Skip to content

Resources

Cyber Security Resources - SECaaS Reference Architecture

Click here to download our PDF.

CIS Critical Security Controls

The cyber security resources framework we recommend for those looking to formalize their security program.

  • CSC 1: Inventory and Control of Enterprise Assets
  • CSC 2: Inventory and Control of Software Assets
  • CSC 3: Data Protection
  • CSC 4: Secure and Configuration of Enterprise Assets and Software
  • CSC 5: Account Management
  • CSC 6: Access Control Management
  • CSC 7: Continuous Vulnerability Management
  • CSC 8: Audit Log Management
  • CSC 9: Email and Web Browser Protections
  • CSC 10: Malware Defenses
  • CSC 11: Data Recovery
  • CSC 12: Network Infrastructure Management
  • CSC 13: Network Monitoring and Defense
  • CSC 14: Security Awareness and Skills Training
  • CSC 15: Service Provider Management
  • CSC 16: Application Software Security
  • CSC 17: Incident Response Management
  • CSC 18: Penetration Testing

Zero Trust, Lateral Movement and Other Useful Information

Our Commitment to the General Data Protection Regulation (GDPR)

GDPR, General Data Protection Regulation, is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. We understand that GDPR compliance is a shared responsibility. We are committed to address EU data protection requirements applicable to us as a data processor. These efforts have been critical in our ongoing preparations for the GDPR:

Data processing: Our ability to fulfill our commitments as a data processor to our customers, the data controllers, is a part of our compliance with GDPR where data controllers are using a third-party like us to process personal data. Because of this requirement, Ideal Integrations, Inc. has worked extensively with an independent third party security auditor (Schneider Downs & Co., Inc.) to develop our Master Services Agreement and Information Security Policies and Procedures that contain appropriate provisions for personal data we store.

Third-party audits and certifications: Blue Bastion and Ideal Integrations, Inc. have utilized the SSAE 16/18 framework to achieve SOC 2, Type 2 attestation standards. We maintain this level of review of our controls and processes on a continuous basis to ensure security, availability, processing integrity, confidentiality, and privacy. We are audited annually by an independent third party with the audit covering internal governance, controls, and processes. It evaluates that we have the appropriate controls and processes in place and that they are actively functioning appropriately in accordance with related standards.

Blue Bastion and Ideal Integrations, Inc. are committed to compliance with the GDPR across our security operations center and any parts of our Security-as-a-Service offering when enforcement begins on May 25, 2018. We are currently working on the additional changes that are necessary across the business. Further updates on our progress will be communicated.

Back To Top