|
Security Solutions: MA CMR 201 17.00 Explained |
|
 Massachusetts has created a regulation with 12 general requirements of any business doing business with corporations or residents of the state of Massachusetts. Sirius and IBM offer the most advanced and complete security architectures that include managed security services, professional services and integrated products. A dedicated and certified security team at Sirius can help you make sure you can continue doing business with Massachusetts after January 1, 2010 - which is just around the corner.
SECURITY CHALLENGES : MA CMR 201 17.00
Compliance date on or before January 1, 2010
Trusting the user to "do the right thing"
Complexity of encryption solutions
Complexity of networking security (deployment, management, maintenance, monitoring/response)
Deployment of solutions
Assessing the solution: Gap analysis
Maintaining compliance |
How can Sirius and IBM help?
|
| Sirius and IBM ISS provide you with:
Integrated security intelligence
Comprehensive suite of professional security services
Single, integrated view into the network
Platform and service extensibility
Correlation and integration of multiple data sources
Underlying “best-in-breed” appliances
24/7 outsourced security management
Improved system uptime and performance without a large investment in technology or resources
Guaranteed protection services |
Sirius and IBM solutions help you determine the highest security risks you currently have and recommend products and services that can quickly help you increase the security and decrease risk while adhering to necessary compliance regulations and requirements you need to follow.
Engage a Sirius expert:
|
Summary of MA CMR 201 17.03 requirements:
Develop, Implement and Maintain a Comprehensive Written Information Security Program (WISP) consistent with Industry Standards
Designate 1 or more employees to maintain the WISP
Identify and Assess internal and external risks to the confidentiality and integrity of the personal information including:
- Ongoing employee training
- Employee Compliance with Policies & Procedures
- Means for detecting and preventing security failures
Policies for employees to transport, keep or access personal information outside business premises
Disciplinary measures for violating WISP
Dealing with Terminated employees
Dealing with 3rd party and making sure they have the capacity to protect personal information Identify all systems (paper & electronic) that contain personal information
Physical Access Restrictions
Regular Monitoring of WISP
Annual Security Assessment
Develop an Incident Response Strategy and Policy
|
Summary of MA CMR 201 17.04 requirements:
Identity & User Management including Password Management
Secure Access Control
Encryption
- Of data across public networks and specifically anything transmitted wirelessly
- Of data at rest (laptops and other portable devices)
Disciplinary measures for violating WISP
Monitoring of systems
Firewall Protection (Network & End Point)
OS Patches
Malware protection (AV and other malware protection)
Education & Training |
|
|
| |
|
| |
|
|
