Loading...
I.T./Technology 2017-07-26T09:40:27+00:00

The worldwide web has made us more interconnected each and every day.  Increased interconnectivity increases vulnerability.  Securing our cyberspace, I.T. infrastructure, operating systems, applications and equipment ensures overall protection for Brown & Joseph and our insurance creditor clients.  Due diligence requires that insurance creditors large and small verify collection vendor’s Cyber Security, Physical Security and Penetration Testing defense mechanisms. Key Priorities for Information Technology.

Protecting threats from Cyber Security – Data breaches are increasing at an alarming rate.  The scope of a data security incident can range from a stolen laptop to a massive breach by overseas hackers and anything in between.

Cyber Security or Information Technology Security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.

  1. Protecting the business critical infrastructure from cyber threats.
  2. Improving our ability to identify and report cyber incidents so that we can respond in a timely manner.
  3. Creating next generation processes that are beyond passwords.

Ensuring Business/Systems Continuity

Network outages, hacking and computer viruses present a serious threat to loss of production to remediate these incidents.

As the number of data network, mobile users and digital applications increase so does the opportunities for security threats to the integrity of information/data.

Brown & Joseph’s System Securities Programs and Protocols are in place and tested vigorously by our Chief Technology Officer to maintain the integrity, confidentiality and security for our insurance customers and our business.

PHYSICAL SECURITY A DEFENSE IN DEPTH TO REIFNFORCE SECURITY THROUGH MULTIPLE CONTROLS

Brown and Joseph maintains the following Security Polices and Procedures

NOTE: Information comes from B&J Security Program Manual

Administrative Safeguards

  1. Security management process to prevent, detect, contain and remedy security violations
  2. Designed Security Officer who develops and administers the data security policy
  3. Information Security Awareness and training is conducted for all appropriate members
  4. Security incident procedures for handling breaches of data security
  5. Business Continuity plans
  6. Business plans tested and evaluated on a periodic basis

Physical Safeguards

  1. Access Controls – security software that denies or permits electronic application or data access such as Security Desk, Monitored Entrances, Door Locks/Card Reader Access Only, Visitor Credentials
  2. Protective Devises – Surveillance Cameras, Fire Detection System, Afterhours Motion Alerts
  3. Flood Management – Water sensor contained in data center
  4. Event Monitoring – Access, admin activities, use of privileged accounts, changes to controls, suspicious patterns of activity, attempts to access sensitive files, rejected attempts at accessing resources, etc. are all monitored

Technical Safeguards

  1. Data integrity managed through security access and controls and with critical business data backed up daily (onsite and maintained offsite)
  2. Secured network and workstation with individual sign ons
  3. Technical Architecture controlled by network and firewalls

Safeguards are controlled, monitored and hardened against accidents, attacks or environmental disasters to ensure business and client data is controlled.

PENETRATION TESTING (PEN-TEST)

Penetration Testing is the process of testing our applications for vulnerabilities.  The purpose of a penetration test is to identify any key weaknesses in our systems and applications, to determine how to best allocate resources to improve the security of our organization as a whole.  In addition to pentesting being regularly performed by our Chief Technology Officer, further pentesting involves a team of skilled hackers.  We purposefully ensure that the hackers do not have access to any source code and ask them to try to gain access to our systems.  Penetration tests are carried out on IP address ranges, individual applications or even by their only using our company name.  Require of all collection vendors to provide you with an External Penetration Test Report.  All of our I.T. security and safeguard certifications are readily available to qualified inquiries.