IT Simplifier Webinar:

Size: px
Start display at page:

Download "IT Simplifier Webinar:"

Transcription

1 IT Simplifier Webinar: How to improve security through your associates Institutionalizing Security Policy (Part 2 of 3)

2 Who is Bross Group? Bross Group is a premier IT consulting and talent management firm dedicated to helping clients across multiple industries with all of their IT requirements. Bross Group has a unique intersection of Service Delivery and Practice Areas that enable clients to enhance value and promote nimble technological restructuring. Founded in years developing, architecting and implementing successful solutions in various verticals Consultants average 17 years of experience in business information technology Consistently recognized as a Best Place to Work by the Denver Business Journal Microsoft Gold Certified Partner (2012) Nominated for "Colorado Companies to Watch" (February 2014) Certified Women's Business Enterprise (WBENC) Certified National Women Business owners Corporation (NWBOC)

3 4 Service Areas

4 What does Bross Group Do? SharePoint Business Continuity Mobile Solutions Cloud Office 365 Virtualization Analytics/BI Project Management Strategy Planning

5 Some of our work

6 Your Speaker Today is Cindy Gibson Bross Group Security Program Director Cindy combines a business-minded approach with strong technical acumen, Cindy is a certified Project Management Professional (PMP), Certified Agile Scrum Master (CSM), Certified Six-Sigma Green Belt, Certified Information Systems Security Professional (CISSP), and offers knowledge in COBIT processes, ITIL foundations and SDLC.

7 Agenda Improving Security Through Associates Making Security Stick Primary Security Program Compontents Top 20 Critical Security Controls & Relevant Security Policies Top 3 Security Risks Caused by Associates The Forgetting Curve & 3 Methods to Increase Retention Best Ways to Deliver Security Messages 10 Security Tips for Associates Summary

8 3 Security Program Components A successful IT security program consists of: 1) Developing IT security policies that reflects the organization s business needs and can be understood and followed by everyone 2) Informing users of their IT security responsibilities and training them on the security policies and procedures 3) Achieving long-term sustainment by establishing processes for monitoring and reviewing the program on a regular basis

9 Top 20 Critical Security Controls 1. Inventory authorized and unauthorized devices 2. Inventory authorized and unauthorized software 3. Secure configurations for HW/SW on mobile devices, laptops, desktops, and servers 4. Continuous vulnerability assessment and remediation 5. Malware defenses 6. Application software security 7. Wireless device control 8. Data recovery capability 9. Security skills assessment and appropriate training to fill gaps 10. Secure configurations for network devices (firewalls, routers, switches) 11. Limitation and control of network ports, protocols and services 12. Controlled use of administrative rights 13. Boundary defenses 14. Maintenance, monitoring, and analysis of audit logs 15. Controlled access based on the need to know 16. Accounting monitoring and control 17. Data loss prevention 18. Incident response and management 19. Secure network engineering 20. Penetration tests and red team exercises

10 Why Don t They Follow Policies? They don t know the policies If they do, no one is enforcing the policies Polices get in the way of productivity

11 Help Associates Get their Jobs Done Improving Security Through Associates Making Security Stick 1 Understand data flow & Determine Access Needs (On & Offsite) Making it Stick Long Term Sustainment & Compliance of Policies 5 2 Secure Corporate Infrastructure Institutionalize Security Policy By Communicating & Training Associates on a Regular Basis 4 3 Be Explicit About What Can & Cannot Be Done on Org Network & with Org Data

12 Low >50% Occurrence Probability Medium 50%-90% High > 90% Top 3 Security Risks Caused by Associates Qualitative Risk Assessment Inappropriate Access 1 2 Work Machines for Personal Use 1. 90% of end users have legacy access, giving them inappropriate access to proprietary information 2. 83% of end users use their work machines for personal reasons, transferring files between work and personal machines 3. 50% of data leaks are caused by unauthorized use of applications 3 Unauthorized Apps Low Medium High Impact on Business (Risk, Compliance, Costs)

