Overview TECHIS Carry out risk assessment and management activities

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Overview TECHIS60241. Carry out risk assessment and management activities"

Transcription

1 Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection of digital information within systems and devices, and what needs to be protected, is less so. Information risk is concerned with the importance of information to the organisation and the harm that can be caused from the failure to manage, use or protect information in all its forms. Risk management allows an organisation to prioritise risks, deploy resources efficiently and to treat risks using a consistent and documented approach taking into account threats, vulnerabilities, assets and harm. System risk needs to be understood and actively foreseen and managed within this context. This role involves following the steps in the information risk assessment and management process. Ensuring that information risks are identified and assessed, that an impact assessment is undertaken, that risk treatment options are specified, appropriate controls selected and that there is ongoing monitoring and review. TECHIS

2 Performance criteria You must be able to: 1. correctly identify the range of response actions that may be used to mitigate/control risks in line with organisational 2. take decisive and timely action in the event of risks being realised and impacting the integrity of information systems in line with organisational 3. perform risk assessments that clearly identify and assess potential risks in terms of their probability of occurrence 4. analyse the identified risks to assess their potential impact on information assets and to determine whether they are within specified risk tolerance levels 5. contribute to the development and maintenance of risk management plans used to mitigate risks in accordance with relevant internal and external 6. assess and validate information on current and potential threats to the business, analysing trends and highlighting information security issues relevant to the organisation 7. predict and prioritise threats to an organisation and their methods of attack in line with organisational 8. analyse the significance and implication of processed intelligence to identify significant trends, potential threat agents and their capabilities 9. use human factor analysis in the assessment of threats in line with organisational 10. use threat intelligence to develop attack trees in line with organisational 11. prepare and disseminate intelligence reports providing threat indicators and warnings in line with organisational 12. scan information systems and networks for public domain vulnerabilities, reporting potential issues and mitigation options in line with organisational 13. make recommendations as to the specific actions that should be applied to mitigate risks and escalate risks that are outside agreed risk tolerance levels 14. review and apply the strategy, policies, procedures, tools and techniques relating to security risk assessment and 15. correctly identify and assist in the development of a risk contingency plan for a non complex system, based upon analysis of the probability and impact of potential risks to a specific information system 16. objectively analyse and clearly present the findings from risk assessment and to sponsors, stakeholders and external bodies TECHIS

3 TECHIS

4 Knowledge and understanding You need to know and understand: 1. information is an organisational asset that has a value, which may be relative depending on the perspective taken, and therefore can be classified to reflect its importance to an organisation or individual 2. information is vulnerable to threats in systems 3. information has attributes relating to confidentiality, possession or control, integrity, authenticity, availability, and utility, any of which can make it vulnerable to attack 4. information may need to be protected. and some of the reasons why that protection must occur, including legal and regulatory drivers, customer rights or organisational objectives 5. information has a lifecycle, from creation through to deletion, and protection may be required and may change throughout that lifecycle 6. that information risk assessment and management is a term referring to the process of documenting what information is at risk, the type and level of risk, and the impact of realisation 7. the value and role of risk management within a business information security strategy 8. the range of issues associated with information security risk assessment and 9. the range of approaches that can be taken to risk assessment and and their appropriateness in a range of business contexts 10. the internal and external factors that may impact on security risk 11. the regulations, legislation, internal and external that may apply to information security risk assessment and 12. who is responsible for leading/managing the risk assessment and 13. that risk should be planned as ongoing/cyclical activity 14. how to develop and maintain a risk management plan 15. the risk tolerance levels specified for managing risk 16. the need to be accountable for the successful management of security risks TECHIS

5 Developed by e-skills Version Number 1 Date Approved January 2016 Indicative Review Date Validity Status Originating Organisation Original URN Relevant Occupations Suite Keywords April 2019 Current Original The Tech Partnership TECHIS60241 Information and Communication Technology; Information and Communication Technology Officer; Information and Communication Technology Professionals Information Security Information security, cyber security, risk assessment, risk management TECHIS

Overview TECHIS60441. Carry out security testing activities

Overview TECHIS60441. Carry out security testing activities Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

ESKISP6056.01 Direct security testing

ESKISP6056.01 Direct security testing Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being

More information

ESKISP6064.03 Conducts vulnerability assessment under supervision

ESKISP6064.03 Conducts vulnerability assessment under supervision Conducts vulnerability assessment under supervision Overview This standard covers the competencies required to conduct vulnerability assessments under supervision. This includes following processes for

More information

ESKISP6055.01 Manage security testing

ESKISP6055.01 Manage security testing Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting

More information

Overview TECHIS60851. Manage information security business resilience activities

Overview TECHIS60851. Manage information security business resilience activities Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,

More information

ESKISP6053.01 Assist security testing, under supervision

ESKISP6053.01 Assist security testing, under supervision Overview This standard covers the competencies required to assist security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

Overview TECHIS60341. Carry out security architecture and operations activities

Overview TECHIS60341. Carry out security architecture and operations activities Overview The protection of information, services and systems relies on a range of technical and procedural activities, often grouped in a framework. The framework will contain technical and logical, physical

More information

ESKISP6046.02 Direct security architecture development

ESKISP6046.02 Direct security architecture development Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

ESKITP2035.01 Identify change management opportunities and options for IT enabled systems 1

ESKITP2035.01 Identify change management opportunities and options for IT enabled systems 1 Identify change management opportunities and options for IT enabled Overview This sub-discipline, Change Management (203) is concerned with the competencies required to manage the introduction of business

More information

ESKITP6026 IT Security Management Level 6 Role

ESKITP6026 IT Security Management Level 6 Role Overview This sub-discipline is about the competencies required to ensure the security of all aspects of Information Technology services, systems and assets within an organisation. This includes the data,

More information

ESKITP714401 Implement procedures and standards relating to metrics for IT service delivery

ESKITP714401 Implement procedures and standards relating to metrics for IT service delivery Overview This sub-discipline covers the competencies required to perform performance metrics. Monitoring service level performance is a complex task requiring collection of data, detailed analysis, and

More information

ESKITP2034.03 Assist in the preparation of change management plans and assignments for IT enabled systems 1

ESKITP2034.03 Assist in the preparation of change management plans and assignments for IT enabled systems 1 Assist in the preparation of change management plans and assignments for IT Overview This sub-discipline, Change Management (203) is concerned with the competencies required to manage the introduction

More information

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity

More information

ESKITP714601 Authorise strategy, policies and standards relating to IT service delivery performance metrics management

ESKITP714601 Authorise strategy, policies and standards relating to IT service delivery performance metrics management service delivery performance metrics Overview This sub-discipline covers the competencies required to direct the monitoring, analysis and communication of IT service delivery performance metrics. Monitoring

More information

ESKITP6036 IT Disaster Recovery Level 5 Role

ESKITP6036 IT Disaster Recovery Level 5 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6036 1 Performance criteria You

More information

ESKITP2035.02 Design and implement change management plans for IT enabled systems 1

ESKITP2035.02 Design and implement change management plans for IT enabled systems 1 Design and implement change management plans for IT enabled systems Overview This sub-discipline, Change Management (203) is concerned with the competencies required to manage the introduction of business

More information

Risk Management. National Occupational Standards February 2014

Risk Management. National Occupational Standards February 2014 Risk Management National Occupational Standards February 2014 Skills CFA 6 Graphite Square, Vauxhall Walk, London, SE11 5EE T: 0207 0919620 F: 0207 0917340 E: info@skillscfa.org www.skillscfa.org Skills

More information

CFABAI132 Inform and facilitate organisational decision-making

CFABAI132 Inform and facilitate organisational decision-making Overview This standard is about informing and facilitating organisational decision-making. It includes presenting information and advice to decision-makers, recording and communicating decisions made by

More information

Overview SFLOLC1. Develop and implement a management system to ensure

Overview SFLOLC1. Develop and implement a management system to ensure compliance Overview What this standard is about This standard is about developing and implementing a management system to ensure compliance with the requirements of the operator's licence for freight transport.

More information

ESKITP6034 IT Disaster Recovery Level 4 Role

ESKITP6034 IT Disaster Recovery Level 4 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6034 1 Performance criteria You

More information

SFSMHS1 Receive mail safely and securely

SFSMHS1 Receive mail safely and securely SFSMHS1 Receive mail safely and securely Overview This standard sets out the skills, knowledge and understanding for mail handlers receiving mail of all types, doing so safely and securely, following organisational

More information

ESKITP7072 IT/Technology Capacity Management Level 2 Role

ESKITP7072 IT/Technology Capacity Management Level 2 Role Overview This sub-discipline is about the competencies required to manage the capacity of IT/technology services, systems and assets that support an organisation. Capacity management covers a range of

More information

TRINIDAD AND TOBAGO CYBER SECURITY AGENCY POLICY AND BILL

TRINIDAD AND TOBAGO CYBER SECURITY AGENCY POLICY AND BILL TRINIDAD AND TOBAGO CYBER SECURITY AGENCY POLICY AND BILL Presented By: Sunita Ramsumair Legal Officer Ministry of National Security September 29, 2014 Format of Presentation Background Trinidad and Tobago

