A Methodology for Measuring Information Security Maturity in Norwegian and Indian MSME s with. special focus on people factor

Size: px
Start display at page:

Download "A Methodology for Measuring Information Security Maturity in Norwegian and Indian MSME s with. special focus on people factor"

Transcription

1 A Methodology for Measuring Information Security Maturity in Norwegian and Indian MSME s with Murali Krishna, Penmetsa Master s Thesis Project Description Master of Science in Information Security 30 ECTS Department of Computer Science and Media Technology Gjøvik University College, 2010 i

2 Avdeling for Informatikkogmedieteknikk Høgskolen i Gjøvik Postboks Gjøvik Department of Computer Science and Media Technology Gjøvik University College Box 191 N-2802 Gjøvik Norway ii

3 Abstract Information Security with focus on people factor has become a major focus area for all sizes of organizations globally. Because people are those in these organizations who maintain the technology, maintain the day-to-day security processes and influence the security culture of their organizations. In this report, we present a methodology we have developed for Measuring Information Security Maturity in Norwegian and Indian MSME s with and presents the finding of the surveys. The methodology supports the measuring process by defining the parameters for diagnosis in phase 1 and analyzes information security maturity in phase 2 using the three focus areas questionnaire developed, thus discovering strong and weak areas for improving managing information security, security culture and awareness in MSME s. The major findings are presented with recommendations. Overall, the findings show that Norwegian MSME s Information Security Maturity Levels are high compared to Indian MSME s. iii

4 Preface This thesis is a final part of my Masters of Science education at Gjøvik University College. Besides the great interest in the problem itself, the choice was also based on being able to use as much of the acquired theoretical knowledge in practice and also at same time to gain experience on how to measure information security maturity levels in Norwegian and Indian MSME s organizations with. The study had major obstacles for having participants to participant in the Norwegian and Indian Surveys. I kept enormous efforts in reaching the right people for having participants participation in the survey, they use to accept me with a smile, but use to end up with no information due to various reasons, few had no interest, few people use to ignore,few people us to skip off, few people use to be busy with them own priorities of work and so on. But the enormous support from my wife Shirisha and Dr.Bernhard M. Hämmerli has given me high level of motivation for me to work on my thesis. My experience showed me that the best way to make my survey successful is to use my personal and professionals contacts and use their reference for a request for participation. In turn some of them have also supported me giving me more references. I contacted around 1229 companies using personal contacts and Institute of Electronic Governance, Government of Andhra Pradesh. I was also aware that many MSME s in India do not have IT or security department.so getting information on information security maturity was a major obstacle for me. The managing directors and directors were usually busy people and therefore was difficult to get in contact with. I finally managed to get answers from 3 percent out of the 1229 companies I have contacted. As I was in India during my thesis work and was not able to get in direct contact with companies in Norway, I had a concern how I will manage with the Norwegian Survey. But my supervisors have supported me to make me feel that this was not at all a concern for me. They have supported me in making a contact with the CEO of NorSIS to get in touch with right people in MSME s and few other companies details.out of the 20 contacts of NorSIS,40 percent have answered to the survey. In turn, I have also collected 280 companies using Internet search. But that response rate was comparatively very less. I finally managed to get answers from 6 percent out of the 361 sent. First of all I would thank Dr.Bernhard M. Hämmerli and Co- Supervisor Dr.Nils Karlstad Svendsen of Norwegian Information Security laboratory (NISLab) for supervising the planning and work of this study and for pointing me in the right directions at different phases throughout this project. It would not have been possible for me to complete this project if my supervisors, my wife Shirisha, information security industry expert Dr.Thomas Schlienger, Mr. Tore iv

5 Larsen Orderløkken, CEO of NorSIS, Dr.P.Madhav, Director of Promotions, Institute of Electronic Governance, Government of Andhra Pradesh, India and my contact persons have not supported me. Some have helped me getting in contact with the right persons in MSME. Unfortunately I can t mention some names, but I haven t forgotten any of you. I would like to thank the participants who participated in the surveys and who gave valuable feedback to this achieve this project successfully. Finally, I would like to thank my wife Shirisha who is pregant and family who have let me use evenings, weekends, and holidays as well to finish the work. Thank you, all! v

6 Table of Contents Abstract... iii Preface...iv Table of Contents...vi List of figures...viii List of tables...x 1 Introduction Topic covered by the thesis Problem description Justification, motivation and benefits Research questions Delimitations Data collection Definitions Information Security Information Security Maturity Information Security Management Information Security Culture Information Security Awareness Effective Security Awareness NorSIS Review and state of art Information Security in SMEs Measuring the State of Information Security with focus on People Factor Information Security Management (ISM) Information Security Culture Information Security Awareness Methodology What to measure Phase How to Measure Phase vi

7 4 Survey About this survey Company and Respondent Profile Survey Results on Norwegian MSME s Survey Results on Indian MSME s Comparing the results Comparison on IT Industry Sector Similarities and Differences in IT Industry Sector Comparison on Financial Services Industry Sector Similarities and Differences on Financial Services Industry Sector Comparison on Pharmaceutical Industry Sector Similarities and Differences on Pharmaceutical Industry Sector Comparison on Government and Public Industry Sector Similarities and Differences on Government and Public Industry Sector Comparison on Other Industry Sector Similarities and Differenceson Other Industry Sector Comparison on Micro Enterprises Similarities and Differences on Micro Enterprises Comparison on Small Enterprises Similarities and Differences on Small Enterprises Comparison on Medium Enterprises Similarities and Differences on Medium Enterprises Conclusions and Recommendations Future work Bibliography Appendix vii