13 The Forgetting Curve

14 Methods to Increase Retention 1. Compliance Annual training through a PowerPoint presentation, you get compliance with retention of <5% over 12 months 2. Compliance + Engagement Annual training through training videos, you get short-term retention of 80-90% with a slow decrease to 5-10% over 12 months 3. Compliance + Engagement + Strengthen Content plan based on: A. Annual security awareness training videos, with a competence requirement of 90% or better to pass placed after each video lesson B. Monthly security campaigns using visual imagery from the videos to call back to the content C. Consistent activities (i.e., lunch and learns) to give supplemental information to associates

15 Security Message Delivery Pens, key fobs, post-it notes, notepads, first aid kits, bookmarks, Frisbees, clocks, gotcha cards Posters, do and don t lists, or checklists Screensavers and warning banners/messages Newsletters Desk-to-desk alerts (e.g., a hardcopy, bright-colored, onepage bulletin either one per desk or routed through an office that is distributed through the organization s mail system) Organization wide messages Web-based sessions Computer-based sessions Teleconferencing sessions Videos In-person, instructor-led sessions IT security days or similar events Brown bag seminars Pop-up calendar with security contact information, monthly security tips, etc. Mascots Crossword puzzles Awards program (e.g., plaques, mugs, letters of appreciation)

16 Animated Versus Live Action Videos are being created for security content plans in two different mediums. Live action videos which are great at getting a quick reminder/message/motivator across the company, they are not as effective for training. Animation is much more effective because you are not limited to reality and you can easily have a server room fly in - behind an avatar your IT guy- without it looking cheesy and weird. You also have the ability to show words, and are not limited to one ethnicity, culture, etc. Animations can be funny in order to get the message across whereas live action videos need to be more general and broadly applicable.

17 Video Versus Posters Videos and posters serve two very different purposes and need to be seen as supplemental to each other NOT synonymous. A video is an effective tool for transmitting larger amounts of information because if done right- it grabs the viewers attention through movement and pictures. A poster is just like a billboard on the highway. You have about 2 seconds in which to catch the viewers attention and transmit information. Any poster that takes longer than a few seconds to get the message will be lost.

18 Newsletter Versus Poster Newsletters and posters are a common duo that shows up in conjunction with training videos but again they are NOT synonymous. Newsletters are great for transmitting larger amounts of supplemental training information (e.g., check lists, how to s, anecdotes) that are just too much for a poster. Because of this, newsletters are great informers and motivators Posters are much more effective reminders

19 Activities versus Events Activities and events are a traditional elements of an organization s content plan. Activities serve as a valuable tool in informing your users, motivating them, and keeping them up-to-date on constantly evolving threats. Events create a different, more interactive way of giving users more information on a topic they did not pick up the first time or behaviors they need more motivation to perform.

20 Top 10 IT Security Tips for Associates 1. Never give out login credentials (over the phone, in person, ). Any competent IT department would never ask for your login credentials in any circumstance. 2. Roll the mouse pointer over a link to reveal its actual destination, displayed in the bottom left corner of the browser. In Microsoft Outlook it is displayed above the link. 3. When using public Wi-Fi, refrain from sending or receiving private information. 4. Report any loss or theft of your company issued smartphone/tablet/laptop immediately to IT. 5. Be leery of items from unknown sources or even suspicious links from trusted sources. When in doubt, chuck it out!

21 Top 10 IT Security Tips for Associates 6. Stop. Think. Click. Think twice before clicking that link. 7. Report any security incident (ex. responding to a scam with your login credentials) to IT immediately. Do not fear reprisal or be ashamed, such incidents are expected given today's threat landscape. 8. Use a different password for every website. If you have only one password, a criminal simply has to break a single password to gain access to all your information and accounts. 9. If you have difficulty remembering complex passwords, try using a passphrase like "I love getting to work at 7:00!" Longer passwords are harder to crack than shorter complex passwords. 10. Never leave your smartphone, tablet, or laptop unattended in a public place.

22 Summary Making it Stick Reduce risk by instutionalizing security policy into your culture through communications, monitoring and enforcing security policies Be Clear Write or edit existing policies to help associates understand what they can and cannot do on the corporate infrastructure and with corporate information Institutionalize Security Policy Continually raise the profile of security through communications and training to begin institutionalizing security policies

23 Resources SANS 20 Critical Security Controls SANS Security Policies NIST Publication /nistpubs/800-50/nist-sp pdf NIST Publication /nistpubs/800-16/ pdf Tech Republic log/it-security/short-and-pithyit-security-tips-for-users/8626/ Mad Security making-content-stick-retention/

24 Questions? To contact Cindy Gibson:

25 Increasing the value of today's webinar experience Visit brossgroup.com/blog today's presentation is available to download Check out the schedule of other upcoming Bross Group webinars and don t forget to share these resources with your colleagues. Contact Bross Group account executives if you would like help with your security program (303)

Jumpstarting Your Security Awareness Program

Jumpstarting Your Security Awareness Program Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Check Point and Security Best Practices. December 2013 Presented by David Rawle Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Security Awareness & Securing the Human. By: Chandos J. Carrow, CISSP System Office - Information Security Officer Virginia Community College System

Security Awareness & Securing the Human. By: Chandos J. Carrow, CISSP System Office - Information Security Officer Virginia Community College System Security Awareness & Securing the Human By: Chandos J. Carrow, CISSP System Office - Information Security Officer Virginia Community College System I am not John Popper nor do I play the harmonica Question

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

Looking at the SANS 20 Critical Security Controls

Looking at the SANS 20 Critical Security Controls Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

SJRWMD Cloud-Based Email Quick-Start Guide

SJRWMD Cloud-Based Email Quick-Start Guide SJRWMD Cloud-Based Email Quick-Start Guide Your email account is now in the Microsoft cloud, also known as Office 365. This change from onpremise email provisioning to the cloud allows the agency to provide

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions 1) What does SkyBest Internet Guardian do? Prevents e-mail and image spam from reaching your inbox Halts access to dangerous Web pages Stops Web sites from installing dangerous

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name

More information

Law School Computing Services User Memo

Law School Computing Services User Memo Law School Computing Services User Memo Accessing and Using Shared No. 37 7/28/2015 Email Accounts in Outlook Overview: Many Law School departments and organizations use shared email accounts. Shared email

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Lync Making Conference Calls Simple

Lync Making Conference Calls Simple Winter 2013 In this issue: Lync - Making Conference Calls Simple IT - Helping You Stretch Your Dollar Windows OS Update Avoiding Phishing Top 4 Reasons to Use UWyo Wireless vs UW Guest Microsoft Updates

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Great Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore

Great Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore Great Now We Have to Secure an Internet of Things John Pescatore SANS Director, Emerging Security Trends @John_Pescatore 1 What the Heck is That?? 2 Different Views of the Internet of Things 3 Different

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.

More information

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University

More information

High Speed Internet - User Guide. Welcome to. your world.

High Speed Internet - User Guide. Welcome to. your world. High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

More information

Professional Services Overview

Professional Services Overview Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Building a More Secure and Prosperous Texas through Expanded Cybersecurity

Building a More Secure and Prosperous Texas through Expanded Cybersecurity Building a More Secure and Prosperous Texas through Expanded Cybersecurity Bob Butler Chairman, Texas Cybersecurity, Education and Economic Development Council April 2013 About the Texas Cybersecurity

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

AUT OneDrive for Business. Instructions for Using OneDrive on Windows Platform

AUT OneDrive for Business. Instructions for Using OneDrive on Windows Platform AUT OneDrive for Business Instructions for Using OneDrive on Windows Platform Contents 1 What s OneDrive for Business?... 3 2 Storing Files... 5 1.1 Saving and Opening files from your Office applications...

More information

Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense

Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan Information systems Security Association National Capital Chapter January 19, 2010 1 Topics Background

More information

Business ebanking Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business Internet Banking / Cash Management Fraud Prevention Best Practices Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization

More information

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 Agenda Introduction PCI DSS 3.0 Changes What Can I Do to Prepare? When Do I Need to be Compliant? Questions

More information

Managed Services. Business Intelligence Solutions

Managed Services. Business Intelligence Solutions Managed Services Business Intelligence Solutions Business Intelligence Solutions provides an array of strategic technology services for life science companies and healthcare providers. Our Managed Services

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness

More information

Web Manual: Go To Meeting April 2015

Web Manual: Go To Meeting April 2015 Web Manual: Go To Meeting Table of Contents Getting Started... 3 What is GoToMeeting?... 3 Activating Your Account... 3 What You Need for Set-up... 3 Changing Account Details (Name, Email, Time Zone, Password)...

