SPSS Statistics

 View Only
Expand all | Collapse all

SPSS Statistics security related

  • 1.  SPSS Statistics security related

    Bot Builder
    Posted Mon November 29, 2021 10:56 PM
    Hi,

    Does SPSS statistics support :

    SSO integration with google workspace (yes/no)

      1. Data encryption at rest and in transit (yes/no)
      2. 2FA (yes/no)
      3. Role based access scheme (yes/no)
      4. Log integration with SIEM (yes/no)
      5. Password policies (length, combination, account lockout, etc) (yes/no)
      6. Session timeout (yes/no)
      7. Segregation of duties workflow (yes/no)
      8. Malicious account monitoring (yes/no)
      9. Virus file scanning (yes/no)
      10. Data masking


    ------------------------------
    Bagus Bronto Sie
    ------------------------------


  • 2.  RE: SPSS Statistics security related

    Posted Tue November 30, 2021 09:44 AM
    Hi. I didn't know the answers to these, so I passed your questions to my colleagues and got these responses:

    • SSO integration with google workspace (No)
    • Data encryption at rest and in transit (Yes, if he is referring to the IBM SPSS Subscription version's license server data, but not the data used on local machine)
    • 2FA (Yes, if he's referring to IBM SPSS Subscription version and is using an IBMID)
    • Role based access scheme (No. Either you have access or you don't.)
    • Log integration with SIEM (No)
    • Password policies (length, combination, account lockout, etc) (Yes, if he's referring to IBM SPSS Subscription using an IBMID)
    • Session timeout (No; IBMID login has a session but if he is already logged in, then the local application does not have session)
    • Segregation of duties workflow (Yes, if he's referring to the IBM SPSS Subscription license service; the on-prem application does not have it)
    • Malicious account monitoring (Yes, if he's referring to IBM SPSS Subscription using an IBMID; again, the on-prem version does not have it)
    • Virus file scanning (Yes, we do code scan, app scan, open source scan )
    • Data masking (No) (One can obfuscate .SAV files on disk via encryption, but there is no substitution of in-memory data, a la traditional masking techniques.)


    ------------------------------
    Rick Marcantonio
    Quality Assurance
    IBM
    ------------------------------



  • 3.  RE: SPSS Statistics security related

    Bot Builder
    Posted Tue November 30, 2021 08:12 PM
    Hi Rick,

    Thanks,
    Another question comes -up this morning ;

    1. Security setup and practices on IBM SPSS 
      1. WAF (yes/no)
      2. DDoS (yes/no)
      3. API security features (yes/no)
      4. High availability and redundancy setup (yes/no)
      5. File integrity monitoring (yes/no)
      6. Security process to respond to incidents (yes/no)
      7. Multi-tenancy security (yes/no)
      8. Secure and audited access to customer data (yes/no)
      9. Bug bounty program (yes/no)
      10. What is your SLA? (yes/no)
      11. Do you have local support in asia? (yes/no)
    2. Hosting of the app/system: (choose one) cloud/onpremises/SaaS
    3. Location of hosting?
    4. Vendor security certification (multiple choices)
      1. SOC1/2 (yes/no)
      2. PCI DSS (yes/no)
      3. ISO 27001 (yes/no)
      4. SOX (yes/no)

    Best regards,
    Bagus

    ------------------------------
    Bagus Bronto Sie
    ------------------------------