Information Services Information Technology Committee. 10 th June ITC Workplan for 2014/15
|
|
- Jonah Palmer
- 8 years ago
- Views:
Transcription
1 Information Services Information Technology Committee 10 th June 2014 ITC Workplan for 2014/15 Brief description of the paper The paper is a combination of a committee workplan for 2014/15 and a report on activity during 2013/14. The plan is for discussion and comment the report is for information. The plan and the report were required by KSC for their meeting in October and so has already been reviewed and accepted by KSC. So we are in the slightly strange position of having an acceptable workplan that ITC hasn t seen. This does not mean that we cannot make changes if we wish to, but we can have confidence that it is covering the areas that are important to KSC. ction requested For comment - we will finalise the plan based on comments received. Resource implications Does the paper have resource implications? No Risk ssessment Does the paper include a risk analysis? No Equality and Diversity Has due consideration been given to the equality impact of this paper? Yes There are no diversity implications. ny other relevant information The Review Group will submit annual reports from this point onwards to ITC. Originator of the paper Simon Marsden October 2014 Freedom of information Can this paper be included in open business? Yes
2 ITC Workplan The ITC committee has a pattern of working based on having 3 meetings a year. The work is divided into the following broad areas: IT Strategy Oversight and input to major IT initiatives Service monitoring robustness, resilience, priorities Security 2014/15 Plan Strategy IT infrastructure Implementing the outcomes of the IT Infrastructure review Overall strategy Review overall guiding principles document. Oversight of major initiatives Research Data Management (IS) Telephone Replacement (IS) Office 365 for staff (IS) University web site content management system change (IS) Delivery of web services to mobile devices (IS) Media Refresh (IS) Service Monitoring The main strands of work planned in this area are: Ongoing monitoring of priorities Roll out of software licensing risk management Policy around availability taking into account planned and unplanned down time Security Ensuring our policy and guidance are current and disseminate best practice. nnual report for Risk Management Committee on security incidents/breaches Multi factor authentication implemented in high risk situations S L Marsden October 2014
3 2013/14 Review Strategy Within the strategy we have an overall IT Strategy which is concerned with the principles which guide the development of IT services. Within the overall umbrella sub strategies are developed. Over the last year a plan for developing our capability to manage and deliver multi media content was developed resulting in the IT Committee supporting an IS business case in the planning round which received funding. Going forward there will be an initiative to develop the service monitoring of that will be part of the oversight activity in the 14/15 plan. The video services are more closely aligned with the work of the Learning and Teaching Committee and it is expected that the requirements for infrastructure will be driven by their agenda. We have been conducting an IT Infrastructure Review over the summer. The expectation is that we will produce a 5 year roadmap for the development of the IT infrastructure, the roadmap will be reviewed by both ITC and KSC. Timing of the review has resulted in the work being carried out in between meetings of the IT Committee. Oversight and input to major IT initiatives 2013/14 Research Data Management (IS) The RDM services have made good progress with the policy and tools for creating data plans in plans together with technical delivery of data store ie up to 500Gb of active file storage per researcher and the data share ie sharing published data sets in place and data vault ie long term storage is still to be developed. Telephone Replacement (IS) Replacing analogue phones which are near end of life with digital phones has been constrained by funding but has also been included in the infrastructure review. Shared cademic Timetabling (IS) This 3 year project has delivered well, we now have a timetabling unit located in SSG who are running the processes and continuing to further develop the service. The main objectives of delivering personal timetables for students and more effective MI showing teaching space usage have been delivered and the project has closed. The software that we purchased Scientia has been found to have some limitations which have impacted on our delivery, the software is not as reliable as we need and the functions to allow student self sign up for class events eg tutorials will not work in combination with our other processes. Scientia recognise the issues and are engaged on a product re-write which will address the problems but which will take at least 2 years to deliver. In the mean time we have put additional monitoring and process control around the service to greatly reduce the unreliability issue. From a user perspective we managed the peak period through the start of the academic year this year with far less disruption than in the previous year. Office 365 for staff (IS) Our in house Microsoft Exchange service which delivered diary for all staff and for about 60% of staff has been successfully replaced with Microsoft s cloud service Office 365. The change has been well received. Driven by user demand we are now in the process of
