Discuto - Make decisions better
Discuto is Loading your document from Drive

It can take a while depending on the size of the document..please wait

Discuto is submitting your document

It might take a while depending on the size of the document you uploaded..

Discuto is creating your discussion

Please do not close this window.

Discuto is submitting your comment

Did you know you can vote on comments? You can also reply directly to people's comments.

Your invites are being queued for sending

This might take some time depending on the number of invites, please do not close this window.

Discuto

Discuto

TELUS Security Architecture- Attivio.docx

1
0
0
  • ending
  • 12 Feb
Follow discussion
Starting: 13 Jan Ending

0 days left (ends 12 Feb)

Go to discussion, participate and give your opinion

description

Further info

LATEST ACTIVITY

LEVEL OF AGREEMENT

    • 0%
    • (0 positive votes)
    • 0%
    • (0 negative votes)
  • 0 votes in total
  • Most voted: 0
  • Most commented: 0
  • Most controversial: 0
  • Already decided: 0
  • In voting: 0
  • Supported: 0
  • My contributions: 0

MOST DISCUSSED PARAGRAPHS

No activity yet

LATEST COMMENTS

No activity yet

MOST ACTIVE USERS

No activity yet
Status: Closed
Privacy: Public
Author: Angela Ross
Contact administrator

CONTRIBUTORS (1)

Share:
_

P1

TELUS Security Architecture - Attivio
You agreeCan't vote

Add comment

4.1 The following authentication methods are used across the solution:
("one time password" includestechnologies such as SecurID and CryptoCard)

N/A Resource is accessed Resource is accessed without authentication

(If Resource is accessed) User-to-Application:

Username & password

Public/private key (SSH/SFTP)

Security token (smartcard / one-time-password / USB token)

Software Digital Certificate

(If Resource is accessed) Application-to-Application:

Public/private key (SSH/SFTP)

SAML (web service)

EJB domain trust (J2EE)

Server-to-server two-way SSL

Encrypted token

4.2 Authentication credentials are stored:

N/A Applicable

(If Applicable) Stored:

TELUS AD/LDAP

Proprietary app LDAP

Database table

Configuration file (OS)

Application source code

OS/app certificate store

(If Applicable) Credentials are protected by:

Hash

Encryption AES256 or 3DES162

Other encryption or hash (specify)

Unencrypted or not-hashed

4.3. Authentication credentials are transmitted:
N/A Encrypted Unencrypted/not-hashed

(If Encrypted) Encrypted via:

HTTPS (SSL)

SSH

LDAPS

(If Encrypted) Hashed via:

Kerberos

CRAM-MD5

Other (specify)

4.5. Authorization rules (who has access to what) are stored in:

N/A Applicable

TELUS Enterprise Integrated:

RBAC/TMPROF

AD/LDAP

OS-Level Permissions

(If Applicable) Proprietary ie; not integrated:

Configuration File

Database

LDAP/Other directory

4.11. Application user management:

N/A (No user management) Applicable

(If applicable)
Managed via TELUS AD/LDAP/CADMUS

Proprietary

(If applicable) Account Management logs the following:

ACTION: Create user

ACTION: Change user

ACTION: Delete user

ACTION: Disable user

DETAILS: User ID, performing action

DETAILS: Real source IP address

DETAILS: Timestamp

DETAILS: Account ID affected

DETAILS: Action on the account

4.12. Application-level logrecords actions on data.The logcaptures the following actions:

N/A Applicable

(If applicable) Application Logs the following:

Read/View Data

Create/Append Data

Change Existing Data

Delete Data

User ID

Real source IP address

Timestamp

Object/data record ID affected

Action on the object

4.13. Logs are retained:

For detailed standard retention by type of log, check retention policy

N/A Applicable

(If applicable) Online logs retained:

(years/days)

(If applicable) Archived logs retained:

(years/days)

(If applicable) Confidential / Restricted data stored in logs:

App-level record delete/overwrite

OS-level file delete/overwrite

Dedicated tool for data wiping

(If applicable) Data is never deleted:

Yes

P2

4.14. Logs establish non-repudiation:
You agreeCan't vote

Add comment

P3

Non-repudiation associates actions to a individual users. Logs are useful in the event of malicious activity - the purpose being to determine who/what/when. If your logs do not have enough information to tie actions (viewing sensitive information,making changes)to individuals (user ID, IP address) at a specific time (timestamp), then they do not establish non-repudiation.
You agreeCan't vote

Add comment

N/A Yes No (Logs do not identify who/what/when)