Frequently Asked Questions

Rate this content:
0 of 5 - 0 votes
Thank you for rating this article.

CellStream_Logo_trim_plus_TM_150x40

CellStream, Inc.

Corporate Security Statement/Policy

  

PURPOSE

CellStream, Inc. is committed to meeting the Security requirements of the Telecommunications Industry to insure security of our customer information, our students, and our co-workers.  To that end, we have adopted the following security policies.

OUR EMPLOYEES

This policy applies to all employees of CellStream, Inc. (CSI) and to all others given use of, or having access to, sensitive data.

This policy applies to sensitive data stored, processed and transmitted within or among any and all CSI information systems, whether individually controlled or shared, stand-alone or networked, and all computer systems and communication facilities owned, leased and operated by or on behalf of CSI. This includes, at minimum, networking devices, mainframes, workstations, personal computers, smart phones, telephones, wireless devices and any associated peripheral equipment and software. 

OUR DOCUMENTS

CSI maintains a variety of documents in the course of conducting daily business.  Some of these documents may contain sensitive data or references to information that could provide access to sensitive data. Access to these documents is explicitly restricted to a “need to know” basis, and all unauthorized access or sharing of restricted information may be met with disciplinary and/or legal action. 

OUR NETWORK

Install and Maintain a Firewall Configuration to Protect Data

Use a firewall at each Internet connection point on the company network.

  • We maintain a firewall configuration that denies all traffic from nontrusted networks and hosts, except for those protocols necessary for the secure transmission of data;
  • We maintain a list of network services and ports required for business purposes;
  • We strictly control access to remote systems via username and password limitations.

We do not use Vendor-Supplied Defaults for System Passwords and Other Security Parameters

We prohibit the use of vendor-supplied default settings and remove unnecessary functionality supplied by vendors and prepackaged software solutions that could create a security vulnerability.

  • We always change vendor-supplied default settings before installing a system on the company network, including passwords, simple network management protocol (SNMP) community strings and deletion of unnecessary system accounts;
  • We remove any unnecessary functionality, such as features, scripts, drivers, file systems and unnecessary Web servers 

OUR COMPUTERS

We encrypt Transmission of Data and Sensitive Information Across Public Networks

Transmission of data across open, public networks must be encrypted, including the use of e-mail encryption software by employees. Cryptography is to be applied as defined by the PCI DSS 1.2 Glossary.

We use and Regularly Update Anti-Virus Software 

We use anti-virus software or programs and regular anti-virus signature updates, and document this use.

  • We currently prefer AVAST! but will regularly review what software is used and change if necessary
  • Installed anti-virus programs can detect and protect against other forms of malicious software (malware), including spyware and adware

We Restrict Access to Data to a Need-to-Know Basis

Access to all data must be restricted strictly on a need-to-know basis, limiting access to only those employees who must access the data to perform their job duties. 

  • We install and maintain access controls that restrict computer user access to only those systems and resources required for performing their jobs. 
  • We maintain access logs that show which employees had access to what data, and when, for all computer systems.

We Assign a Unique ID to Each Person With Computer Access

Each person with computer access MUST be assigned a unique account ID with a password known only to that individual.

  • Passwords must changeroutinely.
  • Passwords must be a minimum of 7 characters, containing numeric, alphabetic and special characters.
  • New passwords cannot be the same as previous passwords.
  • If a user tries to log in but is unsuccessful after six attempts, that user account must be automatically locked out for 30 minutes or until a system administrator is contacted to manually unlock the account.
  • We set a computer idle lock out time of 15 minutes and require a password to gain access to the computer again.
  • We remove any inactive accounts.
  • We keep a copy for six months of all employees with computer access.
  • We ensure that no shared accounts and passwords exist on any computer systems. 

OUR DATA

We Protect Stored Data

Stored data must be protected from unauthorized use at all times.

  • We do not allow the display of personal account numbers in full; display of the first six and/or the last four digits is permissible. 

OUR SERVICE PROVIDERS

We closely manage all third-party service providers and partners to ensure that all business conducted on CSI’s behalf is performed to our strict requirements and standards. 

  • All new contracts are reviewed from a security perspective to ensure that services provided by third parties will be rendered in a compliant manner.
  • All existing contracts are reviewed at least annually and updated as needed to ensure that third-party services continue to meet requirements. 
  • Where possible, we conduct an on-site inspection of any potential new third party or partner and document the state of secure data practices. 

OUR SECURITY PROGRAM

We Regularly Test Security Systems and Processes

All CSI systems must be tested quarterly to ensure that security systems and processes are in place and performing as needed. 

  1. Develop and maintain a security-breach-response plan, and test the plan at least
  2. Perform internal and external vulnerability scans of all systems connected to the cardholder data environment, per current requirements.
  3. Ensure that all data is completely destroyed (degauss disks, shred paper) once the data or the medium that the data resides upon is no longer needed for clear business

We Maintain a Policy That Addresses Information Security 

The CSI information security policy is to be reviewed and updated as needed at least annually by CSI management.

  • CSI will train all new employees on data security practices to a level appropriate for their job positions.
  • All employees will receive security awareness training at least annually, and all employees must sign this policy to indicate that the policy is understood and will be abided by. 
  • When an employee moves to a new position within CSI, a review of the employee’s new role and what sensitive data access that the new role requires will be conducted. Access to sensitive data may be granted or revoked based on need-to-know basis according to the new job duties. A background check may also be required for a current employee moving from a role where no access to sensitive data was required to a role that necessitates access to sensitive data. 

Did you learn something?
Did I save you time? 

Buy me a coffeeBuy me a coffee!

Find by Tag

5G Networks 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az ACL Addressing Analysis Ansible Architecture ARP Assessment AToM Backup Bandwidth BGP Biography Bloom's Taxonomy Briefings CBRS CellStream Cellular Central Office Cheat Sheet Chrome Cisco Clock Cloud Computer Consulting CPI Data Center Data Networking Decryption DHCPv4 DHCPv6 Display Filter DNS Documentation ECMP EIGRP Ethernet Ethics Flipping the Certification Model Follow Me Fragmentation Git GNS3 Google GQUIC Hands-On History Home Network HTTPS ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 In A Day Internet IOS Classic IoT IPv4 IPv6 IS-IS L2 Switch L2VPN L3VPN LDP Learning Services Linux LLN Logging LoL M-BGP MAC MAC OSx Macro Microsoft mininet Monitoring Monitor Mode MPLS Multicast Name Resolution Netflow NetMon netsh Networking Network Science nmap Npcap nslookup Online Learning Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX Parrot PIM Ping Policy POTS POTS to Pipes PPP Profile Profiles Programming Project Management PW3E Python QoS QUIC Requirements RIP Routing RPL RSVP Rural SAS SDN Security Self Certification Service Provider Services Sharepoint Small Business Smartport SONET Speed SSH SSL Subnetting T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telephone Telnet Terminal TLS Tools Traceroute Traffic Analysis Traffic Engineering Training Travel Tunnel Utility Video Virtualbox Virtualization Voice VoIP VRF VXLAN Webex Wi-Fi Wi-Fi 6 Wi-Fi 6/6E Windows Wireless Wireless 5G Wireshark Wireshark Tip WLAN ZigBee Zoom

Twitter Feed