πŸŽ„πŸΎ We’ll be spending time with our families from December 24th to January 1st. Wishing you a joyous, safe, and peaceful holiday season, and we look forward to embracing a bright New Year together! β˜ƒοΈ Much love from the TendenciDEV Team πŸΎπŸŽ„

Cyber Security is based on Prevention, Monitoring, and Incident Response

Associations are part of the fabric of society. We take it seriously. And we also understand there are no "perfect" or "completely secure" systems. Not even air-gapped.

Responsible Reporting

At Tendenci we follow the "responsible reporting" method of disclosure. It is the only ethical one.

https://en.wikipedia.org/wiki/Responsible_disclosure

Please email us at helpdesk [at] tendenci [.] com. 

The Current Reality of Cyber Alerts on the Tendenci AWS Cloud

This is what the security alerts on the sites we manage and defend for associations look like. 

To guard our SaaS AMS clients' sites we use redundant systems. These include SSL encryption, application isolation, containers, layers of AWS (Amazon Web Services) VPC, Security Groups, ACLs, Route53 DNS, custom AMIs, virus scanners, malware scanners, pen-testing, auditing, and more. All of these activities generate redundant logs which need to be monitored. To do that we run what is called the "ELK Stack" or now the "Elastic Stack". 

Read Security in the Tendenci SaaS Cloud at AWS 

Network Monitoring with OSSEC Logstash ElasticSearch and Kibana 

Cyber Security starts with Project Management

A Cyber PM, upon initial completion, never ends. It requires constant vigilance. The process of Cyber Security can be further explained as:

  1. Architecture - Start with Security In Mind
    1. Cyber Security evolves. We start with security and outline the right architecture if it is on-premise or in the cloud.
    2. Listening - listening is the first step in communication and with cyber security, it is no different. Gathering objectives and identifying everyone involved in the supply chain helps balance economics as well as identify weak links.
    3. Training - both the client training on their business and our team training them on concepts [discussed in CISSP]. 
    4. Plan for a scalable and manageable solution. Technology - like docker containers in AWS, Google, Rackspace, and IBM clouds all provide scalability while maintaining security.
    5. Patching systems on the fly with minimal downtime
    6. Processes in place for Change Management
    7. Consistency of configuration to the extent that it is possible
    8. Mobile device management
    9. Encryption
  2. Passive Cyber Defense - Systems that are in place
    1. Firewalls (multiple)
    2. Virus Scanners and malware detection
    3. Intrusion Prevention Systems
    4. Intrusion Detection Systems
    5. File integrity monitoring and reporting
  3. Active Cyber Defense
    1. IDS/IPS-controlled dynamic firewalls
    2. Reporting of IP addresses
    3. Analyst review of data
    4. On-going auditing of passive response systems
    5. Pre-emptive measures (e.b. resetting every user's password without advance notice)
  4. Cyber Intelligence Gathering
    1. AI analysis of logs as needed
    2. Handcrafted Rules specific to a client's environment
    3. Shadow sites are used to gather information on the attackers (internal or external)
    4. Honeypot information gathering
    5. Sharing with the InfoSec community
    6. Ongoing training for our team and shared with clients as needed
  5. Response
    1. Response to a Cyber Attack is a careful art. Once the scope is understood we respond appropriately
    2. Legal recourse is an option
    3. We follow all legal requirements of timely disclosure should an event occur
    4. Crisis Communication rules are DIFFERENT for Cyber Security. Consider your actions carefully. 

There are many resources available for cyber security training. We encourage you to look them up and take an active role in keeping your website, company, family, and the country secure from cyber-attacks!  

Tendenci - The Open Source will succeed above all. Make no mistake. As long as we keep security our top priority. 

Thank You. 

 

We Want to Fully Support Your Organization's Success in the Online World

Your Software. Your Data. Your Choice. 

 Give us a Call at (281)497-6567 

 Contact us today!

Tendenci's Facebook Logo   Tendenci's Twitter Tendenci's Youtube   Tendenci's Github Tendenci's Instagram

 

 

Contact us to upgrade to Tendenci

The open source solution chosen by associations around the world.

Want to talk? (281) 497-6567

Sign up for Tendenci - The Open Source AMS

No per user pricing. Unlimited admins.

Demo Now

Have Questions?

Contact us!

Site Search



I agree

Our site saves small pieces of text information (cookies) on your device in order to deliver better experience and for statistical purposes. You can disable the usage of cookies by changing the settings of your browser. By browsing our website without changing the browser settings you grant us permission to store that information on your device. See our Privacy Policy