JOB DESCRIPTION/PERSON SPECIFICATION

Size: px
Start display at page:

Download "JOB DESCRIPTION/PERSON SPECIFICATION"

Transcription

1 JOB DESCRIPTION/PERSON SPECIFICATION A POSITION DETAILS DIVISION: Business Support JOB TITLE: MIS Security Analyst DEPARTMENT/BUSINESS SECTOR: MIS REPORTING TO: MIS Security Manager GRADE: 11 B KEY RESPONSIBILITIES PEOPLE: Enabling staff to conduct their day-to-day tasks with Information Technology (IT) as a seamless, beneficial work tool. Providing staff with the information they need to do their job, where & when they need it, with the tools to enhance the value of that information through analysis, workflow and sharing. PROTECTION: Implement and support strategic IT solutions, which allow SITA UK to meet its environmental protection strategy. IT Specific: Ensure operational stability and appropriate levels of service from SITA s computing infrastructure by strategic input into systems design, implementation and operation. This includes ensuring appropriate levels of security and accountability to prevent operational impact from accidental or malicious activity. PROFILE: Improve SITA s ability to interact with existing & potential customers, suppliers and partners through the use of collaborative and integrated IT systems. PROFIT: Improving the effectiveness of staff by leveraging time-saving and ability-enhancing Information Technology: Reducing Total Cost of Ownership (TCO) of IT systems through the automation of routine tasks and leveraging economies of scale with standardisation of approaches and processes. Increasing competitive advantage by enabling smart working within geographically separated teams through collaborative solutions that allow remote working, information sharing and interaction Reducing overhead costs & the time taken to perform regular processes and improving the speed & quality of decisions through the availability of up-to-date and appropriate information.

2 In line with SITA UK s Health and Safety Policy the job holder is expected to; Take reasonable care of his/her own health, safety and welfare and that of other people who may be affected by his/her actions or omissions. To co operate with SITA UK and with other employees in order to comply with health and safety law and SITA UK s Health and safety Policies and Procedures Not to misuse or interfere with, intentionally or recklessly, anything provided in the interests of safety. To ensure that within his/her areas of responsibility, SITA UK complies fully with its legal duties in respect of the health, safety and welfare of its employees and of other people who may be affected by his/her actions or omissions To ensure that the responsibilities commensurate with his/her role as laid out in the Health and safety policies and Procedures are fully met. C RESPONSIBILITIES Role and Context PURPOSE: This is a new role within the IT Team, and is a multi-faceted position. Security covers aspects of Confidentiality, Integrity and Availability: the success of this role will be measured not only in terms of attempted / foiled un-authorised access, but also in the success in mitigating service degradation as a result of malicious or accidental actions. This could include avoidance of DoS attacks (or consequential DoS, through spam overload for example). The role will also be expected to ensure regulatory compliance regarding security controls implemented on IT systems and data networks. The primary purposes are: The creation and maintenance of a demonstrably secure data-networking environment in which the SITA UK can achieve its strategic goals. This state will be achieved by working with both the Communications Team and the IT Security Manager The provision of secure implementation of major project work that requires expertise and specialist knowledge of both the SITA security environment, and the policies and regulations to which all users and equipment must adhere. Taking responsibility for and initiating immediate counter measures to real-time threats to SITA that are identified through the implemented security systems. CONTEXT: Based at Maidenhead, working as part of the Security Team, deputising for IT Security Manager during absence. Will be expected to x-train to basic level in network skills to progress their own knowledge, and improve the solutions offered, as a result of a wider perspective RELATIONSHIPS: INTERNAL IT Security Manager Unified Communications Team Internal Audit team SDT & BAS staff, IT Project Managers and BAS Business Risk Office Business owners of core applications Pan-Suez peers

