The UK's Finest Independent Forum for Shooters and Gun Owners. Est 2010.

All people seeking membership must contact admin after registering to be validated.
https://www.full-bore.co.uk/

NRA: New Membership Portal

https://www.full-bore.co.uk/viewtopic.php?t=16950

Page 5 of 5

Re: NRA: New Membership Portal

Posted: Thu Jun 26, 2014 6:34 pm
by Gaz
Resurrecting this topic, here's what the Azolve Ts & Cs have to say on security:
11. Security

11.1 Data security is of great importance to Azolve Limited and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website.

11.2 Specifically we use the following systems:

11.2.1 Proactively monitoring core systems on a 24/7 basis with our enterprise class monitoring system

11.2.2 Secure and highly available network design using enterprise class Cisco equipment.

11.2.3 Scheduled centralised patch management on all systems covering both operating systems and common applications and services

11.2.4 Protection against viruses, zero day, spyware, suspicious activity (HIPS) through the implementation of a dedicated end-point security threat management system

11.2.5 ScoLocate’s Internet provider also protects the ScoLocate network against common network threats including denial of service attacks.

11.2.6 Active, ongoing programme of risk management, security incident management and security audit programme as part of our ISMS.

11.2.7 Security conscious workforce, including Information Security Manager role.

Re: NRA: New Membership Portal

Posted: Thu Jun 26, 2014 7:48 pm
by DavidRees
Gaz wrote:Resurrecting this topic, here's what the Azolve Ts & Cs have to say on security:
11. Security

11.1 Data security is of great importance to Azolve Limited and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website.

11.2 Specifically we use the following systems:

11.2.1 Proactively monitoring core systems on a 24/7 basis with our enterprise class monitoring system

11.2.2 Secure and highly available network design using enterprise class Cisco equipment.

11.2.3 Scheduled centralised patch management on all systems covering both operating systems and common applications and services

11.2.4 Protection against viruses, zero day, spyware, suspicious activity (HIPS) through the implementation of a dedicated end-point security threat management system

11.2.5 ScoLocate’s Internet provider also protects the ScoLocate network against common network threats including denial of service attacks.

11.2.6 Active, ongoing programme of risk management, security incident management and security audit programme as part of our ISMS.

11.2.7 Security conscious workforce, including Information Security Manager role.
None of which prevents the flaws in the software design from causing the data breach I'm concerned about. No amount of the above can mitigate for poor design.

Unfortunately Mr. Mercer chooses to rely on the assurances given by the company (emailed response to my raising the issue with him). I will protect my own security by simply not using such a poorly designed system; in my view, the risks are simply too great.
All times are UTC
Page 5 of 5

Powered by phpBB® Forum Software © phpBB Limited