Development trend 3: Cultivating an Information Security Culture

Size: px
Start display at page:

Download "Development trend 3: Cultivating an Information Security Culture"

Transcription

1 Chapter 6 Development trend 3: Cultivating an Information Security Culture 6.1 Introduction This chapter will investigate the third development trend of the institutional wave as described by Von Solms. [VON01] Von Solms identified this trend as the cultivation of an information security culture. This includes designing and implementing an information security awareness programme to educate employees about information security in the organisation. Implementing an effective information security awareness programme helps all employees understand why they need to take information security seriously, what they will gain from its implementation and how it will assist them in completing their assigned tasks. An effective information security awareness programme could be the most cost-effective initiative a company can take to protect its critical information assets. [NET01] This protection can only be provided if there are effective programmes in place to make certain that employees are aware of their responsibilities. The NIST handbook [NIS00] states that people are a crucial factor in ensuring the security of computer systems and valuable information resources. This is because human actions account for a far greater degree of computer-related loss than all other sources combined. According to the information security breaches survey in 2000, [ISB00] a big problem that organisations face is the training of people so that they use Chapter 6 70

2 systems properly and securely. This is because people think that whenever anything goes wrong; it is always the information technology department s fault. It is the organisation s responsibility to make employees aware of information security policies and issues in the organisation. Without knowing the necessary security controls (and how to use them), users cannot be truly accountable for their actions. [NIS00] Organisations that have implemented strong protection mechanisms and have educated their staff are in the best position to protect their information from unauthorised disclosure or modification. According to CCTA [CCT99], the information security procedures must be integrated into normal everyday routine, and staff should come to recognise security as an enabler rather than a barrier. The NIST handbook [NIS00] also stresses this every day routine by stating that information security is an ongoing process. This process of making employees information security aware must continue after a candidate has been hired, which includes keeping employees up to date with their information security duties and responsibilities. One method of making employees more aware of information security issues in the organisation is by means of an information security awareness programme. An information security awareness programme must be carefully thought through and correctly implemented to obtain optimal results. An information security awareness programme must be structured in such a way that all employees, from top management to the individuals, understand their responsibilities in terms of information security. The rest of this chapter will investigate the importance of information security awareness in an organisation. This includes why employees must be information security aware and how this awareness can be presented to the employees. This chapter will also investigate different methods that can be used to present information security awareness to employees. Chapter 6 71

3 6.2 Information security awareness According to Netigy, [NET01] security professionals claim that there are three key elements for any security programme: availability, integrity and confidentiality. Corporate management must have confidence in the available information so that it can make informed business decisions. For this reason, information needs to be readily accessible, and controls and reporting mechanisms must be in place to detect unauthorised access, whether by someone outside the organisation or someone within. This idea of availability, integrity and confidentiality is also shared by Internet Security Systems [ISS00] when talking about information security awareness. This can be depicted in the figure below: Business strategy Policy and guidelines Security frameworks, architecture and solutions Awareness and vigilance Figure 6.1: Influence of awareness Chapter 6 72

4 The figure clearly shows that awareness has a big influence on the availability, integrity and confidentiality of information in an organisation. The Internet Security Systems [ISS00] continue to state that this awareness can be obtained through employee education. This education is an ongoing effort to raise awareness of the need for information security at the senior management, administrator and end-user levels. The process cuts across all other security processes and can be depicted in the figure below [ISS00]: Best practices and guidelines Figure 6.2: Fundamental security management life cycle The figure above clearly shows that awareness (education) has an influence on best practices as depicted in the middle of the cycle. In a survey conducted by Information Week and Price WaterhouseCoopers [WOR98], employees and other authorised users were the source of most information security Chapter 6 73

5 breaches in a corporate network. This has driven organisations to look at security from all angles and define an overall security strategy that reduces their risks. These risks can involve a variety of breaches that can occur in an organisation. The next paragraph will investigate different kinds of breaches in more detail. 6.3 Security breaches According to a survey conducted by IDC [WOR98], more than 68% of organisations have deployed network firewalls. These dedicated security applications prevent hackers and other unauthorised users from accessing the corporate network. The "quick-fix" has been adopted by almost everyone in the business environment. These firewalls help to keep security breaches from outside the organisation to a minimum. [WOR98] According to Frank Prince, a senior security analyst at Forrester, the kinds of insider breaches that are the most costly get traced back to a human being, and become a physical security personnel issue. [BRI00]. A survey held by Survey 200 [BRI00] showed nine (A-I) insider breaches that were investigated. These insider breaches included: A: Installation/use of unauthorised software B: Infection of company equipment via viruses/ malicious code/executables C: Use of company computing resources for illegal or illicit communications or activities D: Abuse of computer access controls E: Installation/use of unauthorised hardware/peripherals F: Use of company computing resources for personal profit G: Physical theft, sabotage or intentional destruction of computing equipment H: Electronic theft, sabotage or intentional destruction/disclosure of proprietary data or information I: Fraud Chapter 6 74

