Vulnerability Monitoring Sample Clauses

Vulnerability Monitoring. Zoommust continuously gather information and analyze vulnerabilities in light of existing and emerging threats and actual attacks. Processes must include vulnerability scans, anti-malware, Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS), logging and security information and event management analysis and correlation.
AutoNDA by SimpleDocs
Vulnerability Monitoring. 18.1 Zoom must continuously gather information and analyze vulnerabilities in light of existing and emerging threats and actual attacks. Processes must include vulnerability scans, anti- malware, Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS), logging and security information and event management analysis and correlation. 18.2 Vulnerability Scanning and Issue Resolution. Vulnerability scans (authenticated and unauthenticated) and penetration tests must be performed against internal and external networks and applications periodically and prior to system provisioning for production systems that process, store or transmit Customer Content.
Vulnerability Monitoring. 7.1 CyberGRX continuously gathers and analyzes information regarding new and existing threats and vulnerabilities, actual attacks on the institution or others, and the effectiveness of the existing security controls. Monitoring controls include related policy and procedure, virus and malicious code, intrusion prevention and detection, and event and state monitoring. Related logging process provides an effective control to highlight and investigate security events. 7.2 Penetration testing of the internal/external networks and/or specific hosts is performed at least annually. The tests are performed externally by reputable external organizations. Customer environments are covered as part of the test scope. 7.3 Automated vulnerability scans of any assets deployed in the CyberGRX environment containing CyberGRX Confidential Information is performed periodically to identify, mitigate, and remediate any vulnerabilities. Assets include any servers, applications, endpoint desktops, laptops, and network devices. 7.4 All issues identified from the penetration tests and vulnerability scans rated as critical, high, or medium risks are evaluated and remediated within appropriate timelines. 7.5 Servers, workstations, and internet gateway devices are updated periodically with latest antivirus definitions that include zero day anti-malware protection. Defined procedure highlights all anti-virus updates. Anti-virus tools are configured to run daily or weekly scans, virus detection, real time file write activity, and signature files updates. Laptops and remote users are covered under virus protection. 7.6 Security events are logged (log files), monitored (appropriate individuals) and addressed (timely action documented and performed). Network components, workstations, applications, and any monitoring tools are enabled to monitor user activity. Organizational responsibilities for responding to events are defined.
Vulnerability Monitoring. 7.1 CyberGRX continuously gathers and analyzes information regarding new and existing threats and vulnerabilities, actual attacks on the institution or others, and the effectiveness of the existing security controls. Monitoring controls include related policy and procedure, virus and malicious code, intrusion prevention and detection, and event and state monitoring. Related logging process provides an effective control to highlight and investigate security events. 7.2 Penetration testing of the internal/external networks and/or specific hosts is performed at least annually. The tests are performed externally by reputable external organizations. 7.3 Automated vulnerability scans of any assets deployed in the CyberGRX environment containing CyberGRX Confidential Information is performed periodically to identify, mitigate, and remediate any vulnerabilities. Assets include any servers, applications, endpoint desktops, laptops, and network devices. 7.4 All issues identified from the penetration tests and vulnerability scans rated as critical, high, or medium risks are evaluated and remediated within appropriate timelines. 7.5 Servers, workstations, and internet gateway devices are updated periodically with latest antivirus definitions that include zero day anti-malware protection. Defined procedure highlights all anti-virus updates. Anti-virus tools are configured to run daily or weekly scans, virus detection, real time file write activity, and signature files updates. Laptops and remote users are covered under virus protection. 7.6 Security events are logged (log files), monitored (appropriate individuals) and addressed (timely action documented and performed). Network components, workstations, applications, and any monitoring tools are enabled to monitor user activity. Organizational responsibilities for responding to events are defined.
Vulnerability Monitoring. ASCI continuously gather and analyze information regarding new and existing threats and vulner- abilities, actual attacks on the institution or others, and the effectiveness of the existing security controls. Daily intrusion and vulnerability detection services are provided by Qualys. Monitoring controls include related policy and procedure, virus and malicious code, intrusion detection, and event and state monitoring. Related logging process provides an effective control to highlight and investigate security events.

Related to Vulnerability Monitoring

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.

