ISS has made a commitment to implement the necessary data protection features to ensure the highest level of security for any ISS system. Systems today typically have access to some type of a network, thus magnifying the importance of cyber security. ISS has implemented a number of cyber security features to mitigate the growing risk on cyber threats.
Please refer to the link below to read about all the ISS SecurOS Cyber Security Features.
System hardening is a collection of tools, techniques, and best practices to reduce vulnerability in technology applications, systems, infrastructure, firmware, and other areas. The goal of system hardening is to reduce security risks by eliminating potential attack vectors and condensing the system’s attack surface. By removing superfluous programs, accounts functions, applications, ports, permissions, access, etc., attackers and malware have fewer opportunities to gain a foothold within your IT ecosystem.
System hardening demands a methodical approach to audit, identify, close, and control potential security vulnerabilities throughout your organization. The full scope of system hardening involves a combination of appropriate people, process and technology security measures. Which measures to apply to a deployed system depends on that system’s exposure to likely threats, as well as the criticality, size and complexity of the system.
The guide describes the security measures and best practices for safeguarding SecurOS® installations.
CYBER DATA PROTECTION
Facial recognition can be used for various applications such as access control, recognizing known criminals or people of interest, and providing increased security for high risk facilities related to both inside and outside threats. However, due to a lack of understanding of the responsible use of the technology, many are worried about potential personal information litigation as well as how their faces will be used or stored.
Some important points to remember when using the SecurOS FaceX module:
- Personal information is stored only when the customer decides to store it in a watch-list.
- The customer decides what information to store in the profile for each entity in the watch-list. i.e. first and last name can be omitted leaving only abstract ID in the watch-list to refer to a person in any database separate from the facial recognition system.
- If sensitive information is stored in profiles, the watchlist database should be secured in the same way as any other sensitive data would be according to corporate guidelines.
- Each Face Detection results in one digital descriptor. Those descriptors have no meaning outside of the system. Digital descriptors have NO STORED ASSOCIATION to personal information.
- Face Detection pictures have NO STORED ASSOCIATION to personal information.
Please download the below datasheet on data protection while using the SecurOS FaceX module.
We live in a connected world, almost every aspect of our lives revolves around data. From online shopping and banking to social media posts, almost every service we use involves the collection and analysis of our personal data. Supplying our names, addresses, and credit card numbers over an internet connection has become commonplace and most of us do not give it a second thought. Recently, the rise of passive video monitoring that captures and records faces, as well as extracts personal metadata (age, race, gender) has become an important topic on the daily news cycle. All of this data that uniquely identifies an individual is collected, analyzed, and perhaps most importantly, stored by organizations. The General Data Protection Regulation (GDPR) adopted by the European Union is designed to reflect the reality of the connected world, and outlines laws and obligations that govern the collection, processing, and use of personal data, across Europe.
The central tenet of the GDPR is the right of the individual to control their own personal data. The GDPR states that the individual owns or possesses the data being collected by the Data Controller. Under the regulation, Data Controllers are responsible for assessing the level of risk posed by their data processing operations against the fundamental rights and freedoms of individuals and then modulating their data protection compliance accordingly.
Central to the GDPR is that data is processed lawfully, fairly, and in a transparent manner in relation to the data subject. The transparency of data processing means that data is collected for a specified, explicit, and legitimate purpose, and that the data is not further processed to extract information that goes beyond the intended purpose. In other words, the collection of personal data is limited to the intent of the original purpose (also called “data minimization”). The collected personal data must also be accurate and kept current, if applicable, while an agency that collects data must take every reasonable step to erase or rectify inaccurate personal data.
Intelligent Security Systems (ISS) offers the guidelines for Data Controllers and Processors that utilize ISS solutions to help with planning their specific strategy to comply with GDPR directives. These guidelines, however, are not a substitute for a complete and comprehensive review of Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version.
Please refer to the link below to read the full ISS GDPR Compliance White Paper.
2021 log4j java vulnerability
ISS takes great measures to ensure that its software and customer base are always protected from potential cyber threats. This message is to ensure all ISS partners, that they are safe from the newly discovered Log4j vulnerability (CVE-2021-44228). For those unfamiliar, Log4j is a widely deployed open source Apache logging library. ISS uses Log4j in 2 of its modules – WebView/WebConnect and POS, but the version used is unaffected by this vulnerability. Only Log4j2 2.0-beta9 through 2.14.1 are at risk, and ISS does not use these versions in any of its software. If you have any concerns about cyber security topics as they relate to ISS and its product line, please feel free to reach out directly to our Global Director of Engineering – Eugene Beytenbrod (email@example.com) or you can contact your local ISS support team.