What you need to know
SkyCab utilizes various monitoring tools to log and evaluate potential security events.
Systems record specific events which are recorded locally to log files, and then sent to the SIEM tool for aggregation and analysis. At a minimum, all access to customer data is logged. Log file data is currently retained for 90 days.
Intrusion detection and prevention (IDS/IPS) tools are in place to prevent unauthorized access and to detect access attempts. Event triggers are in place to notify the security group of specific events related to IDS/IPS.
Endpoint monitoring is in place to monitor individual laptop and desktop computers for compliance with password, timeout, and hard drive encryption.
A third party performs annual network penetration testing, and quarterly application layer penetration tests to validate security and protect against vulnerabilities.
Daily application security scanning and weekly network layer scanning takes place to validate that systems and public facing web pages are secure.
Comments
0 comments
Please sign in to leave a comment.