Information Services Information Technology Committee. 10 th June ITC Workplan for 2014/15

Size: px
Start display at page:

Download "Information Services Information Technology Committee. 10 th June 2014. ITC Workplan for 2014/15"

Transcription

1 Information Services Information Technology Committee 10 th June 2014 ITC Workplan for 2014/15 Brief description of the paper The paper is a combination of a committee workplan for 2014/15 and a report on activity during 2013/14. The plan is for discussion and comment the report is for information. The plan and the report were required by KSC for their meeting in October and so has already been reviewed and accepted by KSC. So we are in the slightly strange position of having an acceptable workplan that ITC hasn t seen. This does not mean that we cannot make changes if we wish to, but we can have confidence that it is covering the areas that are important to KSC. ction requested For comment - we will finalise the plan based on comments received. Resource implications Does the paper have resource implications? No Risk ssessment Does the paper include a risk analysis? No Equality and Diversity Has due consideration been given to the equality impact of this paper? Yes There are no diversity implications. ny other relevant information The Review Group will submit annual reports from this point onwards to ITC. Originator of the paper Simon Marsden October 2014 Freedom of information Can this paper be included in open business? Yes

2 ITC Workplan The ITC committee has a pattern of working based on having 3 meetings a year. The work is divided into the following broad areas: IT Strategy Oversight and input to major IT initiatives Service monitoring robustness, resilience, priorities Security 2014/15 Plan Strategy IT infrastructure Implementing the outcomes of the IT Infrastructure review Overall strategy Review overall guiding principles document. Oversight of major initiatives Research Data Management (IS) Telephone Replacement (IS) Office 365 for staff (IS) University web site content management system change (IS) Delivery of web services to mobile devices (IS) Media Refresh (IS) Service Monitoring The main strands of work planned in this area are: Ongoing monitoring of priorities Roll out of software licensing risk management Policy around availability taking into account planned and unplanned down time Security Ensuring our policy and guidance are current and disseminate best practice. nnual report for Risk Management Committee on security incidents/breaches Multi factor authentication implemented in high risk situations S L Marsden October 2014

3 2013/14 Review Strategy Within the strategy we have an overall IT Strategy which is concerned with the principles which guide the development of IT services. Within the overall umbrella sub strategies are developed. Over the last year a plan for developing our capability to manage and deliver multi media content was developed resulting in the IT Committee supporting an IS business case in the planning round which received funding. Going forward there will be an initiative to develop the service monitoring of that will be part of the oversight activity in the 14/15 plan. The video services are more closely aligned with the work of the Learning and Teaching Committee and it is expected that the requirements for infrastructure will be driven by their agenda. We have been conducting an IT Infrastructure Review over the summer. The expectation is that we will produce a 5 year roadmap for the development of the IT infrastructure, the roadmap will be reviewed by both ITC and KSC. Timing of the review has resulted in the work being carried out in between meetings of the IT Committee. Oversight and input to major IT initiatives 2013/14 Research Data Management (IS) The RDM services have made good progress with the policy and tools for creating data plans in plans together with technical delivery of data store ie up to 500Gb of active file storage per researcher and the data share ie sharing published data sets in place and data vault ie long term storage is still to be developed. Telephone Replacement (IS) Replacing analogue phones which are near end of life with digital phones has been constrained by funding but has also been included in the infrastructure review. Shared cademic Timetabling (IS) This 3 year project has delivered well, we now have a timetabling unit located in SSG who are running the processes and continuing to further develop the service. The main objectives of delivering personal timetables for students and more effective MI showing teaching space usage have been delivered and the project has closed. The software that we purchased Scientia has been found to have some limitations which have impacted on our delivery, the software is not as reliable as we need and the functions to allow student self sign up for class events eg tutorials will not work in combination with our other processes. Scientia recognise the issues and are engaged on a product re-write which will address the problems but which will take at least 2 years to deliver. In the mean time we have put additional monitoring and process control around the service to greatly reduce the unreliability issue. From a user perspective we managed the peak period through the start of the academic year this year with far less disruption than in the previous year. Office 365 for staff (IS) Our in house Microsoft Exchange service which delivered diary for all staff and for about 60% of staff has been successfully replaced with Microsoft s cloud service Office 365. The change has been well received. Driven by user demand we are now in the process of