  • SERVICE MONITORING, ANALYSES AND ORACLE SOFTWARE 11.1 We continuously monitor the Services to facilitate Oracle’s operation of the Services; to help resolve Your service requests; to detect and address threats to the functionality, security, integrity, and availability of the Services as well as any content, data, or applications in the Services; and to detect and address illegal acts or violations of the Acceptable Use Policy. Oracle monitoring tools do not collect or store any of Your Content residing in the Services, except as needed for such purposes. Oracle does not monitor, and does not address issues with, non-Oracle software provided by You or any of Your Users that is stored in, or run on or through, the Services. Information collected by Oracle monitoring tools (excluding Your Content) may also be used to assist in managing Oracle’s product and service portfolio, to help Oracle address deficiencies in its product and service offerings, and for license management purposes. 11.2 We may (i) compile statistical and other information related to the performance, operation and use of the Services, and (ii) use data from the Services in aggregated form for security and operations management, to create statistical analyses, and for research and development purposes (clauses i and ii are collectively referred to as “Service Analyses”). We may make Service Analyses publicly available; however, Service Analyses will not incorporate Your Content, Personal Data or Confidential Information in a form that could serve to identify You or any individual. We retain all intellectual property rights in Service Analyses. 11.3 We may provide You with the ability to obtain certain Oracle Software (as defined below) for use with the Services. If we provide Oracle Software to You and do not specify separate terms for such software, then such Oracle Software is provided as part of the Services and You have the non-exclusive, worldwide, limited right to use such Oracle Software, subject to the terms of this Agreement and Your order (except for separately licensed elements of the Oracle Software, which separately licensed elements are governed by the applicable separate terms), solely to facilitate Your use of the Services. You may allow Your Users to use the Oracle Software for this purpose, and You are responsible for their compliance with the license terms. Your right to use any Oracle Software will terminate upon the earlier of our notice (by web posting or otherwise) or the end of the Services associated with the Oracle Software. Notwithstanding the foregoing, if Oracle Software is licensed to You under separate terms, then Your use of such software is governed by the separate terms. Your right to use any part of the Oracle Software that is licensed under the separate terms is not restricted in any way by this Agreement.

  • Monitoring In each case in which the Foreign Custody Manager maintains Foreign Assets with an Eligible Foreign Custodian selected by the Foreign Custody Manager, the Foreign Custody Manager shall establish a system to monitor (i) the appropriateness of maintaining the Foreign Assets with such Eligible Foreign Custodian and (ii) the contract governing the custody arrangements established by the Foreign Custody Manager with the Eligible Foreign Custodian. In the event the Foreign Custody Manager determines that the custody arrangements with an Eligible Foreign Custodian it has selected are no longer appropriate, the Foreign Custody Manager shall notify the Board in accordance with Section 3.2.5 hereunder.

  • Searchability Offering searchability capabilities on the Directory Services is optional but if offered by the Registry Operator it shall comply with the specification described in this section. 1.10.1 Registry Operator will offer searchability on the web-­‐based Directory Service. 1.10.2 Registry Operator will offer partial match capabilities, at least, on the following fields: domain name, contacts and registrant’s name, and contact and registrant’s postal address, including all the sub-­‐fields described in EPP (e.g., street, city, state or province, etc.). 1.10.3 Registry Operator will offer exact-­‐match capabilities, at least, on the following fields: registrar id, name server name, and name server’s IP address (only applies to IP addresses stored by the registry, i.e., glue records). 1.10.4 Registry Operator will offer Boolean search capabilities supporting, at least, the following logical operators to join a set of search criteria: AND, OR, NOT. 1.10.5 Search results will include domain names matching the search criteria. 1.10.6 Registry Operator will: 1) implement appropriate measures to avoid abuse of this feature (e.g., permitting access only to legitimate authorized users); and 2) ensure the feature is in compliance with any applicable privacy laws or policies.

  • Safeguarding and Protecting Children and Vulnerable Adults The Supplier will comply with all applicable legislation and codes of practice, including, where applicable, all legislation and statutory guidance relevant to the safeguarding and protection of children and vulnerable adults and with the British Council’s Child Protection Policy, as notified to the Supplier and amended from time to time, which the Supplier acknowledges may include submitting to a check by the UK Disclosure & Barring Service (DBS) or the equivalent local service; in addition, the Supplier will ensure that, where it engages any other party to supply any of the Services under this Agreement, that that party will also comply with the same requirements as if they were a party to this Agreement.

  • Compliance Monitoring Grantee must be subject to compliance monitoring during the period of performance in which funds are Expended and up to three years following the closeout of all funds. In order to assure that the program can be adequately monitored, the following is required of Grantee: a. Grantee must maintain a financial tracking system provided by Florida Housing that ensures that CRF funds are Expended in accordance with the requirements in this Agreement. b. Grantee must maintain records on all awards to Eligible Persons or Households. These records must include, but are not limited to: i. Proof of income compliance (documentation from submission month, including but not limited to paystub, Florida unemployment statement, social security and/or disability statement, etc.); ii. Lease; and iii. Documentation of rental assistance payments made.

