Cybersecurity Controls Assessment

July 22, 2019

DAS is the state’s central administrative agency. It supports state agencies by providing management frameworks and infrastructure for information systems and services, procurement, and other functions. Responsibility for cybersecurity is split between DAS, the Office of the State CIO, and the Enterprise Security Office. This audit assessed critical security controls and the information technology (IT) security management practices at the Department of Administrative Services (DAS). We concluded the agency does not have a security management program that identifies necessary actions to ensure systems are appropriately secure, and lacks basic foundational IT controls for all six cybersecurity controls we reviewed. As a result, DAS systems and data may be at risk for unauthorized use, disclosure, or modification.

Spotlight

Tufin

Tufin is the leader in Security Policy Orchestration, enabling enterprises to centrally manage, visualize and control security policies across hybrid cloud and physical network environments. Tufin serves over 1,700 enterprise customers in industries worldwide – including finance, telecom, energy and utilities, healthcare and pharmaceuticals, retail, education, government, manufacturing and transportation. The award-winning Tufin Orchestration Suite is a complete solution for automatically designing, provisioning, analyzing and auditing network security changes from the application layer down to the network layer. By optimizing security policies, Tufin reduces the attack surface and minimizes disruptions to critical applications; its network-security automation provides enterprises with rapid service delivery, continuous compliance and increased agility.

OTHER WHITEPAPERS
news image

Building a Successful Cloud Infrastructure Security and Compliance Practice

whitePaper | December 28, 2022

Cloud security truly is a team sport that requires strong collaboration between security, IT and line of business teams. The dynamic nature of cloud is forcing information security teams to rethink how they operate and partner with other groups to address emerging security and compliance challenges their organizations face.

Read More
news image

Mid-Year Threat Landscape Report

whitePaper | November 17, 2019

The first half of 2019 brought interesting developments in malware targeting popular operating systems, in hardware and software vulnerabilities affecting consumer and businesses, and in the increased number of attacks aimed at (and even carried out by) IoTs. With the money motive driving the proliferation of malware, cybercriminals are nothing if not resourceful when developing new malware strands or coming up with more successful attack vectors. The number of malware samples roaming the internet is about to reach the 1 billion1 milestone.

Read More
news image

Madcap Central Security Whitepaper

whitePaper | February 8, 2023

MadCap Central leverages the security, power, and flexibility of the cloud to mitigate or eliminate many of the technical hurdles faced by both content creators and information technology professionals. The overhead traditionally associated with managing complex systems can hinder the ability to create content and deliver content efficiently. The goal of this document is to provide a high-level overview of the ways that Central addresses these challenges.

Read More
news image

Security Whitepaper

whitePaper | October 5, 2022

AutodeskConstruction Cloud®is a cloud-baseddesign andconstruction project management platformdesigned to improve performance across a project’s lifecycle. As a secure,cloud-based platform, Autodesk Construction Cloudoffers the benefits of collaboration in the design and construction spacewhile safeguarding customer data. Autodesk Construction Cloudis designed and built using best-in-class cloud software practices and powered by Amazon Web Services (AWS), the world’s leader in cloud infrastructure. We havedesigned our services to be scalable and secure, thus providing our customers with a resilient and safeapplication. We know our customers’business is relying on us and we take that responsibility seriously.DocumentPurposeand ScopeThe purpose of this document is to outline Autodesk Construction Cloudoperations, software development,and security measures implemented in theenvironment.WHAT IS INCLUDED:The scope of this whitepaper includes all modules and services in AutodeskDocs, Autodesk Build(including PlanGridBuild), Autodesk Takeoff, Autodesk BIM Collaborate and Autodesk BIM Collaborate Pro (including Revit®Cloud Worksharing, Collaboration for Civil 3D®, and Collaboration for Plant 3D®).WHAT IS EXCLUDED:The scope of this whitepaper excludesthe following: Assemble, BuildingConnected, Pype,ACCConnect,BIM 360 Field, BIM 360 Glue, BIM 360 Plan, BIM 360 Ops, and BIM 360 Team. For more information on security practices for Autodesk products, visit theAutodesk Trust Center.

Read More
news image

Global Threat Landscape Report A Semiannual Report by FortiGuard Labs

whitePaper | August 16, 2022

Another half-year through unprecedented times has passed. But as unique as these times may feel, we continue to see familiar exploits, names, and attacks taking up space. To help you and your business feel confident in your ability to protect yourself against the threats that continue to come our way, this report looks back on the cyber threat landscape of the first half of 2022 using our global array of sensors monitored by FortiGuard Labs. Here’s what we learned:

Read More
news image

The Trellix Approach to Effective Cloud Security

whitePaper | October 27, 2022

In many ways, the cloud1 is more secure than a traditional data center. Asset management, inventory, audit logging, two-factor access controls, connectivity redundancy and firewalls are built into the cloud provider platform. Servers are easier to patch and won’t become outdated within a few years; there aren’t any forgotten boxes sitting in a dark corner with a note reading, “DO NOT TURN OFF.” However, assets on the cloud continue to be compromised, just as those stored in traditional data centers.

Read More

Spotlight

Tufin

Tufin is the leader in Security Policy Orchestration, enabling enterprises to centrally manage, visualize and control security policies across hybrid cloud and physical network environments. Tufin serves over 1,700 enterprise customers in industries worldwide – including finance, telecom, energy and utilities, healthcare and pharmaceuticals, retail, education, government, manufacturing and transportation. The award-winning Tufin Orchestration Suite is a complete solution for automatically designing, provisioning, analyzing and auditing network security changes from the application layer down to the network layer. By optimizing security policies, Tufin reduces the attack surface and minimizes disruptions to critical applications; its network-security automation provides enterprises with rapid service delivery, continuous compliance and increased agility.

Events