Browse
Search
2022-077-E-IT Dept-PUBLIC LIBRARY ASSOCIATION, a divison of the American Library Association-Digital learning
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2020's
>
2022
>
2022-077-E-IT Dept-PUBLIC LIBRARY ASSOCIATION, a divison of the American Library Association-Digital learning
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
2/23/2022 3:05:36 PM
Creation date
2/23/2022 3:00:56 PM
Metadata
Fields
Template:
Contract
Date
2/15/2022
Contract Starting Date
2/15/2022
Contract Ending Date
2/23/2022
Contract Document Type
Contract
Amount
$15,000.00
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
106
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
DocuSign Envelope ID:24BBAFA9-CD81-4144-ACEF-E9036E703739 <br /> the scans are reported to the CTO. The CTO will be responsible for ensuring that all identified <br /> vulnerabilities are remediated to levels acceptable to the Jende Solutions CISO. <br /> • The external assessment will be presented to the Security/IT Steering Committee and Board of <br /> Directors to assist in their understanding of threats and hazards for sensitive information and <br /> systems. <br /> Penetration Testing Methodology <br /> Penetration testing allows for the validation of information obtained from vulnerability and web application <br /> vulnerability scans. The primary focus of penetration testing it to identify legitimate exploits that could <br /> grant an unauthorized user access to the Jende Solutions environment. The groundwork for this test <br /> is/will be based on the methodology of Penetration Testing Execution Standard (PTES — <br /> www.pentest-standard.org) for systems and network and the Web Application Penetration Testing <br /> methodology of OWASP (www.owas.00rg). This is at a high level a four phase process. <br /> 1. Phase one— Reconnaissance <br /> a. Information gathering via vulnerability assessment tools, port scans and OS <br /> fingerprinting. <br /> 2. Phase two—Target prioritization <br /> a. External—Web or application servers, mail, network, DNS <br /> b. Internal—OS patching, database configuration, password security <br /> 3. Phase three— Exploitation <br /> a. Validating that identified threats can be exploited and capturing sufficient evidence as to <br /> allow administrators to effectively implement solutions. <br /> 4. Phase four- Re-testing <br /> a. Once remediation has been completed, each successfully exploited item must be <br /> retested to ensure desired results were achieved. <br /> 23. What are the cloud provider's incident management and reporting policies? <br /> Information collection, processing, storage and sharing are essential for Jende Solutions to deliver <br /> services to its customers. However, that information is also valuable to those who would misuse that data <br /> to cause damage to Jende Solutions, or defraud its customers. Jende Solutions has deployed <br /> administrative, technical and physical controls to protect sensitive company information as well as <br /> customer privacy. However, if controls to protect sensitive data are somehow compromised, Jende <br /> Solutions must have an Incident Response Plan to mitigate damage, investigate the cause and recover <br /> services. The purpose of this policy is to establish guidelines for the development of Jende Solutions's <br /> response to unauthorized network intrusions or other significant information security incidents. <br /> Policy Statement <br /> Incident Response is the final stage in a process that escalates events through an operation review <br /> process to determine if an event was observed on a production processing system could have caused a <br /> breach of the system or compromise of sensitive data. Jende Solutions will appoint an Incident Response <br /> Team (IRT)and maintain a plan to effectively guide response to an incident. <br /> Scope <br /> All employees must report all suspicious actions, activities and incidents to the IT department using the <br /> Incident reporting form. <br /> Standards <br /> Jende Solutions will prepare and maintain an incident response plan that will enable the Incident <br /> Response Team to respond immediately to a system breach or compromise. <br />
The URL can be used to link to this page
Your browser does not support the video tag.