6 The figure below depicts the different insider breaches with the percentages of occurrence. % of Breaches I 13 H 24 G 42 Breaches F E D C 63 B A % Figure 6.3: Percentage of insider breaches Insider breaches may be partially addressed with an information security awareness programme. The survey also investigated if these insider breaches were accidental or deliberate. The figure below depicts which of the nine insider breaches were accidental or deliberate. Accidental and deliberate breaches 17% 35% Deliberate Accidental Unsure 48% Figure 6.4: Deliberate and accidental breaches. Chapter 6 75

7 The figure above clearly shows that 48% of all the insider breaches in an organisation are accidental. This means that the employees did not know they were violating the integrity, confidentially and/or the availability of the information. If however, these employees were more aware of the security issues in the organisation, the accidental breaches could have been avoided. One method that organisations can use to make employees more information security aware is an information security awareness programme. The next paragraph investigates an information security awareness programme in more detail. 6.4 An information security awareness programme Presentation of an information security awareness programme There are a lot of different methods that can be used to present an information security programme to employees. Each method has its own advantages and disadvantages in educating employees. These advantages and disadvantages will be investigated in this chapter. The methods that will be investigated include: Posters Screensaver/mouse pads Calendar Workshops Videos Internet Other methods that will not be investigated but are also useful in an information security awareness programme are brochures, newspapers and magazines. Small competitions can also be held in the organisation to encourage employees to participate in an information security awareness programme. These can include Chapter 6 76

8 monthly competitions to see which employee can submit the most interesting information security article he/she has read that month. When planning an information security awareness programme, the following aspects must be looked at: The number of employees who are going to participate in the information security awareness programme. The employees geographical locations. Funds available for security awareness programmes. Timeframes available to complete the security awareness programme. The level of awareness that employees must have to comply with. The amount of awareness information that can be displayed. The rest of this chapter will investigate each of the information security awareness methods and compare them to the aspects mentioned above Posters Posters must be carefully designed to educate the reader, while providing the how and why in order to gain the reader's acceptance, resulting in more widespread adoption of secure practices and greater levels of compliance with existing standards. The advantage of this method is that posters are placed in areas such as above water fountains and coffee machines or in tearooms, for example, where staff normally spend a couple of minutes. Posters can efficiently and effectively educate numerous staff on new security topics each and every month. [SEC00] Posters must be colourful and attract the employees attention. The disadvantage of this method is that the information security awareness team has no idea if the employees actually do read the posters and take the security issues on them seriously. Another disadvantage is that no matter how well the posters are Chapter 6 77

9 designed, they will simply blend in to the environment after a while. To prevent this from happening, all awareness techniques should be creative and changed frequently. [NIS00] Another disadvantage is that only a limited amount of awareness information can be printed on the posters. Posters are usually used if all the employees are working at one central working place. If employees are working at different geographical locations, the cost of transport must be added. The uncertainty is also always there that the poster can get lost, misplaced and will never reach the target employees. The figure below shows an example of a poster. Figure 6.5: Example of a poster [ISA00] The table below evaluates the poster method according to the criteria already mentioned above. Chapter 6 78

10 Table 6.1: Evaluation of posters. Evaluation: Number of employees involved Number of different geographical locations involved Funds needed Timeframes needed for presentation Level of awareness of employees Amount of awareness information displayed Medium High Low Low Low Low Screensaver There are a lot of small things around the office and the workstation that can be used in presenting information security awareness to employees like screensavers and mouse pads. People seem to be intrigued with screensavers. That's why a screen saver is an effective way to bring information security awareness messages right to the individual end-users. The advantage is that screensavers can be used to convey information security facts, awareness tips, and quiz questions with answers. This will provide repetitive learning to the employees. Short security-related animations are included to help elevate interest and encourage attentiveness. [SEC00] These information security facts and awareness tips that are combined with the screensaver can be changed on a regular basis, for instance each month. The employees can obtain these screensavers by means of an sent by the information security awareness team. It is up to senior management to decide who must take responsibility for updating the screensavers. The responsibility can be given to an already established committee like the publicity committee or a new committee can be formed to take responsibility for all information security awareness matters. If the screensaver is not animated, any poster design can be used. Chapter 6 79