8 List of figures Figure 1: The People, Process and technology triad Figure 2: Effective Security Awareness....6 Figure 3: Information Security Culture Assessment Process 8 Figure 4: Information Security Culture Radar...9 Figure 5: Tree structure prototype for assessing information security awareness.16 Figure 6: Metrics for Measuring Information Security Awareness...16 Figure 7 IT Security Learning Continuum.. 19 Figure 8 Keys steps in the life cycle of an awareness and training program.. 20 Figure 9 - Evaluation and feedback techniques.. 21 Figure 10: Overall Strategy for raising information security awareness. 22 Figure 11: Methodology...23 Figure 12: Focus areas.24 Figure 13: Focus Areas in Survey Questionnaire.. 27 Figure 14: Position of Participants in Norwegian MSME s Survey.29 Figure 15: Position of Participants in Indian MSME s Survey 30 Figure 16: Industry Participants from Norwegian MSME s 31 Figure 17: Industry Participants from Indian MSME s. 32 Figure 18: Organization Size of Norway MSME s 33 Figure 19: Organization Size of India MSME s 34 Figure 20: Top security Goals in Norwegian MSME s 35 Figure 21: Organization Structure in Norwegian MSME s..36 Figure 22: Technologies and Practices in Norwegian and Indian MSME s.. 37 Figure 23: Greatest Threat in Norwegian MSME s Figure 24: Security Policies in Norwegian MSME s 39 Figure 25: Drivers for Security Policies in Norwegian MSME s 40 Figure 26: Security Policy Accessibility in Norwegian MSME s. 41 Figure 27: Rate Security Culture in Norwegian MSME s. 42 Figure 28: Top Inhibiting Factors in Norwegian MSME s.. 43 Figure 29: Security Awareness and Training in Norwegian MSME s.. 44 Figure 30: Elements of Security awareness in Norwegian MSME s 45 Figure 31: Security Campaigns in Norwegian MSME s.. 46 Figure 32: Proportion of IT Budget for Awareness in Norwegian MSME s. 47 Figure 33: Increase/Decrease in Spending in Norwegian MSME s 48 Figure 34: Top Security Goals in Indian MSME s 49 Figure 35: Organization Structure in Indian MSME s. 50 Figure 36: Technologies and Practices in Indian MSME s. 51 Figure 37: Greatest Threat in Indian MSME s. 52 Figure 38: Security Policy in Indian MSME s. 53 Figure 39: Drivers for Security Policy in Indian MSME s. 54 Figure 40: Security Policy accessibility in Indian MSME s. 55 Figure 41: Rate security culture in Indian MSME s. 56 Figure 42: Top Inhibiting Factors in Indian MSME s 57 Figure 43: Security awareness and Training in Indian MSME s. 58 viii

9 Figure 44: Elements of Security Awareness in Indian MSME s.. 59 Figure 45: Security Campaigns in Indian MSME s. 60 Figure 46: Proportion of IT Budget for Awareness in Indian MSME s.. 61 Figure 47: Increase /Decrease in spending in Indian MSME s. 62 ix

10 List of tables Table 1: Subjects areas.10 Table 2: Channel of Communications with advantages and disadvantages Table 3: Awareness Metrics Table 4: Questionnaire Structure Table: 5 Segmentation on Target Groups Table 6: Comparison On IT Industry Sector Table 7: Comparison On Financial Services Industry Sector.. 66 Table 8:Comparison On Pharmaceutical Industry Sector 68 Table 9: Comparison On Govt&Public Sector Table 10:Comparison On Other Industry sectors.. 73 Table 11: Comparison on Micro Enterprises. 76 Table 12:Comparisons on Size of Enterprises Table 13: Comparisons on Medium Enterprises x

11 1.1 Topic covered by the thesis 1 Introduction This report constitutes the documentation for the work related to the Master thesis study in Master s in Information Security at Gjovik University College / Norwegian Information Security Laboratory. Its purpose is to develop a methodology to measure information security maturity levels in Norwegian and Indian MSME s (Micro, Small and Medium) with and recommend a course of actions to improve weak focus areas based on the findings. Information Security [23] is defined as the process of protecting the confidentiality, integrity and availability of data from accidental or intentional misuse. In the last years, Information Security with focus on people has become a major focus area for all sizes of organizations globally. Merkow & Jim Breithaupt [23] state that people, process and technology are the three pillars of security. People Processes Technology Figure 1: The People, Process and technology triad[23] People (or employees) in organizations know that security cannot be achieved by just installing technical solutions like IDS, firewalls [18] and implementing processes. Because it is the people in turn in these organizations, who maintain the technology, maintain the day-to-day security processes and influence the security culture of their organizations. So it is important to focus on people factor to measure the security culture, security awareness and how information security is managed in these organizations. Research on the state of information security maturity levels in different industry sectors of large organizations with focus on people, processes and technology was done by Data Security Council of India [8], Deloitte [62], Detecon [3], Devoteam 1