3 EXTERNAL Hardware and software suppliers and vendors Outsource Service providers Service Providers Company Auditors DECISION MAKING AUTHORITY: Participation in infrastructure strategy decisions information security expertise Determination and implementation of counter-activities to be taken in response to identified real-time security threats. Key Activities Key Outputs Assist in the provision, operation, documentation and maintenance of the secure elements of the IT infrastructure to UK business stated quality objectives, (measured through IT SLAs). MIS monitoring and reporting of security performance of the IT infrastructure and relevant components. Ensuring that any attacks on the SITA IT systems are countered immediately through activating counter-measures they deem appropriate. Taking a lead role in medium/long term counter-threat activities (e.g. post-virus clean-up projects) Provision of technical input to problem and incident resolution using network and system security tools and equipment Provision of technical input to ad-hoc project work relating to secure network connectivity, including DMZ, B-2-B, wireless and remote access devices. Often in conjunction with the Unified Communications Manager. General connectivity issues, user training and support as well as security elements of remote access will be addressed. Input to the annual audit process, showing CODIS compliance to security procedures through records, audit logs, and processes. Will be required to liaise directly with auditors about countermeasures (appropriateness and effectiveness) that have been implemented in the course of their duties. Participation in annual Disaster Recovery and continues vulnerability testing program demonstrating that IT systems and network s Integrity, Availability and Confidentiality are maintained. Provision of remedial actions to IT systems and Networks identified through on-going security management practices. MIS monitoring and reporting of IT Security objectives. Presentation and explanation of the security models and their purpose to other IT colleagues and Operational Management. Deputizing for Security Manager in times of absence. Assist in the delivery of Service Improvement and Quality Assurance plans implemented as per SIP Manager Involvement in other and diverse activities as required from time to time to ensure the smooth operation of the IT Department. Assist and advise operational functions to stated security standards, providing cost-effective security for the SITA UK community Ensuring that the Service Standards as measured by the SDT and IT SLAs pertaining to Security Targets are met and published. Other capacity and usage thresholds (e.g. spam control) are adhered to, and potential breaches mitigated with minimum business impact.

4 Ensuring Suez, and SITA UK standards for all aspects of information security are adhered to for all project delivery, whilst not negatively impacting timeliness, quality or cost. All audit compliant targets for security are met, or compensating control and mitigation plans available to be submitted to external auditors and SUEZ risk management teams. Includes BC and DR planning and testing. Production of an ongoing security audit program including ethical hacking, social engineering etc. Provision of MIS to the business and IT management both on a regular and ad-hoc basis, to enable quantitative business decisions to be made. Leading, with support from the IT Security Manager, completion of the annual UK IT ISMM (Information Security Maturity Model) position, and defining / actioning any remedial actions arising. Full participation in a culture of continuous improvement that is considered business as usual throughout the team. The contents of this job description reflect the main duties and responsibilities of the job and are not intended to form part of the contract of employment. SITA UK may revise the content of this Job Description/Person Specification at its discretion. D. GENERAL CRITERIA MINIMUM ESSENTIAL RATING QUALIFICATIONS / TRAINING: HNC or degree in a computer science discipline preferred. Working knowledge of Microsoft server and PC operating systems. ITIL understanding / foundation level CAREER HISTORY / EXPERIENCE: 2 years commercial experience in a system administration or support role. A good level of understanding of communication protocols, in particular IP (over Ethernet and WANs) and their impact on security A good level of understanding of system and application architecture Knowledge of MPLS, VPN, DSL WiFi and emerging connectivity technologies. Fault diagnosis and analysis for installed security hardware: Firewalls, IDS/IPS, SSL VPN, Encryption software Fault diagnostics and analysis of Anti-virus software Up-to-date knowledge of all SITA shrink-wrapped applications: (MS Office, Lotus Notes etc.) and their security implications Working knowledge of Active Directory and Group Policy Objects and Patch deployment software Understanding of the use of Citrix and its network and security impact. Ability to communicate clearly both with technical staff and non-technical customers, ranging from temps to MD. Keen interest in Information Security.

5 E. KEY COMPETENCIES & ATTRIBUTES SERVICE TO THE CUSTOMER/COLLEAGUE: Is this person passionate about personally understanding the customer and meeting their needs? FINANCIAL AWARENESS: Does this person understand the financial impact on the business of any decisions made? MINIMUM ESSENTIAL RATING BUILDING CAPABILITY: Does this person work to develop the long term capability of others? 2 COMMUNICATION EFFECTIVENESS: Does this person firmly believe in communication to all appropriate stakeholders and have the skill to get ideas accepted by others or to get others to change their opinion? DRIVE FOR RESULTS Does this person lead individuals or groups of people effectively and make continuous improvements and meet/surpass targets and goals? PROBLEM SOLVING: Can this person recognise a problem and decide what to do about it? QUALITY OF WORK: Is this business run in a manner that complies with all operational standards both internal and external? Prepared By (Line Manager): Approved By (Director): [If applicable] Approved by HR Manager: Signed to confirm received (Employee):

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Infrastructure Support Engineer Job Profile

Infrastructure Support Engineer Job Profile Infrastructure Support Engineer Job Profile About the HCPC The Health Professions and Care Council (HCPC) is the regulator of 16 different health and care professions, set up to protect the public. To

