Defending your data against physical threats
|
|
- Dylan Welch
- 8 years ago
- Views:
Transcription
1 Defending your data against physical threats Facts and guidelines for Datacentre Security Management 1
2 2 Physical security A vital link in data centre defence The exponential rise in data centres is matched only by the tandem rise in threats of malicious or accidental breaches. As business, consumer and user data is migrated to the cloud, the risks associated with a loss, theft or damage of data have the potential to cripple organisations. Most organisations recognise the need to defend their data against cyberattacks, but data centres and server racks are typically less well guarded against physical breaches whether accidental or malicious. So while valuable data may have several lines of digital defence, physical access to the cabinets and racks may be unmonitored and unprotected. In this white paper we will consider the rise of the data centre, the risks that businesses face from data loss, best practices in securing data against attack and business continuity, and how to ensure compliance with regulatory requirements. New security challenges Data compliance requirements p. 5 Three layers of physical security p data centre security tips p. 8 Cost effective access control p Defending your data against physical threats
3 New security challenges for data centres The data boom increases the need for higher security 3 New data centres are being built at a remarkable rate. The value of data centre construction contracts is estimated to reach $22 billion by More data centres, and therefore more data, means higher s ecurity risks. As more organisations share access to server rooms, there is an urgent need to prevent physical attacks and accidental damage by controlling access. And when security is breached, the costs to business can be astronomical. IBM estimates the average total cost of each data breach to be $3.79 million. Total cost of data breaches has increased by 23% since In addition to customer dissatisfaction, the cost of unprotected data includes business disruption, loss of brand equity and fines and penalties levied for non- compliance with personal and commercial data protection legislation. Alongside the growth of data centres, the global colocation market is predicted to grow from $23 billion in 2014 to $37 billion in The EMEA market represents over 26% of global market, in terms of operational square feet. 4 As described in the following pages, colocation brings unique security and compliance challenges. Colocation: shared space brings new security challenges Colocation gives businesses the freedom to manage their own software and hardware in a controlled environment. But this growing trend also brings security challenges and has data protection implications for organisations that choose to co-locate. As more organisations (including potential competitors) share access to server rooms, there is an urgent need to prevent physical attacks and accidental damage by controlling access. A typical server room may receive visitors to carry out upgrades, make repairs, install new servers and conduct routine maintenance. Organisations can t afford to ignore the risks of unauthorised personnel accessing their equipment and their data. And as the power and cost of servers increases, the liability associated with failure or loss grows. In addition, data centre facilities are often secured with mechanical locking systems, especially at server cabinet level, which can t be monitored and controlled, making access management and physical protection of the data even more difficult. 1 Research and Markets, October Benchmark research sponsored by IBM, independently conducted by Ponemon Institute LLC May Research KnowledgeBase Q Ibid. Defending your data against physical threats 3
4 4 Who is accessing your company s most sensitive data? Where? When? And if someone without authorisation did, how would you know? 4 Defending your data against physical threats
5 Data compliance requirements Virtual protection 5 The pressure to safeguard data continues to grow. Legislation and security standards aim to protect businesses and the public from the significant risks associated with data breaches. One common theme uniting these standards and legislation is the requirement to control access to data. European Data Protection Directive 95/46/EC All organisations across Europe need to comply with this directive. There are plans in 2015 to unify data protection under a new single law, the General Data Protection Regulation (GDPR), which incorporates new guidelines for data protection and privacy. As a regulation and not a directive, it will have immediate effect on all 28 EU member states and may include fines of up to 1 million euros for non-compliance or 2% gross global turnover, whichever is greater.. ISO The ISO family of standards helps organisations manage the security of assets such as financial information, intellectual property, employee details and thirdparty information. ISO/IEC details requirements for information security management systems (ISMS). OHSAS The Occupational Health & Safety Management System Standard ensures that data centres are safe and healthy environments. OHSAS requires that: Any risks to staff, visitors and contractors have been assessed Where necessary controls are put in place to reduce the risk of harm to a minimum All national/local legal and regulatory health and safety requirements are met Sarbanes-Oxley Act The Sarbanes-Oxley Act of 2002 (often shortened to SOX) was designed to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise, and improve the accuracy of corporate disclosures. Complying with SOX requires security controls to ensure the integrity of financial data. PCI-DSS Payment Card Industry Data Security Standard The PCI Data Security Standard (PCI DSS) helps organisations proactively protect customer financial information. The standard requires that access to system information and operations is restricted and controlled both electronically and physically. These are just some of the most important regulations guiding data centre security. The message is clear: organisations can t afford to leave data security to chance. Defending your data against physical threats 5
6 6 The three layers of physical security Physical protection Data centres face unique challenges to ensure the security of physical and digital assets. Whether a data centre supports a handful of clients or several thousands, they have a legal and commercial responsibility to safeguard data against loss and theft. A robust security system can be considered as three layers moving inward from the facility s perimeter to server rack level. Perimeter defence Perimeter security features control access to the building, ensuring that only authorised personnel can reach servers. Perimeter security may entail CCTV, high fencing and lighting, as well as high security integrated access control systems. Server room access Commercial-grade doors, frames and hardware defend against unauthorised access to server rooms. Security features should also be designed to withstand the elements in case of fire or flood. Doors may need to be rated for a number of hazards: Climate control and airflow Natural forces Blast and ballistic Fire Radio frequency (RF) shield Sound transmission class (STC) Cabinet security The repercussions of accidental or malicious access to server cabinets can be disastrous. A loss of sensitive data could be crippling, destroying hard-earned customer trust, damaging brand equity and generating substantial non-compliance penalties. Given the high stakes, it s unsurprising that data managers are pushing for access control at the server rack level. In the event of a security breach, most organisations would want to know who had access to the server and when. With an access control system at the door and server rack level, organisations have granular control over who can access data, as well as a complete audit trail of access. 6 Defending your data against physical threats
7 7 {nomanpu Unauthorised access and use have nearly doubled within one year BREACHES BY TYPE OF METHOD Q Q Unauthorized Access/Use 26 % 16% Theft 21 % 26 % Public Access/ Distribution 25 % 20 % Loss 3 % 7 % Hacking 25 % 26 % 75 % P H Y S I C A L BREACHES Figure 1: Breaches by type of method, Source: Information Security & Data Breach Report, October 2014 Update, page 6 {monitor Physical security is about more than simply restricting access to unauthorised users, it s also about controlling and recording who has access and when. Defending your data against physical threats 7
8 8 12 data centre security tips Is your data secure against all forms of attack? This is what you can do to increase protection Aim for complete enterprise access control Choose a complete access control solution that will meet your organisation s long-term needs. Utilise the latest technology New technologies such as Power over Ethernet (PoE) and wireless can reduce costs and improve ROI. Rack-level security can save floor space and reduce the need for additional cabling. Seek senior buy-in Without the support of senior management it can be difficult to adequately implement the policies and procedures to safeguard data Ensure secure locations Choose a location with minimal risk of environmental, social or political threats. If you maintain a separate recovery site, it should be located at least three hours from your primary site. Analyse every component of your security Meet with key stakeholders from IT, security and facilities to discuss each department s challenges and concerns. Provide reliable power Design redundancy into everything related to the data centre, from transfer stations to uninterruptible power supplies, to ensure sufficient power is always available
9 9 Identify all assets that require protection Do you need to control access to a data centre, a server room or individual cabinets? Define users and access levels Identify which employees require access to sensitive data. While it s important that only valid users are given access, it s also vital that employees are able to continue their work without interruption. Educate the entire team The greatest threat to your data comes from within. By taking the time to educate your team you can ensure that everyone works together to protect data Design for success as well as compliance While complying with regulations is essential, it s also vital that security and safety measures support your business operations and provide access to IT when it is required. Identify your facility manager early Identify your facility manager and define how they fit within your organisation. Include them in security discussions and plans both long-term as well as the day-to-day operations. Create a policy for exceptions Decide how you will deal with exceptions and the need to grant temporary access so you have a defined procedure in place
10 10 Cost effective access control for data centres A mechanical master key system is expensive to run, due to secure key management costs and lack of flexibility in changing user rights. Losing a master key means replacing mechanical cylinders and keys right across your facility. There s no shortcut. So what s the solution? Aperio technology from ASSA ABLOY complements new and existing electronic access control systems. Aperio provides a simple, intelligent way to upgrade the controllability and security level of your premises. With Aperio, you can secure the perimeter, the server room and your server cabinets fully integrated with your access control system, adding access management and audit trail capabilities to almost any door opening. Racks are the last line of defence against physical access to IT equipment and data, but are often left unmonitored. The Aperio KS100 Server Cabinet lock helps address the security needs of data centre and colocation facilities by providing real-time access control to individual cabinet doors in a single card system. KS100 allows you to deploy real time notifications that report, manage and notify rack-level security breaches. Compliance Complies with Data Protection obligations Improved monitoring Access to authorised users, provides audit trails, real-time monitoring Locking status Unlock, Lock, Temporary Unlock Aperio KS100 system integration Power supply Power over Ethernet or external power supply Credentials Can be used with existing high frequency RFID credentials* 10 Defending your data against physical threats
11 11 COSTS CAUSED BY BREACHES {money} Costs caused by physical breaches about 50% higher than virtual breaches $ 3,782,169 $ 4,543,901 $ 7,687,617 $ 11,475,730 $ 2,408,070 $ 741,590 Hacking Physical breaches Unauthorized Access/Use Theft Public Access/ Distribution Loss 59,9% COSTS ARE CAUSED BY PHYSICAL BREACHES Figure 2: Costs caused by breaches by type of method, Source: Information Security & Data Breach Report, October 2014 Update, page 7 LEVEL 1: PERIMETER DEFENCE LEVEL 2: SERVER ROOM ACCESS LEVEL 3: CABINET SECURITY Access control system Communication hub Connects up to 8 devices to EAC system Range: 15 25m Wired security entrance door Online door Wireless and without modification to doors: Add doors to your EAC system with battery powered Aperio locks, escutcheons or cylinders Server rack Powered over ethernet: Add cabinets, racks and drawers to your EAC system with Aperio KS100 Defending your data against physical threats 11
12 ASSA ABLOY is the global leader in door opening solutions, dedicated to satisfying end-user needs for security, safety and convenience Wireless locking evolution for online and offline door control. Aperio is a new technology developed to complement new and existing electronic access control systems. Providing end users with a simple, intelligent way to upgrade the controllability and security level of their premises. As the world s leading lock group, ASSA ABLOY offers a more complete range of door opening solutions than any other company on the market. In the fast-growing electromechanical security segment, the Group has a leading position in areas such as access control, identification technology, entrance automation and hotel security. Since its formation in 1994, ASSA ABLOY has grown from a regional company into an international group with around 47,000 employees and sales of more than SEK 53 billion. ASSA ABLOY Access Control Willenhall West Midlands WV13 3PW United Kingdom We reserve the right to make technical modifications. Version: WP APERIO KS ENG UK
SMARTair TM. It s time to change!