12 Consulting [4], Ernst& Young [9], European Network and Information Security Agency [15],KPMG [22] and Price water coopers [29]. SME s (is defined as Small and Medium enterprises) in developed countries normally have weak comprehension of information security, security technologies and control measures and so, they tend to forget about risk analysis or the development of security policies [21]. This can also be due to the fact that SME s lack the people, processes, technology and specialized knowledge necessary for coordinating information security or offering adequate information or resources on security awareness, training and education. The level of security culture, security awareness and managing information security in MSME s varies in different countries like India and Norway due to cultural differences and people s maturity levels in these organizations. Research on the state of information security maturity level with s is MSME s in India is missing. Therefore, this paper proposes a methodology that can be used to measure the information security maturity levels in Norwegian and Indian MSME s with special focus on people factor. The remainder of the report is structured as follows. In section 2, we will briefly describe the state of art on information security in SME s,the state of research on measuring information security on people s factor, information security management, security culture and security awareness & training programs,. In section 3, we will introduce our methodology used for defining the parameters for diagnosis and measuring information security maturity levels. In section 4, we will present the survey results of Norwegian and Indian MSME s and finally in Section 5, we will conclude and give recommendations based on the findings. 1.2 Problem description The information security in a company does not depend only on the implemented technical solutions and processes maintained in organizations. It is the people in these organizations, who maintain the technology, maintain the day-to-day security processes and influence the security culture of their organizations. Understanding this, the initial focus of this study was to measure information security awareness of employees in Norwegian and Indian MSME s before and after the security campaigns. However, it was discovered in process of discussion with industry expert Dr.Thomas Schlienger [6] that this research is out of the scope as creating security awareness and improving security culture is an ongoing process. Secondly, the same sample of participants might not be able to participate in the survey before and after security awareness campaigns, which may mislead the survey results. Therefore, after discussing with my supervisor Dr.Bernhard Haemmerli about the scope of the topic.we have agreed to narrow down the scope of project to A Methodology for measuring information security maturity in Norwegian and Indian MSME s with 2

13 . After narrowing down the scope of the topic, this report also helps us to answer the following questions, 1. Write about State of research on Information Security in MSME s and State of research on Measuring Information Security on People Factor, Information Security Management, Security Culture and Security awareness & training programs 2. A Methodology for Measuring Information Security Maturity in organizations with 2. Make a survey using the Methodology in Norwegian and Indian MSME s. 3. Compare the results of both regions 4. Evaluate the results and propose recommendations based on findings. 1.3 Justification, motivation and benefits Most MSME s (Micro, Small and Medium Enterprises) today have weak comprehension of security technologies, maintaining security processes and managing information security. Secondly, people or employees in these organizations are those who take care of technology, manage day to day security processes, influence the environment or manage security in their organizations. So it is important to focus on people factor to understand the maturity levels of Norwegian and Indian MSME s organizations with respect to the security culture, security awareness and how information security is managed in these organizations. A good organization capability to remain secure is important and something that must be built. We, therefore wish to measure the information security maturity levels of Norwegian and Indian MSME s with. The findings of this report can also be used as a heath indicator for creating security awareness in MSME s organizations and use it for future benchmarking. Stakeholders for such Measurement would typically be Managing Directors/Director, Chief Information Security Officers, security managers, people working in information security office, General Managers, Information Technology Executives or employees in micro, small, medium companies in Norwegian and Indian Companies. 1.4 Research questions To measure information security maturity levels in Norwegian and Indian MSME s with is not known at the initial stage of this project, So we have come with the following research questions, 1. What is the State of Information Security in MSME s? 2. How do organizations measure information security maturity levels with? 3. What is the State of research on, Information Security Management 3

14 Information Security Culture Information Security Awareness and Training Programs o Raising the Level of Security Awareness o Measuring Information Security Awareness o Metrics for Measuring People Factor o Making an Effective Security Awareness Campaign To answer all these questions we will have to have a close look at what has already been done in this area in the state of art section. 1.5 Delimitations The focus of this measurement study is limited to Norwegian and Indian MSME s.the survey questionnaire is distributed to the respondents in India between August 1 st and October 23rd 2010 and October 1 st to 23 rd October in Norway. The results will compared as of 23 rd October survey results for both Norway and India and not with equal participants results in Norway and India as both regions were not started at the same time. The state of art collected or literature used is confined mainly to English language, as I am not aware of Norwegian language. Taking the time factor, the report will be confined only for measuring information security maturity levels with focus on people factors by taking feedback only from individuals in MSMEs. The research information available on SME s is assumed as relevant information for MSME s. 1.6 Data collection Our research and key findings consist of electronic published articles on internet, research done by industry experts and market survey reports by Forrester Research, Ernst& Young, Deloitte, KPMG, Price Waterhouse Coopers, Data Security Council of India, European Network and Information Security Agency and among others mentioned in the bibliography. 1.7 Definitions Information Security According to Mark Merkow, Jim Breithaupt [23], Information Security is defined as the process of protecting the confidentiality, integrity and availability of data from accidental or intentional misuse Information Security Maturity According to Suhazimah Dzazali [30], Information Security Maturity is the 4

15 measurement of the organization s capability to remain secure. Here in this report for Measuring Information Security Maturity, we measure how information security is managed, security policies implemented, present status of security culture and security awareness & training programs Information Security Management According to Mark Merkow, Jim Breithaupt [23],Information Security Management is defined as the process of managing day to day security work, training and awareness of security programs and how compliance to security policies are handled. Others areas addressed within Security Management are activities related to information classification, risk management concept and techniques, and security roles and responsibilities to assure ongoing organizational security consciousness Information Security Culture According to Dr.Thomas Schlienger and Stephanie Teufel [32], Information Security Culture is defined by defining Organisation Culture, Organization culture is defined how an employee sees the organization. It is collection phenomenon that grows and changes over time and, to some extent, it can be influenced by the management. Organizational culture has different subcultures based on sub organizational or functions. Information security culture is a subculture in regard to general corporate functions. It should support all activities so that information security becomes a natural aspect in the daily activities of every employee Information Security Awareness According to Information Security forum (ISF) [17], Information security awareness is the degree or extent to which every member of staff understands the importance of information security, the level of information security appropriate to the organization and their individual security responsibility Effective Security Awareness According Information Security forum (ISF) [17], Effective security awareness is defined as an ongoing process of learning that is meaningful to recipients, and delivers measurable benefits to the organization from lasting behavioral change. This definition comprises four key elements, which are shown in the figure below, 5

16 Figure 2: Effective Security Awareness[17] According to NIST [26]. Awareness, Training and Education is defined as, Awareness: Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly. In awareness activities the learner is a recipient of information, whereas the learner in a training environment has a more active role. Awareness relies on reaching broad audiences with attractive packaging techniques. Training is more formal, having a goal of building knowledge and skills to facilitate job performance NorSIS The Norwegian Centre for Information Security (NorSIS) [28] is an organization supported by private organizations and government for coordinating activities related to ICT security in Norway. The primary target group of NorSIS is the small and medium enterprises and the public authorities. NorSIS reaches its objectives through: making the public aware of the importance of information security by means of training and information; compiling of guidelines and tutorials to help solve specific problems; and establishing an overall awareness towards information security. 6

17 2.1 Information Security in MSMEs 2 Review and state of art What is the State of Information Security in MSME s? According to Dojkovski Sneza,Sharman,Waren [5][21].MSME s in developed countries generally have a weak understanding of information security management, security technologies and control measures, and neglect to carry out risk assessments or develop security policies. This may be because MSME s lack the funds, time and specialized knowledge to coordinate information security or offer adequate information security awareness, training and education.msme s owners are not supportive of information security in terms of budget or time, thus impacting the level of security awareness and security technology. They also further point out that they are lacking specialized knowledge of security technologies, MSME s often retain the security technologies with which they are already familiar. 2.2 Measuring the State of Information Security with focus on People Factor In this part, the research on measuring the state of information security is presented. This research has helped me for narrowing down the focus areas on the people factors and preparing the questionnaire. To measure the level of Information Security in large companies consulting companies like Deloitte [2],Ernst& Young [9], Forrestor Research [19][20], KPMG[22],Price Water Coopers [29] has done a number of surveys globally every year taking feedback from large and multinational organizations. European agencies or organisations like Detecon [3], devoteam [4] ENISA [11] has done surveys for the European market specifically. Data Security Council of India [14] along with KPMG has done a survey to measure the maturity levels in Indian Industry. According to publication by ENISA (European Network and Information Security Agency ) on Dr.Thomas Schlienger [12],Security Culture improves the security level of the whole organization. Potential losses by cyber attacks, computer abuse and industrial espionage can be prevented. A good security culture should support all activities in such a way that information security becomes a natural aspect of the daily activities of every employee. Dr.Thomas Schlienger has developed a model how can a good security culture be fostered and awareness be raised? 7

18 How to Manage According to ENISA [12] and Dr.Thomas Schlienger [6], Information Security Culture, like organizational culture, cannot be created once and then used indefinitely without further action or modification. It must be maintained or modified continuously. It is a never ending process, a cycle of analysis and change. Figure 3: Information Security Culture Assessment Process[6][12] In the process model presented by Dr.Thomas Schlienger, the first step is to analyze the actual information Security Culture (assessment). If the culture does not fit with the organization s targets, the culture must be changed. If it fits, it should be reinforced. The necessary actions must be chosen (planning) and realized (implementation). The success of the actions taken must then be checked and learning is specified (evaluation). How to measure Dr..Thomas Schlienger have a set of methods for measuring security awareness and culture. One of the main contributions of Dr.Thomas Schlienger research work was the development of an analysis framework to measure the level of security culture. 8

19 Understanding the difficulties in different culture. Dr.Thomas Schlienger has also developed a standardized questionnaire on the basis of an organizational behavior model, which is integrated in an assessment tool. The tool measures the three layers of organizational behavior: organization, group and individual, with in all below twenty areas (e.g. work and technology design, communication, attitude etc.) as in the figure. Figure 4: Information Security Culture Radar [6][12] The tool allows comparison of the Information Security Cultures between different organizations (benchmarking) or that of a Culture within the same organization over different points in time. This method and tools helps to bridge this gap by allowing organizations to systematically analyze their information security culture, to quickly identify weaknesses and improvement actions and to prove progress in Information Security Culture. This tool also helps to support the advantage of shorter project cycles, higher work quality processes and best practices, less resources (time, budget, manpower) and leads to a sustainable improvement in the security culture. Suhazimah Dzazali [30] has done an empirical study to measure the information security maturity and social factors of an organization. The questionnaire was structured based on the below 10 subjects from section 1 to section 10.This emphirical study by Suhazimah Dzazali helps in preparing the questionnaire on the focus areas in this thesis work. 9

20 Table 1: Subjects areas[30] Information Security Management (ISM) According to Alnatheer,Mohameed and Nelson [25],ISM standards are used to establish and maintain a secure environment for information. ISM help senior management to monitor and control their security, thus minimizing any business risk and ensuring that security continues to fulfill corporate, customer, and legal requirements. The overall goal of ISM is the prevention or minimization of damage to organizational assets. ISM can enhance organizations performance, and its establishment in the normal way of doing business. They also state that information security and its management are concerned with people, processes and technology and the technology itself can be seen as relatively objective by nature; the people and processes are influenced by the environment in which they operate.as mentioned [23],ISM is defined as process of managing day to day security works,training and awareness of security programs and compliance to security policy. Alnatheer,Mohameed and Nelson [25] has also stated that Information security policy helps to define the users rights and responsibilities in terms of information within an organization. Effective information security policies will help users understand what is acceptable and responsible behavior in information resources and will assist in establishing a safe information environment. Information security policy is an essential part of security practices within organizations and could substantially influence on their organizational security. Without a policy, security practices will be developed without clear demarcation of objectives and responsibilities, and will face major difficulties when implementing ISM System effectively in their organizations infrastructures. As a result, organizations cannot achieve effective ISM system without the establishment, implementation, and maintenance of an information security policy. In addition, the formulation and utilization of information security policy can enhance the effectiveness of ISM system. 10

A Users Guide: How to Raise Information Security Awareness Page 2 of 64. A Users' Guide: How to Raise Information Security Awareness

A Users Guide: How to Raise Information Security Awareness Page 2 of 64. A Users' Guide: How to Raise Information Security Awareness A Users Guide: How to Raise Information Security Awareness Page 2 of 64 A Users' Guide: How to Raise Information Security Awareness June 2006 A Users Guide: How to Raise Information Security Awareness

More information

Communication Plan. for the. ATLANTIC AREA 2007-2013 Transnational Cooperation Programme

Communication Plan. for the. ATLANTIC AREA 2007-2013 Transnational Cooperation Programme Communication Plan for the ATLANTIC AREA 2007-2013 Transnational Cooperation Programme Prepared by the Managing Authority 18 January 2008 Index 0. Introduction... 2 1. Communication Strategy... 2 1.1

More information

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL DRAFT TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL An initial draft proposal to determine the scale, scope and requirements of a team productivity development improvement program for a potential client Team

More information

Effective Software Security Management

Effective Software Security Management Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Business Case. for an. Information Security Awareness Program

Business Case. for an. Information Security Awareness Program Business Case (BS.ISAP.01) 1 (9) Business Case for an Information Security Business Case (BS.ISAP.01) 2 Contents 1. Background 3 2. Purpose of This Paper 3 3. Business Impact 3 4. The Importance of Security

More information

Development trend 3: Cultivating an Information Security Culture

Development trend 3: Cultivating an Information Security Culture Chapter 6 Development trend 3: Cultivating an Information Security Culture 6.1 Introduction This chapter will investigate the third development trend of the institutional wave as described by Von Solms.

More information

Publicity Guide. How to promote your community relations event through the media. How to promote your community relations event through the media.

Publicity Guide. How to promote your community relations event through the media. How to promote your community relations event through the media. Publicity Guide How to promote your community relations event through the media How to promote your community relations event through the media. 1 Contents 1. Introduction... 4 2. Why publicity?... 4 3.

More information

Federal Bureau of Investigation s Integrity and Compliance Program

Federal Bureau of Investigation s Integrity and Compliance Program Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established

More information

The Business Value of Call Accounting

The Business Value of Call Accounting WHITE PAPER The Business Value of Call Accounting How Call Accounting Software Helps Reduce Business Expenses and Improve Productivity Introduction Call accounting software has been available for more

More information

Response on the Green paper; Promoting the learning mobility of young people

Response on the Green paper; Promoting the learning mobility of young people Response on the Green paper; Promoting the learning mobility of young people Learning by leaving a joint conference for European mobility networks, was arranged in Uppsala on the 19-20 of November 2009,

More information

REPORT. Next steps in cyber security

REPORT. Next steps in cyber security REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15

More information

Information Technology Security Training Requirements APPENDIX A. Appendix A Learning Continuum A-1

Information Technology Security Training Requirements APPENDIX A. Appendix A Learning Continuum A-1 APPENDIX A Appendix A Learning Continuum A-1 Appendix A Learning Continuum A-2 APPENDIX A LEARNING CONTINUUM E D U C A T I O N Information Technology Security Specialists and Professionals Education and

More information

Community engagement: Developing a strategy

Community engagement: Developing a strategy Community engagement: Developing a strategy Some questions to help with planning... This guidance outlines some important things to consider when planning a community engagement strategy for your project

More information

Central Agency for Information Technology

Central Agency for Information Technology Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage

More information

This report provides the project s findings, including its three practical, actionable products:

This report provides the project s findings, including its three practical, actionable products: Executive Summary Security metrics support the value proposition of an organization s security operation. Without compelling metrics, security professionals and their budgets continue largely on the intuition

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Collaboration and communication between technical

More information

Water Conservation: A Guide to Promoting Public Awareness

Water Conservation: A Guide to Promoting Public Awareness Water Conservation: A Guide to Promoting Public Awareness A. Introduction Security of freshwater is emerging as a global issue owing to steadily increasing use of limited resources by a growing population,

More information

(Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY. 2001. Melissa Guenther, LLC. All rights reserved.

(Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY. 2001. Melissa Guenther, LLC. All rights reserved. (Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY Company Policies Security Awareness Program Purposes Integrate Define Feedback Activities Elicit Implement Employees

More information

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201 Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...

More information

An Evaluation of Privacy and Security Issues at a Small University

An Evaluation of Privacy and Security Issues at a Small University An Evaluation of Privacy and Security Issues at a Small University Abstract by Michael North Carolina Agricultural and Technical State University mejones@ncat.edu Colleges and universities process large

More information

January 2016. Communications Manager: Information for Candidates

January 2016. Communications Manager: Information for Candidates January 2016 Communications Manager: Information for Candidates Thank you for expressing interest in the role of Communications Manager. We have compiled this information pack to tell you more about The

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

www.pwc.com Measuring the effectiveness of online advertising ACA webinar April 15, 2011

www.pwc.com Measuring the effectiveness of online advertising ACA webinar April 15, 2011 www.pwc.com Measuring the effectiveness of online advertising ACA webinar April 15, 2011 Agenda 1. Introductions 2. Background Online Advertising & Measuring Effectiveness 3. Market Context Rapidly Changing

More information

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO-6009-09 TABLE OF CONTENTS

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO-6009-09 TABLE OF CONTENTS OFFICE OF THE CHIEF INFORMATION OFFICER Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: Section I. PURPOSE II. AUTHORITY III. SCOPE IV. DEFINITIONS V. POLICY VI. RESPONSIBILITIES

More information

Front Metrics Technologies Pvt. Ltd. Capacity Management Policy, Process & Procedures Document

Front Metrics Technologies Pvt. Ltd. Capacity Management Policy, Process & Procedures Document Pvt. Ltd. Capacity Management Policy, Process & Procedures Document Client: Pvt. Ltd. Date : 03/04/2011 Version : 0.6 GENERAL Description Purpose Applicable to Supersedes This document establishes a Capacity

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Developing the Security Program Jan 27, 2005 Introduction Some organizations use security programs to describe the entire set of personnel, plans, policies, and initiatives

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Methods Commission CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS. 30, rue Pierre Semard, 75009 PARIS

Methods Commission CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS. 30, rue Pierre Semard, 75009 PARIS MEHARI 2007 Overview Methods Commission Mehari is a trademark registered by the Clusif CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS 30, rue Pierre Semard, 75009 PARIS Tél.: +33 153 25 08 80 - Fax: +33

More information

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft

Education as a defense strategy. Jeannette Jarvis Group Program Manager PSS Security Microsoft Education as a defense strategy Jeannette Jarvis Group Program Manager PSS Security Microsoft Introduction to End User Security Awareness End User Security Awareness Challenges Understanding End User

More information

Development (60 ЕCTS)

Development (60 ЕCTS) Study program Faculty Cycle Software and Application Development (60 ЕCTS) Contemporary Sciences and Technologies Postgraduate ECTS 60 Offered in Tetovo Description of the program The objectives of the

More information

Internet Security Awareness Program in Georgia funded by ISOC Community Grants Programme

Internet Security Awareness Program in Georgia funded by ISOC Community Grants Programme Internet Security Awareness Program in Georgia funded by ISOC Community Grants Programme Final Report July, 2011 Prepared by David Tabatadze Project Coordinator info@isap.ge Project Overview With the internet

More information

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes

More information

Chapter 19 Advertising. Section 19.1 Advertising Media Section 19.2 Media Measurement and Rates

Chapter 19 Advertising. Section 19.1 Advertising Media Section 19.2 Media Measurement and Rates Chapter 19 Advertising Section 19.1 Advertising Media Section 19.2 Media Measurement and Rates Advertising Media Key Terms promotional advertising institutional advertising media print media transit advertising

More information

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number

More information

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15. NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

More information

Structure of organisations Hierarchical = rigid, slow decision making Flat = flexible, autonomous

Structure of organisations Hierarchical = rigid, slow decision making Flat = flexible, autonomous This booklet is intended to support your existing revision in your final approach to the first A2 ICT exam. Continue using the past papers, revision materials and revision exercises that you are already

More information

Global Corporate IT Security Risks: 2013

Global Corporate IT Security Risks: 2013 Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs

More information

A Workshop on Website Quality, Accessibility and Security April 2, 2009. Websites & web-enabled applications Hosting and Security

A Workshop on Website Quality, Accessibility and Security April 2, 2009. Websites & web-enabled applications Hosting and Security lq'kklu School of Good Governance And Policy Analysis A Workshop on Website Quality, Accessibility and Security April 2, 2009 Websites & web-enabled applications Hosting and Security Sanjay Hardikar, Technical

More information

CORPORATE VIDEO PRODUCTION GETTING THE MOST VALUE FROM A CORPORATE VIDEO PRODUCTION

CORPORATE VIDEO PRODUCTION GETTING THE MOST VALUE FROM A CORPORATE VIDEO PRODUCTION Get more out of film CORPORATE VIDEO PRODUCTION GETTING THE MOST VALUE FROM A CORPORATE VIDEO PRODUCTION 1 WRITE A SOLID BRIEF 2 TAKE A MARKETING COMMUNICATIONS POINT OF VIEW 3 DON T DISCOUNT MULTIPLE

More information

CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud

CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud Presented by Tom Garcia President / CEO InfoSight, Inc. 2014 InfoSight What we ll cover today 1. The MFA & NACHA

More information

The Sales Lead System

The Sales Lead System The Sales Lead System Contents Intro... 3 Network Marketing Ad Basics... 3 Blogging... 4 Article Marketing... 4 Video Marketing... 5 E-mail Marketing... 6 Pay Per Click... 7 Banner Ads... 8 Social Marketing...

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

Non-personal communication

Non-personal communication Week 8: Promotions Integrated Marketing Communications: advertising, Sales Promotion, Public Relations, and Direct Marketing Strategic Goals Of Marketing Communication Create awareness Build positive images

More information

Improving Residual Risk Management Through the Use of Security Metrics

Improving Residual Risk Management Through the Use of Security Metrics Improving Residual Risk Management Through the Use of Security Metrics Every investment in security should be effective in reducing risk, but how do you measure it? Jonathan Pagett and Siaw-Lynn Ng introduce

More information

INFORMATION TECHNOLOGY RISK MANAGEMENT PLAN

INFORMATION TECHNOLOGY RISK MANAGEMENT PLAN 10/25/2012 TECHNOLOGY SERVICES INFORMATION TECHNOLOGY RISK MANAGEMENT PLAN Procedure Name: LIT Risk Management Information Technology Plan ver 2.31.docx Risk Management Plan Issue Date: TBD Procedure Owner:

More information

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance

More information

SMALL BUSINESS REPUTATION & THE CYBER RISK

SMALL BUSINESS REPUTATION & THE CYBER RISK SMALL BUSINESS REPUTATION & THE CYBER RISK Executive summary In the past few years there has been a rapid expansion in the development and adoption of new communications technologies which continue to