11 Another method is using mouse pads to display awareness tips. A security tip is chosen in such a way that it will always be relevant and will be seen by the employee every time he/she works with the mouse. A security awareness tip can include something like always keep your password secure or always remember to log off when finished working. A mouse pad can be seen as a small poster. Figure 6.6: Example of a mouse pad [ISA00] The table below evaluates the screensaver and mouse pad methods according to the criteria already mentioned above. Table 6.2: Evaluation of screensavers and mouse pads Evaluation: Screen saver Mouse pad Number of employees involved: High Medium Number of different geographical locations involved: High Medium Funds needed: Low Medium Timeframes needed for presentation: Low Low Level of awareness of employees: Low Low Amount of awareness information displayed: Low Low Chapter 6 80

12 Calendars Another method organisations can use to present information security awareness is with calendars. Calendars contain the days, weeks and months of the year and can be used on a daily basis. The size of calendars can differ, from pocket-size calendars to calendars that can be hung on a wall. Calendars doesn't have to be dry, boring memos circulated by company or nagging tips of the day on pop-up menus. Instead, calendars must be created to be fun and eye-catching and work as an alternative form of promotional materials that will get the message across [ISA00]. The figure below is an example of a calendar. Figure 6.7: Example of a calendar The table below evaluates the calendar method according to the criteria already mentioned above. Table 6.3: Evaluation of calendars Evaluation: Number of employees involved: Number of different geographical locations involved: Funds needed: Timeframes needed for presentation: Level of awareness of employees: Amount of awareness information displayed: High High Medium Low Low Medium Chapter 6 81

13 Workshops Holding a workshop is an excellent way to provide interaction and a personal touch to your information security awareness training. Workshops must be designed to enable a person to easily present an awareness course to employees. This means that an information security awareness workshop must be interesting and easily understood by employees. The course can cover a variety of areas where employees may face information security issues in the performance of their normal daily activities. An objective of the workshops is for employees to learn about their responsibility towards protecting the information they works with. [SEC00] This can include workshops covering topics ranging from choosing and protecting passwords to making backups, for example. There are a few disadvantages that need to be considered when presenting workshops. One problem is the cost of the workshop. The security awareness teams must organise a venue where these workshops are going to take place. If the organisation does not have a favourable venue on the premises, an external venue must be rented. The employees must take time off from work to attend the workshops. The productivity of the organisation will be affected if employees are absent for any period of time. At workshops, large amounts of information are given to the employees and an employee might not be able to absorb all the information that is given to him. This means that an employee must learn at the presenter s pace and not his own. This is a great disadvantage. When talking about attendance, another problem is what happens when the employees are working at different locations. For example, if an organisation s head office is in Johannesburg and a second office in Cape Town, the problem that arise as to where the workshop should be held. Do all the employees from Johannesburg travel down to Cape Town (where the organisation is paying for all expenses) or are there going to be two different workshops. This means two different venues and different people to present the workshop. The conclusion is that workshops are a very good and personal Chapter 6 82

14 method for presenting security awareness programmes if all the employees are at one geographical location. [ISA00] The table below evaluates the workshop method according to the criteria already mentioned above. Table 6.4: Evaluation of workshops Evaluation: Number of employees involved: Number of different geographical locations involved: Funds needed: Timeframes needed for presentation: Level of awareness of employees: Amount of awareness information displayed: Low Low High High Medium High Videos Showing an information security awareness video is a good way to stimulate discussion for an information security awareness training session. [IRO00] It is through this discussion that managers and trainers can reinforce the need for information security in the organisation. Videos must be created in an interesting and humorous way so the employees find it interesting to watch. Videos can convey vast amounts of information in a short period of time. The disadvantage with the video method is that all the employees must be in one central area at the same time to watch the video. That means scheduling a venue and time that is suitable for all. Videos can cost a lot of money to design and produce, but after the initial expense the videos are a cost-effective method that can be used in workshops (as mentioned Chapter 6 83

