Security
General Policies
bwinex maintains detailed information security policies. All employees are required to read and sign acknowledgement of relevant policies. Topics covered range from bwinex's corporate security philosophy and information classification to application development standards and password handling. A dedicated Information Security group, reporting directly to the Chairman, is responsible for information security operations including; daily reviews, access control requests, incident handling engineering, consultation, design, and implementation of security mechanisms.
Network Architecture
bwinex uses a multi-tiered network architecture with multiple firewall tiers and service silos to isolate different security zones. Intrusion Detection Systems at production and office facilities monitor network traffic against industry-standard and bwinex-customised network activity signatures.
Perimeter Defense
External screening routers employ access control lists to terminate virus, worm, and common hacking attempts before they reach external bwinex firewalls. Firewalls further parse traffic to ensure only specifically permitted sources can reach specific destinations and services. VPN or private line connections terminate outside external firewalls, but independently from Internet connection points.
Encryption and Data Integrity
128-bit or stronger encryption is used to authenticate and encrypt participant communication to bwinex systems. Encryption prevents potential malicious third parties from intercepting sensitive data and credentials in transmission. The controls inherent to SSL and TCP provide additional integrity to ensure content is not tampered with by a third-party during transmission.
Access Control
The bwinex Information Security group handles all access control requests for administrative access. These requests and authorisation are documented and reviewed.
Systems
All systems follow build standards to ensure standardisation and security. The Information Security group monitors, assigns, and tracks patch status to respond to vendor operating system or application alerts.
Testing and Audit
Application-layer access controls impose strict restrictions on the data available to individual users. Data storage is physically and logically segmented from application servers, and queries can only be formed and executed after access control databases have been queried and credentials are fully verified. These processes ensure that users can only retrieve data related to their account.