More information

Security Awareness Training Policy

Security Awareness Training Policy Security Awareness Training Policy I. PURPOSE This policy is intended to set the training standard for several key audiences in Salem State University, including, but not limited to: University executives,

More information

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,

More information

White Paper. Information Security -- Network Assessment

White Paper. Information Security -- Network Assessment Network Assessment White Paper Information Security -- Network Assessment Disclaimer This is one of a series of articles detailing information security procedures as followed by the INFOSEC group of Computer

More information

Information Technology Cyber Security Policy

Information Technology Cyber Security Policy Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please

More information

SECURITY ORGANISATION Security Awareness and the Five Aspects of Security

SECURITY ORGANISATION Security Awareness and the Five Aspects of Security SECURITY ORGANISATION Security Awareness and the Five Aspects of Security Shift Security simply used to protect information vs. Enabling business initiatives with security Bolt-on/add-on structure to business

More information

Good practice Public Service Communications Unit Communications Function Review 2009

Good practice Public Service Communications Unit Communications Function Review 2009 Final text: 06/04/10 Good practice Public Service Unit Function Review 2009 Purpose The purpose of this paper is to outline recommendations on good practice communications unit models and guidelines for

More information

Guide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network?

Guide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network? You wouldn t leave the door to your premises open at night. So why risk doing the same with your network? Most businesses know the importance of installing antivirus products on their PCs to securely protect

More information

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review Blakeley Heath Primary School E-Safety Policy Development / Monitoring / Review of this Policy This e-safety policy has been developed by a working group made up of: Headteacher Coordinator Staff including

More information

A Guide to Promoting your Project

A Guide to Promoting your Project Contents 1. Introduction 2. Why Promotion? 3. Channels Traditional Media i. Television ii. Radio iii. Print Digital Media 4. Planning Assigning Roles i. Coordinating ii. Speaking iii. Writing iv. Photographer

More information

DBC 999 Incident Reporting Procedure

DBC 999 Incident Reporting Procedure DBC 999 Incident Reporting Procedure Signed: Chief Executive Introduction This procedure is intended to identify the actions to be taken in the event of a security incident or breach, and the persons responsible

More information

ISMS Implementation Guide

ISMS Implementation Guide atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-615-7300 Fax: 512-615-7301 www.atsec.com ISMS Implementation Guide atsec information security ISMS Implementation

More information

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Legislative Council Panel on Information Technology and Broadcasting. Information Security For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest

More information

How the Internet has Impacted Marketing?

How the Internet has Impacted Marketing? Online Marketing and Social Media ( Module 1 ) How the Internet has Impacted Marketing? The internet has developed very rapidly as a major force in the marketing equation for many consumer products. Not

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Survey report on Nordic initiative for social responsibility using ISO 26000

Survey report on Nordic initiative for social responsibility using ISO 26000 Survey report on Nordic initiative for social responsibility using ISO 26000 2013 Contents SUMMARY... 3 1. INTRODUCTION... 4 1.1 Objective of the survey... 4 1.2 Basic information about the respondents...

More information

Roles and Responsibilities The following section outlines the e-safety roles and responsibilities of individuals and groups within Heath Farm School:

Roles and Responsibilities The following section outlines the e-safety roles and responsibilities of individuals and groups within Heath Farm School: Introduction This e-safety policy was approved by the School Senior Leadership Team: January2015 The implementation of this e-safety policy will be monitored by the: E-Safety Coordinator, Senior Leadership

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

WhitePaper. The Business Value of Call Accounting Software How Call Accounting Helps Reduce Telecom Expenses and Improve Productivity

WhitePaper. The Business Value of Call Accounting Software How Call Accounting Helps Reduce Telecom Expenses and Improve Productivity The Business Value of Call Accounting Software How Call Accounting Helps Reduce Telecom Expenses and Improve Productivity WhitePaper We innovate. You benefit. The Business Value of Call Accounting Software

More information

Monitoring and Evaluation Plan Primer for DRL Grantees

Monitoring and Evaluation Plan Primer for DRL Grantees Monitoring and Evaluation Plan Primer for DRL Grantees I. What is a monitoring and evaluation plan? A monitoring and evaluation plan (M&E plan), sometimes also referred to as a performance monitoring or

More information

UF IT Risk Assessment Standard

UF IT Risk Assessment Standard UF IT Risk Assessment Standard Authority This standard was enacted by the UF Senior Vice President for Administration and the UF Interim Chief Information Officer on July 10, 2008 [7]. It was approved

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager Role title Digital Cultural Asset Manager Also known as Relevant professions Summary statement Mission Digital Asset Manager, Digital Curator Cultural Informatics, Cultural/ Art ICT Manager Deals with

More information

Study of the Impact of cyber crime on businesses In canada

Study of the Impact of cyber crime on businesses In canada Study of the Impact of Cyber Crime on businesses in Canada 2 Introduction The International Cyber Security Protection Alliance (ICSPA) www.icspa.org, has conducted a study on the impact of cyber crime

More information

A system is a set of integrated components interacting with each other to serve a common purpose.