More information

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role IT/Technology Asset and Configuration Management Level 2 Role Overview This sub-discipline is about the competencies required to maintain the integrity and consistency of the IT/technology configuration

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

1.20 Appendix A Generic Risk Management Process and Tasks

1.20 Appendix A Generic Risk Management Process and Tasks 1.20 Appendix A Generic Risk Management Process and Tasks The Project Manager shall undertake the following generic tasks during each stage of Project Development: A. Define the project context B. Identify

More information

EUSNCO309 (SQA Unit Code - FA9F 04) Monitor the installation process for Network Construction Operations

EUSNCO309 (SQA Unit Code - FA9F 04) Monitor the installation process for Network Construction Operations Monitor the installation process for Network Construction Operations Overview This unit is designed for the candidate to demonstrate the effectiveness of the installation and construction process by monitoring

More information

Revenue Scotland. Risk Management Framework

Revenue Scotland. Risk Management Framework Revenue Scotland Risk Management Framework Contents 1. Introduction... 3 1.1 Overview of risk management... 3 2. Policy statement... 4 3. Risk management approach... 5 3.1 Risk management objectives...

More information

Overview COSCSMO10. Implement, monitor and control strategic procurement systems in construction management

Overview COSCSMO10. Implement, monitor and control strategic procurement systems in construction management Overview This standard is about agreeing and implementing with stakeholders what systems are most effective for managing the project. The systems identified will need to be prioritised and formalised if

More information

ESKITP5023 Software Development Level 3 Role

ESKITP5023 Software Development Level 3 Role Overview This sub discipline covers the core competencies required to create software to address the needs of business problems and opportunities, resulting in a variety of software solutions, ranging

More information

ESKITP7025 IT/Technology Service Help Desk and Incident Management Level 5 Role

ESKITP7025 IT/Technology Service Help Desk and Incident Management Level 5 Role IT/Technology Service Help Desk and Incident Management Level 5 Role Overview This sub-discipline is about the competencies required to manage the contacts made by customers of IT/technology systems, services

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

FSPDC01 Obtain and validate credit information to instigate debt collections

FSPDC01 Obtain and validate credit information to instigate debt collections FSPDC01 Obtain and validate credit information to instigate debt collections Overview This unit is about establishing the requirements for debt collections. In addition to obtaining sufficient information

More information

ESKITP5022 Software Development Level 2 Role

ESKITP5022 Software Development Level 2 Role Overview This sub discipline covers the core competencies required to create software to address the needs of business problems and opportunities, resulting in a variety of software solutions, ranging

More information

Promote security system and service sales

Promote security system and service sales Page 1 of 5 Promote security system and service sales Level 3 Credits 2 Purpose This unit standard is for people who work, or intend to work, as security system or service sales representatives, or in

More information

ESKITP7145.01 Manage IT service delivery performance metrics

ESKITP7145.01 Manage IT service delivery performance metrics Overview This sub-discipline covers the competencies required to manage the monitoring, analysis and communication of IT service delivery performance metrics. Monitoring service level performance is a

More information

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Exam Information Candidate Eligibility: The CyberSec First Responder: Threat Detection and Response (CFR) exam

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

Business Continuity Management Policy

Business Continuity Management Policy Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve

More information

Cyber Security for your Connected Health Device

Cyber Security for your Connected Health Device Cyber Security for your Connected Health Device Agenda Cyber Security Emerging Threats Implications to Healthcare Healthcare Response OpenSky s timeline Service Evolution Launch IT Optimization 2014 Geographic

More information

Framework for Enterprise Risk Management

Framework for Enterprise Risk Management Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach

More information

CFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements

CFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements Develop, maintain and evaluate business continuity plans and arrangements Overview This standard is about developing, maintaining and evaluating business continuity plans to ensure that organisations continue

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

ESKITP7022 IT/Technology Service Help Desk and Incident Management Level 2 Role

ESKITP7022 IT/Technology Service Help Desk and Incident Management Level 2 Role IT/Technology Service Help Desk and Incident Management Level 2 Role Overview This sub-discipline is about the competencies required to manage the contacts made by customers of IT/technology systems, services

More information

Client Update SEC Releases Updated Cybersecurity Examination Guidelines

Client Update SEC Releases Updated Cybersecurity Examination Guidelines Client Update September 18, 2015 1 Client Update SEC Releases Updated Cybersecurity Examination Guidelines NEW YORK Jeremy Feigelson jfeigelson@debevoise.com Jim Pastore jjpastore@debevoise.com David Sarratt

