Chapter 3: The Investigator s Office and Laboratory

Size: px
Start display at page:

Download "Chapter 3: The Investigator s Office and Laboratory"

Transcription

1 Chapter 3: The Investigator s Office and Laboratory Dept. of Computer Science 1

2 Objectives Describe certification requirements for computer forensics labs List physical requirements for a computer forensics lab Explain the criteria for selecting a basic forensic workstation Describe components used to build a business case for developing a forensics lab Dept. of Computer Science 2

3 Forensics Lab Certification Requirements Computer forensics lab Conduct the investigation Store evidence House equipment, hardware, and software American Society of Crime Laboratory Directors (ASCLD) guidelines Managing a lab Acquiring an official certification Auditing lab functions and procedures Dept. of Computer Science 3

4 Lab manager duties: Lab Manager Duties Set up processes for managing cases Promote group consensus in decision making Maintain fiscal responsibility for lab needs Enforce ethical standards among lab staff members Plan updates for the lab Establish and promote quality-assurance processes Set reasonable production schedules Estimate how many cases an investigator can handle Dept. of Computer Science 4

5 Lab Manager Duties Estimate when to expect preliminary and final results Create and monitor lab policies for staff Provide a safe and secure workplace for staff and evidence Dept. of Computer Science 5

6 Knowledge and training: Hardware and software OS and file types Deductive reasoning Technical training Investigative skills Deductive reasoning Lab Staff Duties Work reviewed regularly by the lab manager Dept. of Computer Science 6

7 Lab Budget Planning Daily, quarterly, and annual expenses Use past investigation expenses to extrapolate expected future costs Expenses for a lab include: Hardware Software Facility space Trained personnel Dept. of Computer Science 7

8 Lab Budget Planning Estimate the number of computer cases lab expects to examine Consider changes in technology Statistics as predictor of kinds of computer crimes Dept. of Computer Science 8

9 Lab Budget Planning Uniform Crime Report Identify crimes committed with specialized software Lab for private company, check: Hardware and software inventory Problems reported last year Future developments in computing technology Time management Dept. of Computer Science 9

10 Lab Budget Planning Dept. of Computer Science 10

11 Certification and Training Update skills through appropriate training International Association of Computer Investigative Specialists (IACIS) Certified Electronic Evidence Collection Specialist (CEECS) Certified Forensic Computer Examiners (CFCEs) Dept. of Computer Science 11

12 Certification and Training High-Tech Crime Network (HTCN) Certified Computer Crime Investigator, Basic and Advanced Level Certified Computer Forensic Technician, Basic and Advanced Level EnCase Certified Examiner (EnCE) Certification AccessData Certified Examiner (ACE) Certification Dept. of Computer Science 12

13 Certification and Training Other training and certifications High Technology Crime Investigation Association (HTCIA) SysAdmin, Audit, Network, Security (SANS) Institute Computer Technology Investigators Network (CTIN) NewTechnologies, Inc. (NTI) Southeast Cybercrime Institute at Kennesaw State University Federal Law Enforcement Training Center (FLETC) National White Collar Crime Center (NW3C) Dept. of Computer Science 13

14 Physical Requirements for Computer Forensics Lab Most investigation is conducted in a lab Should be secure Provide a safe and secure physical environment Keep inventory control of your assets Dept. of Computer Science 14

15 Identifying Lab Security Needs Secure facility Minimum requirements Small room with true floor-to-ceiling walls Door access with a locking mechanism Secure container Visitor s log People working together should have same access level Brief your staff about security policy Dept. of Computer Science 15

16 Conducting High-Risk Investigations Demand more security than minimum lab requirements TEMPEST facilities Electromagnetic Radiation (EMR) proofed TEMPEST facilities are very expensive Can use low-emanation workstations instead Dept. of Computer Science 16

17 Using Evidence Containers Known as evidence lockers Must be secure Recommendations Locate in a restricted area Limited access Maintain records of authorized access Locked when not in use Dept. of Computer Science 17

18 Using Evidence Containers Combination locking system: Same level of security for the combination as for the container s contents Destroy any previous combinations Only authorized personnel may change lock combinations Change combination every six months Dept. of Computer Science 18

19 Using Evidence Containers Keyed padlock: Appoint a key custodian Stamp sequential numbers on each duplicate key Maintain registry listing which key assignment Conduct monthly audit Take inventory of all keys regularly Place keys in a lockable container Maintain same level of security for keys as for evidence containers Change locks and keys annually Dept. of Computer Science 19

20 Using Evidence Containers Container should be: Made of steel Internal cabinet or external padlock If possible, acquire a media safe When possible, build evidence storage room Keep an evidence log Dept. of Computer Science 20

21 Overseeing Facility Maintenance Immediately repair physical damage Escort cleaning crews Minimize risk of static electricity Maintain two separate trash containers Materials unrelated to an investigation Sensitive materials When possible, hire specialized companies for disposing sensitive materials Dept. of Computer Science 21

22 Physical Security Needs Create a security policy Enforce the policy Sign-in log for visitors Anyone that is not assigned to the lab is a visitor Escort all visitors all the time Visible or audible indicators that a visitor is inside your premises Intrusion alarm system Hire a guard force Dept. of Computer Science 22

23 Auditing a Computer Forensics Lab Ensures proper enforcing of policies Should include: Ceiling, floor, roof, exterior walls Doors and doors locks Visitor logs Evidence container logs At the end of every workday, secure in forensic workstation any evidence not being processed Dept. of Computer Science 23

24 Determining Floor Plans for Computer Forensics Labs Dept. of Computer Science 24

25 Determining Floor Plans for Computer Forensics Labs Dept. of Computer Science 25

26 Determining Floor Plans for Computer Forensics Labs Dept. of Computer Science 26

27 Selecting Basic Forensic Workstation Depends on budget and needs Use less powerful workstations for mundane tasks Use multipurpose workstations for high-end analysis tasks Dept. of Computer Science 27

28 Selecting Workstations for Police Labs Have the most diverse needs Special-interest groups (SIG) General rule: Per 250,000 people One computer investigator One multipurpose forensic workstation One general-purpose workstation Dept. of Computer Science 28

29 Selecting Workstations for Private and Corporate Labs Identify the environment Hardware platform Operating system Gather tools appropriate to that environment Dept. of Computer Science 29

30 Stocking Hardware Peripherals IDE cables Ribbon cables for floppy disks SCSI cards, preferably ultra-wide Graphics cards, both PCI and AGP types Power cords Hard disk drives At least two 2.5-inch Notebook IDE hard drives with standard IDE/ATA or SATA adapter Computer hand tools Dept. of Computer Science 30

31 OS and Software Inventories Licensed copies of software: Microsoft Office 2007, XP, 2003, 2000, 97, and 95 Quicken Programming languages Specialized viewers Corel Office Suite StarOffice/OpenOffice Peachtree accounting applications Dept. of Computer Science 31

32 Disaster Recovery Plan Restore workstation and investigation files to original condition Includes backup tools for single disks and RAID servers Track software updates to workstation Dept. of Computer Science 32

33 Planning for Equipment Upgrades Risk management How much risk is acceptable for any process or operation? On what equipment does lab depend? Equipment which can be replaced when it fails Computing components: 18 to 36 months under normal conditions Schedule upgrades every months Dept. of Computer Science 33

34 Using Laptop Forensic Workstations Lightweight, mobile forensic workstation FireWire port USB 2.0 port PCMCIA SATA hard disk Limited as forensic workstations Dept. of Computer Science 34

35 Building Business Case for Developing a Forensics Lab Budget problems! Business case Demonstrate how lab will help organization save money and increase profits Dept. of Computer Science 35

36 Preparing Business Case for Computer Forensics Lab Follow these steps: Justification Budget development Facility cost Computer hardware requirements Software requirements Miscellaneous costs Approval and acquisition Implementation Acceptance testing Correction for acceptance Production Dept. of Computer Science 36

37 Summary A computer forensics lab is where you conduct investigations, store evidence, and do most of your work Seek to upgrade your skills through training Lab facility must be physically secure so that evidence is not lost, corrupted, or destroyed Harder to plan a computer forensics lab for a police department than for a private organization or corporation Dept. of Computer Science 37

38 Summary (continued) A forensic workstation needs to have adequate memory, storage, and ports Prepare a business case to enlist the support of your managers and other team members when building a forensics lab Dept. of Computer Science 38

Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition Guide to Computer Forensics and Investigations, Second Edition Chapter 3 The Investigator s Office and Laboratory Objectives Understand computer forensics lab certification requirements Determine the physical

More information

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak CSN08101 Digital Forensics Lecture 4A: Forensic Processes Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Forensics Processes - objectives Investigation Process Forensic Ethics Issues Forensic

More information

This chapter details what you need to set up an effective computer forensics

This chapter details what you need to set up an effective computer forensics CHAPTER 3 THE INVESTIGATOR S OFFICE AND LABORATORY After reading this chapter and completing the exercises, you will be able to: Understand computer forensics lab certification requirements Determine the

More information

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation

More information

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING MODULE A INTRODUCTION TO COMPUTER FORENSICS AND NVESTIGATIONS A1.0 Explain concepts related to computer forensics. A1.1 This module is measured

More information

CYBER FORENSICS (W/LAB) Course Syllabus

CYBER FORENSICS (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 CYBER FORENSICS (W/LAB) Course Syllabus Course Number: CSFS-0020 OHLAP Credit: Yes OCAS Code: 8134 Course Length: 130 Hours Career Cluster: Information

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004L Payment Card Industry (PCI) Physical Security (proposed) 01.1 Purpose The purpose

More information

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Silent Safety: Best Practices for Protecting the Affluent

Silent Safety: Best Practices for Protecting the Affluent Security Checklists Security Checklists 1. Operational Security Checklist 2. Physical Security Checklist 3. Systems Security Checklist 4. Travel Protocol Checklist 5. Financial Controls Checklist In a

More information

System Security Plan University of Texas Health Science Center School of Public Health

System Security Plan University of Texas Health Science Center School of Public Health System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many

More information

BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT

BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January

More information

Palm Beach County Sheriff s Office

Palm Beach County Sheriff s Office Palm Beach County Sheriff s Office Business Security Self Survey Since 1909, the deputies of Palm Beach County have provided a safe environment for hundreds of thousands of people who live, work and visit

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

EC-Council Ethical Hacking and Countermeasures

EC-Council Ethical Hacking and Countermeasures EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

Chapter 8: Security Measures Test your knowledge

Chapter 8: Security Measures Test your knowledge Security Equipment Chapter 8: Security Measures Test your knowledge 1. How does biometric security differ from using password security? Biometric security is the use of human physical characteristics (such

More information

The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures

The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures to protect and secure a covered entity s electronic information

More information

Developing Computer Forensics Solutions for Terabyte Investigations

Developing Computer Forensics Solutions for Terabyte Investigations Developing Computer Forensics Solutions for Terabyte Investigations Eric Thompson Corporation Orem, Utah USA www.accessdata.com Overview Computer Forensic Definition, Objectives and Policies History of

More information

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Security. assistance with implementation of the. security standards. This series aims to HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition Guide to Computer Forensics and Investigations, Second Edition Chapter 4 Current Computer Forensics Tools Objectives Understand how to identify needs for computer forensics tools Evaluate the requirements

More information

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014 The Practice of Internal Controls Cornell Municipal Clerks School July 16, 2014 Page 1 July 18, 2014 Cash Receipts (Collection procedures) Centralize cash collections within a department or for the local

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

Computer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit

Computer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit Computer Forensics Processing Checklist Pueblo High-Tech Crimes Unit Cmdr. Dave Pettinari Pueblo County Sheriff's Office davepet@cops.org The purpose of this document is to provide computer forensic technicians

More information

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Name: Position held: Company Name: Is your organisation ISO27001 accredited: Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:

More information

Introduction. Conducting a Security Review

Introduction. Conducting a Security Review Chapter 3 PHYSICAL SECURITY Introduction In elections, physical security refers to standards, procedures, and actions taken to protect voting systems and related facilities and equipment from natural and

More information

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching

More information

HIPAA RISK ASSESSMENT

HIPAA RISK ASSESSMENT HIPAA RISK ASSESSMENT PRACTICE INFORMATION (FILL OUT ONE OF THESE FORMS FOR EACH LOCATION) Practice Name: Address: City, State, Zip: Phone: E-mail: We anticipate that your Meaningful Use training and implementation

More information

Yale Business Continuity Program Emergency Response Guide

Yale Business Continuity Program Emergency Response Guide Contents Yale Business Continuity Program Emergency Response Guide March 2016 Introduction Immediate Actions Assess the Damage Determining Business Disruption Determining Plan of Action Relocation Checklist

More information

Physical Security Policy

Physical Security Policy Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software powered by Calibrate www.medallionlearning.com

More information

COWLEY COLLEGE & Area Vocational Technical School

COWLEY COLLEGE & Area Vocational Technical School COWLEY COLLEGE & Area Vocational Technical School COURSE PROCEDURE FOR Student Level: This course is open to students on the college level in either the freshman or sophomore year. Prerequisites: Basic

More information

CLASS SPECIFICATION Systems Support Analyst II

CLASS SPECIFICATION Systems Support Analyst II San Diego Unified Port District Class Code: B211-UE03 CLASS SPECIFICATION Systems Support Analyst II FLSA Status: EEOC Job Category: Classified: Union Representation: Exempt Professionals No Unrepresented

More information

Disaster Prevention and Protection Checklist

Disaster Prevention and Protection Checklist Preservation Services Leaflet 1438 West Peachtree Street, Suite 200/Atlanta, GA 30309 Phone: 404-892-0943/Fax: 404-892-7879 Website: Disaster Prevention and Protection Checklist The inspection

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

DISASTER RECOVERY PLAN

DISASTER RECOVERY PLAN DISASTER RECOVERY PLAN Section 1. Goals of a Disaster Recovery Plan The major goals of a disaster recovery plan are: To minimize interruptions to normal operations. To limit the extent of disruption and

More information

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification Publication

More information

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems A+ Guide to Managing and Maintaining Your PC, 7e Chapter 16 Fixing Windows Problems Objectives Learn what to do when a hardware device, application, or Windows component gives a problem Learn what to do

More information

Advanced Diploma In Hardware, Networking & Server Configuration

Advanced Diploma In Hardware, Networking & Server Configuration Advanced Diploma In Hardware, Networking & Server Configuration Who should do this course? This course is meant for those persons who have a dream of getting job based on Computer Hardware, Networking

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

OIG. Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center. Audit Report OFFICE OF INSPECTOR GENERAL

OIG. Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center. Audit Report OFFICE OF INSPECTOR GENERAL OIG OFFICE OF INSPECTOR GENERAL Catalyst for Improving the Environment Audit Report Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center Report No. 2003-P-00011 May

More information

Security, Access Management and Key Control Policy and Procedures

Security, Access Management and Key Control Policy and Procedures 1 Policy Security, Access Management and Key Control Policy 1.1.1 The goal of the Vice President, Business Affairs and Facilities and Services is to provide a safe, comfortable, secure learning environment

More information

Workstation Management

Workstation Management Workstation Management Service Description Version 1.00 Effective Date: 07/01/2012 Purpose This Service Description is applicable to Workstation Management services offered by MN.IT Services and described

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

TRIDENT7 ELEMENT MANAGEMENT SUITE

TRIDENT7 ELEMENT MANAGEMENT SUITE TRIDENT7 ELEMENT MANAGEMENT SUITE Enablence is a market leader in optical device technology and its Systems Division is a driving force in Fiber-To- The-Premises (FTTP) optical access technology. We have

More information

How to Plan for Disaster Recovery

How to Plan for Disaster Recovery ImproMed LLC How to Plan for Disaster Recovery Revised January 27, 2015 2015 ImproMed, LLC. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

CLASS SPECIFICATION Systems Support Analyst I

CLASS SPECIFICATION Systems Support Analyst I San Diego Unified Port District Class Code: B837-UE03 CLASS SPECIFICATION Systems Support Analyst I FLSA Status: EEOC Job Category: Classified: Union Representation: Exempt Professionals No Unrepresented

More information

The County of San Bernardino Department of Behavioral Health. Facility Physical Security and Access Control Pr

The County of San Bernardino Department of Behavioral Health. Facility Physical Security and Access Control Pr Facility Physical Security and Access Control Pr Effective Approved 07/01/10 12/06/10 Purpose To provide (DBH) staff with a protocol to follow to ensure protected health information (PHI) and personally

More information

Information Resources Security Guidelines

Information Resources Security Guidelines Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive

More information

IT Support Service Level Agreement

IT Support Service Level Agreement IT Support Service Level Agreement Contents Page(s) 1.0 Platinum - Business Critical Support (4 hour)... 3 2.0 Gold - End User Hardware (8 hour)... 3 3.0 Silver - End User Hardware (8 hour)... 4 4.0 Exclusions

More information

IT Solutions Resource Management Consulting Group 1101 15 th Street NW Suite 206 * Washington DC 20005 * Office (202) 962-3980

IT Solutions Resource Management Consulting Group 1101 15 th Street NW Suite 206 * Washington DC 20005 * Office (202) 962-3980 IT Solutions Resource Management Consulting Group 1101 15 th Street NW Suite 206 * Washington DC 20005 * Office (202) 962-3980 Category Description Discount Offered from PCN's List Price Mobile Printers

More information

IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN

IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN Submitted pursuant to SF 439, Section 14 Iowa Department of Public Safety Senate File 439 of the 80 th General Assembly, Section 14(1) directed the Department

More information

Course 2788A: Designing High Availability Database Solutions Using Microsoft SQL Server 2005

Course 2788A: Designing High Availability Database Solutions Using Microsoft SQL Server 2005 Course Syllabus Course 2788A: Designing High Availability Database Solutions Using Microsoft SQL Server 2005 About this Course Elements of this syllabus are subject to change. This three-day instructor-led

More information

Yiwo Tech Development Co., Ltd. EaseUS Todo Backup. Reliable Backup & Recovery Solution. EaseUS Todo Backup Solution Guide. All Rights Reserved Page 1

Yiwo Tech Development Co., Ltd. EaseUS Todo Backup. Reliable Backup & Recovery Solution. EaseUS Todo Backup Solution Guide. All Rights Reserved Page 1 EaseUS Todo Backup Reliable Backup & Recovery Solution EaseUS Todo Backup Solution Guide. All Rights Reserved Page 1 Part 1 Overview EaseUS Todo Backup Solution Guide. All Rights Reserved Page 2 Introduction

More information

REVIEW OF THE INTERNAL CONTROLS OF THE RTA S INFORMATION SYSTEM

REVIEW OF THE INTERNAL CONTROLS OF THE RTA S INFORMATION SYSTEM REVIEW OF THE INTERNAL CONTROLS OF THE RTA S INFORMATION SYSTEM INTRODUCTION In accordance with the 2009 work plan, this report summarizes the results of the Audit & Review Division s annual review of

More information

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policies and Procedures Manual Policy Number: I240 Page 1 of 9

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policies and Procedures Manual Policy Number: I240 Page 1 of 9 Page 1 of 9 TITLE: INFORMATION SECURITY: DEVICE AND MEDIA CONTROLS POLICY: Reasonable steps are taken to protect, account for, properly store, back up, encrypt and dispose of hardware, paper and electronic

More information

SCHOOL DISTRICT OF MARION COUNTY JOB CLASSIFICATION DESCRIPTION LEVEL/POSITION: COMPUTER NETWORK SPECIALIST 4.78

SCHOOL DISTRICT OF MARION COUNTY JOB CLASSIFICATION DESCRIPTION LEVEL/POSITION: COMPUTER NETWORK SPECIALIST 4.78 SCHOOL DISTRICT OF MARION COUNTY JOB CLASSIFICATION DESCRIPTION LEVEL/POSITION: COMPUTER NETWORK SPECIALIST 4.78 AREA(S): DATA CENTER OPERATIONS POSITION SUMMARY: The Network Specialist s role is to install,

More information

PassTest. Bessere Qualität, bessere Dienstleistungen!

PassTest. Bessere Qualität, bessere Dienstleistungen! PassTest Bessere Qualität, bessere Dienstleistungen! Q&A Exam : HP2-Q01 Title : Servicing HP Desktops, Workstations, and Notebooks Version : Demo 1 / 7 1.You upgrade the BIOS to the current version. Customers

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Designing a Microsoft SQL Server 2005 Infrastructure

Designing a Microsoft SQL Server 2005 Infrastructure Course Outline Other Information MS 2786 Days 2 Starting Time 9:00 Finish Time 4:30 Lunch & refreshments are included with this course. Designing a Microsoft SQL Server 2005 Infrastructure Introduction

More information

StorageCraft Technology Corporation Leading the Way to Safer Computing 2009 StorageCraft Technology Corporation. All Rights Reserved.

StorageCraft Technology Corporation Leading the Way to Safer Computing 2009 StorageCraft Technology Corporation. All Rights Reserved. PRODUCT WHITEPAPER This brochure is for informational purposes only. STORAGECRAFT MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, IN THIS SUMMARY. StorageCraft, ShadowProtect and ExactState and the StorageCraft

More information

Implementing Security Education at a Small Community College

Implementing Security Education at a Small Community College PRACTICAL SECURITY Implementing Security Education at a Small Community College Corrinne Sande Whatcom Community College Abstract: Key words: This paper discusses modifying an existing two-year degree

More information

Challenges of Integrating Data. Driving Factors A Systems Development Lifecycle Primer Data Security Considerations Integration Approach Questions

Challenges of Integrating Data. Driving Factors A Systems Development Lifecycle Primer Data Security Considerations Integration Approach Questions Challenges of Integrating Data Driving Factors A Systems Development Lifecycle Primer Data Security Considerations Integration Approach Questions Page 1 Driving Factors Integration of significant disparate

More information

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE INTRODUCTION The healthcare industry is driven by many specialized documents. Each day, volumes of critical information are sent to and from

More information

www.cadline.co.uk www.midastechnology.co.uk Page 1 of 5

www.cadline.co.uk www.midastechnology.co.uk Page 1 of 5 Page 1 of 5 Support Are you confident that you have all eventualities covered and that your current IT support provider can handle all of your issues? Are you frustrated with your application supplier

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

Physical and Environment IT Security Standards

Physical and Environment IT Security Standards Physical and Environment IT Security Standards Author s Name: Jo Brown Author s Job Title: Head of Technical Services Division: Corporate Department: Technical Services Version Number: 1.0 Ratifying Committee:

More information

SOFTWARE MANAGEMENT EXECUTIVE SUMMARY

SOFTWARE MANAGEMENT EXECUTIVE SUMMARY SOFTWARE MANAGEMENT EXECUTIVE SUMMARY Under a task order with the Office of Inspector General, Jefferson Wells reviewed the Commission s software management. Our review found that some controls and best

More information

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Managed Hosting & Datacentre PCI DSS v2.0 Obligations Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version

More information

Information Systems and Technology

Information Systems and Technology As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons

More information

Authority: State Trooper - Pennsylvania State Police United States Marshall Special Deputy

Authority: State Trooper - Pennsylvania State Police United States Marshall Special Deputy Corporal John Roche Pennsylvania State Police Bureau of Criminal Investigation Special Investigation Service Computer Crime Unit Southwest Computer Crime Task Force Coordinator 4221 Route 288 Highway West

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Chapter 5 Busses, Ports and Connecting Peripherals

Chapter 5 Busses, Ports and Connecting Peripherals Chapter 5 Busses, Ports and Connecting Peripherals 1 The Bus bus - groups of wires on a circuit board that carry information (bits - on s and off s) between computer components on a circuit board or within

More information

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI?