15 above) to educate employees. Video is also an excellent idea to use in the orientation of new employees. The table below evaluates the video method according to the criteria already mentioned above. Table 6.5: Evaluation of videos Evaluation: Number of employees involved: Number of different geographical locations involved: Funds needed: Timeframes needed for presentation: Level of awareness of employees: Amount of awareness information displayed: Medium Medium Medium Medium Low High Internet and Intranet Many organisations are finding that an effective way to provide information for their staff is through a company s Intranet. This allows a user to browse or search large amounts of information and he/she can learn at his/her own pace on their own schedule. The world-wide method that is being used for making employees security aware is a security awareness web site. [SEC00] This website can easily be customised to fit your organisation's image. Simply insert the website into your existing Intranet structure. An editable contact page and link are available to inform the reader of whom to contact for more information and what to do in case of a security incident. This is a great tool for promoting awareness of any topic. [SEC00] This website can be designed to attract the employees attention, for example, by displaying jokes and cartoons. The information security awareness team can make Chapter 6 84

16 the learning of security issues fun by running competitions on the website. These competitions can vary from crossword puzzles to word games. Competitions can include things like the employees must find an article published in newspapers, magazines or on the web on any security situation that happened anywhere in the world. The employees learn about information security situations and what can go wrong in organisations while searching for an article. All the articles or summaries of the articles can then be published on the website for all the employees to read. The best one can win a prize. This is to motivate the employees and to let them know that they can also gain from learning about information security aspects. These security awareness websites will cost less than the other methods already mentioned. The websites can also be updated on a regular basis so that the employees will always find something new. The website can be used not only in educating employees on information security awareness aspects but also in testing them. Different information security tests can be posted on the site for completion by the employees. These tests can cover different security aspects. The results of the tests are then checked to see whether or not if the employee successfully completed the test. If the employee failed the test, more information can be sent to the employee about that specific information security aspect(s). The employee is then asked to take the test again. By doing the testing via websites, an information security awareness profile can be built up for every employee. The results of the tests that were done by the employee can then be added together to compile a profile of the state of information security awareness in the whole organisation. Educating employees by means of a website has many advantages. This kind of security awareness education is not only for employees at the same geographical location but can be used for any employee anywhere in the world who has access to the Internet. This concept of education over the Internet falls into the category of distance learning/education. Chapter 6 85

17 Fig AWARENESS IS THE KEY TO SECURITY S-A-F-E Security Awareness for Everyone Main Page Passwords PC Security Backups use Passwords Passwords are an integral part of overall security. Unfortunately, they are one of the vulnerabilities most frequently targeted by someone trying to break into a system. There are several ways an unauthorized person (ie: hacker/cracker) might try to gain access to another person's password. Often, people use personal information such as their own or a family member's name as a password. This is one of the first things a hacker or cracker might try. A more sophisticated method is password cracking software. Most of these programmes can 'crack' a password within seconds by using large dictionary files and lists of common names or passwords. Another type, known as a 'brute force' attack, attempts every possible combination of letters, numbers, or special characters. Back to Main Page Creating Stronger Passwords Figure 6.8: Internet awareness programme [SEC00] Chapter 6 86

18 According to Czirr [CZI00], an Internet education programme saves time and space and reduces or eliminates travel requirements for those working in satellite facilities. This means that the state of the organisation s information security awareness can be known at any time and potential information security risks can be stopped well in advance. Figure 6.8 is an example of the home page of an information security awareness programme. The table below evaluates the Internet method according to the criteria already mentioned above. Table 6.6: Evaluation of Internet Evaluation: Number of employees involved: Number of different geographical locations involved: Funds needed: Timeframes needed for presentation: Level of awareness of employees: Amount of awareness information displayed: High High Low Medium Medium High The contents of an information security awareness programme The method used to present an information security awareness programme is very important, but what is more important, is the awareness information that will be presented. Figure 6.2 depicted that education is based around a best practice. This means that an organisation must educate its employees about the information security awareness aspects that can be found in a best practice. One aspect that BS 7799 addresses is passwords. The section on password use is under the heading Access control in the ISO/IEC guidebook and includes the following [BRI99]: Chapter 6 87