4 transferring all staff still using Staffmail in the College of Humanities and Social Sciences to Office 365 and have a similar migration for Medicine staff planned. Select Print (IS) Introduction of SelectPrint has allowed us to consolidate on a single printing/copying/scanning service for staff and students. Under our contract with Xerox, we now have a fleet of some 700 multi function devices in place selected from a range of 7 models. Students and staff can print to mfds from their own laptops, computers, pads and phones as well as from University equipment. The service has been very positively received. We have seen an increase in usage of about 50% University web site content management system change (IS) The plan to replace our current content management system Polopoly with the open source system Drupal remains on track for December 2015 delivery. We are just about to start the first site migrations ready for full scale activity starting Januray Delivery of web services to mobile devices (IS) We developed a strategy to use adaptive web pages ie web pages which adjust their display to the size of the screen they are being used on, rather than custom apps for mobile devices. We have done this successfully for both the ESE and MyEd services and are starting to see the adoption of adaptive design in other services eg some aspects of student self service. The strategy recognises that where an app already exists we can incorporate it into our portfolio but that we should not create apps ourselves. Consequently we have adopted a mobile pp from Blackboard for users of the Learn vle and Microsofts apps for Office 365 users. This is great progress. Use of Video management tools in the Business School (CHSS) The Business School purchased a cloud service called Panopto to support their ambition for captutring and delivering lectures and other video material as part of the Edinburgh MB programme. The service has worked well and is providing really helpful input into the business case for a University wide media service. Business Intelligence (USG) The committee has continued to follow the progress of the BI/MI initiative but does not have a governance role so acts as an additional communications channel for the initiative. Service monitoring robustness, resilience, priorities The availability of services remains a significant concern especially at the start of the academic year. The lessons learned from previous years are being fed into a continuous improvement cycle such that we have seen year on year improvements. The start of 2014/15 was to the required standard with or no significant disruption to services. It is important to recognise that the start of the year will always be a vulnerable period with many processes that have to execute at high volume which are not exercised at volume at any other time of the year and software and hardware that changes between peak cycles. The sub group of ITC set up to monitor the service priorities and the levels of service availability and disaster recovery primarily accorded to each category; high, medium or low reported to ITC in June. They recommended no changes to the high priority category. The group has started to engage with overall availability combining planned, ie system maintenance and unplanned ie faults to work
5 towards setting an overall target. s a first step monitoring of overall availability has been put in place. The committee oversaw the development of a policy to ensure that the risks associated with breaches of software license conditions are routinely reviewed and managed. The process to assess the risks is currently being piloted across all IS with an expectation of rolling it out more widely early in the year. Security Security risks have been a growing concern throughout the year, within ITC and the Risk and udit committees. The growing concern is a reflection of the increasingly difficult external environment and as a consequence, we have been responding and stepping up our activities. The appointment of the Chief Information Technology Officer has made a significant difference. He has provided a focus our activity. The main areas that have been addressed are: Met with heads of schools and established a network of security practitioners within the University Provided that network with a way to feedback on incidents so that we can learn from each other, track levels of incidents and compare them with other Universities. Put in place a firewall rule that requires all web sites in the University to be registered before they can receive traffic from outside of the University. Understanding what we have and who owns it will provide us with a control to monitor activity and to ensure that web servers are being updated and adequately patched for new security vulnerabilities. Procured an external vulnerability testing service Provided guidance on possible data loss o what constitutes high risk information o what actions need to take if they are using high risk information on mobile devices o encryption tools to mitigate the risks ssessed the risks around the possible theft of passwords. The outcome of this is that we believe we need to implement a second factor challenge, ie something more than a password for some services. The area where there is the biggest risk is student record and BI/MI services where many staff quite correctly have access to many student s personal data. Technical solutions which balance usability and security are being evaluated before a final recommendation is made. Provided an annual report to the Risk Management and udit committees attached.