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI? Ricoh Legal Live Data Acquisition: The New Default Standard for Capturing ESI? By David Greetham, National Director of Forensics, Legal Enterprise Solutions Live computer forensic imaging, which is performed

More information

MFR IT Technical Guides

MFR IT Technical Guides MFR IT Technical Guides Windows 7 Backup and Recovery Page 1 of 33 Table of Contents 1 Glossary... 3 2 Backup Strategy... 4 3 Windows Backup Options... 5 3.1 Windows Backup... 5 3.2 Windows System Image

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

CSB Policy And Procedures

CSB Policy And Procedures Page 1 of 9 Policy Statement CSB Policy And Procedures The equipment, software systems, and databases that comprise the ephi System are critical components that enable the [CSB] to function in an effective

More information

Tailored Technologies LLC

Tailored Technologies LLC 685 Third Avenue New York, NY 10017 Tel: (212) 503-6300 Fax: (212) 503-6312 Date: January 9, 2014 To: The Audit File of the Hugh L. Carey Battery Park City Authority From: Tailored Technology Observations

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

Information Security Management. Audit Check List

Information Security Management. Audit Check List Information Security Management BS 7799.2:2002 Audit Check List for SANS Author: Val Thiagarajan B.E., M.Comp, CCSE, MCSE, SPS (FW), IT Security Consultant. Approved by: Algis Kibirkstis Owner: SANS Extracts

More information

Aproved by: doron berger Data Security Manager - National Security unit

Aproved by: doron berger Data Security Manager - National Security unit Israel Electric Corporation National Security unit Data Security Security of critical project performed by vendor abroad Aproved by: doron berger Data Security Manager - National Security unit Project

More information

Forensic Certifications

Forensic Certifications Forensic Certifications Mayuri Shakamuri CS 489-02 Digital Forensics October 31, 2006 New Mexico Tech Executive Summary Digital Forensics is rapidly growing and evolving to become a scientific practice

More information

University of Central Florida Class Specification Administrative and Professional. Network Operations Manager (Enterprise)

University of Central Florida Class Specification Administrative and Professional. Network Operations Manager (Enterprise) Network Operations Manager (Enterprise) Job Code: 2552 Manage enterprise networks. Oversee the monitoring, testing, and trouble shooting of all network components (network software and hardware and network

More information

Upgrade to Webtrends Analytics 8.7: Best Practices

Upgrade to Webtrends Analytics 8.7: Best Practices Technical Best Practices 8.7 Software Upgrade Upgrade to Webtrends Analytics 8.7: Best Practices Version 3 Webtrends Analytics is a powerful application that must be installed on a dedicated computer.

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

Grasmere Primary School Asset Management Policy

Grasmere Primary School Asset Management Policy Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the

More information

Cyber Security for Businesses

Cyber Security for Businesses Cyber Security for Businesses Computer crimes involve the illegal use of or the unauthorized entry into a computer system to tamper, interfere, damage, or manipulate the system or information stored in

More information

Joint Budget Development Committee Q&A. Response to Questions from the JBDC

Joint Budget Development Committee Q&A. Response to Questions from the JBDC Joint Budget Development Committee Q&A Request by: Board Member Name Response to Questions from the JBDC Question: Supervisor Herrity Response: The following chart provides a breakdown of Fairfax County

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

USING GENIE REMOTELY

USING GENIE REMOTELY USING GENIE REMOTELY This document outlines the available options for using Genie in offsite logging mode (Genie single user) or remotely in real-time via a remote desktop (terminal services) connection.

More information

A Better Approach to Backup and Bare-Metal Restore: Disk Imaging Technology

A Better Approach to Backup and Bare-Metal Restore: Disk Imaging Technology A Better Approach to Backup and Bare-Metal Restore: Disk Imaging Technology Acronis True Image Enterprise Server for Windows Acronis True Image Server for Windows Acronis True Image Server for Linux Another

More information