19 Keep password confidential Avoid keeping a paper record of password, unless this can be stored securely Change passwords whenever there is any indication of possible system or password compromise Select quality password with a minimum length of six characters Not based on anything somebody else could easily guess or obtain Free of consecutive identical character or all numeric of all alphabetical groups Change passwords at regular intervals or based on the number of accesses Change temporary passwords at the first log-on Do not share individual user passwords. The information security aspects mentioned above cover only a small amount of information that can be included in an information security awareness programme. This information can be handed to the employees in the following ways: [SEC00] Full presentation on CD Printed handouts Printed speaker notes Presenter's guide Customised audio intro End-user quiz Information security aspects that can be included in the handouts mentioned above and discussed in an information security awareness programme include: [SEC00] Password Construction Password Management Internet Usage Telephone Fraud Chapter 6 88

20 Usage Viruses PC Security Software Licensing Backups Physical Security Social Engineering Data Confidentiality These are many aspects that can be included in the presentation of an informality security awareness programme. Ultimately, each organisation must decide which information security aspects will be included in the awareness programme. 6.5 Conclusion This chapter investigated the presentation methods that can be used to present information security awareness programmes to employees. The main purpose of an information security awareness programme is to make employees aware of their information responsibilities in terms of information security in an organisation. All employees must be aware of information security measures before they can comply with them. This means that it is up to organisations to inform employees about information security issues. Using the definitions of confidentiality, integrity and availability, a basic understanding of information security is possible. These security awareness measures can be presented to the employees by way of information security awareness programmes. Each of the presentation methods has been evaluated against a set of criteria. These information security awareness programmes cannot be a once-off programme, but must be ongoing for the optimum results. These information security awareness programmes and information security measures must become part of all the Chapter 6 89

21 employees everyday routines. Before the employees can start securing information in the workplace, they must know what can be done to prevent information security incidents. The next chapter will investigate the fourth and last information security trend of the institutional wave. The fourth trend is about measuring the information security situation in an organisation. The reason for measuring information security is to determine whether or not information security measures are complied with. Chapter 6 90

FIVE NON-TECHNICAL PILLARS OF NETWORK INFORMATION SECURITY MANAGEMENT

FIVE NON-TECHNICAL PILLARS OF NETWORK INFORMATION SECURITY MANAGEMENT FIVE NON-TECHNICAL PILLARS OF NETWORK INFORMATION SECURITY MANAGEMENT Elmarie Kritzinger 1 and Prof S.H. von Solms 2 1 School of Computing, University of South Africa, SA. 2 Department of Computer Science,

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

Multi-Factor Authentication (FMA) A new security feature for Home Banking. Frequently Asked Questions 8/17/2006

Multi-Factor Authentication (FMA) A new security feature for Home Banking. Frequently Asked Questions 8/17/2006 Multi-Factor Authentication (FMA) A new security feature for Home Banking Frequently Asked Questions 8/17/2006 1. Why is MFA being added? We take our obligation to protect our members seriously. To make

More information

Business Case. for an. Information Security Awareness Program

Business Case. for an. Information Security Awareness Program Business Case (BS.ISAP.01) 1 (9) Business Case for an Information Security Business Case (BS.ISAP.01) 2 Contents 1. Background 3 2. Purpose of This Paper 3 3. Business Impact 3 4. The Importance of Security

More information

SOMETHING PHISHY IS GOING ON!

SOMETHING PHISHY IS GOING ON! SOMETHING PHISHY IS GOING ON! Engaging, easy to understand, memorable training. WHAT WE DO We have created a series of training episodes that are highly engaging, easy to understand and memorable. They

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Developing the Security Program Jan 27, 2005 Introduction Some organizations use security programs to describe the entire set of personnel, plans, policies, and initiatives

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

Electronic Communications Guidance for School Staff 2013/2014

Electronic Communications Guidance for School Staff 2013/2014 Our Lady of Lourdes and St Patrick s Catholic Primary Schools Huddersfield Electronic Communications Guidance for School Staff 2013/2014 Updated September 2013 Contents 1. Introduction 2. Safe and responsible

More information

ENISA s ten security awareness good practices July 09

ENISA s ten security awareness good practices July 09 July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European

More information

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information

More information

3 Security needs to keep pace with evolving computer architecture. 1 General perceptions and understanding of computer security vary considerably.

