Home > Information Security Magazine > Features > Securing Extranets
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Securing Extranets
by Paul Korzeniowski
Issue: Jul 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   NEXT PAGE  >

Model Behavior
A sample partner trust assessment

    Operational Security
  • Has a SAS 70 certification been completed? (Provide copy)
  • Are security operations, policies, procedures and standards in alignment with the ISO 17799 or ISO 27000 series standards?
  • Are security policies, procedures and standards documented? (Provide copies)
  • How are background checks on employees and contractors performed prior to hiring?
  • Describe security training and awareness programs
    Physical Security
  • Describe physical facility and floor area on which services for Sun will be performed
  • Describe controls to address physical security of hardware, software and data communications equipment
  • Describe how network servers and components are secured from unauthorized access, physically and logically
  • Can an agent room, dedicated server room and network be allocated exclusively to support Sun's project requirements?
    System Security
  • Describe patch management processes
  • Describe user identification, authentication and authorization processes
  • How is application and network authentication performed with their customer environment?
  • Describe server hardening methodologies and tools to maintain server security
  • What data exchange needs to happen between Sun and partner to support this project?
  • What data storage will be done at the partner location?
  • How is sensitive data secured during data exchange, at rest and in the backup process?
  • Is Sun's data separated from other customer data held by partner?
  • Describe your data backup and archive procedure
    Network Security
  • Describe network topology, including external connectivity, server locations and physical/logical network partitioning as it matters from the security perspective
  • Provide a topology diagram of the network architecture, including application and database servers infrastructure with network connectivity and data flow
  • Describe your incident response procedures
  • Describe your virus protection procedure
  • Describe your system administration procedure
  • Describe the encryption methodology being used within your network

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts