Claus B. Jensen IT Auditor, CISA, CIA
|
|
- Byron Ford
- 8 years ago
- Views:
Transcription
1 Claus B. Jensen IT Auditor, CISA, CIA I am employed in Rigsrevisionen, Denmark. (Danish National Audit Office) I have worked within IT Audit since 1995, both as internal and external auditor and now in the public sector. CISA certified
2 Rigsrevisionen- About us? Rigsrevisionen - the Danish National Audit Office - is an independent institution, which since 1991 has been placed under the Danish Folketing (parliament). Rigsrevisionen employs about 270 people 2
3
4 Main conclusion from the report: The data for which the government bodies were responsible was not, at the time of the examination, adequately protected and the level of security exposed the IT systems and confidential data to undue risk of cyber attacks. Public Accounts Committee is concerned that the examined government bodies had insufficient security against hacker attacks and insufficient protection of IT systems and confidential digital data. 4
5 Rigsrevisionen recommends that: 1. all government bodies should address the risk of cyber attacks in their risk assessments and 2. consider whether the implemented technical restrictions on downloads of programmes from the Internet and the number of local administrator accounts have been adequately limited, and 3. whether applied software programmes, etc. are being updated regularly. 5
6 Rigsrevisionen recommends that: and that: 1. the Ministry of Finance should clarify how responsibilities for cyber security should be divided between the Danish Agency for Governmental IT Services and its clients; 2. the Ministry of Finance and the Danish Agency for Digitisation should, develop guidance for all government bodies on the implementation of security controls to mitigate cyber attacks. 6
7
8 Based on experience from previously performed IT audits, the Danish National Audit Office is of the opinion that the results of the examination may apply to a wider audience of government bodies than those included in the audit. 8
9 Objectives 1) To assess whether selected government bodies had sufficient focus on mitigating cyber attacks. 2) In relation to the Danish Agency for Governmental IT Services, we focused particularly on its assessment and test of the risk that an attack on one of its clients could spread to other clients, as the security level of the agency and its clients should be considered collectively because security weaknesses identified either at the agency or one of its clients could potentially affect other clients. 3) Finally, we checked whether the risk associated with a decision not to implement the controls had been recorded in the risk assessment reports in a manner that reflected that management had addressed the risk and the possibilities of mitigating cyber attacks. 9
10 BEST PRACTICE Technically restricted staff s options to download programmes; Limited use of local administrators and Domain Administrators; Systematic software updates. 10
11 HOW WE DEFINED BEST PRACTICE In October 2012, the Australian Department of Defence estimated that around 85 % of all cyber attacks can be mitigated through the implementation of these few security controls. 1. technical restriction of download of programs from the Internet; (Whitelisting) 2. limited use of local administrators 3. systematic software updates. 11
12 The three controls are also found on the SANS Institute s prioritised list of 20 critical security controls referred to as quick wins. According to the Danish GovCert, the conclusions from the Australian report and other similar reports can be transferred to a Danish setting. The Danish National Audit Office is of the opinion that unless otherwise justified implementing the three security controls is now to be considered good practice. 12
13 HOW WE CONDUCTED THE SURVEY We spent the first 4 weeks scanning the marked for security tools to anlyse and test if the 3 security controls were implemented. NO We simply asked the clients, have you implemented: 1. technical restriction of download of programs from the Internet; (Whitelisting)? 2. limited the use of local administrators? 3. systematic software updates? 4. If YES - we asked for documentation 13
14 Objective no. 1 Examination of the three security controls Had the selected government bodies implemented the three recommended security controls? 14
15 The results of the examination 15
16 Conclusion objective no. 1: The data for which the government bodies were responsible was not, at the time of the examination, adequately protected and the level of security exposed the IT systems and confidential data to undue risk of cyber attacks 16
17 Objective no. 2 Examination of specific security controls at the Danish Agency for Governmental IT Services (Shared Service Center solution) Risk of cyber attacks spreading Risk connected to extensive use of domain administrators 17
18 The results of the examination 1. It turned out that the Danish Agency for Governmental IT Services had not assessed the risk of an attack on one government body compromising the IT security of the agency s other clients. 2. Nor had the agency conducted tests to establish whether an attack on one government body could compromise the system security of the agency s other clients. 3. The Danish Agency for Governmental IT Services had granted rights and permissions to a large number of domain administrators a practice that represents a significant risk in relation to potential attacks. 18