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

WEST MIDLANDS POLICE Force Policy Document

WEST MIDLANDS POLICE Force Policy Document WEST MIDLANDS POLICE Force Policy Document POLICY TITLE: POLICY REFERENCE NO: Information Security Incident Management Inf/09 Executive Summary. In accordance with the HMG Security Policy Framework, West

More information

ESKITP5022v2 Perform software development activities under direction

ESKITP5022v2 Perform software development activities under direction Perform development activities under direction Overview This sub discipline covers the core competencies required to create to address business problems and realise opportunities, resulting in a variety

More information

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security

More information

Project Management Frequently Asked Questions:

Project Management Frequently Asked Questions: Project Management Frequently Asked Questions: Risk Management Version:1.4, November 2008 Inter Agency Policy and Projects Unit Department of Premier and Cabinet What are the benefits of risk management?

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

CFACC29 Develop and enhance performance management in a contact centre

CFACC29 Develop and enhance performance management in a contact centre Develop and enhance performance management in a contact centre Overview What this standard is about Efficiency and effectiveness in contact centres rely on close management of performance. With defined

More information

Information Security Policy. Chapter 11. Business Continuity

Information Security Policy. Chapter 11. Business Continuity Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton

More information

IT Change Management Policy

IT Change Management Policy Date of effect 24 November 2011 Approval Vice Chancellor Documents replaced by this N/A policy Procedures and/or guidelines supporting this policy A. Introduction Purpose IT Change Management Policy 1.

More information

Research Data Security. Paul Kennedy IT Services

Research Data Security. Paul Kennedy IT Services Research Data Security Paul Kennedy IT Services 1 Is information security important to RDM? EPSRC recognises that there are legal, ethical and commercial constraints on release of research data. To ensure

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

ESKITP5065 Software Development Process Improvement Level 5 Role

ESKITP5065 Software Development Process Improvement Level 5 Role Software Development Process Improvement Level 5 Role Overview This sub-discipline covers the competencies required by an information technology and/or telecoms organisation to ensure that appropriate

More information

NSW Government ICT Benefits Realisation and Project Management Guidance

NSW Government ICT Benefits Realisation and Project Management Guidance NSW Government ICT Benefits Realisation and Project Management Guidance November 2014 CONTENTS 1. Introduction 1 2. Document purpose 1 3. Benefits realisation 1 4. Project management 4 5. Document control

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

Risk Assessment and Cloud Strategy Development: Getting it Right this Time!

Risk Assessment and Cloud Strategy Development: Getting it Right this Time! Risk Assessment and Cloud Strategy Development: Getting it Right this Time! Barbara Endicott-Popovsky, PhD University of Washington Center of Information Assurance and Cybersecurity Kirsten Ferguson-Boucher

More information

A guide for members APES 325 Risk Management for Firms

A guide for members APES 325 Risk Management for Firms A guide for members APES 325 Risk Management for Firms An explanation and introduction to APES 325 Risk Management for Firms Overview of the scope and application of a risk management framework. APES 325

More information

Cyber Security Solutions Integrated. Proactive. Resilient.

Cyber Security Solutions Integrated. Proactive. Resilient. Cyber Security Solutions Integrated. Proactive. Resilient. Between defending against cyber attacks and ensuring mission resilience, there is one important word: HOW Cyber attacks never stop coming. Intrusions

More information

Cyber-Security. FAS Annual Conference September 12, 2014

Cyber-Security. FAS Annual Conference September 12, 2014 Cyber-Security FAS Annual Conference September 12, 2014 Maysar Al-Samadi Vice President, Professional Standards IIROC Cyber-Security IIROC Rule 17.16 BCP The regulatory landscape Canadian Government policy

More information

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document

More information

State Records Guideline No 25. Managing Information Risk

State Records Guideline No 25. Managing Information Risk State Records Guideline No 25 Managing Information Risk Table of Contents 1 Introduction... 4 1.1 Purpose... 4 1.2 Authority... 4 2 Risk Management and Information... 5 2.1 Overview... 5 2.2 Risk management...

