TCC Participates in Indy Do Day, September 29th

Posted by Stephanie Griffin, TCC Director of Human Resources

For the third year in a row, TCC will be participating in Indy Do Day!  We will be doing this years’ service project on Friday, September 29th.

This year we are volunteering with The Children’s Museum. To find out more about the Children’s Museum, please visit their website https://www.childrensmuseum.org/.

Get excited!  If you aren’t familiar with Indy Do Day, check them out at www.indydoday.org. This is a great way for us to team build, support our local community, and show our pride in TCC.  Everyone that participated last year had a great time!  For those that aren’t local to Indy, I challenge you to find a way to volunteer in your community.  If you’d like help finding a volunteer activity, please let me know!

To find out more about TCC’s Culture, please visit our website https://www.e-tcc.com/culture.

The Truth About Mainframe Security

Posted by Rick Fowler, TCC Director of Mainframe Services

Security is always a topic of discussion among my colleagues in the IT world. I have heard a variety of claims that mainframe technologies are not compatible with modern security approaches and represent a major risk.

I recently read an article on the SC Media website that refutes this claim. Crossno, J. (2017, May 04). The Truth About Mainframe Security – And Where You Should Be Focusing. Retrieved August 14, 2017, from https://www.scmagazine.com/the-truth-about-mainframe-security–and-where-you-should-be-focusing/article/655118/

The article states “The mainframe remains the most intrinsically secure platform on the planet for several additional reasons. First, all of the hardware and software that’s needed to complete mainframe transactions resides on a single machine, unlike a distributed environment where there is much network traffic that can be intercepted by an attacker. Second, mainframes’ front-end processors often handle the task of interfacing with the rest of the world, freeing up the system to do nothing but what it was expressly designed for – executing transactions. These front-end processors also handle the security aspects, effectively isolating the mainframe from the rest of the world.” This is a pretty compelling argument in favor of the safety of heritage mainframe systems.

The author pointed out that insider threat is significant in most breaches and this threat is massive and growing across all industries. Perhaps organizations should focus their efforts on safeguarding against insider attacks, where a positive difference can be made.

 

To learn more about TCC Mainframe Managed Services, please visit our website https://www.e-tcc.com/managed-services.

 

 

TCC Participates in the 2017 Corporate Challenge

Posted by Stephanie Griffin, TCC Director of Human Resources

It’s time to shake the dust off your old sneakers and get in gear because the 2017 Corporate Challenge is coming up!  The weather got the best of the Corporate Challenge last year but won’t keep us down this year!  GET EXCITED J We’re coming in strong!!!!

So, what is the Corporate Challenge?  The Corporate Challenge is an event for companies all over central Indiana to vie for titles in events such as cycling, cornhole, a pit stop challenge, sand volleyball, Frisbee toss, and tug of war to name a few.  This is a “competitive” event of sorts but is made to be a fun, teambuilding event to promote wellness.   Check out this video from last year’s Challenge! https://www.youtube.com/watch?v=RydFcFDya_I&t=32s You can also take a look at their website http://www.indianasportscorp.org/corporatechallenge .  There truly is something for everyone!  If you decide that you don’t want to compete, come cheer us on!  The event is held at one of the greatest sporting arenas in the world, the Indianapolis Motor Speedway.  There is FREE food, a kid zone for the littles AND you get to play at the track.  BEST.DAY.EVER!

So when is the Corporate Challenge?  The main event is Saturday, September 16th, 2017.  There will be activities beginning at 8:00am and lasting until 3:00pm.  If you want to be there all day, GREAT!  However, feel free to come and go as you please.  There are additional events Saturday, September 9th such as bowling, cornhole and sand volleyball.  Team Cycling will be held on Wednesday, September 13th.  Leading up to these 2 dates, TCC will be doing several fun company events as well. 

 To find out more about TCC’s Culture, please visit our website https://www.e-tcc.com/culture

NIST Standards

Posted by Mike Allerton, TCC IT Process Analyst

Background

The National Institute of Standards and Technology (NIST) was founded in 1901 with the intent of making U.S. commerce more competitive and trustworthy. In 2002, Congress signed the Electronic Government Act into law to improve the management of government information and services. As part of that Act, the Federal Information Security Management Act (FISMA) assigns NIST with the responsibility of establishing security recommendations for all government agencies and companies that do business with the government.

As a result, NIST published FIPS 200 Minimum Security Requirements for Federal Information and Information Systems which established and defined families of security control areas. NIST also published Special Publication 800-53 which is a catalog of administrative and technical controls within those families that should be instituted based on a given data set’s security categorization. Most recently, this government department published a further refinement of these standards specifically focused on Controlled Unclassified Information (CUI), Special Publication 800-171. All contractors and subcontractors of the US government who handle sensitive federal information while assisting federal agencies accomplish their missions are subject to this new regulation.

Cyber security breaches are an all too common threat in today’s business world. In February of this year, the Commission on the Theft of American Intellectual Property updated its original report with an estimation that the annual cost to the American economy exceeds $225 billion and could be as high as $600 billion. Not only are designs stolen, but counterfeit goods are produced and imported back into the U.S. The cost of trade secret theft is more difficult to estimate because companies might not even be aware that their intellectual property has been stolen, but is the majority of that annual cost.

If your company wants to do business with the government, it must be able to certify that it has responded to the complex and shadowy cyber environment. If your company has access to federal information systems or government data, as in sub-contractors of U.S. defense contractors for example, the data contained in your computer systems should be treated as restricted information and protected.

Compliance

NIST SP 800-171 provides a tailored, standardized set of mechanisms that non-federal organizations should consider and respond to, but they are not a set of regulations that must be followed. Each business must decide for itself how to solve their security issues. This was done on purpose — there is guidance without mandates. There is no need to rip out mature solutions already in place, yet for those new to the issue, they provide the right questions to ask.

The first step toward compliance is a security assessment. Organizations can assess themselves; however, all assessments require comprehensive documentation exhibiting how the mechanisms are implemented and that they are working. In the assessment, you will cover 109 requirements spread over 14 families – with a couple other associated families.

The first element of each family is a coherent set of policies and procedures that every responsible person in your organization should be trained on and follow. The second element is the technical application of those procedures in system configurations and tools. With each of the requirements answered, you can assume a strong safeguarding of your data consistent with federal standards.

For more information on TCC’s IT Managed Services, please visit our website https://www.e-tcc.com/managed-services.