19 Conclusion objective no. 2: The Danish Agency for Governmental IT Services has not to the extent required addressed the risk that a cyber attack on one government body with inadequate security controls could spread to other bodies, for instance, through the shared services. 19
20 Objective no. 3 we checked whether the risk associated with a decision not to implement the controls had been recorded in the risk assessment reports in a manner that reflected that management had addressed the risk and the possibilities of mitigating cyber attacks. 20
21 The results of the examination objective no. 3 None of the four government bodies had in their risk assessments recorded why technical restrictions concerning downloads from the Internet had not been implemented. 21
22 Does it matter? Should we be concerned? If YES why? 22
23 Some samples from out there 23
24 Several of the government agencies that rely on the services provided by the Danish Agency for Governmental IT Services have in recent years been affected by successful cyber attacks. According to the Danish Centre for Cyber Security some of the attacks could have been avoided, and the consequences of the majority of the attacks considerably reduced, if the three security controls referred to in this report had been implemented in the agencies. 24
25 Hackerangreb mod Erhvervs- og Vækstministeriet 2012 Søren Vulff, Vicedirektør, Statens It 25
26 april
27 STATENS IT LUKKER INTERNET FORBINDELSEN TIL EVM OG FORETAGER ANALYSE/OPRYDNING 27 april 2014
28 HVAD VAR DET, DER SKETE? Vi ved ikke, hvem der stod bag, men alt tyder på en statssponsoreret aktør. Vi ved ikke, om de fik fat i noget - og i så fald, hvad det var. Vi ved dog, at de ikke kom ind på nogen af de centrale systemer. Da vi fulgte dem via logs, kunne vi se, at de målrettet gik efter at finde driftsdokumentation og systembeskrivelser. De arbejdede i dansk kontortid. Vi var klar til hele tiden at afbryde forbindelsen, hvis de nærmede sig vitale systemer. 28 april 2014
29 HVAD LÆRTE VI? Ingen ved, hvor lang tid det kommer til at tage! Man har begrænset tid, så indsatsen skal være meget målrettet. Klar rollefordeling - ikke kun i forhold til det tekniske, men også i forhold til beredskabsledelse og kommunikation, herunder håndtering af presse. Vi blev hjulpet af, at vi var midt i en konsolidering og kunne meget hurtigt prioritere at idriftsætte IPS-enheder (Intrusion Prevention System) ift. Erhvervs- og Vækstministeriets netværk. Vi fik opbygget et meget frugtbart samarbejde sammen med andre myndigheder i situationen. 29 april 2014
30 Who s Targeted Verticals Hundreds of targets Dozens of campaigns Direct/Indirect attacks Symantec Security Response 30
31 31
32 Norway hit by hackers Danish newspaper March Den Nationale Sikkerhedsmyndighed (NSM) registered security events in was registered as successful hacker attacks! Govermental agencies, Defense Industry and Tekno industry Hackere tok over Gjensidiges nettsider Massive angrep rammer norske servere PCer benytter seg av NTP-servere for å synkronisere dato og klokkeslett. Disse serverne ble mandag målet for et kraftig DDoS-angrep. En norsk kommune utsettes for 6000 dataangrep i døgnet 32
33 Nobody is to small to be hit by a Cyber Attack Excerpts from the Danish Beekeeper Association's annual report Danish Beekeepers' Association operates several websites. We've had problems with hackers among other biplanter.dk and honningfestival.dk. The latter has been hacked twice in the past year. Now both sites have been cleaned and updated, so that will not happen again. 33
34 What was our goal to bring this area into focus? 1. To put cyber security on the agenda of policy makers at the Danish Government bodies - Attacks on several government bodies in recent years have accentuated the need for increased security in the Public Sector. 2. To spread the word that these three simple and cheap central security controls can prevent the majority of the currently known types of attacks. 3. Go well in hand with the implementation of ISO (To be implemented by all Danish Governmental agencies by 2014) 34
35 35
36 Thank you for your attention The report can be downloaded on (in Danish and English) 36
Report to the Public Accounts Committee on mitigation of cyber attacks. October 2013
Report to the Public Accounts Committee on mitigation of cyber attacks October 2013 REPORT ON MITIGATION OF CYBER ATTACKS Table of contents I. Introduction and conclusion... 1 II. How government bodies
More informationResearch on the Danish heroin assisted treatment programme
Research on the Danish heroin assisted treatment programme Katrine Schepelern Johansen Anthropologist, PhD Post.doc, Department of Anthropology, University of Copenhagen Treatment with heroin in Denmark
More informationQuestionnaire #1: The Patient (Spørgeskema, må gerne besvares på dansk)
Table of Contents Questionnaire #1: The Patient... 2 Questionnaire #2: The Medical Staff... 4 Questionnaire #3: The Visitors... 6 Questionnaire #4: The Non-Medical Staff... 7 Page1 Questionnaire #1: The
More informationCAMP LOGOS administrated by Boligselskabet Sct. Jørgen (housing agency)
CAMP LOGOS administrated by Boligselskabet Sct. Jørgen (housing agency) Camp Logos the buildings Camp Logos is the dorm across the street from The Animation Workshop. There are 4 buildings side by side
More information<Matthías saga digitalis 6.0/>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
More informationInformationsteknologi Serviceledelse Del 4: Procesreferencemodel
DS-information DS/ISO/IEC TR 20000-4 1. udgave 2010-12-14 Informationsteknologi Serviceledelse Del 4: Procesreferencemodel Information technology Service management Part 4: Process reference model DS/ISO/IEC
More informationInformation og dokumentation Ledelsessystem for dokumentstyring Krav
Dansk standard DS/ISO 30301 1. udgave 2011-11-22 Information og dokumentation Ledelsessystem for dokumentstyring Krav Information and documentation Management systems for records Requirements DS/ISO 30301
More informationNy postlov i Norge New postal regulations in Norway. Frode Wold, Norway Post Nordic Address Forum, Iceland 5-6. may 2015
Frode Wold, Norway Post Nordic Address Forum, Iceland 5-6. may 2015 < Norge skal innordne seg EU s postdirektiv og dette vil få konsekvenser for Posten Norge mht postnummeradministrasjon, postadresser
More informationC a r d c o n d i t i o n s
C a r d t y p e s Du har vel hørt om pigen, som trådte på brødet for ikke at smudse sine sko, og hvor ilde de blev hun opklædt, hun været ude, så sagde godt så hun ud, og hovmoden tog til. Et årstid havde
More informationPresentation. Morten Hvenegaard Project Sales
Presentation One sensor in each luminaire - efficient lighting control 25 % savings on seamless daylight adjustment. One sensor in each luminaire - efficient lighting control 25 % savings on seamless daylight
More informationNordic Master in Didactics of Mathematics
Nordic Master in Didactics of Mathematics NORDIMA Barbro Grevholm Seminar i Bergen den 7-8 september 2011 Nordic Master in Didactics of Mathematics Project number NMP-2009/10730 The Master Consortium consists
More informationAgil Business Process Management - i Finans
Agil Business Process Management - i Finans Thomas Hildebrandt Lektor, PhD Leder af gruppen for Proces- & Systemmodeller ved IT Universitetet i København og Interessegruppen for processer og IT ved Infinit
More informationStudent evaluation form
Student evaluation form Back Number of respondents: 17 1. Multiple choice question Percentage Name of course: [Insert name of course here!] Course Objectives: [Insert course objectives (målbeskrivelse)
More informationInformationsteknologi Serviceledelse Del 3: Vejledning i definition af emne og brug af ISO/IEC 20000-1
DS-information DS/ISO/IEC TR 20000-3 1. udgave 2009-10-21 Informationsteknologi Serviceledelse Del 3: Vejledning i definition af emne og brug af ISO/IEC 20000-1 Information technology Service management
More informationSPDE. Lagring af større datamængder. make connections share ideas be inspired. Henrik Dorf Chefkonsulent SAS Institute A/S
make connections share ideas be inspired SPDE Lagring af større datamængder Henrik Dorf Chefkonsulent SAS Institute A/S SPDE Scalable Performance Data Engine I/O delen af SPDServer software Følger med
More informationMORGENBOOSTER 2015 DISRUPTIVE BUSINESS DESIGN
MORGENBOOSTER 2015 DISRUPTIVE BUSINESS DESIGN JIM KEYES, CEO, BLOCKBUSTER, 2008 NEITHER REDBOX OR NETFLIX ARE EVEN ON THE RADAR SCREEN IN TERMS OF COMPETITION 2000 HEY, VI SKAL HA ET WEBSITE HM 2009 HEY,
More informationVHDL programmering H2
VHDL programmering H2 VHDL (Very high speed Integrated circuits) Hardware Description Language IEEE standard 1076-1993 Den benytter vi!! Hvornår blev den frigivet som standard første gang?? Ca. 1980!!
More informationNational strategi for Datamanagement Input fra Bevaring, Formidling og Genbrug. Birte Christensen-Dalsgaard Det Kongelige Bibliotek
National strategi for Datamanagement Input fra Bevaring, Formidling og Genbrug Birte Christensen-Dalsgaard Det Kongelige Bibliotek Disposition Hvad er forskningsdata Hvorfor skulle forskere være interesseret?
More informationSoftwareudvikling Kvalitetskrav til og evaluering af softwareprodukter (SQuaRE) Fælles industriformat (CIF) til brugbare testrapporter
Dansk standard DS/ISO/IEC 25062 1. udgave 2008-05-08 Softwareudvikling Kvalitetskrav til og evaluering af softwareprodukter (SQuaRE) Fælles industriformat (CIF) til brugbare testrapporter Software engineering
More informationFremtidens vindenergi en magisters historie på Risø og DTU
Downloaded from orbit.dtu.dk on: Oct 26, 2015 Fremtidens vindenergi en magisters historie på Risø og DTU Mortensen, Niels Gylling Publication date: 2015 Document Version Author final version (often known
More informationSoftware- og systemudvikling Softwaretest Del 1: Begreber og definitioner
Dansk standard DS/ISO/IEC/IEEE 29119-1 1. udgave 2013-09-26 Software- og systemudvikling Softwaretest Del 1: Begreber og definitioner Software and systems engineering Software testing Part 1: Concepts
More informationJoin af tabeller med SAS skal det være hurtigt?
Join af tabeller med SAS skal det være hurtigt? Henrik Dorf, chefkonsulent, PS Commercial Join af tabeller Skal det være hurtigt kræver det Valgmuligheder Viden Eksperimenter Historien En af de første
More informationSkolestart. Solveig Gaarsmand Skole og Samfund Good ID 2007
Skolestart Solveig Gaarsmand Skole og Samfund Good ID 2007 1 Præsentation Hvem er vi? Hvor skal vores børn gå i skole? The trainer welcomes parents, pedagogues and teachers present and invites everybody
More informationCOACH BOT Modular e-course with virtual coach tool support
COACH BOT Modular e-course with virtual coach tool support LIFELONG LEARNING PROGRAM LEONARDO da VINCI Aarhus Social and Health Care College TRAINING FOR HEALTHCARE PROFESSIONALS AND HOME CARE PROVIDERS
More informationMINISTRY OF DEFENCE LANGUAGES EXAMINATIONS BOARD
Name: Candidate Registration Number: Date of Exam: MINISTRY OF DEFENCE LANGUAGES EXAMINATIONS BOARD SURVIVAL SLP1 PAPER D English Base Paper for Reading Task 1 Task 2 Time allowed Translation Comprehension
More informationInformationsteknologi Personlig identifikation ISO-overensstemmende kørekort Del 4: Prøvningsmetoder
Dansk standard DS/ISO/IEC 18013-4 1. udgave 2012-01-11 Informationsteknologi Personlig identifikation ISO-overensstemmende kørekort Del 4: Prøvningsmetoder Information technology Personal identification
More informationThe modal verbs kan sende modtage Same word for must and may Future expressed without modal verb
The modal verbs A modal verb can, may must, shall or will is an auxiliary it modifies the verb and expresses whether the action described is seen as plan, intention, necessity, possibility, prediction,
More informationEvaluation and Assessment of Key Competences in Denmark
Dublin, March 2013 Evaluation and Assessment of Key Competences in Denmark Benvido a Dublin Steen Lassen, senior advisor The Ministry of Children and Education, Denmark I: The Folkeskole internal and external
More informationOmkostnings- og investeringsteori Efterår 2009 Opgaver
Omkostnings- og investeringsteori Efterår 2009 Opgaver Jonas Sveistrup Hansen - stud.merc.it 23. september 2009 1 Indhold 1 2-27 p. 76 - Identifying Cost Drivers 3 2 2-46 p. 81- Basic Relationship, Restaurant
More informationSoftwareudvikling Retningslinjer for anvendelse af ISO 9001:2008 til computersoftware
Dansk standard DS/ISO/IEC 90003:2015 2. udgave 2015-01-07 Softwareudvikling Retningslinjer for anvendelse af ISO 9001:2008 til computersoftware Software engineering Guidelines for the application of ISO
More informationVejledning til en europæisk COREfaktura-datamodel. CII-retningslinjer for implementering Del 1: Introduktion
DS-information DS/CWA 16356-1 1. udgave 2011-11-09 Vejledning til en europæisk COREfaktura-datamodel med UN/CEFACT CII-retningslinjer for implementering Del 1: Introduktion Guide for a European CORE INVOICE
More informationRubber condoms Guidance on the use of ISO 4074 in the quality management of natural rubber latex condoms
Dansk standard DS/ISO 16038 1. udgave 2005-11-14 Kondomer Vejledning i brug af ISO 4074 ved kvalitetsstyring af latexkondomer Rubber condoms Guidance on the use of ISO 4074 in the quality management of
More informationGB INTRODUCTION manual:
GS - GS/L S2/S4 4 5 GB INTRODUCTION manual: Manufacturing Firm; The person responsible for the use of the fork truck must make sure that all of the safety rules in force in INSTRUCTIONS FOR USE 1) Do not
More informationSundhedsinformatik Kapacitetsbaseret roadmap for e-sundhedsarkitektur Del 1: Oversigt over nationale e-sundhedsinitiativer
DS-information DS/ISO/TR 14639-1 1. udgave 2012-10-11 Sundhedsinformatik Kapacitetsbaseret roadmap for e-sundhedsarkitektur Del 1: Oversigt over nationale e-sundhedsinitiativer Health informatics Capacity-based
More informationInformationsteknologi Små computersystemers. Del 251: USB-fæstnet SCSI (UAS)
Dansk standard DS/ISO/IEC 14776-251 1. udgave 2014-05-27 Informationsteknologi Små computersystemers grænseflade (SCSI) Del 251: USB-fæstnet SCSI (UAS) Information technology Small computer system interface
More informationCentre for Regional Change in the Earth System - CRES
Centre for Regional Change in the Earth System - CRES Jens Hesselbjerg Christensen Danish Meteorological Institute http://cres-centre.net From science to decisions Thanks to Markku Rummukainen Outline
More informationWhy Do People Pay the Way They Do: The Case of Cards, Cash, and Internet Banking in the Context
Why Do People Pay the Way They Do: The Case of Cards, Cash, and Internet Banking in the Context of Danish Society Xiao Xiao, Jonas Hedman, and Emma Runnemark Department of IT Management, Copenhagen Business
More informationProcesintegration og -automatisering. Michael Borges, Partner micborges@deloitte.dk
Procesintegration og -automatisering Michael Borges, Partner micborges@deloitte.dk Three eras of business automation The digital era The industrial era Machines replace heavy and dangerous manual work
More informationHot & New in Symantec Management and Windows Protection
[Technology Days 2010] Hot & New in Symantec and Windows Protection Finn Henningsen & Wael Al Assadi Hot & New in Symantec and Windows Protection AGENDA 1 2 3 Intro Storage /Wael Al Assadi Assadi Endpoint
More informationHow To Write An International Safety Standard
Dansk standard DS/ISO 26262-6 1. udgave 2012-01-11 Motorkøretøjer Funktionssikkerhed Del 6: Produktudvikling på softwareniveau Road vehicles Functional safety Part 6: Product development at the software
More informationStatistiske metoder i procesledelse Kapabilitet og performance Del 3: Analyse af maskinperformance for måleværdier på (diskrete) emner
Dansk standard DS/ISO 22514-3 1. udgave 2008-05-08 Statistiske metoder i procesledelse Kapabilitet og performance Del 3: Analyse af maskinperformance for måleværdier på (diskrete) emner Statistical methods
More informationSkovbrugsmaskiner Sikkerhedskrav til og prøvning af motordrevne stangsave til beskæring Del 2: Maskiner med rygbåret energikilde
Dansk standard DS/EN ISO 11680-2 3. udgave 2012-01-18 Skovbrugsmaskiner Sikkerhedskrav til og prøvning af motordrevne stangsave til beskæring Del 2: Maskiner med rygbåret energikilde Machinery for forestry
More informationOpdatering af metadata via SAS -programmer
Opdatering af metadata via SAS -programmer Henrik Dorf, chefkonsulent, PS Commercial Metadata SAS Management Console Meta browser SAS Data Integration Studio SAS Metadata Server Administrerer adgangen
More informationNaturgas Bestemmelse af sammensætning med defineret usikkerhed ved gaskromatografi Del 2: Usikkerhedsberegninger
Dansk standard DS/EN ISO 6974-2 2. udgave 2012-06-20 Naturgas Bestemmelse af sammensætning med defineret usikkerhed ved gaskromatografi Del 2: Usikkerhedsberegninger Natural gas Determination of composition
More informationInformationsteknologi Storage management Del 1: Oversigt
Dansk standard DS/ISO/IEC 24775-1 1. udgave 2014-11-13 Informationsteknologi Storage management Del 1: Oversigt Information technology Storage management Part 1: Overview DS/ISO/IEC 24775-1 København DS
More informationJordundersøgelser Prøvetagning Del 5: Vejledning i undersøgelse af jordforurening på bymæssige og industrielle grunde
Dansk standard DS/ISO 10381-5 1. udgave 2005-11-09 Jordundersøgelser Prøvetagning Del 5: Vejledning i undersøgelse af jordforurening på bymæssige og industrielle grunde Soil quality Sampling Part 5: Guidance
More informationDEFINITE AND INDEFINITE FORM
DEFINITE AND INDEFINITE FORM In Norwegian, a noun can appear either in the indefinite form or in the definite form. There are some absolute rules that determine which form is correct, but three important
More informationACE Denmark - an accreditation operator
ACE Denmark - an accreditation operator Learn how ACE Denmark improves the quality of Danish university study programmes. Page 2 ACE Denmark is based in the old university quarter in the heart of Copenhagen.
More informationThe Effect of a Classroom Management Intervention Results from an RCT Anders Holm, Maria Keilow, Mette Friis-Hansen, and Rune Kristensen
The Effect of a Classroom Management Intervention Results from an RCT Anders Holm, Maria Keilow, Mette Friis-Hansen, and Rune Kristensen Table 2. Course plan for the Classroom Management Intervention.
More informationUppsala, ICLaVE2, 13. juni 2003 Introduction
Uppsala, ICLaVE2, 13. juni 2003 Introduction The idea behind this speech was really a thought that came to me one late night. I can t describe it in details and it s not really thought through, but it
More informationGetProduct. Webservice name: GetProduct. Adress: https://www.elib.se/webservices/getproduct.asmx
GetProduct Webservice name: GetProduct Adress: https://www.elib.se/webservices/getproduct.asmx WSDL: https://www.elib.se/webservices/getproduct.asmx?wsdl Webservice Methods: Name: Description: Output schema:
More informationIntroduction. Objectives
1 af 7 06-05-2010 23:43 Introduction Povl Kjøller's "Do you want to sing together?" In this session we are going to listen to a Danish song from the 1970s. "Cykelsangen", as it is known, was written and
More informationErgonomi Fysisk miljø Anvendelse af internationale standarder for personer med særlige behov
Dansk standard DS/EN ISO 28803 1. udgave 2012-04-23 Ergonomi Fysisk miljø Anvendelse af internationale standarder for personer med særlige behov Ergonomics of the physical environment Application of international
More informationSCRIPTING, DATABASES, SYSTEM ARCHITECTURE
introduction to SCRIPTING, DATABASES, SYSTEM ARCHITECTURE RECAPITULATION OF PHP Claus Brabrand ((( brabrand@itu.dk ))) Associate Professor, Ph.D. ((( Programming, Logic, and Semantics ))) IT University
More informationPackaging Linear bar code and twodimensional symbols for product packaging
Dansk standard DS/ISO 22742 1. udgave 2005-03-17 Emballage Lineær stregkode og todimensionelle symboler for emballage til produkter Packaging Linear bar code and twodimensional symbols for product packaging
More informationGod s mission and our mission. Leader Conference Mission in Denmark Kolding 21st March 2015
God s mission and our mission Leader Conference Mission in Denmark Kolding 21st March 2015 When the time had fully come, God sent his son, Deus misit filium suum born of a woman, born under law, to redeem
More informationSponsors ansvar ved outsourcing af en klinisk afprøvning. Dansk Selskab for GCP. Medlemsmøde 23 November 2010
Sponsors ansvar ved outsourcing af en klinisk afprøvning Dansk Selskab for GCP Medlemsmøde 23 November 2010 Agenda Introduktion v/jane Arce, Formand for Dansk Selskab for GCP Lovgivning Hvorfor kontrol
More information1) Testing of general knowledge 25%. Each right question counts 1. Each wrong counts 0.5. Empty
1 Exam 2 The exam consists of four parts: 1) Testing of general knowledge 25%. Each right question counts 1. Each wrong counts 0.5. Empty counts zero. See below note about Task 1. 2) Planning 20%. All
More informationTHE ROTARY FOUNDATION. Det hele begyndte med at Arch Klump fik en idé i 1917!
THE ROTARY FOUNDATION Det hele begyndte med at Arch Klump fik en idé i 1917! JE: Kommentarer: Det hele var Arch Klump s ide som RI president i 1917-1 mands ide ligesom Poul Harris. Det første bidrag kom
More informationManagement. Support HR
Brugerrejsen Product development Marketing Sales Support HR Service IT Financial Management Før Under Efter a b Planlægning Køreplan Købe billet: Orange eller 1...? Pladsbillet: Familie eller stille? Transport
More information! Crowdsourcing!the!Library!
CrowdsourcingtheLibrary ByLoneStefansen TheRoyalLibraryofDenmark Background KBhasbeenworkingwithcrowdsourcingfor3 years LibrarieshaveauniqueopportunitytoaBract andengagedifferentcommunides» NonFprofit»
More informationI will cover. Cyber Security and other recent performance audits. Report # 8 Why this audit? Background. Audit objective.
I will cover. Report # 8 Security of information communications technology infrastructure Cyber Security and other recent performance audits Report # 9 TMAG: compliance with the National Standards for
More informationOIO Dekstop applikation
OIO Dekstop applikation 25-09-2009. Version 1.0 Sammendrag af ideer og dialog på møde d. 24-09-2009 mellem ITST, Trifork og Designit Under udarbejdelse Diagram Test applikation Grupper Digitaliser.dk Applikation
More informationCYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts
CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What
More informationSAP Best Practices. Færdigpakket branchespecifik og brancheovergribende knowhow. Tilgængelighed for SAP-kunder og SAP-partnere
SAP Best Practices Færdigpakket branchespecifik og brancheovergribende knowhow Tilgængelighed for SAP-kunder og SAP-partnere 1. Tilgængelighed af SAP Best Practices 2. Download af SAP Best Practices Tilgængelighed
More informationCOPYRIGHT Danish Standards Foundation. NOT FOR COMMERCIAL USE OR REPRODUCTION. DS/IEC/TR 80001-2-2:2012
DS-information DS/IEC/TR 80001-2-2 1. udgave 2012-09-14 Anvendelse af risikostyring inden for itnetværk indbefattende medicinsk udstyr Del 2-2: Vejledning ved offentliggørelse og formidling af sikkerhedsbehov,
More informationAvaya Brugergruppe dage
13.03.2015 1 Avaya Brugergruppe dage ODENSE 13.03.2015 2 BRUGERGRUPPEDAGE 2015 ODENSE Rigets tilstand på Blå Avaya Skal jeg gå SIP vejen? Hvad er Avaya Software Investment Protection Policy (ASIPP) SIP
More informationSøgeprotokol for Nationale Kliniske Retningslinjer
Søgeprotokol for Nationale Kliniske Retningslinjer Projekttitel/aspekt NKR for OCD søgning på PICOs - sekundær litteratur Kontakt Fagkonsulent Anne Dorothee Müller / Betina Højgaard /projektleder Kontakt
More informationFaSMEd meeting, 24.02.15 Maria I.M. Febri
FaSMEd meeting, 24.02.15 Maria I.M. Febri Hverdagsforestillinger (Every day concepts) Begrepet Hverdagsforestillinger Elever kommer til naturfagundervisning med diverse forestillinger basert på / bygd
More informationToo Much. Workmate. A. Listen to Adrian talking about obesity. 1 Who is he especially worried about?
Too Much Workmate 1. Work in pairs. Find these expressions in the text. Read them aloud. 1 Jo større han blev, desto mindre motionerede han. 2 I mange år havde han ikke kunnet gå i biografen. 3 Han løste
More informationMINISTRY OF DEFENCE LANGUAGES EXAMINATIONS BOARD
Name: Candidate Registration Number: Date of Exam: MINISTRY OF DEFENCE LANGUAGES EXAMINATIONS BOARD SURVIVAL SLP1 NORWEGIAN PAPER F Reading Task 1 Task 2 Time allowed Translation Comprehension 15 minutes
More informationCOPYRIGHT Danish Standards Foundation. NOT FOR COMMERCIAL USE OR REPRODUCTION. DS/ISO/IEC 24730-22:2012
Dansk standard DS/ISO/IEC 24730-22 2. udgave 2012-08-29 Informationsteknologi Realtidslokaliseringssystemer (RTLS) Del 22: Direct Sequence Spread Spectrum (DSSS), 2,4 GHz-protokol for luftgrænseflade:
More informationOverview TECHIS60441. Carry out security testing activities
Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being
More informationFORSLAG / DRAFT DSF/DS/EN 13200-6 DK NA:2014
FORSLAG / DRAFT DSF/DS/EN 13200-6 DK NA:2014 Forslagsnr.: M287549 Draft no.: Forslaget er: The draft is: (IDT = identisk med/identical to - EQV = baseret på/equivalent to - MOD = modificeret/modified)
More informationCasestudier, der understøtter IEC 62232 Bestemmelse af RF-felter og SAR-værdier i nærheden af radiokommunikationsbasestationer
DS-information DS/IEC/TR 62669 1. udgave 2011-07-04 Casestudier, der understøtter IEC 62232 Bestemmelse af RF-felter og SAR-værdier i nærheden af radiokommunikationsbasestationer med det formål at evaluere
More informationSummary. /3 The purpose of this report was to observe Vestergaard Company A/S s possibilities of
entering the Turkish market. /3 The purpose of this report was to observe Vestergaard Company A/S s possibilities of Summary Vestergaard Company A/S Belinda S. Jensen, Gamze Celik, Katrine Junker og Kristine
More informationBusiness development. Linnea Jacobsen. 1. semester 2014
Business development Linnea Jacobsen 1. semester 2014 v Business Models v Business Model Canvas v Groupwork Literature Alexander Osterwalder & Yves Pigneur: Business Model Generation: s. 14-47 + 76-103
More informationLeft dislocation in main and subordinate clauses
Nordic Atlas of Language Structures (NALS) Journal, Vol 1, 406-414 Copyright J. B. Johannessen 2014 Licensed under a Creative Commons Attribution 3.0 License Left dislocation in main and subordinate clauses
More informationMan, Machine and DDoS Mitigation
Man, Machine and DDoS Mitigation The case for human cyber security expertise Automated DDoS mitigation poses risks Distributed denial of service (DDoS) attacks can overwhelm DDoS appliances Today s DDoS
More informationKvalifisering av ny teknologi
Kvalifisering av ny teknologi Siemens AS 26.05.2011 Siemens Oil & Gas solutions - Offshore 2010. All rights reserved. De tre viktigste tingene subsea: Pålitelighet Pålitelighet Pålitelighet Hvorfor kvalifisering?