3 Security needs to keep pace with evolving computer architecture. 1 General perceptions and understanding of computer security vary considerably. Employee Security Education Patrick Dooley: Wisconsin Department of Revenue Synopsis The electronic world presents today s worker with a totally new set of security problems. The ability to duplicate,

More information

IT ACCESS CONTROL POLICY

IT ACCESS CONTROL POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

Information Security Awareness Training. Course Outline. Provides a brief orientation to the topics covered in the module.

Information Security Awareness Training. Course Outline. Provides a brief orientation to the topics covered in the module. Information Security Awareness Training Course Outline Module 1 Information security risks 1. explain what information security means. 2. define the four aspects of information security. 3. understand

More information

Oregon Secretary of State Security Awareness Program Strategic Plan Recommendation

Oregon Secretary of State Security Awareness Program Strategic Plan Recommendation Oregon Secretary of State Security Awareness Program Prepared by: Information Systems Division On: July 31, 2008 - Focused on Security. Dedicated to Success. - Revised 9/4/2008 4:30 PM Document History...

More information

Boston University Security Awareness. What you need to know to keep information safe and secure

Boston University Security Awareness. What you need to know to keep information safe and secure What you need to know to keep information safe and secure Introduction Welcome to Boston University s Security Awareness training. Depending on your reading speed, this presentation will take approximately

More information

Terms and Conditions of Use - Connectivity to MAGNET

Terms and Conditions of Use - Connectivity to MAGNET I, as the Client, declare to have read and accepted the terms and conditions set out below for the use of the network connectivity to the Malta Government Network (MAGNET) provided by the Malta Information

More information

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY OBJECTIVE To provide users with guidelines for the use of information technology resources provided by Council. SCOPE This policy

More information

Authorised Acceptable Use Policy 2015-2016. Groby Community College Achieving Excellence Together

Authorised Acceptable Use Policy 2015-2016. Groby Community College Achieving Excellence Together Groby Community College Achieving Excellence Together Authorised Acceptable Use Policy 2015-2016 Reviewed: Lee Shellard, ICT Manager: May 2015 Agreed: Leadership & Management Committee: May 2015 Next review:

More information

ANNUAL SECURITY RESPONSIBILITY REVIEW

ANNUAL SECURITY RESPONSIBILITY REVIEW ANNUAL SECURITY RESPONSIBILITY REVIEW For Faculty and Staff Who Use Computers Minimally in their work May 2012 Training Topics What is Information Security? Review Security Vulnerabilities Phishing email

More information

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...

More information

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality No This Revision September

More information

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are

More information

(Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY. 2001. Melissa Guenther, LLC. All rights reserved.

(Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY. 2001. Melissa Guenther, LLC. All rights reserved. (Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY Company Policies Security Awareness Program Purposes Integrate Define Feedback Activities Elicit Implement Employees

More information

Working Practices for Protecting Electronic Information

Working Practices for Protecting Electronic Information Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that

More information

Musina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-

Musina Local Municipality. Information and Communication Technology User Account Management Policy -Draft- Musina Local Municipality Information and Communication Technology User Account Management Policy -Draft- Version Control Version Date Author(s) Details V1.0 June2013 Perry Eccleston Draft Policy Page

More information

Making information security awareness and training more effective

Making information security awareness and training more effective Making information security awareness and training more effective Mark Thomson Port Elizabeth Technikon, South Africa Key words: Abstract: Information security, awareness, education, training This paper

More information

ICT POLICY AND PROCEDURE

ICT POLICY AND PROCEDURE ICT POLICY AND PROCEDURE POLICY STATEMENT St Michael s College regards the integrity of its computer resources, including hardware, databases and software, as central to the needs and success of our day-to-day

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

The Ministry of Information & Communication Technology MICT

The Ministry of Information & Communication Technology MICT The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.