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

JOB SPECIFICATION. Service Support Manager ORGANISATION CHART: JOB PURPOSE:

JOB SPECIFICATION. Service Support Manager ORGANISATION CHART: JOB PURPOSE: JOB SPECIFICATION JOB TITLE: GRADE: Service Support Manager SMP ORGANISATION CHART: JOB PURPOSE: Management responsibility for the Service Support within the Trust delivering an efficient and cost effective

More information

JOB DESCRIPTION CONTRACTUAL POSITION

JOB DESCRIPTION CONTRACTUAL POSITION Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical

More information

The evolution of data connectivity

The evolution of data connectivity Leveraging the Benefits of IP and the Cloud in the Security Sector The CCTV and alarm industry has relied on analogue or Integrated Services Digital Network (ISDN) communications to provide data connectivity

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

Job description. Job title: Server Infrastructure Analyst 1

Job description. Job title: Server Infrastructure Analyst 1 Job description Job title: Server Infrastructure Analyst 1 Department: Resources Service: IT Service Grade: G Post reference number: 1 Job purpose To provide specialist enterprise level design, planning,

More information

JOB DESCRIPTION. Server infrastructure specialist. Capacity and Configuration Manager

JOB DESCRIPTION. Server infrastructure specialist. Capacity and Configuration Manager JOB DESCRIPTION POST: LOCATION: Server infrastructure specialist Belfast City Hospital GRADE: Band 6 REPORTS TO: RESPONSIBLE TO: Capacity and Configuration Manager Co-Director for I.C.T JOB SUMMARY/MAIN

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

Maximize potential with services Efficient managed reconciliation service

Maximize potential with services Efficient managed reconciliation service RECONCILIATION IntelliMatch Operational Control services Optimize. PRODUCT SHEET Maximize potential with services Efficient managed reconciliation service Overview At its best, technology provides financial

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

Senior Manager Information Technology (India) Duration of job

Senior Manager Information Technology (India) Duration of job Role Profile Job Title Senior Manager Information Technology (India) Directorate or Region South Asia Department/Country Business Support Services, India Location of post Gurgaon Pay Band 6 / Grade G Reports

More information

Next generation enterprise communications

Next generation enterprise communications Next generation enterprise communications Peter Hall Principal Analyst July 2010 1 Agenda Top CIO/IT manager issues The role of managed services and outsourcing Evolution of players - the expanding role

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

1. To be the principal point of contact and have responsibility for IT support incidents.

1. To be the principal point of contact and have responsibility for IT support incidents. JOB TITLE: RESPONSIBLE TO: RESPONSIBLE FOR: Service Desk Engineer Service Desk Supervisor N/A JOB OUTLINE The Service Desk Engineer will be responsible for providing an effective first-line support service

More information

Appendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY

Appendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Steven Snaith, Risk

More information

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model--- ---Information Technology (IT) Specialist (GS-2210) IT Security Model--- TECHNICAL COMPETENCIES Computer Forensics Knowledge of tools and techniques pertaining to legal evidence used in the analysis of

More information

GENERIC JOB DESCRIPTION - SCHOOLS

GENERIC JOB DESCRIPTION - SCHOOLS GENERIC JOB DESCRIPTION - SCHOOLS Job information as shown on organisation chart Job Title: Senior IT Technician Organisational information: Responsible to: Data Manager Post No: GEN75 Grade: HC6 Dimensions:

More information

How to Practice Safely in an era of Cybercrime and Privacy Fears

How to Practice Safely in an era of Cybercrime and Privacy Fears How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

NOS for Network Support (903)

NOS for Network Support (903) NOS for Network Support (903) November 2014 V1.1 NOS Reference ESKITP903301 ESKITP903401 ESKITP903501 ESKITP903601 NOS Title Assist with Installation, Implementation and Handover of Network Infrastructure

More information

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Exhibit to Data Center Services Service Component Provider Master Services Agreement Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information

More information

INFORMATION TECHNOLOGY ENGINEER V

INFORMATION TECHNOLOGY ENGINEER V 1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access

More information

State of Oregon. State of Oregon 1

State of Oregon. State of Oregon 1 State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Managing internet security

Managing internet security Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further

More information

Network Security I Switches, Routers & Firewalls I Antivirus I Remote Assistance I Data Encryption

Network Security I Switches, Routers & Firewalls I Antivirus I Remote Assistance I Data Encryption Vyom Consultants VYOM Consultants believes on Indian work culture, belief, and customs. We are the group of professional people who creates happiness by solving your technical issues and maintain the long

