Cyber Security - Cloud

CIS Software is protected. First and foremost CIS is hosted at Dimension Data in Santa Clara, California. They started in business in 1983 and have locations world-wide. They provide our first level of security for the CIS Platform:

  • Security– End-to-end security services and managed security services for cloud and service delivery platforms Dimension Data is the leading global managed security service provider. Starting with a comprehensive security assessment of clients IT estate and policies, we gain complete visibility into existing and emerging threats and loopholes. With this blueprint, Dimension Data can assist clients with moving workloads from one service platform to cloud services methodically and effectively. Clients leverage Dimension Data’s Security Operations Centre (SoC), best practices for multi-layer security and expertise to proactively monitor and support the ever-changing enterprise security needs globally.
    • Mitigate Risk: Leverages comprehensive assessment for global security blueprint
    • Efficient: Enables proactive monitoring of real-time threat management through one-single pane; no additional hardware needed
    • Expertise: Extends current security expertise with Dimension Data security professionals, and automated processes.

Cyber Security - CIS Application

In addition to the cloud cyber security, we have built the following cyber security features into CIS Software:

(i) Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including  their information systems).

(ii) Limit information system access to the types of transactions and functions that authorized users are permitted to execute. 

(iii) Verify and control/limit connections to and use of external information systems.

(iv) Control information posted or processed on publicly accessible information systems.

(v) Identify information system users, processes acting on behalf of users, or devices.

(vi) Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

(vii) Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.

(viii) Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.

(ix) Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices.  (Note: We keep last login date for all users, but we do not log all activity like how many pages the user visited, in which sequence and how long he stayed on each screen)

(x) Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. 

(xi) Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.

(xii) Identify, report, and correct information and information system flaws in a timely manner.

(xiii) Provide protection from malicious code at appropriate locations within organizational information systems.

(xiv) Update malicious code protection mechanisms when new releases are available.

(xv) We do not perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed because CIS is used by internal users and there is no external data downloaded therefore there is no need to scan.