More information

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3 Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use

More information

GETTING PHYSICAL WITH NETWORK SECURITY WHITE PAPER

GETTING PHYSICAL WITH NETWORK SECURITY WHITE PAPER GETTING PHYSICAL WITH NETWORK SECURITY WHITE PAPER Molex Premise Networks EXECUTIVE SUMMARY This article discusses IT security, which is a well documented and widely discussed issue. However, despite the

More information

Information Services. Protecting information. It s everyone s responsibility

Information Services. Protecting information. It s everyone s responsibility Information Services Protecting information It s everyone s responsibility Protecting information >> Contents >> Contents Introduction - we are all responsible for protecting information 03 The golden

More information

Acceptable Use of ICT Policy. Staff Policy

Acceptable Use of ICT Policy. Staff Policy Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Acceptable Use of Information Technology Policy

Acceptable Use of Information Technology Policy Acceptable Use of Information Technology Policy Date created: January 2006 Updated Review date: April June 2008 Review date: Oct Dec 2009 Introduction VAW provides IT facilities for promoting its charitable

More information

The evolution of data connectivity

The evolution of data connectivity Leveraging the Benefits of IP and the Cloud in the Security Sector The CCTV and alarm industry has relied on analogue or Integrated Services Digital Network (ISDN) communications to provide data connectivity

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

Think secure. Information security at the University of Copenhagen

Think secure. Information security at the University of Copenhagen Think secure Information security at the University of Copenhagen All staff and students at the University of Copenhagen (KU) have to be familiar with information security (IS), because: we need to take

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

Code of Business Principles Helping us do the right thing

Code of Business Principles Helping us do the right thing Code of Business Principles Helping us do the right thing Code of Business Principles Helping us do the right thing Contents 01 Foreword 02 Who is the code for? 03 Where to find advice or raise a concern

More information

2) applied methods and means of authorisation and procedures connected with their management and use;

2) applied methods and means of authorisation and procedures connected with their management and use; Guidelines on the way of developing the instruction specifying the method of managing the computer system used for personal data processing, with particular consideration of the information security requirements.

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Information Technology Cyber Security Policy

Information Technology Cyber Security Policy Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please

More information

Cyber Security Incident Reporting Scheme

Cyber Security Incident Reporting Scheme OCIO/G4.12a ISMF Guideline 12a Cyber Security Incident Reporting Scheme BACKGROUND Reporting cyber security incidents is a source of intelligence information that assists in the development of a greater

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Information Resources Security Guidelines

Information Resources Security Guidelines Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

QUALIFICATION HANDBOOK

QUALIFICATION HANDBOOK QUALIFICATION HANDBOOK Level 2 Extended Certificate in Health Informatics (7450-12) February 2012 Version 1.0 Qualification at a glance Subject area City & Guilds number 7450 Health Informatics Age group

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

2. _General Help and Technical Support

2. _General Help and Technical Support 1. _Welcome Welcome to Business Internet Banking. Our online service is available 06:00 AM ET 12:00 AM (Midnight) ET, seven days a week, so you and your employees can manage your business banking accounts

More information

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review Blakeley Heath Primary School E-Safety Policy Development / Monitoring / Review of this Policy This e-safety policy has been developed by a working group made up of: Headteacher Coordinator Staff including

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security

More information

INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY

INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY 1. PURPOSE In respect to this policy the term physical and environmental security refers to controls taken to protect

More information

Informatics Policy. Information Governance. Network Account and Password Management Policy

Informatics Policy. Information Governance. Network Account and Password Management Policy Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information

More information

Network Password Management Policy & Procedures

Network Password Management Policy & Procedures Network Password Management Policy & Procedures Document Ref ISO 27001 Section 11 Issue No Version 1.3 Document Control Information Issue Date April 2009, June 2010, September 2011 Status Approved By FINAL

More information

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers

More information

U07 Information Security Incident Policy

U07 Information Security Incident Policy Dartmoor National Park Authority U07 Information Security Incident Policy June 2010 This document is copyright to Dartmoor National Park Authority and should not be used or adapted for any purpose without

More information

Hengtian Information Security White Paper

Hengtian Information Security White Paper Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...

More information

ELECTRONIC INFORMATION SECURITY A.R.

ELECTRONIC INFORMATION SECURITY A.R. A.R. Number: 2.6 Effective Date: 2/1/2009 Page: 1 of 7 I. PURPOSE In recognition of the critical role that electronic information systems play in City of Richmond (COR) business activities, this policy

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Cyril Onwubiko Networking and Communications Group http://ncg. ncg.kingston.ac.

