Monthly Archives: June 2014

Pictures from Gartner Security & Risk Management Summit 2014


This entry was posted by on .

Thanks to everyone who visited our booth at the Gartner Security & Risk Management Summit.  Here are a few pictures from the summit –

AlertEnterprise™ Demonstrates First Enterprise-Proven IT-OT Security Intelligence Platform at Gartner Security & Risk Management Summit, June 23-25


This entry was posted by on .

psim

Enterprise Sentry™ Delivers Unified Critical Infrastructure Protection across Cyber, OT / SCADA and Physical Security

National Harbor, MD — June 23, 2014: AlertEnterprise, today, announced the first proven IT-OT (Operational Technology) Security Convergence Platform at Gartner Security & Risk Management Summit. Now operating in high security environments, the Enterprise Sentry offering meets Gartner’s rigorous definition of Cybersecurity revised to include IT Security, OT Security and Physical Security.

read more

AlertEnterprise™ Demonstrates First Enterprise-Proven IT-OT Security Intelligence Platform at Gartner Security & Risk Management Summit, June 23-25


This entry was posted by on .

Enterprise Sentry™ Delivers Unified Critical Infrastructure Protection across Cyber, OT / SCADA and Physical Security

Enterprise Sentry by AlertEnterprise

National Harbor, MD — June 23, 2014: AlertEnterprise, today, announced the first proven IT-OT (Operational Technology) Security Convergence Platform at Gartner Security & Risk Management Summit. Now operating in high security environments, the Enterprise Sentry offering meets Gartner’s rigorous definition of Cybersecurity revised to include IT Security, OT Security and Physical Security.

read more

Chemical Vulnerability and Anti-Terrorism


This entry was posted by on .

CVI and CFAT information are regulated by DHS and relate to Chemical Vulnerability Information and Chemical Facility Anti-Terrorism. If your company has CVI responsibilities, how are you managing access to the information and assets in your organization by vendors, visitors, technicians, and security staff?

Without a solid visitor management approach, you end up in a situation where people who are knowledgeable of significant vulnerabilities may not have been trained on how to handle that information. Get CVI certified, register all your vendors with this certification, and know how, when, and where they touch your critical CVI.

Chemical Vulnerability Information or CVI is information that is intended to be protected by DHS directive. Companies that handle chemicals, be it for manufacturing, food production, or other purposes, have an obligation to protect this information. With that obligation comes a need for companies to have a way to ensure they can prove that the information is protected, and to follow certain procedures in order to ensure their employees, contractors, and vendors also protect this information.

The first step in dealing with CVI is to cover the basic handling instructions. DHS has provided documents and training to ensure that these practices are carried out in a timely and organized manner. The actual practices are: 

        • Storage of CVI
        • Marking of CVI
        • Transmission of CVI
        • Responsibilities when in transit with CVI
        • Destruction of CVI

The DHS directive in 6CFR S 27.400 (e) (3) indicates that DHS provided CVI Training is necessary and appropriate for anyone who will access, use, store, mark, transmit, mange, or destroy this information. Thankfully, this training is publicly available, free, and not too difficult for individuals to acquire. By going to this link http://www.dhs.gov/training-chemical-terrorism-vulnerability-information, staff, contractors, consultants, or other individuals at your organization can take this training.

These staff members should report to the organization that they have had training, and provide their certification number. That information should be stored, and used to ensure that exposure to this kind of information is managed effectively. If you have new vendors or contractors that visit your site, you should prevent access to areas that will expose this information, or access to the actual assets that are protected, if the individual has not had this training.

Using a tool like the Alert Enterprise Guardian Express and Visitor Management, you can manage visitor access, check your HR systems, or even store certification numbers for staff, ensuring that your CVI is protected. Having a fully audited workflow, individuals can be approved once credentials have been validated, ensuring that you are proactively meeting the CVI and CFAT standards put forth by DHS.

If you would like to better understand how Alert Enterprise can help you to protect your CVI assets, and also manage your overall security posture and risk, please contact us to discuss.

As provided by 6 CFR S 27.400(e) (3), DHS has determined that, except under emergency or exigent circumstances, successful completion of DHS-provided CVI training is a necessary and appropriate condition for any individual’s access to CVI. DHS reserves the right under 6 CFR S 27.400(e)(2) (iii) to require non-disclosure agreements in the future, as appropriate, as a condition for becoming an Authorized User or otherwise obtaining access to CVI. 

From <http://www.dhs.gov/handling-chemical-terrorism-vulnerability-information

read more

Unlock All or Lock All User Accounts in IDM


This entry was posted by on .

How to Enable and Disable User Accounts for Duration to Achieve Better Security

Let us assume there is an employee who has access to critical systems and applications,  but now he is going on leave for 10 days.

lock_unlock_user_accounts_for duration

For all ten days all the user accounts and access levels are enabled for this employee, so there is a chance of risk of unathorized access. Anyone can misuse these access rights / levels as the employee is on leave.

The IDM provides a solution which will automatically disables / locks / scrambles the password for these ten days and the application will automatically Enable / Unlock all the accounts once employee returns from Leave.

read more