Sponsors
Sponsor Products
TPN Audits - What matters?
posted by Andy Fuhr  on June 21, 2018, 2:42 p.m. (29 days ago)
2 Responses     0 Plus One's     0 Comments  
I’m working with a client on the new TPN MPAA audit. Does anyone have info on how these differ from the past studio audits? Are there specific ‘gotcha’s’?   Seems the previous studio audits were an effort to encourage standards, whereas the TPN is a report card.  What does it really take to get a good grade?

Thread Tags:
  audit network mpaa tpn partner security trusted 

Response from Andy Fuhr @ June 21, 2018, 5:27 p.m.

Thanks for the response.  I checked that out, I have also read all the docs, filled out the questionaires, etc. However, when it comes down to the implementation of all of the best practices, what really matters?  Not all situation are alike, but there must be a list of MUST HAVES.  Like for instance, your production enviroment can't be connected to the internet, or you must have cameras at each entry and exit point.  Some of the best practices are just what is suggested to do but not mandatory.  So if I have a finite amount of time and resources.  Where am I going to get the best bang for the buck when it comes to the audit?

I have been coming up with my own list, does anyone have comments on this?

- I/O workflow.  Automated in and out of production area using logged systems that automatically scans for viruses and moves files back in and out of the production system. - End Point Protection - Profile Manger, Sophos or similar software that locks down USB ports - Password Policy, change passwords every 60 Days, lock out after 6 attempts - At least 1 Encrypted External Hard Drive like and Apricorn for asset transfer and delivery - All laptops should have their drives encrypted with File Vault 2 if it is a Mac. - Have a DR plan, and backup options spelled out. - Obvious cameras and physical security is #1
- Wifi should not have access to the production network, It should not be hidden and should not have a name that contains the business name or what it does - A syslog server that captures all the logs and is regularly scrubbed for alerts - An IDS or similar is also good to have at the firewall    

0 Plus One's     0 Comments  
   

Response from Tom Burns @ June 21, 2018, 4:36 p.m.

Andy, have you seen this webinar? TPN webinar (courtesy MESA). It has the concepts you are looking for, if not the insider details.

 

Best regards,

Tom Burns

Dell EMC


0 Plus One's     0 Comments