SMARTair TM » Changing to SMARTair was the best decision I made, it makes my job so much easier. «Facilities Manager Sometimes the best solution is also the simplest Why is SMARTair the best choice? Easy
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationIn this discussion paper, we look at three questions:
Meeting the Security Challenge for Serviced Office Providers A discussion paper Author: Damian Marsh, Managing Director UK, ASSA ABLOY Access Control The global leader in door opening solutions Synopsis
More informationAccess Control in Commercial Applications. Is the future of commercial building security built in, or bolted on? A discussion paper
Access Control in Commercial Applications Is the future of commercial building security built in, or bolted on? A discussion paper Author: Damian Marsh, Managing Director UK, ASSA ABLOY Access Control
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationCompliance Management, made easy
Compliance Management, made easy LOGPOINT SECURING BUSINESS ASSETS SECURING BUSINESS ASSETS LogPoint 5.1: Protecting your data, intellectual property and your company Log and Compliance Management in one
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationHow to Develop a Log Management Strategy
Information Security Services Log Management: How to develop the right strategy for business and compliance The purpose of this whitepaper is to provide the reader with guidance on developing a strategic
More informationCommodore Hotel, Instow. A guide to security in hotels
Commodore Hotel, Instow A guide to security in hotels Hotel security You want your guests to feel as comfortable staying with you as they do in their own home. You offer them comfort and hospitality and
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationInformation Security Incident Management Policy September 2013
Information Security Incident Management Policy September 2013 Approving authority: University Executive Consultation via: Secretary's Board REALISM Project Board Approval date: September 2013 Effective
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationPolicy Document. IT Infrastructure Security Policy
Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT
More informationINFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY
INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY 1. PURPOSE In respect to this policy the term physical and environmental security refers to controls taken to protect
More informationSecurity & Privacy Current cover and Risk Management Services
Security & Privacy Current cover and Risk Management Services Introduction Technological advancement has enabled greater working flexibility and increased methods of communications. However, new technology
More informationAccess at the Rack Level in Your
Securing and Monitoring Physical Access at the Rack Level in Your Data Center Steve Spatig, BSME Mike Fahy, BSME Southco, Inc. In lieu of paper evaluations for each session at the Winter Conference, all
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationHow can Access Control Systems Improve Security and Reduce Costs? A Discussion Paper
How can Access Control Systems Improve Security and Reduce Costs? A Discussion Paper Author: Nojmol Islam, Product Manager, ASSA ABLOY Security Solutions The global leader in door opening solutions Introduction
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationThe Challenges of Administering Active Directory
The Challenges of Administering Active Directory As Active Directory s role in the enterprise has drastically increased, so has the need to secure the data it stores and to which it enables access. The
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationASSA ABLOY Academy Training Prospectus. The global leader in door opening solutions
Academy Training Prospectus The global leader in door opening solutions Welcome to the Academy The Academy is a purpose built training and product display centre, sited at the heart of s UK manufacturing
More informationSecurity in Fax: Minimizing Breaches and Compliance Risks
Security in Fax: Minimizing Breaches and Compliance Risks Maintaining regulatory compliance is a major business issue facing organizations around the world. The need to secure, track and store information
More informationManage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee
Marquee Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Securing the Workplace Executive Summary OPTIMIZE TODAY S WORKPLACE Protecting
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationCITY UNIVERSITY OF HONG KONG Physical Access Security Standard
CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification Publication
More informationMike Casey Director of IT
Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationREFERENCE 5. White Paper Health Insurance Portability and Accountability Act: Security Standards; Implications for the Healthcare Industry
REFERENCE 5 White Paper Health Insurance Portability and Accountability Act: Security Standards; Implications for the Healthcare Industry Shannah Koss, Program Manager, IBM Government and Healthcare This
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationLog Management How to Develop the Right Strategy for Business and Compliance. Log Management
Log Management How to Develop the Right Strategy for Business and Compliance An Allstream / Dell SecureWorks White Paper 1 Table of contents Executive Summary 1 Current State of Log Monitoring 2 Five Steps
More informationSecurity Overview. A guide to data security at AIMES Data Centres. www.aimesgridservices.com TEL: 0151 905 9700 enquiries@aimes.
Security Overview A guide to data security at AIMES Data Centres www.aimesgridservices.com TEL: 0151 905 9700 enquiries@aimes.net Page 1 of 10 Contents I. Protecting our clients data...2 II. Information
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More information10 reasons to embrace a hybrid solution.
