Browse
Search
2022-077-E-IT Dept-PUBLIC LIBRARY ASSOCIATION, a divison of the American Library Association-Digital learning
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2020's
>
2022
>
2022-077-E-IT Dept-PUBLIC LIBRARY ASSOCIATION, a divison of the American Library Association-Digital learning
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
2/23/2022 3:05:36 PM
Creation date
2/23/2022 3:00:56 PM
Metadata
Fields
Template:
Contract
Date
2/15/2022
Contract Starting Date
2/15/2022
Contract Ending Date
2/23/2022
Contract Document Type
Contract
Amount
$15,000.00
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
106
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
DocuSign Envelope ID:24BBAFA9-CD81-4144-ACEF-E9036E703739 <br /> • At least once per month, review system access logs and remove any terminated users from the <br /> access control lists. Validate termination lists with Human Resources or the user's supervisor <br /> before removal. <br /> • Ensure vulnerabilities are managed according to the standards of the Network and Systems <br /> Operations Policy. <br /> • Logging must be enabled at the operating system, application\database and system level. All logs <br /> must be sent to their designated central log system. 90 days of logs will be stored in an online <br /> storage in SIEM (Security Information and Event Management) system. At least one year of logs <br /> will be maintained at all times, either online or offline, easily accessible in the event of an incident <br /> for review. <br /> • Ensure that internal and external network vulnerability scans are run at least quarterly and after <br /> any significant change in the network (e.g., new system component installations, changes in <br /> network topology, firewall rule modifications, product upgrades). <br /> • Internal and external vulnerability scans with vulnerabilities will be sent to appropriate teams to <br /> address. Rescans will be performed once remediation work has been completed. This will <br /> continue until a passing results are obtained. <br /> • Conduct periodic "spot checks" of system configurations to ensure standard systems <br /> configuration guidelines are being followed. <br /> • Ensure that penetration tests are conducted according to the standards of the Network and <br /> Systems Operations Policy. <br /> • Ensure that a wireless analyzer is used periodically to identify all wireless devices in use. <br /> • Ensure that all alerts from file integrity monitors and intrusion detection systems are promptly <br /> reviewed. <br /> • Test security controls, limitations, network connections and restrictions routinely to make sure <br /> they can adequately identify or stop any unauthorized access attempts <br /> Internal Audit Testing Methodology <br /> • The designated Jende Solutions internal auditor will perform an annual audit of Information <br /> Technology (IT) systems. The audit will include testing risk management and operational <br /> processes and render a report to the Audit Committee of the Board of Directors regarding the <br /> information security program and overall information systems activities and related operations. <br /> The auditor and the Chief Information Security Officer (CISO) will track all exceptions. The CISO <br /> will prepare a response for any deficiencies identified in the audit report. <br /> • The auditor is charged with responsibility for an annual in-depth review of all network and <br /> information systems activities, related controls, training support, supporting operations and <br /> related policies and procedures, internal reporting systems, and Management's follow-up on <br /> previously cited exceptions. Audit reports will be issued to the Executive Leadership Team, the <br /> Security/IT Steering Committee, and the Jende Solutions Board of Directors. <br /> • This will include internal vulnerability assessment and web application scans being performed at <br /> least quarterly and after any significant changes in the network or applications respectively. <br /> External Vulnerability Assessment and Penetration Testing <br /> • The CISO will supervise an independent assessment for the effectiveness of the Jende Solutions <br /> information security program at least once per year. At a minimum, the assessment should <br /> include evaluating systems security parameters and profiles such as access controls, password <br /> strength, network privileges, system configuration, vulnerability management, security safeguard <br /> implementation, staff training, startup files, and login violations. The CISO is also responsible for <br /> ensuring penetration tests are performed at least annually and after significant infrastructure <br /> changes, application upgrades or modification. <br /> • The CISO will also coordinate all required external vulnerability scans to ensure compliance with <br /> Jende Solutions Policies. The CISO is responsible for ensuring that all vulnerabilities detected in <br />
The URL can be used to link to this page
Your browser does not support the video tag.