More information

Top Tech Sites: Internet Security Best Practices

Top Tech Sites: Internet Security Best Practices Top Tech Sites: Internet Security Best Practices Stats: According to a Symantec s Website Security Threat Report: Updates from Symantec s Internet Security Threat Report. Published May 2011: *1.1 million

More information

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA

More information

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices End-of-Life Notice Please note that GO!Enterprise MDM server version 3.6.3 is the last to officially

More information

Information Security It s Everyone s Responsibility

Information Security It s Everyone s Responsibility Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable

More information

SaskTel Hosted & Collaboration - Hosted Lync User Guide 1

SaskTel Hosted  & Collaboration - Hosted Lync User Guide 1 Overview... 2 First Time Login... 3 Customize Lync Options... 5 My Picture and Personal Options... 6 Change your Personal and My Picture Options... 6 Presence... 7 Change your Status... 7 Location... 8

More information

M2M Series Routers. Port Forwarding / DMZ Setup

M2M Series Routers. Port Forwarding / DMZ Setup Introduction Port forwarding enables programs or devices running on your LAN to communicate with the internet as if they were directly connected. Many internet services and applications use designated

More information

UniCom & Skype for Business Windows User Guide

UniCom & Skype for Business Windows User Guide UniCom & Skype for Business Windows User Guide Downloading Skype Required equipment and how to test it Initiating a call Answering a call Disconnecting a call Placing and removing a call from Hold Transfer

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

Marian University Technology Packet

Marian University Technology Packet Marian University Technology Packet The contents of this packet are designed to help you set up your various devices while here on campus. Not all contents of the packet may pertain to you as an individual

More information

Client Security Guide

Client Security Guide Client Security Guide NEXT GENERATION CLOUD-SECURITY www.exacttarget.com NEXT GENERATION CLOUD-SECURITY Companies across the globe are facing continuously evolving threats focused on obtaining an individual

More information

Perception and knowledge of IT threats: the consumer s point of view

Perception and knowledge of IT threats: the consumer s point of view Perception and knowledge of IT threats: the consumer s point of view It s hard to imagine life without digital devices, be it a large desktop computer or a smartphone. Modern users are storing some of

More information

PII Compliance Guidelines

PII Compliance Guidelines Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last

More information

ONE Mail Direct for Mobile Devices

ONE Mail Direct for Mobile Devices ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

How to Remotely View Security Cameras Using the Internet

How to Remotely View Security Cameras Using the Internet How to Remotely View Security Cameras Using the Internet Introduction: The ability to remotely view security cameras is one of the most useful features of your EZWatch Pro system. It provides the ability

More information

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on

More information

Reliance Bank Fraud Prevention Best Practices

Reliance Bank Fraud Prevention Best Practices Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.

More information

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Managed Hosting & Datacentre PCI DSS v2.0 Obligations Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version

More information

Installing VinNOW Client Computers

Installing VinNOW Client Computers Installing VinNOW Client Computers Please review this entire document prior to proceeding Client computers must use UNC path for database connection and can t be connected using a mapped network drive.

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

ACME Enterprises IT Infrastructure Assessment

ACME Enterprises IT Infrastructure Assessment Prepared for ACME Enterprises March 25, 2014 Table of Contents Executive Summary...2 Introduction...2 Background...2 Scope of IT Assessment...2 Findings...2 Detailed Findings for Key Areas Reviewed...3

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

All your apps & data in the cloud, all in one place.

