Security - Client Security Report Card

From All n One's bxp software Wixi

Jump to: navigation, search

1 Overview

People around the world remember, sometimes fondly, sometimes with dread, a report card coming in from school. Whilst not always a perfect way of measuring a person, a good way of giving a quick overview compared to peers of performance.


Security reportcard.jpeg

http://findingschools.blogspot.ie/2009/11/report-cards-from-around-world.html


bxp's Security department performs a quality check of your operation once a month with three main headings in mind. Security, Infrastructure and Communications. Under these headings there are a number of areas within bxp that are within the control of the System Champions that should be considered regularly.


There are also processes and procedures that the bxp team itself must check and perform on your behalf regularly.


This document explains a report card, its sections and the remedial actions and options you have available.

2 The Card

Generated as an email, this report is communicated at semi regular intervals through your Business Development contact.


- sample card to go here -


3 Explanations

3.1 Security - System Access

3.1.1 Password Strength

3.1.2 Last Logins

3.1.3 System Champion access

3.1.4 Locked out accounts

3.1.5 Failed Login Attempts

3.1.6 IP Restricted

3.2 Security - System Settings

3.2.1 Username presentation

3.2.2 IP Security used

3.2.3 Boolean password matching

3.2.4 Security messages hardened

3.2.5 Password recovery strategy

3.2.6 Force password complexity

3.2.7 Password change period

3.3 Infrastructure - Maintenance

3.3.1 Black Hamsters

3.3.2 Redundant Forms

3.3.3 System Champion details

3.3.4 HR Champion details

3.3.5 Security Champion details

3.3.6 User email addresses

3.4 Communications

3.4.1 Client Dashboard Report accessed

3.4.2 bxperiences logged

3.4.3 Security events acknowledged

3.5 bxp Team Actions

3.5.1 Infrastructure - Maintenance Run

3.5.2 Infrastructure - Slow log review implemented

3.5.3 Bus Dev - Client Dashboard details up to date

3.5.4 Bus Dev - bxperiences actioned

3.5.5 Bus Dev - Champions on newsletter

3.5.6 Bus Dev - Contact within month

3.5.7 Security - Failed email review

3.5.8 Security - Failed SMS review

3.5.9 Security - Failed SFTP access review

3.5.10 Security - Green hamster review