  • Sustainability (12 /18) Pursuant to the City’s Sustainable City Principles, which direct City Bureaus to pursue long-term social equity, environmental quality, and economic vitality through innovative and traditional mechanisms, Contractor is encouraged to incorporate these Principles into its scope of work with the City wherever possible. Therefore, in accordance with the Principles and the City's Sustainable Procurement Policy, it is the policy of the City of Portland to encourage the use of Products or Services that help to minimize the human health and environmental impacts of City operations. Contractor is encouraged to incorporate environmentally preferable Products or Services into its work performance wherever possible. "Environmentally preferable" means Products or Services that have a lesser or reduced effect on human health and the environment when compared with competing products or services that serve the same purpose. This comparison may consider raw materials acquisition, production, manufacturing, packaging, distribution, reuse, operation, maintenance, or disposal of the Product or Service.

  • Evaluation, Testing, and Monitoring 1. The System Agency may review, test, evaluate and monitor Grantee’s Products and services, as well as associated documentation and technical support for compliance with the Accessibility Standards. Review, testing, evaluation and monitoring may be conducted before and after the award of a contract. Testing and monitoring may include user acceptance testing. Neither the review, testing (including acceptance testing), evaluation or monitoring of any Product or service, nor the absence of review, testing, evaluation or monitoring, will result in a waiver of the State’s right to contest the Grantee’s assertion of compliance with the Accessibility Standards. 2. Grantee agrees to cooperate fully and provide the System Agency and its representatives timely access to Products, records, and other items and information needed to conduct such review, evaluation, testing, and monitoring.

  • Screening After you sign and date the consent document, you will begin screening. The purpose of the screening is to find out if you meet all of the requirements to take part in the study. Procedures that will be completed during the study (including screening) are described below. If you do not meet the requirements, you will not be able to take part in the study. The study investigator or study staff will explain why. As part of screening, you must complete all of the items listed below: • Give your race, age, gender, and ethnicity • Give your medical history o You must review and confirm the information in your medical history questionnaire • Give your drug, alcohol, and tobacco use history • Give your past and current medication and treatment history. This includes any over-the-counter or prescription drugs, such as vitamins, dietary supplements, or herbal supplements, taken in the past 28 days • Height and weight will be measured • Physical exam will be done • Electrocardiogram (ECG) will be collected. An ECG measures the electrical activity of the heart • You may be tested for COVID-19 o Blood tests for human immunodeficiency virus (HIV), hepatitis B, and hepatitis C o Blood tests to see how your blood clots ▪ Fibrinogen ▪ PT/INR/aPTT o Blood tests for amylase and lipase (enzymes that help with digestion, Part B only) o Blood tests for a lipid (fats) panel (Part B only) ▪ Total cholesterol ▪ Triglycerides ▪ HDL ▪ Direct HDL o Blood tests to check your thyroid function (Part B and Part C only) ▪ TSH ▪ Free T4 o Urine to test for drugs of abuse (illegal and prescription) o Urine tests to check your albumin/ creatinine ratio o Females who have not had a period for at least 12 months in a row will have a blood hormone test to confirm they cannot have children • The study investigator may decide to do an alcohol breath test • The use of proper birth control will be reviewed (males only) • You will be asked “How do you feel?” HIV, hepatitis B, and hepatitis C will be tested at screening. If anyone is exposed to your blood during the study, you will have these tests done again. If you have a positive test, you cannot be in or remain in the study. HIV is the virus that causes acquired immunodeficiency syndrome (AIDS). If your HIV test is positive, you will be told about the results. It may take weeks or months after being infected with HIV for the test to be positive. The HIV test is not always right. Having certain infections or positive test results may have to be reported to the State Department of Health. This includes results for HIV, hepatitis, and other infections. If you have any questions about what information is required to be reported, please ask the study investigator or study staff. Although this testing is meant to be private, complete privacy cannot be guaranteed. For example, it is possible for a court of law to get health or study records without your permission.

  • Program Monitoring The Contractor will make all records and documents required under this Agreement as outlined here, in OEC Policies and NHECC Policies available to the SRO or its designee, the SR Fiscal Officer or their designee and the OEC. Scheduled monitoring visits will take place twice a year. The SRO and OEC reserve the right to make unannounced visits.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!