More information

Application Guidance CCP Penetration Tester Role, Practitioner Level

Application Guidance CCP Penetration Tester Role, Practitioner Level August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document

More information

FINRA Publishes its 2015 Report on Cybersecurity Practices

FINRA Publishes its 2015 Report on Cybersecurity Practices Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February

More information

1. Background and business case

1. Background and business case 1. Background and business case This section explains the context and why the project is being undertaken. It provides the justification for investing the time and resources in the project. 1.1 Reasons

More information

Data Masking Best Practices

Data Masking Best Practices Data Masking Best Practices 1 Information Security Risk The risk that sensitive information becomes public 2 Information Security Risk Government systems store a huge amount of sensitive information Vital

More information

UNCLASSIFIED. Victorian Protective Data Security Framework (VPDSF) ROSETTA STONE

UNCLASSIFIED. Victorian Protective Data Security Framework (VPDSF) ROSETTA STONE 1 Security Management Framework 1. Information Security Management Structure 2. Security Roles (Security Exec, ASA, ITSA) 40. Identify and document legal GOV-2 Security Roles (Security Executive, ASA and

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

SecSDM: A Model for Integrating Security into the Software Development Life Cycle

SecSDM: A Model for Integrating Security into the Software Development Life Cycle SecSDM: A Model for Integrating Security into the Software Development Life Cycle Lynn Futcher, Rossouw von Solms Centre for Information Security Studies, Nelson Mandela Metropolitan University, Port Elizabeth,

More information

FSPFCC04(SQA Unit Code-F88P 04) Ensure you comply with regulations in your financial services environment

FSPFCC04(SQA Unit Code-F88P 04) Ensure you comply with regulations in your financial services environment Ensure you comply with regulations in your financial services Overview This Standard is about working within the regulatory of the financial services industry. Most organisations within financial services

More information

ISO27032 Guidelines for Cyber Security

ISO27032 Guidelines for Cyber Security ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance

More information

The Gateway Review Process

The Gateway Review Process The Gateway Review Process The Gateway Review Process examines programs and projects at key decision points. It aims to provide timely advice to the Senior Responsible Owner (SRO) as the person responsible

More information

Title: Rio Tinto management system

Title: Rio Tinto management system Standard Rio Tinto management system December 2014 Group Title: Rio Tinto management system Document No: HSEC-B-01 Standard Function: Health, Safety, Environment and Communities (HSEC) No. of pages: 23

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information

UIIPA - Security Risk Management. June 2015

UIIPA - Security Risk Management. June 2015 UIIPA - Security Risk Management June 2015 1 Introduction Tim Hastings, Chief Information Security Officer State of Utah - Department of Technology Services Tim Hastings has more than 16 years of experience

More information

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers.

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers. National Unit specification General information Unit code: H9HY 45 Superclass: CC Publication date: September 2015 Source: Scottish Qualifications Authority Version: 02 Unit purpose The purpose of this

More information

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Certified Identity and Access Manager (CIAM) Overview & Curriculum Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management

More information

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,

More information

COSCSMO10 - SQA Unit Code FM1W 04 Implement strategic sourcing partnerships

COSCSMO10 - SQA Unit Code FM1W 04 Implement strategic sourcing partnerships Overview This Unit is about identifying and agreeing with the stakeholders what systems are most effective for managing the project. The systems identified will need to be prioritised and formalised if

More information

Sytorus Information Security Assessment Overview

Sytorus Information Security Assessment Overview Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)

More information

THE OPEN UNIVERSITY OF TANZANIA

THE OPEN UNIVERSITY OF TANZANIA THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather

More information

Protection of Essential Infrastructure and Services

Protection of Essential Infrastructure and Services Protection of Essential Infrastructure and Services NOR AZUWA MUHAMAD PAHRI CONSULTANT, MIMOS CONSULTING GROUP, MIMOS BERHAD azuwa@mimos.my Table of Content Introduction Reality of Cyber Attack Cyber Issues

More information

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009 Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in

More information

Central Services. Business Support Service JOB DESCRIPTION

Central Services. Business Support Service JOB DESCRIPTION Central Services Business Support Service JOB DESCRIPTION POST: GRADE: Grade: Band 12 RESPONSIBLE TO: A Head of Business Support STAFF MANAGED: Team Leaders. In some instance, a Business Support Manager

More information

23.9.2015. Kangas Cybersecurity strategy

23.9.2015. Kangas Cybersecurity strategy Kangas Cybersecurity strategy Vision of Kangas Smart Kangas Life and living at Kangas is convenient, easy and safe. Kangas is resource-wise and it is attractive place of work. Security and safety measures

More information

IMPOM208K Principles of information management in a food business

IMPOM208K Principles of information management in a food business Principles of information management in a food Overview This standard is about the principles of information management in a food. Information management is the collection of information from one or more

More information

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013 2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

SYSTEMS SECURITY ENGINEERING

SYSTEMS SECURITY ENGINEERING SYSTEMS SECURITY ENGINEERING Mission Statement Integrating Security into Every Solution We Deliver Reducing Risk and Providing Fully Reliable and Trusted Solutions Utilizing Best Practices and Rigorous

More information