Security is the primary concern when dealing with private and sensitive information over the Internet. Our approach to security is to "deny all except that which is specifically allowed". This concept is implemented throughout our Security Model, which we consider to be an ongoing process.
The security management process continuously has to improve itself. New solutions, new technologies, new personnel, new procedures, and neglect - all create new possibilities for attackers to get around security solutions installed.
Our Security Model includes the following Application Level measures:
- Deny all except that which is specifically allowed
- A password policy appropriate for the user. For example, an administrator that has access to sensitive information will have a more stringent policy than a family member.
- Password policy includes enforced minimum length, alphanumeric requirements, lockout after a specific number of failed attempts, and expiration after certain # of days.
- Encrypted authentication logons and passwords for every user.
- A hierarchy approach to assigning permissions to Diocesan and Parish staff members.
- All data read and write permissions are applied modularly.
- Family logon permissions include head of household and each family member.
- Automatic session logout after a defined period of time.
- As our ongoing security process dictates, additional measures will be applied
Our Security Model includes the following Infrastructure Level measures:
- Deny all except that which is specifically allowed
- Component redundancy/fall back for all services
- Dual service access and load balancing
- Alternative network routing
- Disk RAID configurations
- Alternate power supplies
- Secure physical facilities
- 24 X 7 access and monitoring
- Daily backups
- Off-site warm server
- Daily monitoring of critical updates and software patches
- Daily monitoring of hardware performance and capacities
- As our ongoing security process dictates, additional measures will be applied
Risk Analysis
Security Management is intended to assure the safeguarding of information. More specifically, the value of the information has to be protected. This value is determined in terms of:
- Confidentiality - Protecting sensitive information from unauthorized disclosure or intelligible interception.
- Integrity - Safeguarding the accuracy and completeness of information and software.
- Availability - Ensuring that information solutions are available when required.
Protecting the value of information costs money; not protecting it also costs money. To determine the level of protection, security measures need to be explicit. Therefore, effective security management depends on accurate risk analysis, so that the knowledge of the impact of risks and the costs of avoidance is understood properly. Risks are an inevitable feature of life, but only manageable risks should be permitted. Security management is concerned with those activities that are required to maintain the risks at manageable proportions.
As a minimum, the following risk assessment activities are performed:
- Identify security risks, such as security risks to particular IT service components (assets) that support the delivery process. Typical risks include:
- Breach of privacy of customers or users (such as personal profiles, donations, account data, credit card information)
- Breach of anonymity (information about the sources of anonymous information, such as passwords)
- Breach of verifiability (such as not having the possibility of verifying that the information being used is secure)
- Loss of customer data or loss of integrity to data
- Viruses (such as "Code Red" and "I Love You")
- Physical sabotage (such as stealing of equipment, intentional damaging of facilities)
- Equipment failures
- Classify security threat and vulnerability levels—each of the identified threats is assessed. The assets involved get a security classification based on confidentiality, integrity, and availability.
- Confidentiality
- Essential—Customer business interests would be severely damaged if accessed by unauthorized parties (such as strategic information)
- Important—Data only accessible by those directly involved (account information, financial records)
- Necessary—Data only to be seen by particular group
- Unnecessary—The information may be published
- Integrity
- Essential—Customer business process demands error-free information
- Important—A very small number of detectable errors is permitted
- Necessary—Customer business processes tolerate some error
- Unnecessary—No extra integrity protection required
- Availability
- Essential—Only out of mission critical operations (such as contingencies)
- Important—Hardly any downtime during opening hours (high availability)
- Necessary—Occasional downtime acceptable
- Unnecessary—No guarantees required (free Internet access)
- Qualitative measurements are then applied after assessing the levels of security risk, and the overall risk can then be measured.
With an ongoing security management process, and
the security measures that we have already implemented, ACS is
confident that our application and infrastructure measures will
significantly reduce the risk to the confidentiality, integrity,
and availability of your information.Contingency Planning and Disaster Recovery
The primary objective of our contingency planning solution is to be able to fully reproduce the complete application at an alternative location using standby equipment with current application software, data backups, and SQL Server log shipping.
Contingency Model
- Apply Security Model and Risk Analysis
- Perform daily application and data backups and store offsite
- Implement SQL Server log shipping - designed to provide a means of backup and to ensure redundant protection if a system failure occurs. Log shipping works by continually backing up and restoring database logs to another standby, or "warm", SQL Server every 3 hours.
- Maintain a “warm”, ready to run, application and SQL server at an alternate location.
- Maintain an alternate Internet access point at the alternate location.
- Documented Disaster Recovery Procedures
- Clear procedures and communication channels for coordination of activity during execution of a contingency plan
- Staff training for critical recovery procedures
- Perform periodic test procedures at least quarterly
|
|