10 reasons to embrace a hybrid solution. This whitepaper will help you learn the benefits of having one partner for colocation, cloud and managed services. Managing the complex IT Landscape Rapid expansion,
More informationULH-IM&T-ISP06. Information Governance Board
Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationCisco SAFE: A Security Reference Architecture
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationDesign of Database Security Policy In Enterprise Systems
Design of Database Security Policy In Enterprise Systems by Krishna R Singitam Database Architect Page 1 of 10 Table of Contents 1. Abstract... 3 2. Introduction... 3 2.1. Understanding the Necessity of
More informationBEST PRACTICES FOR COMMERCIAL COMPLIANCE
BEST PRACTICES FOR COMMERCIAL COMPLIANCE [ BEST PRACTICES FOR COMMERCIAL COMPLIANCE ] 2 Contents OVERVIEW... 3 Health Insurance Portability and Accountability Act (HIPAA) of 1996... 4 Sarbanes-Oxley Act
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationDemonstrating Regulatory Compliance
White Paper Demonstrating Regulatory Compliance Simplifying Security Management November 2006 Executive Summary Increasingly, organizations throughout Europe are expected to comply (and to demonstrate
More informationUniversity of Brighton School and Departmental Information Security Policy
University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives
More informationThe impact of the personal data security breach notification law
ICTRECHT The impact of the personal data security breach notification law On 1 January 2016 legislation will enter into force in The Netherlands requiring organisations to report personal data security
More informationThe Data Melting Pot Computing in the Cloud. Becky Pinkard Manager, Security Operations Centres Research In Motion
The Data Melting Pot Computing in the Cloud Becky Pinkard Manager, Security Operations Centres Research In Motion Notable Quotes January 2010, Mark Zuckerberg (Facebook founder): People have really gotten
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationCyber Security Issues - Brief Business Report
Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationCONTENTS. Security Policy
CONTENTS PHYSICAL SECURITY (UK) PHYSICAL SECURITY (CHICAGO) PHYSICAL SECURITY (PHOENIX) PHYSICAL SECURITY (SINGAPORE) SYSTEM SECURITY INFRASTRUCTURE Vendor software updates Security first policy CUSTOMER
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationUnderstanding Sage CRM Cloud
Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4
More informationEmploying Best Practices for Mainframe Tape Encryption
WHITE PAPER: DATA ENCRYPTION BEST PRACTICES FOR MAINFRAME TAPE Employing Best Practices for Mainframe Tape Encryption JUNE 2008 Stefan Kochishan CA MAINFRAME PRODUCT MARKETING John Hill CA MAINFRAME PRODUCT
More informationReducing Risk. Raising Expectations. CyberRisk and Professional Liability
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
More informationEnsuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services
Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of
More informationWhite Paper. Data Security. The Top Threat Facing Enterprises Today
White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is
More informationThe Challenges of Administering Active Directory
The Challenges of Administering Active Directory As Active Directory s role in the enterprise has drastically increased, so has the need to secure the data it stores and to which it enables access. The
More informationDataCentre Access Policies & Procedures
DataCentre Access Policies & Procedures Contents Purpose... 3 Overview... 3 DataCentre Access... 3 DataCentre Access Levels... 4 Periodic Review & Termination of Access... 5 DataCentre Access Log... 5
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationInformation security policy
Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0
ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright
More informationEnsuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services
Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and
More informationMAXIMUM PROTECTION, MINIMUM DOWNTIME
MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is
More informationEnsuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services
Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Page 2 of 8 Introduction Patient privacy has become a major topic of concern over the past several years. With the majority
More informationBirkenhead Sixth Form College IT Disaster Recovery Plan
Author: Role: Mal Blackburne College Learning Manager Page 1 of 14 Introduction...3 Objectives/Constraints...3 Assumptions...4 Incidents Requiring Action...4 Physical Safeguards...5 Types of Computer Service
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationIslington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014
Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document
More informationData Protection Breach Management Policy
Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/
More informationWHITE PAPER. Preventing Wireless Data Breaches in Retail
WHITE PAPER Preventing Wireless Data Breaches in Retail Preventing Wireless Data Breaches in Retail The introduction of wireless technologies in retail has created a new avenue for data breaches, circumventing
More informationMusic Recording Studio Security Program Security Assessment Version 1.1
Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationDemystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature
Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach
More informationCYBER RISK SECURITY, NETWORK & PRIVACY
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationDatacentre Studley. Dedicated managed environment for mission critical services. Six Degrees Group www.6dg.co.uk
Dedicated managed environment for mission critical services www.6dg.co.uk Our datacentres are the core of our business. At we own and manage 30,000 square feet of highly available, geographically diverse
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationKEELE UNIVERSITY IT INFORMATION SECURITY POLICY
Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical
More informationPhysical Security Policy
Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security
More informationBuyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net
Buyer s Guide to Secure Cloud Buyer s Guide to Secure Cloud An executive guide to outsourcing IT infrastructure and data storage using Private Cloud as the foundation. Executives derive much confidence
More information