Overview

Maintaining system integrity and security is a top priority at CU*Answers. Significant effort is made in establishing and maintaining a secure infrastructure. While no network can be made completely secure, ample defenses deployed and layered properly should provide adequate protection.

Independent Auditing

Our networks, systems, and security procedures and policies are regularly audited by independent auditors, and our datacenter is SSAE 16 approved. Our disaster recovery plans have been independently audited and approved by an industry-leading disaster recovery and business continuity firm. Additionally, regular spot audits using industry standard tools are performed against systems, networks, and personnel to ensure established security procedures are being followed.

Network Defense

No one step can keep or make a network secure. Therefore we implement security in a layered approach which includes at least the following:

1. Secure network architecture designed by security experts
2. Systems segregated by task
3. Controlled physical access to the data center and systems
4. Controlled network access to all systems by enterprise-grade firewall and router systems
5. Technical filters control all outgoing and incoming network traffic to help prevent unauthorized use
6. Securing of the underlying operating system against known or possible attack by using the manufacturer’s best practice recommendations
7. Disabling or removing all unnecessary applications and services
8. Security review of applications for known vulnerabilities and configuration errors
9. Host-based intrusion detection; all access to the host system is logged and reviewed daily
10. Systems are regularly patched and kept up to date with the latest software updates
11. Network-based intrusion detection alerts administrators to attacks
12. Network-based intrusion prevention thwarts certain known attacks
13. Anti-virus systems scan network, host, and PC traffic and content in real time for virus activity. Pattern files are updated hourly.
14. A proactively trained and alert staff on the latest security vulnerabilities and responses.

Training

People are the closest security layer to the data, and social engineering attacks have historically been the most effective way to compromise networks. Therefore, technical and non-technical staff is regularly trained on the latest security techniques and procedures and social engineering tactics and defenses.

Data Archival

All systems are protected by a comprehensive online backup strategy that includes daily data archival to tape which is rotated off site to a secure storage facility. Additionally, in certain segments backups to online NAS devices ensure backup data is highly available.

Redundant Highly Available Systems

Core network devices are made highly available through redundant load sharing and hot standby hardware as well as redundant network architecture including fiber optic and gigabit technology.