Cyril Onwubiko Networking and Communications Group http://ncg. ncg.kingston.ac. Cyril Onwubiko Networking and Communications Group http://ncg ncg.kingston.ac..ac.uk http://ncg.kingston.ac.uk +44 (0)20 8547 2000 Security Threats & Vulnerabilities in assets are two most fundamental

More information

Information Security Incident Reporting & Investigation

Information Security Incident Reporting & Investigation Information Security Incident Reporting & Investigation Purpose: To ensure all employees, consultants, agency workers and volunteers are able to recognise an information security incident and know how

More information

As a System user you need to be informed of the following issues that are governed by Trust policies and by law. Password Control Page 2

As a System user you need to be informed of the following issues that are governed by Trust policies and by law. Password Control Page 2 JAC MEDICINES MANAGEMENT CLINICAL DATA SYSTEM SECURITY DOCUMENT It is very important that information on JAC is kept secure from unauthorised access and that no one is able to use the system that has not

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

Internet basics 2.3 Protecting your computer

Internet basics 2.3 Protecting your computer Basics Use this document with the glossary Beginner s guide to Internet basics 2.3 Protecting your computer How can I protect my computer? This activity will show you how to protect your computer from

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 14 Risk Mitigation Objectives Explain how to control risk List the types of security policies Describe how awareness and training

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

ICTN 4040. Enterprise Database Security Issues and Solutions

ICTN 4040. Enterprise Database Security Issues and Solutions Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of

More information

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low Policy Social Media Acceptable Use Policy Date approved by - ISG Version Issue Date Review Date Executive Lead 11/6/2013 1.0 11/6/2013 11/6/2015 Mike Robson Executive Director Finance Procedure/Policy

More information

Acceptable Usage Policy

Acceptable Usage Policy Acceptable Usage Policy Anittel Document Version 1.0 27 March 2015 anittel.com.au 1300 10 11 12 IT Support Services Telecommunications Internet & Data Cloud Services Hardware & Software Contents INTRODUCTION...

More information

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS Effective Date June 9, 2014 INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS OF THE HELLER SCHOOL FOR SOCIAL POLICY AND MANAGEMENT Table of Contents 1.

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

Internal Control Guide & Resources

Internal Control Guide & Resources Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed

More information

Responsible Access and Use of Information Technology Resources and Services Policy

Responsible Access and Use of Information Technology Resources and Services Policy Responsible Access and Use of Information Technology Resources and Services Policy Functional Area: Information Technology Services (IT Services) Applies To: All users and service providers of Armstrong

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

STUDENT S INFORMATION SECURITY GUIDE

STUDENT S INFORMATION SECURITY GUIDE STUDENT S INFORMATION SECURITY GUIDE April 2013 Table of contents Information security is important - also for you...1 Use strong passwords and keep them safe...2 E-mail use...3 Beware of phishing and

More information

Information Systems Security Assessment

Information Systems Security Assessment Physical Security Information Systems Security Assessment 1. Is the server protected from environmental damage (fire, water, etc.)? Ideal Answer: YES. All servers must be housed in such a way as to protect

More information

Acceptable Usage Policy

Acceptable Usage Policy Contents 1. INTRODUCTION... 2 2. PURPOSE... 2 3. APPLICATION... 2 4. YOUR OBLIGATIONS AND PROHIBITED USE... 2 5. SPAM... 3 6. EXCESSIVE USE... 3 7. SECURITY... 4 8. COPYRIGHT... 4 9. CONTENT... 4 10. REGULARTORY

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé NHS HDL (2006)41 abcdefghijklm = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé Dear Colleague NHSSCOTLAND INFORMATION SECURITY POLICY Summary 1. NHSScotland IT Security Policy was

More information

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT Rok Bojanc ZZI d.o.o. rok.bojanc@zzi.si Abstract: The paper presents a mathematical model to improve our knowledge of information security and

More information

Getting a Secure Intranet

Getting a Secure Intranet 61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Executive Management of Information Security

Executive Management of Information Security WHITE PAPER Executive Management of Information Security _experience the commitment Entire contents 2004, 2010 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without

More information

Chronic Disease Management

Chronic Disease Management RESOURCE AND PATIENT MANAGEMENT SYSTEM Chronic Disease Management (BCDM) Version 1.0 Office of Information Technology (OIT) Division of Information Resource Management Albuquerque, New Mexico Table of

More information

Montana Tech Escalation Procedures for. Security Incidents

Montana Tech Escalation Procedures for. Security Incidents Montana Tech Escalation Procedures for Security Incidents 1.0 Introduction This procedure describes the steps which are to be taken for physical and computer security incidents which occur within the Montana

More information

Network and Workstation Acceptable Use Policy

Network and Workstation Acceptable Use Policy CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of

More information