013 certified. • Speakap's primary EU data center is operated by Leaseweb in The Netherlands. • Speakap's US data center is operated by Amazon Web Services, Inc. • Customer data resides either in the EU data center or in the US datacenter. There is no transfer of data between these and the customer is in full control of the geographical location of the data. • Physical access to data centers and servers is restricted to authorized data center personnel.

  • 10. Speakap Security White Paper / 10 13 Security during Development • Speakap development environments are separated from testing and production environments. • Production data is never used for testing purposes. • Production data is never transferred out of the production environment to test environments. • Automated test suites are run for every change to Speakap code, and changes are not deployed until all tests pass. In addition, manual testing and quality assurance are done in an isolated testing environment that is not accessible to normal users. • All changes to Speakap code are peer-reviewed by senior developers who have extensive knowledge of application security. The application is developed according to industry best practices and measures are taken to prevent vulnerabilities such as those listed in the OWASP Top 10. Security Audits, Penetra'on Tests and Automated Tests • At least once a year, a series of penetration tests is carried out by an external independent security firm. • In addition, a Security Bug Bounty program is run, facilitated by an ethical hacker platform. • Daily automated SSL server tests ensure our SSL configuration stays up to industry standard. • The access controls of the application are subject to automated tests which are run on every change and every release. • All changes to the application are subject to an extensive suite of API and integration tests as well as unit tests and static analysis. • Customers are permitted to conduct their own penetration tests on request.
  • 11. Speakap Security White Paper / 11 13 Organiza'on and Management • Risk assessment and business impact analysis are carried out regularly. • The ISMS is audited both internally and externally on a yearly basis as required by the 
 ISO 27001:2013 standard. • Information Security Awareness training ensures awareness of security risks and controls among all personnel. • Personnel with access to customer data is screened prior to employment. • Developers are required to demonstrate in-depth knowledge of security topics prior 
 to employment. • To protect sensitive data, Speakap employees sign a non-disclosure agreement upon employment. • Clean desk and clear screen policies ensure confidentiality at the Speakap offices. • Employee workstations are required to have strong passwords, full-disk encryption and automatic screen-lock. • Speakap's Password Policy requires that employees use strong, unique passwords for all systems used and that additional measures such as 2-factor authentication are applied 
 when possible. • Information classification policies, together with documented information and asset handling procedures ensure confidentiality, integrity and availability of sensitive information. • All policies have identified owners and are reviewed regularly. • Access Management procedures ensure that employee access to systems is granted and revoked when changes occur, such as onboarding, changes in roles within the organization 
 or termination of employment.

  • 12. 
 Speakap Security White Paper / 12 13 Incident Response • Speakap has a documented Information Security Incident Response Procedure to ensure that responsibilities are clearly defined and the correct actions are taken in case of security incidents. • Speakap has a documented Personal Data Breach Notification Procedure which ensures that the correct people are notified in accordance with GDPR articles 33 and 34. Compliance • Speakap maintains an Information Security Management System and is ISO 27001:2013 certified. • Speakap is NEN 7510 certified, making our platform available for the health sector. • Speakap is GDPR compliant. • Speakap has undergone a successful SOC 2 Type II audit by an independent auditor regarding the design, implementation and operational effectiveness of the internal control measures. • Speakap is HIPAA compliant by meeting the requirements of the HIPAA Security Controls. • Data Processing Agreements are in place with all sub-processors. • Speakap has appointed a Data Protection Officer (DPO). • Speakap will direct law enforcement requests to the customer unless legally prohibited, 
 so that the customer can decide whether to produce the requested information or oppose the request.