All your apps & data in the cloud, all in one place. The Cloud Desktop For Business Unify Your Business IT Experience All your apps & data in the cloud, all in one place. The Cloud Desktop houses all of your organization's applications and data in one easy-to-access

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Quick Start Guide to Logging in to Online Banking

Quick Start Guide to Logging in to Online Banking Quick Start Guide to Logging in to Online Banking Log In to Internet Banking: Note: The first time you log in you are required to use your Customer ID. Your Customer ID is the primary account holder s

More information

CYBERSECURITY & EXPECTATIONS FOR INDEPENDENT GROCERS

CYBERSECURITY & EXPECTATIONS FOR INDEPENDENT GROCERS October 21, 2015 CYBERSECURITY & EXPECTATIONS FOR INDEPENDENT GROCERS Cerone F. Cy Sturdivant Managing Consultant csturdivant@bkd.com 1 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls

More information

ipecs UCS Unified Communications Solution Easy to access and activate Highlights Single server solution

ipecs UCS Unified Communications Solution Easy to access and activate Highlights Single server solution ipecs UCS Unified Communications Solution In today s world of remote and dispersed workers, the ipecs UCS application provides tools to enhance productivity and mobility while improving employee collaboration

More information

MASSASOIT COMMUNITY COLLEGE ONE MASSASOIT BLVD., BROCKTON, MA 02302-3996 900 RANDOLPH ST., CANTON, MA 02021-1371 49 UNION ST., MIDDLEBOROUGH, MA 02346

MASSASOIT COMMUNITY COLLEGE ONE MASSASOIT BLVD., BROCKTON, MA 02302-3996 900 RANDOLPH ST., CANTON, MA 02021-1371 49 UNION ST., MIDDLEBOROUGH, MA 02346 MASSASOIT COMMUNITY COLLEGE ONE MASSASOIT BLVD., BROCKTON, MA 02302-3996 900 RANDOLPH ST., CANTON, MA 02021-1371 49 UNION ST., MIDDLEBOROUGH, MA 02346 Log into computers on campus Connect to the wireless

More information

Akin Gump Strauss Hauer & Feld LLP Remote Access Resources (DUO)

Akin Gump Strauss Hauer & Feld LLP Remote Access Resources (DUO) Akin Gump Strauss Hauer & Feld LLP Remote Access Resources (DUO) Firm Laptop Windows Home PC Mac Computer Apple ipad Android Devices Exit akingump.com 2015 Akin Gump Strauss Hauer & Feld LLP Check Point

More information

The software can be downloaded from the Spiceworks web site at: http://www.spiceworks.com.

The software can be downloaded from the Spiceworks web site at: http://www.spiceworks.com. Spiceworks 2.0 Review One of the biggest headaches a network or system administrator faces is managing all of the equipment, software and services their network provides. From servers to workstations,

More information

FirstClass and The Cloud Communities

FirstClass and The Cloud Communities September, 2013 FirstClass and The Cloud Communities What is FirstClass? FirstClass is the e-mail and online learning system for Crestwood. It allows teachers to distribute learning materials, lessons,

More information

Installation Guide. Research Computing Team V1.9 RESTRICTED

Installation Guide. Research Computing Team V1.9 RESTRICTED Installation Guide Research Computing Team V1.9 RESTRICTED Document History This document relates to the BEAR DataShare service which is based on the product Power Folder, version 10.3.232 ( some screenshots

More information

Your security is our priority

Your security is our priority Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products

More information

CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud

CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud Presented by Tom Garcia President / CEO InfoSight, Inc. 2014 InfoSight What we ll cover today 1. The MFA & NACHA

More information

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section

More information

AT&T Toggle. 4/23/2014 Page i

AT&T Toggle. 4/23/2014 Page i Page i Go Ahead Bring Your Own Device to Work... 1 Requirements... 1 1: AT&T Toggle Overview... 1 Personal Icon... 2 ToggleHub... 2 AT&T Toggle Browser... 2 Downloads... 2 Data Usage App... 3 Media...

More information

1. Introduction 2. 2. What is Axis Camera Station? 3. 3. What is Viewer for Axis Camera Station? 4. 4. AXIS Camera Station Service Control 5

1. Introduction 2. 2. What is Axis Camera Station? 3. 3. What is Viewer for Axis Camera Station? 4. 4. AXIS Camera Station Service Control 5 Table of Contents 1. Introduction 2 2. What is Axis Camera Station? 3 3. What is Viewer for Axis Camera Station? 4 4. AXIS Camera Station Service Control 5 5. Configuring Ports 7 5.1 Creating New Inbound

More information

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole The Future Is SECURITY THAT MAKES A DIFFERENCE Overview of the 20 Critical Controls Dr. Eric Cole Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical

More information

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201 Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...

