Vulnerability Management Program. Bluecore maintains a vulnerability management program aiming to identify and remediate security vulnerabilities within computing systems. This includes regular testing and record of system remediation. Toolsets used to identify vulnerabilities are maintained with up-to-date vulnerability signatures. Results of vulnerability testing are utilized to craft an annual penetration test of systems and networks perceived as high risk, high value, or demonstrating a need for further scrutiny. All newly deployed systems or systems that have experienced a high level of change will be scanned for vulnerabilities prior to production deploy. Highly orchestrated environments with appropriate change control may be exempt from pre-deployment scanning.
Vulnerability Management Program. State Street maintains a vulnerability management program that includes processes for: being made aware of newly announced vulnerabilities; discovering vulnerabilities within the infrastructure and applications; risk rating vulnerabilities consistent with industry standards; and defining timeframes for remediating vulnerabilities (other than medium or low risk vulnerabilities) consistent with industry standards and taking into account any mitigation efforts taken by State Street with respect to such vulnerabilities.
Vulnerability Management Program. Keep operating system(s), Firewalls, Routers, servers, personal computer (laptop and desktop) and all other systems current with appropriate system patches and updates. Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks. Implement and follow current best security practices for Computer Virus detection scanning services and procedures: Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks. If you suspect an actual or potential virus, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated. On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files. Implement and follow current best security practices for computer anti-Spyware scanning services and procedures: Use, implement and maintain a current, commercially available computer anti-Spyware scanning product on all computers, systems and networks. If you suspect actual or potential Spyware, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated. Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers. Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If your company’s computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly. Protect Data Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.) All credit reporting agency data is classified as Confidential and must be secured to this requirement at a minimum. Procedures for transmission, disclosure, storage, destruction and any other informatio...
