Extra Security Using Genesys

Provided by ISTS Information Protection

In order to limit access to presentations or meetings containing sensitive internal or confidential data, PG&E employees need to know about the optional privacy tools provided by Genesys.

Below are some of the things you should do when setting up your Genesys meeting to ensure security:

· Limiting access to presentations via use of PINs, passwords, etc.

· "Locking the door" to a meeting w/ highly sensitive content. For example, moderators may "Lock the Door" to a meeting so that participants trying to enter the meeting go into a virtual waiting room until they are greeted and admitted by the moderator.

· Employing optional SSL encryption for sensitive presentation content (Step 4 of Genesys’ meeting wizard).

· Deleting the presentation from the Genesys site upon completion.

If you need clarification on any of the steps above, please contact Genesys at 1-866-436-3797.

More Background:

Based on their responses to the ASP questionnaire, as well as the Genesys Meeting Center Security Whitepaper, they appear to adhere to well-established industry standard practices pertaining to: application development, data protection, data storage, disaster recovery, server and storage redundancy, etc.

Some of the more reassuring "highlights" from the information they provided include:

· Genesys environment is monitored by IDS (Intrusion Detection System) and protected by firewalls.

· User logons are SSL encrypted, locked out after 3 failed attempts, with a configurable session timeout for inactivity.

· Networks are monitored 24x7 and alarms responded to in real-time, and even incident response system access is limited by established security policy.

· Real-time monitoring of event log files.

· Regular security policy reviews (against industry standard security models and methodologies).

· Penetration tests quarterly (last June 12, 2004).

· User content is encrypted and not directly accessible by end users.

· System access is permission based (role-based security model), all access logged and tracked to permission hierarchies.

· Clients can choose to SSL encrypt their presentations for an added layer of security

· Upgrades and changes follow established procedures (test-bed and pre-production). Code reviews are performed.

· Norton Antivirus Corporate Edition on all production systems. Updates are performed at frequent intervals as dictated by update releases.

~Jay Hill, Information Protection Sr. Analyst, 7/8/04