6 IT Security report to Risk and udit Committee During the past year there has been a significant expansion in the level of effort over security evident in the Colleges and Schools. In particular, a very active group has been established in Science and Engineering and this model is now being followed in Humanities and Social Science. review of the various security policies has been made by the ITC Working Group on Security and steps taken to update the policies and to establish new policies where there are obvious gaps. short review was held over the danger of leakage of corporate data when an ESE credential is lost. This has led to further discussions with system owners and a proposal for positive action over changes to the security model for the Student Systems area. Ongoing work has continued with both Janet and other Russell Group institutions on the ability to share information on the number and severity of security incidents. This work only proceeds very slowly as there is still extreme reluctance to admit to events unless the issue is forced upon an institution. During the year there have been 11 security incidents which can be graded as serious. This compares to 14 incidents in the previous year. It should be noted that 3 of these incidents have been in the EUS website area. We are engaged with EUS about how they can improve the security awareness of their web site managers. Date Incident Effect Cause Owner 15-ug-13 IRC Bot infection Network attacks - Inadequate patching Biological Caused DoS issues Sciences 16-Sep-13 Trojan 'Key Logger Potential loss of Responded to HSS information phishing Compromised Website 500 bytes Inadequate patching Informatics 12-Nov-13 downloaded (style sheets) 29-Nov-13 Phishing ttack bility to read Responded to Staffmail. phishing 06-Feb-14 Compromised Website Inserted web pages Inadequate patching Biological Sciences 20-Feb-14 Credential Loss Id theft through Guardian-Bad CM bogus adverts password Policy 03-Mar-14 Careless Permissions Publically available Carelessness Geosciences files 01-ug-14 Compromised website dded web links Inadequate patching IS-pps 18-Sep-13 Compromised Website Viagra dverts Inadequate patching EUS 22-pr-14 Compromised Website Viagra dverts Inadequate patching EUS 18-Jul-14 Compromised Website Viagra dverts Inadequate patching EUS
Information Services. Information Technology Committee. 21 st June 2012. IT Risks in Schools
Information Services Information Technology Committee 21 st June 2012 IT Risks in Schools Brief description of the paper re your IT services sufficiently robust for the purpose they are intended? There
More informationNOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0
NOS for IT User and Application Specialist IT Security (ESKITU04) November 2014 V1.0 NOS Reference ESKITU040 ESKITU041 ESKITU042 Level 3 not defined Use digital systems NOS Title Set up and use security
More informationAudit and Risk Management Committee. IT Security Update
Audit and Risk Management Committee 26 th February 2015 IT Security Update Description of paper 1. The purpose of this paper is to update the Committee on current security issues and what steps are being
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationInformation Services Information Technology Committee. 10 th June 2014. IT-Infrastructure Review Roadmap
ITC: 13.11.14 B Information Services Information Technology Committee 10 th June 2014 IT-Infrastructure Review Roadmap Brief description of the paper The paper is the IT Infrastructure Review Roadmap.
More informationUS companies experience and attitudes towards security threats
US companies experience and attitudes towards security threats Q u a n t i t a t i v e s u r v e y w i t h i n L a r g e a n d M e d i u m c o m p a n i e s i n t h e U S A Objectives Determine the existing
More informationPortfolio: Transformation, Modernisation and Regulation
Portfolio: Transformation, Modernisation and Regulation Procurement Committee 19 October 2006 Procurement of E-mail, Calendar and Archiving System Report by: Ward Implications: Head of City Service and
More informationOxford City Council ICT Strategy 2015 2018
Oxford City Council ICT Strategy 2015 2018 1 Contents 2 Overview... 2 3 OCC Business Drivers... 2 4 ICT Principles... 3 4.1 Business Requirements... 3 4.2 Information Management... 3 4.3 Applications...
More informationD Ongoing Activities Update
Knowledge Strategy Committee 23 January 2015 Ongoing Activities Update escription of paper 1. An update on various University-wide projects that fall within the remit of KSC. Action requested 2. KSC is
More informationInternal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority
Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationTechnology Review Feedback Vale of Glamorgan Council
Technology Review Feedback Vale of Glamorgan Council Audit year: Annual Improvement Assessment 2011 Issued: October 2011 Document reference: 538A2011 Status of report The person who delivered the work
More informationReport on Hong Kong SME Cloud Adoption and Security Readiness Survey
Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Collaborated by Internet Society Hong Kong and Cloud Security Alliance (HK & Macau Chapter) Sponsored by Microsoft Hong Kong Jointly
More informationSummary of the State of Security
Summary of the State of Security Tram Jewett, CISA CliftonLarsonAllen LLP Virginia GFOA Annual Spring Conference, 2016 1 1 Summary of the State of Security Tram Jewett, MS., CISA, 11 years IT audit and
More information2012 NCSA / Symantec. National Small Business Study
2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationUNIVERSITY OF STIRLING: INFORMATION SERVICES Review of Progress: Service Area Plan 2012 2015
UNIVERSITY OF STIRLING: INFORMATION SERVICES Review of Progress: Service Area Plan 2012 2015 Progress against the key priorities for 2012 as identified in the Service Area Plan 2012-15 are summarised in
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informatione-mail & Storage in the Cloud Case Study
e-mail & Storage in the Cloud Case Study Colleges and Projects Accrington & Rossendale East Riding College Exeter College Grimsby Institute Hartlepool College Highbury College Northampton North East Worcestershire
More informationProcedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom
Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationBE SAFE ONLINE: Lesson Plan
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
More informationInformation Services Strategy 2011-2013
Information Services Strategy Issue 1 1 Introduction The States of Jersey public sector is facing significant pressure for efficiencies and savings. This has created the context to take a fresh look at
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationGlobal IT Security Risks: 2012
Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection
More informationStudent Tech Security Training. ITS Security Office
Student Tech Security Training ITS Security Office ITS Security Office Total Security is an illusion security will always be slightly broken. Find strategies for living with it. Monitor our Network with
More informationFERPA: Data & Transport Security Best Practices
FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require
More informationMid Suffolk District Council. Risk Management Strategy
Mid Suffolk District Council Risk Management Strategy uthor Claire Reynolds and udit Officer (Lead for Risk Management) Version Control V1 30 October 2006 pproved by Executive Committee V2 October/ November
More informationApplying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
More informationVoIP Security, an overview of the Threat Landscape
VoIP Security, an overview of the Threat Landscape Peter Cox CTO Borderware Technologies peter@borderware.com Abstract Voice over IP (VoIP) services are, as the name suggests a method of running Voice
More informationThe Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T
The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices
More informationAvailability Acceleration Access Virtualization - Consolidation
Sales Guide straight to the point Availability Acceleration Access Virtualization - Consolidation F5 Battlecard Aligning business strategy and the IT infrastructure F5 provides strategic points of control
More informationCentral Hosting. Case Study
Central Hosting Case Study October, 2014 Central Hosting Case Study Background An Chéim was originally set up to procure, distribute and implement key MIS systems (hardware and software) for the Institutes
More informationPortal Annual Report 2012/13
Portal Annual Report 2012/13 Introduction This report is provided for a diverse audience and covers the year 1st September 2012 31st August 2013, the seventh year of operation of the Portal. The Portal
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationMy CEO wants an ipad now what? Mobile Security for the Enterprise
My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager
More informationProtect Yourself in the Cloud Age
Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation
More informationStrategic Plan FY 2014-2016
Strategic Plan FY 2014-2016 CONTENTS SUMMARY 3 ACADEMIC SERVICES 4 DATA MANAGEMENT & REPORTING 6 COMMUNICATIONS & COLLABORATION 7 IT SERVICES 8 INFRASTRUCTURE 9 SECURITY 10 BRAND BUILDING 11 INITIATION
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationSecurity aspects of e-tailing. Chapter 7
Security aspects of e-tailing Chapter 7 1 Learning Objectives Understand the general concerns of customers concerning security Understand what e-tailers can do to address these concerns 2 Players in e-tailing
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationGlobal IT Security Risks
Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most
More informationCouncil, 6 February 2014. IT Report. Executive summary and recommendations. Introduction
Council, 6 February 2014 IT Report Executive summary and recommendations Introduction The report sets out the main activities of the IT Department since the last meeting of Council. It includes statistical
More informationG-Cloud Definition of Services Security Penetration Testing
G-Cloud Definition of Services Security Penetration Testing Commercial in Confidence G-Cloud Services An Overview Inner Security is a leading CREST registered information security services provider. We
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationTop 10 Risks in the Cloud
A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question
More informationINFORMATION SECURITY Humboldt State University
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY Humboldt State University Audit Report 14-50 October 30, 2014 EXECUTIVE SUMMARY OBJECTIVE The objectives of
More informationwww.fedtechmagazine.com/article/2012/05/locking-down-byod
CASE STUDIES TACTICAL ADVICE RESOURCES Infrastructure Optimization Security Storage Networking Mobile & Wireless Hardware & Software Management CURRENT ISSUE Subscribe 1/8 5 Next Level Data Consolidation
More informationComputing & Telecommunications Services Monthly Report March 2015
March 215 Monthly Report Computing & Telecommunications Services Monthly Report March 215 CaTS Help Desk (937) 775-4827 1-888-775-4827 25 Library Annex helpdesk@wright.edu www.wright.edu/cats/ Last Modified
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More information2011 NATIONAL SMALL BUSINESS STUDY
2011 NATIONAL SMALL BUSINESS STUDY The National Cyber Security Alliance has conducted a new study with Symantec to analyze cyber security practices, behaviors and perceptions of small businesses throughout
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationSecurity Whitepaper: ivvy Products
Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationUniversity of Strathclyde: Information Services Directorate Operational Plan for 2014/15
University of Strathclyde: Information Services Directorate Operational Plan for 2014/15 Enabling the future: transforming our information systems and technology 2014/15 2014/2015 CONTENTS 1 DRIVERS, STRATEGIC
More informationStrategic Plan for Technology 2015-2020
Florida Gulf Coast University Strategic Plan for Technology 2015-2020 Information Resource Committee I. Overview of the Process Information Resource Committee In the Fall of 2014, the Planning and Budget
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationCYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014
CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION Architecture Framework Advisory Committee November 4, 2014 1 Agenda TIME TOPICS PRESENTERS 9:00 9:15 Opening Remarks and Introductions Shirley Ivan,
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationInformation Security Team
Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface
More informationCisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.
Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able
More informationGuidance on data security breach management
ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationInformation Technology. A Current Perspective on Risk Management
Information Technology A Current Perspective on Risk Management Topics Covered Information Security Program Common Examination Findings Existing and Emerging Risks ACH/Wire Fraud and Corporate Account
More informationPrivate Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Private Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Cloud computing has completely transformed the way business organizations
More informationDATA SECURITY HACKS, HIPAA AND HUMAN RISKS
DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare
More information24x7 Help Desk Services Questions & Answers for RFP 40016_21030705
24x7 Help Desk Services Questions & Answers for RFP 40016_21030705 1. What % of the call volume that was listed in the RFP was related to LMS (BB and Moodle) support? See Table 5 2. What is the number
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationICT Category Sub Category Description Architecture and Design
A A01 Architecture and Design Architecture and Design Enterprise & Business Architecture A02 Architecture and Design Information Architecture A03 Architecture and Design Solution Architecture B Benchmarking
More informatione2e Secure Cloud Connect Service - Service Definition Document
e2e Secure Cloud Connect Service - Service Definition Document Overview A cloud connectivity service that connects users, devices, offices and clouds together over the Internet. Organisations can choose
More informationCost effective methods of test environment management. Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA
Cost effective methods of test environment management Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA 2013 Agenda Basic complexity Dynamic needs for test environments Traditional
More informationIT Strategy Review April 2014
IT Strategy Review April 2014 1. Executive Summary UCD IT Services developed a five year IT Strategy (2009-2013) and has now completed its implementation. The strategy set out key objectives for each area
More informationVPN Lesson 2: VPN Implementation. Summary
VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More informationCloud Computing Continued. Jan Šedivý
Cloud Computing Continued Jan Šedivý Recapitulation Connect Anywhere, Anytime Central administration Cloud applications WEB applications Architecture Cloud architecture Deployment models Higher Reliability
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:
More informationWorry-free Email Security in the Cloud for Online Gaming Pioneer
Microsoft Office 365 Customer Solution Case Study Worry-free Email Security in the Cloud for Online Gaming Pioneer Overview Country or Region: South Korea Industry: Entertainment Customer Profile Actoz
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationBest Practices for Trialing the Intronis Cloud Backup and Recovery Solution
Best Practices for Trialing the Intronis Cloud Backup and Recovery Solution Intronis Cloud Backup and Recovery is a file based backup application that allows users to back up their critical data to the
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationPhysically secure facilities will better protect your computing equipment from theft, vandalism and accidental damage
ITS Service Level Agreement Last Changed: July 31, 2014 Co-Location Service What is Co Location? Co Location is an ITS service that allows departments and researchers at the University of Hawaii to locate
More informationTraining Employees to Recognise & Avoid Advanced Threats
Training Employees to Recognise & Avoid Advanced Threats Joe Ferrara, President & CEO, Wombat Security Technologies Rashmi Knowles, Chief Security Architect EMEA, RSA The Security Division of EMC Session
More informationFRAMEWORK for NATIONAL NETWORK & CYBER SECURITY
FRAMEWORK for NATIONAL NETWORK & CYBER SECURITY 23 September 2009 1 06-02-200906.02.2009 Ram Narain Email: ramnarain@hotmail.com 7 Tier Approach to Network & Cyber Security 5 levels of Security Tier 1
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationData Security Breach Management - A Guide
DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT GD21 2 DATA PROTECTION (JERSEY) LAW 2005: GUIDANCE ON DATA SECURITY BREACH MANAGEMENT Introduction Organisations which process
More informationThe Business Case Migration to Windows Server 2012 R2 with Lenovo Servers
The Business Case Migration to Windows Server 2012 R2 with Lenovo Servers New levels of integration and capabilities provide the foundation for building more successful businesses with this new infrastructure
More informationCABINET 9 th February 2006. Report of the Director of Partnerships and Customer Services
CABINET 9 th February 2006 Report of the Director of Partnerships and Customer Services ITEM 11 CRM DEVELOPMENT Purpose of the Report To seek approval to the replacement for the Council s Customer Relationship
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More information