A system is a set of integrated components interacting with each other to serve a common purpose. SYSTEM DEVELOPMENT AND THE WATERFALL MODEL What is a System? (Ch. 18) A system is a set of integrated components interacting with each other to serve a common purpose. A computer-based system is a system

More information

Information Security Policy

Information Security Policy Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

Implementation of a Quality Management System for Aeronautical Information Services -1-

Implementation of a Quality Management System for Aeronautical Information Services -1- Implementation of a Quality Management System for Aeronautical Information Services -1- Implementation of a Quality Management System for Aeronautical Information Services Chapter IV, Quality Management

More information

Harvard University Payment Card Industry (PCI) Compliance Business Process Documentation

Harvard University Payment Card Industry (PCI) Compliance Business Process Documentation Harvard University Payment Card Industry (PCI) Compliance Business Process Documentation Business Process: Documented By: PCI Data Security Breach Stephanie Breen Creation Date: 1/19/06 Updated 11/5/13

More information

Impact of Social Media Marketing on SME Business Author:

Impact of Social Media Marketing on SME Business Author: Impact of Social Media Marketing on SME Business Author: Rahul Jain, Director Digital Marketing & Chief Strategist, InnoServ Digital, InnoServ Solutions Pvt. Ltd. ABSTRACT With the growth of Internet and

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

Acceptable Use of Information Systems Standard. Guidance for all staff

Acceptable Use of Information Systems Standard. Guidance for all staff Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

PUBLISHING AN E-NEWSLETTER BUILDS SUPPORT FOR YOUR SCHOOL DISTRICT: MAKING THE CASE

PUBLISHING AN E-NEWSLETTER BUILDS SUPPORT FOR YOUR SCHOOL DISTRICT: MAKING THE CASE Over 25 Years of Public School Community Relationship Building Experience PUBLISHING AN E-NEWSLETTER BUILDS SUPPORT FOR YOUR SCHOOL DISTRICT: MAKING THE CASE Position Paper by Ira W. Yellen, APR, Fellow

More information

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

User research for information architecture projects

User research for information architecture projects Donna Maurer Maadmob Interaction Design http://maadmob.com.au/ Unpublished article User research provides a vital input to information architecture projects. It helps us to understand what information

More information

REQUIREMENTS FOR THE MASTER THESIS IN INNOVATION AND TECHNOLOGY MANAGEMENT PROGRAM

REQUIREMENTS FOR THE MASTER THESIS IN INNOVATION AND TECHNOLOGY MANAGEMENT PROGRAM APPROVED BY Protocol No. 18-02-2016 Of 18 February 2016 of the Studies Commission meeting REQUIREMENTS FOR THE MASTER THESIS IN INNOVATION AND TECHNOLOGY MANAGEMENT PROGRAM Vilnius 2016-2017 1 P a g e

More information

2015 Information Security Awareness Catalogue

2015 Information Security Awareness Catalogue Contents 2015 Catalogue Wolfpack Engagement Model 4 Campaign Drivers 6 Offerings 8 Approach 9 Engaging Content 10 Stakeholder Change Management 12 Bundles 13 Content 14 Grey Wolf -Track compliance with

More information

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide Oracle Database Controls Department of Technology, Management, and Budget March 2015 071-0565-14 State of Michigan Auditor General Doug

More information

SCHOOL DISTRICT COMMUNICATION GUIDELINES

SCHOOL DISTRICT COMMUNICATION GUIDELINES SECTION E: COMMUNICATION SCHOOL DISTRICT COMMUNICATION GUIDELINES INDIVIDUAL TRUSTEE SCHOOL STAFF MEMBER PARENT SCHOOL COUNCIL TEACHER PRINCIPAL AREA SUPERINTENDENT CHIEF SUPERINTENDENT BOARD OF TRUSTEES

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

ICT Indicators. The scope of the ICT function covers all aspects of infrastructure, systems, processes and disciplines required to support:

ICT Indicators. The scope of the ICT function covers all aspects of infrastructure, systems, processes and disciplines required to support: ICT Indicators ICT value for money indicators guidance 1) Introduction This document sets out the indicators for the ICT Function. The guidance below starts by defining the scope of the function and goes

More information

Federal Trade Commission Privacy Impact Assessment for:

Federal Trade Commission Privacy Impact Assessment for: Federal Trade Commission Privacy Impact Assessment for: DCBE Websites and Blogs Consumer.ftc.gov, Consumidor.ftc.gov, OnGuardOnline, AlertaenLinea, Consumer.gov, Consumidor.gov and the BCP Business Center

More information

Social Media Marketing: ENGAGE rather than SELL involvement leads to purchase!

Social Media Marketing: ENGAGE rather than SELL involvement leads to purchase! Approximately 90% of the people you find on the internet in today s world know at least one social network and are registered as an active user on it. The imminence and influence of social media is what

More information

Virtual Desktop and Cloud Services: New Security Demand. Blerta Lufaj

Virtual Desktop and Cloud Services: New Security Demand. Blerta Lufaj Virtual Desktop and Cloud Services: New Security Demand Blerta Lufaj Master s Thesis Master of Science in Information Security 30 ECTS Department of Computer Science and Media Technology Gjøvik University

More information

2011 Forrester Research, Inc. Reproduction Prohibited

2011 Forrester Research, Inc. Reproduction Prohibited 1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

An ISMS Implementation Practice in Environments with Limited Resources Prepared for APEC-OECD Workshop on Security of Information Systems and Networks

An ISMS Implementation Practice in Environments with Limited Resources Prepared for APEC-OECD Workshop on Security of Information Systems and Networks An ISMS Implementation Practice in Environments with Limited Resources Prepared for APEC-OECD Workshop on Security of Information Systems and Networks September 05, 2005 Sophie, Lihsuan Liang, Project

More information

Bigfork Present: Planning for Relevant Traffic

Bigfork Present: Planning for Relevant Traffic Bigfork Present: Planning for Relevant Traffic Part of our successful website planning process is to look at driving relevant traffic to the new website. This article looks at why and how we decide to

More information

Summary of ESD S Proposal for the NIST s New York MEP Designation

Summary of ESD S Proposal for the NIST s New York MEP Designation Summary of ESD S Proposal for the NIST s New York MEP Designation The NY MEP Center hopes to continue providing manufacturing extension services to enhance the productivity and technological performance

More information