More informationCRES - a Scientific Platform for Sharing Climate Change Related Knowledge in Denmark
CRES - a Scientific Platform for Sharing Climate Change Related Knowledge in Denmark Jens Hesselbjerg Christensen Danish Meteorological Institute http://cres-centre.net Outline Something about communicating
More informationHow To Understand And Understand Phytoestrogen
Course Catalogue 2013 SCANBUR Academy COURSE CATALOGUE 2013 Scanbur Academy proudly presents our first course catalogue. We look forward to meeting you at one or more of our courses in 2013. If you have
More informationHVAD ER VI? HVOR ER VI? Ved Kim Grenaa & Uffe Buchard
HVAD ER VI? HVOR ER VI? Ved Kim Grenaa & Uffe Buchard PROGRAM 10:15 Find dit DNA 11:15 Pause 11:30 Marketingplatform & Show PR, Step by Step Guide 12:30 Frokost 13:15 Den nye verden v/ Emilia van Hauen
More informationSAMSØ PÅ GAS. Skibsteknisk Selskab København 8. September 2014
SAMSØ PÅ GAS Skibsteknisk Selskab København 8. September 2014 Consulting Naval Architects OSK-ShipTech A/S Denmark World Wide Marine Consultancy Services Since 1966 Geography Kanhavekanalen Kanhavekanalen
More informationFacility management Del 7: Vejledning i benchmarking af præstationer
Dansk standard DS/EN 15221-7 1. udgave 2012-11-06 Facility management Del 7: Vejledning i benchmarking af præstationer Facility Management Part 7: Guidelines for Performance Benchmarking DS/EN 15221-7
More informationInformationsteknologi til læring, uddannelse og oplæring Informationsmodel for kompetencer Del 2: Informationsmodel for kompetenceniveau
Dansk standard DS/ISO/IEC 20006-2:2015 1. udgave 2015-08-04 Informationsteknologi til læring, uddannelse og oplæring Informationsmodel for kompetencer Del 2: Informationsmodel for kompetenceniveau Information
More informationAkustik Metode til beregning af forventet høretab forårsaget af støj
Dansk standard DS/ISO 1999 1. udgave 2014-06-26 Akustik Metode til beregning af forventet høretab forårsaget af støj Acoustics Estimation of noise-induced hearing loss DS/ISO 1999 København DS projekt:
More informationHordaland på Børs Bergen 22 August 2013
Hordaland på Børs Bergen 22 August 2013 Tor Magne Lønnum, CFO Follow us on Twitter: @TrygIR 1 19 augusti 2013 Disclaimer Certain statements in this presentation are based on the beliefs of our management
More informationOlie- og naturgasindustrien Levetidsomkostninger Del 3: Retningslinier for implementering
Dansk Standard DS/ISO 15663-3 1. udgave 2001-11-20 Olie- og naturgasindustrien Levetidsomkostninger Del 3: Retningslinier for implementering Petroleum and natural gas industries Lifecycle costing Part
More informationVejen til privat finansiering. 16. juni 2011
Vejen til privat finansiering 16. juni 2011 Vejen til privat finansiering 1 Præsentation 2 Investor og banken din første kunde 3 Struktureret søgning 4 Netværk til finansiering 5 Case Intelligent styring
More informationSundhedsinformatik Krav til den elektroniske patientjournals arkitektur
Dansk standard DS/ISO 18308 1. udgave 2011-09-06 Sundhedsinformatik Krav til den elektroniske patientjournals arkitektur Health informatics Requirements for an electronic health record architecture DS/ISO
More informationCurriculum Vitae Helene Ratner
Curriculum Vitae Helene Ratner PERSONAL DATA Helene Ratner Born: 11.11.1980 Finsensvej 105, 4. th T: +45 3082 6019 (mobile) 2000 Frederiksberg E: heleneratner@gmail.com EDUCATION 1/4 2009 31/3 2012 Ph.D.
More informationPetroleum Policy Topics
Petroleum Policy Topics Erik M. Dugstad Deputy Director General Presentation to OLF Tax Seminar 4th May 2012 Norwegian Ministry of Petroleum and Energy Agenda introduction The White Paper: An industry
More informationInformationsteknologi Cloudcomputing Oversigt og ordliste
Dansk standard DS/ISO/IEC 17788 1. udgave 2014-10-21 Informationsteknologi Cloudcomputing Oversigt og ordliste Information technology Cloud computing Overview and vocabulary DS/ISO/IEC 17788 København
More informationwww.scherning.dk / SPRING 2013
www.scherning.dk / SPRING 2013 METTE SCHERNING en dansk smykkedesigner METTE SCHERNING a Danish jewellery designer Mette Scherning mestrer om nogen kunsten at kreere smykker med Mette Scherning masters
More informationPraksis inden for elektronisk fakturering i EU
DS-information DS/CWA 16463 1. udgave 2012-06-28 Praksis inden for elektronisk fakturering i EU Code of Practice for Electronic Invoicing in the European Union DS/CWA 16463 København DS projekt: M263481
More informationThe Danish National Return to Work Program. Nordisk socialforsikringsmøde Tammerfors Finland Juni 2012 Glen Winzor Head of division NRCWE gwi@nrcwe
The Danish National Return to Work Program Nordisk socialforsikringsmøde Tammerfors Finland Juni 2012 Glen Winzor Head of division NRCWE gwi@nrcwe The background From 2004 to 2008 there was a dramatic
More informationInformation Security Awareness Training
Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information
More information