Security


 Software and Data Security Program

Goals

  1. Full backup of the work environment to lessen the impact of computer and disk failures and to provide continuity during weather related issues, such as power outages.
  2. Development environment that tracks and can recover all historical versions of the released software.
  3. Protection of customer supplied information.   Both proprietary and non-proprietary information should be protected from destruction, loss, unauthorized access or alteration.

Risks

  1. Extended power or network outage due to weather.
  2. Hardware failure.
  3. Data corruption.
  4. Interception/misdirection of electronically transmitted data.
  5. Interception/misdirection of physical discs or documents.
  6. Viruses/Malware.
  7. Physical intrusion or theft

Backup and Security Measures

  1. Redundancy of work environment.   Multiple computers with full development environments are maintained, on both desktops and laptops.  A backup generator is available and cellular network hotspots can be used when wired internet access is unavailable.
  2. Automated backups.  A full mirror image of the primary work computer is made daily to a local external drive.  Carbonite network backup of most working (non-system) folders using default encryption is used for continuous offsite backup.  Spider Oak ‘Zero-Knowledge’ encrypted backups is used for critical information with higher security requirements.
  3. At the completion of projects and major software updates, source code, work product and documentation is burned to CDs and stored offsite in a bank safety deposit box. Prior to long term offsite storage, work in progress is periodically written to removable media, CD or thumb drive, and stored in one of two fire safes.
  4. The fire, smoke and intrusion detection and alarm system is monitored by ADT Security Systems.
  5. Microsoft Visual Source Safe is used for version control of all software developed and released. Historical data in the current work set goes back to February, 1997.  Older information is available on CDs stored off-site. Other version control software is available and has been used, but MSVSS has the longest history for the most projects.
  6. The local area network is behind a router based firewall so that individual machines are not visible on the internet.  Each machine, desktop and portable, runs ESET Smart Security with automatic signature updates with all computer, network, web and email options enabled for maximum protection.  This software provides a personal firewall when a portable machine is offsite.
  7. Wireless access to the network is only available through secure connections using the WPA2-PSK [AES] security protocol.
  8. The primary email server is a shared commercial server. The default client used is Microsoft Outlook 2010.  If information sent by email requires security, it can be encrypted to my PGP/GnuPG public key which can be found and downloaded using Key ID: EF4077A1. (Fingerprint: EDA0 A181 D0F6 ADE9 DAE4  EC38 C53F CD89 EF40 77A1)
  9. Encryption software is used to create and maintain encrypted folders or volumes which can be on local hard drives, network drives or removable media.  This is most frequently used for thumb drives when transporting source code or customer information while traveling.  It is also used for local storage to create a virtual volume containing a project that may move to and be accessed on a portable computer.