More information

JOB DESCRIPTION. IS teams, Hanover colleagues, third party suppliers. Principal Duties and Responsibilities

JOB DESCRIPTION. IS teams, Hanover colleagues, third party suppliers. Principal Duties and Responsibilities JOB DESCRIPTION Job title: IT Security Analyst Grade: Responsible to: Responsible for: Liaises with: Head of IS N/A IS teams, Hanover colleagues, third party suppliers Role Purpose: Location: The purpose

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) Consultant - Enterprise Systems & Applications 1. Reporting Function. The Applications Consultant reports directly to the CIO 2. Qualification and Experience

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service G-Cloud Service Definition Atos Information Security Wireless Scanning Service Keeping your wireless networks secure Atos Information Security Wireless Scanning Service The Atos Wireless Scanning Service

More information

I.T. Security Specialists. Cyber Security Solutions and Services. Caretower Corporate Brochure 2015 1

I.T. Security Specialists. Cyber Security Solutions and Services. Caretower Corporate Brochure 2015 1 I.T. Security Specialists Cyber Security Solutions and Services Caretower Corporate Brochure 2015 1 about us As an independent IT security specialist, with over 17 years experience, we provide tailored

More information

QRadar SIEM 6.3 Datasheet

QRadar SIEM 6.3 Datasheet QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

ROCHDALE BOROUGH COUNCIL JOB DESCRIPTION

ROCHDALE BOROUGH COUNCIL JOB DESCRIPTION ROCHDAL BOROUGH COUNCIL JOB DSCRIPTION DIRCTORAT: SRVIC: LOCATION: JOB TITL: Neighbourhoods Customers & ICT Floor 2, Number One Riverside ICT Desktop ngineer POST NUMBR: Grade: 5 Accountable to: Service

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Remote Services. Managing Open Systems with Remote Services

Remote Services. Managing Open Systems with Remote Services Remote Services Managing Open Systems with Remote Services Reduce costs and mitigate risk with secure remote services As control systems move from proprietary technology to open systems, there is greater

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Post No: GEN75. Division/ Department: Schools

Post No: GEN75. Division/ Department: Schools JOB DESCRIPTION Job information as shown on organisation chart Job Title: Senior School ICT Technician Directorate: People s Services Organisational information: Post No: GEN75 Division/ Department: Schools

More information

CLASSIFICATION SPECIFICATION FORM

CLASSIFICATION SPECIFICATION FORM www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information

More information

POSITION PROFILE Support Officer, ICT. Position Summary. Position Statement. Corporate Vision. Constructive Culture ICT.

POSITION PROFILE Support Officer, ICT. Position Summary. Position Statement. Corporate Vision. Constructive Culture ICT. Position Summary Position Title: Business unit: ICT Support Officer ICT Division : ICT and Knowledge Management Classification : Level 5 Status : Position Statement The ICT Support Officer maintains the

More information

Empowering the Enterprise Through Unified Communications & Managed Services Solutions

Empowering the Enterprise Through Unified Communications & Managed Services Solutions Continuant Managed Services Empowering the Enterprise Through Unified Communications & Managed Services Solutions Making the transition from a legacy system to a Unified Communications environment can

More information

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ).

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ). THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ). I. Service Definition. Exchange My Mail will provide Hosted Exchange and other Application Services

More information

Thales Service Definition for NOC Services for Cloud

Thales Service Definition for NOC Services for Cloud Thales Service Definition for UK NOC Services Thales Service Definition for NOC Services for Cloud April 2014 Page 1 of 13 Thales Service Definition for UK NOC Services CONTENT Page No. Introduction...

More information

Enterprise K12 Network Security Policy

Enterprise K12 Network Security Policy Enterprise K12 Network Security Policy I. Introduction The K12 State Wide Network was established by MDE and ITS to provide a private network infrastructure for the public K12 educational community. Therefore,

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Information Security: A Perspective for Higher Education

Information Security: A Perspective for Higher Education Information Security: A Perspective for Higher Education A By Introduction On a well-known hacker website, individuals charged students $2,100 to hack into university and college computers for the purpose

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

BAND: 5. 37½ hours per week 1. JOB SUMMARY

BAND: 5. 37½ hours per week 1. JOB SUMMARY POST TITLE: Software Developer BAND: 5 HOURS: ACCOUNTABLE TO: LOCATION: 37½ hours per week Head of Informatics Programme Mamhilad 1. JOB SUMMARY Reporting to Software Development Manager, the post holder

More information

SRA International Managed Information Systems Internal Audit Report

SRA International Managed Information Systems Internal Audit Report SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...

