| Date |
|
|---|---|
| Time | 1:00PM |
| Duration | 60 mts |
| Location | Zoom |
| Zoom | |
| Attendees | |
| Project/Program | Security Assessment remediation - SAR |
| Project Board | ITS PMO |
| Log Time | |
| OTL | |
| Objective(s) | Review controls on spreadsheet and if time permits, follow-up/update discussions on iPaas Access, GoA vs Qumulo, and Spirion, |
Notes:
| Speaker | Description | Notes |
|---|---|---|
| Ashish | Need for Spiron Implementation | Per Ashish and Ashraf, Mike has authorized for not Implementing Sprion until next year but we need a tool that can cover this until that time. DLP requirement can be met for protection of web access with a firewall. FSX holds sensitive data - Can't be on a desktop. It is already behind a jumpbox. Accessed via SQL. We need to confirm how SQL data is transferred. Can we block physical USB level. You can pull data down via SQL console. You can map your desktop. Should this feature be disabled? Turning off the ability to map will not prevent access. It does DNS lookup.
Louis confirmed this can be done.
|
| Ashish | Blockers | Bring Mike in to discuss next steps regarding blockers RA92/SAR-21 iPaas access control - need to know and least access Classification of the data is a must in order to set the level of security needed.
Login fail attempts certain number or changes in permissions and requests to access sensitive data. When auditing identifies a breach, all should be stopped until it is resolved. Identify risk, mitigate it, accept and document if accepted. |
| Ashish/Achraf | Notes from 10/13 Spreadsheet review meeting | We’ll open any controls that we haven’t looked at and try to resolve them. Select 3 or 4 controls we haven’t discussed and see if we can close them quickly We will have to bring Mike in for those we’re going back and forth We need an SME for tasks not ours Whoever disagrees should go back to Mike to resolve and determine if yes or no for the dead end/wall Add a column for the blocker and outcome of their meetings with Mike Get full definition of status column entries When there is a discussion that the solution isn’t accepted, we should create a task and that gets comments entered that is not being done. Hana – to be able to track action back to user not doable. Create Epic for line item for all but tagged as low, and move tasks created to the appropriate new Epic or creating standard tasks for "Analysis" and tasks that come out of analysis where needed.. Add tags for blockers were needed. |
| Claudio and Rob | Installing Spirion on iPaaS servers | |
| Anjelica | Past Due Tasks |
|
| Anjelica | Next Steps | Keep next weeks meeting and then update series.
|
| All | Time away | Nov 10 thru 15 |
Add Comment