More information

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College

More information

Click to edit Master title style

Click to edit Master title style EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity

More information

Course: Information Security Management in e-governance

Course: Information Security Management in e-governance Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security

More information

Quick Guide Moodle and Collaborate

Quick Guide Moodle and Collaborate Quick Guide Moodle and Collaborate August 2015 Distance Learning and Continuing Education 166 Bedford Highway 902-457-6511 Msvu.ca/distance Moodle and Collaborate Moodle is the Mount s Learning Management

More information

Akin Gump Strauss Hauer & Feld LLP Remote Access Resources

Akin Gump Strauss Hauer & Feld LLP Remote Access Resources Akin Gump Strauss Hauer & Feld LLP Remote Access Resources Firm Laptop Windows Home PC Mac Computer Apple ipad Android Devices Exit akingump.com 2013 Akin Gump Strauss Hauer & Feld LLP Checkpoint VPN (Firm

More information

SANS Securing The Human

SANS Securing The Human SANS Securing The Human Introduction Most organizations have invested in security technology to protect their information, putting in place solutions such as firewalls, encryption or IDS sensors. However,

More information

GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS

GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS Your Login ID: GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS CONTENTS 1.0 Introduction... 3 1.1 Welcome to Edinburgh Napier University from Information Services!... 3 1.2 About Information

More information

Digital Consumer s Online Trends and Risks

Digital Consumer s Online Trends and Risks Digital Consumer s Online Trends and Risks Modern consumers live a full-scale digital life. Their virtual assets like personal photos and videos, work documents, passwords to access social networking and

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Data Security Best Practices & Reasonable Methods

Data Security Best Practices & Reasonable Methods Data Security Best Practices & Reasonable Methods September 2013 Mike Tassey Technical Security Advisor Privacy Technical Assistance Center (PTAC) http://ptac.ed.gov/ E-mail: PrivacyTA@ed.gov Phone: 855-249-3072

More information

SCAC Annual Conference. Cybersecurity Demystified

SCAC Annual Conference. Cybersecurity Demystified SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber

More information

7 6.2 Windows Vista / Windows 7. 10 8.2 IP Address Syntax. 12 9.2 Mobile Port. 13 10.2 Windows Vista / Windows 7. 17 13.2 Apply Rules To Your Device

7 6.2 Windows Vista / Windows 7. 10 8.2 IP Address Syntax. 12 9.2 Mobile Port. 13 10.2 Windows Vista / Windows 7. 17 13.2 Apply Rules To Your Device TABLE OF CONTENTS ADDRESS CHECKLIST 3 INTRODUCTION 4 WHAT IS PORT FORWARDING? 4 PROCEDURE OVERVIEW 5 PHYSICAL CONNECTION 6 FIND YOUR ROUTER S LOCAL NETWORK IP ADDRESS 7 6.1 Windows XP 7 6.2 Windows Vista

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Windows Installation 1. On a Windows PC (For MAC, skip to next section), at the file download prompt click Run.

Windows Installation 1. On a Windows PC (For MAC, skip to next section), at the file download prompt click Run. Introduction These instructions are for Windows and MAC users ONLY. For Mobile devices (IOS/Android), use the Mobile Device document found on the portal Login Page. For Windows 8.x users: At this time,

More information

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) Security Risk Assessment (SRA) Tool User Guide Version Date: March 2014

More information

Top 20 Critical Security Controls

Top 20 Critical Security Controls Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need

More information

Sophos Mobile Control user help. Product version: 6.1

Sophos Mobile Control user help. Product version: 6.1 Sophos Mobile Control user help Product version: 6.1 Document date: May 2016 Contents 1 About this help...4 2 About Sophos Mobile Control...5 3 Login to the Self Service Portal...6 3.1 First login...6

More information

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy. Abstract This paper addresses the methods and methodologies required to develop a corporate security policy that will effectively protect a company's assets. Date: January 1, 2000 Authors: J.D. Smith,

More information