More information

MSP Service Matrix. Servers

MSP Service Matrix. Servers Servers MSP Service Matrix Microsoft Windows O/S Patching - Patches automatically updated on a regular basis to the customer's servers and desktops. MS Baseline Analyzer and MS WSUS Server used Server

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Conquering PCI DSS Compliance

Conquering PCI DSS Compliance Any organization that stores, processes or transmits information related to credit and debit card payments has a responsibility to protect each cardholder s personal data. To help accomplish this goal,

More information

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE About M 2 TD M2 TD is a wholly black Owned IT Consulting Business. M 2 TD is a provider of data center consulting and managed services. In a rapidly changing

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Originator: IT Performance and Capacity Management Policy Approval and Version Control Approval Process: Position or Meeting

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

information systems security policy...

information systems security policy... sales assessment.com information systems security policy... Approved: 2nd February 2010 Last updated: 2nd February 2010 sales assessment.com 2 index... 1. Policy Statement 2. IT Governance 3. IT Management

More information

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data

More information

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized

More information

MANAGED SERVICES PROVIDER. Dynamic Solutions. Superior Results.

MANAGED SERVICES PROVIDER. Dynamic Solutions. Superior Results. MANAGED SERVICES PROVIDER Dynamic Solutions. Superior Results. REVOLUTIONIZE YOUR INSTITUTION BY FULLY LEVERAGING THE BENEFITS OF TECHNOLOGY MAXIMIZE YOUR TECHNOLOGY INVESTMENTS ENHANCE SECURITY OF YOUR

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Job Description SF07708

Job Description SF07708 Job Description SF07708 Post Title: CRM/CMS Team Leader Grade: Grade 7 Faculty/Department: Reports to: Responsible For: Information Technology (COOG) Assistant Director of IT (Applications Development

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

Australian Computer Society ANZSCO ICT Code descriptions v1.0 01.07.2011 Further updates will be issued in 2011-2012

Australian Computer Society ANZSCO ICT Code descriptions v1.0 01.07.2011 Further updates will be issued in 2011-2012 Australian Computer Society ANZSCO ICT Code descriptions v1.0 01.07.2011 Further updates will be issued in 2011-2012 The Australian Computer Society is the gazetted authority within Australia to undertake

More information

Sub-section Content. 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx

Sub-section Content. 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx Sub-section Content 1 Formalities - Post title: Risk Consultant - Reports to: Head of Group Risk - Division: xxx - Location: xxx 2 Job Purpose - To support the implementation of an Enterprise Risk Management

More information

CONTENTS. PCI DSS Compliance Guide

CONTENTS. PCI DSS Compliance Guide CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not

More information

I.T. Assurance. Letting you do what you do best... run your business. www.sironasolutions.com 0161 850 1000

I.T. Assurance. Letting you do what you do best... run your business. www.sironasolutions.com 0161 850 1000 Letting you do what you do best... run your business www.sironasolutions.com 06 850 000 For years, IT companies and their clients have been working against each other. Something breaks, the IT company

More information

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices

More information

Firewall Administration and Management

Firewall Administration and Management Firewall Administration and Management Preventing unauthorised access and costly breaches G-Cloud 5 Service Definition CONTENTS Overview of Service... 2 Protects Systems and data... 2 Optimise firewall

More information

Information Technology Cluster

Information Technology Cluster Network Systems Pathway Information Technology Cluster Assistant Network Technician -- This major prepares students to install, configure, operate, and connections to remote sites in a wide area network

More information

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Exhibit B5b South Dakota. Vendor Questions COTS Software Set Appendix C Vendor Questions Anything t Applicable should be marked NA. Vendor Questions COTS Software Set Infrastructure 1. Typically the State of South Dakota prefers to host all systems. In the event

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration

More information

Unified Threat Management, Managed Security, and the Cloud Services Model

Unified Threat Management, Managed Security, and the Cloud Services Model Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical

More information

Project Management and ITIL Transitions

Project Management and ITIL Transitions Project Management and ITIL Transitions April 30 th 2012 Linda Budiman Director CSC 1 Agenda Thought Leadership: Linda Budiman What is ITIL & Project Management: Applied to Transitions Challenges & Successes:

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information

Managed Service Plans

Managed Service Plans Managed Service Plans www.linkedtech.com 989.837.3060 989.832.2802 fax Managed Information Technology Services System downtime, viruses, spy ware, losses of productivity Are the computer systems you rely

More information

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY Effective December 15, 2008 State of Illinois Department of Central Management Services

More information