4 transferring all staff still using Staffmail in the College of Humanities and Social Sciences to Office 365 and have a similar migration for Medicine staff planned. Select Print (IS) Introduction of SelectPrint has allowed us to consolidate on a single printing/copying/scanning service for staff and students. Under our contract with Xerox, we now have a fleet of some 700 multi function devices in place selected from a range of 7 models. Students and staff can print to mfds from their own laptops, computers, pads and phones as well as from University equipment. The service has been very positively received. We have seen an increase in usage of about 50% University web site content management system change (IS) The plan to replace our current content management system Polopoly with the open source system Drupal remains on track for December 2015 delivery. We are just about to start the first site migrations ready for full scale activity starting Januray Delivery of web services to mobile devices (IS) We developed a strategy to use adaptive web pages ie web pages which adjust their display to the size of the screen they are being used on, rather than custom apps for mobile devices. We have done this successfully for both the ESE and MyEd services and are starting to see the adoption of adaptive design in other services eg some aspects of student self service. The strategy recognises that where an app already exists we can incorporate it into our portfolio but that we should not create apps ourselves. Consequently we have adopted a mobile pp from Blackboard for users of the Learn vle and Microsofts apps for Office 365 users. This is great progress. Use of Video management tools in the Business School (CHSS) The Business School purchased a cloud service called Panopto to support their ambition for captutring and delivering lectures and other video material as part of the Edinburgh MB programme. The service has worked well and is providing really helpful input into the business case for a University wide media service. Business Intelligence (USG) The committee has continued to follow the progress of the BI/MI initiative but does not have a governance role so acts as an additional communications channel for the initiative. Service monitoring robustness, resilience, priorities The availability of services remains a significant concern especially at the start of the academic year. The lessons learned from previous years are being fed into a continuous improvement cycle such that we have seen year on year improvements. The start of 2014/15 was to the required standard with or no significant disruption to services. It is important to recognise that the start of the year will always be a vulnerable period with many processes that have to execute at high volume which are not exercised at volume at any other time of the year and software and hardware that changes between peak cycles. The sub group of ITC set up to monitor the service priorities and the levels of service availability and disaster recovery primarily accorded to each category; high, medium or low reported to ITC in June. They recommended no changes to the high priority category. The group has started to engage with overall availability combining planned, ie system maintenance and unplanned ie faults to work

5 towards setting an overall target. s a first step monitoring of overall availability has been put in place. The committee oversaw the development of a policy to ensure that the risks associated with breaches of software license conditions are routinely reviewed and managed. The process to assess the risks is currently being piloted across all IS with an expectation of rolling it out more widely early in the year. Security Security risks have been a growing concern throughout the year, within ITC and the Risk and udit committees. The growing concern is a reflection of the increasingly difficult external environment and as a consequence, we have been responding and stepping up our activities. The appointment of the Chief Information Technology Officer has made a significant difference. He has provided a focus our activity. The main areas that have been addressed are: Met with heads of schools and established a network of security practitioners within the University Provided that network with a way to feedback on incidents so that we can learn from each other, track levels of incidents and compare them with other Universities. Put in place a firewall rule that requires all web sites in the University to be registered before they can receive traffic from outside of the University. Understanding what we have and who owns it will provide us with a control to monitor activity and to ensure that web servers are being updated and adequately patched for new security vulnerabilities. Procured an external vulnerability testing service Provided guidance on possible data loss o what constitutes high risk information o what actions need to take if they are using high risk information on mobile devices o encryption tools to mitigate the risks ssessed the risks around the possible theft of passwords. The outcome of this is that we believe we need to implement a second factor challenge, ie something more than a password for some services. The area where there is the biggest risk is student record and BI/MI services where many staff quite correctly have access to many student s personal data. Technical solutions which balance usability and security are being evaluated before a final recommendation is made. Provided an annual report to the Risk Management and udit committees attached.

6 IT Security report to Risk and udit Committee During the past year there has been a significant expansion in the level of effort over security evident in the Colleges and Schools. In particular, a very active group has been established in Science and Engineering and this model is now being followed in Humanities and Social Science. review of the various security policies has been made by the ITC Working Group on Security and steps taken to update the policies and to establish new policies where there are obvious gaps. short review was held over the danger of leakage of corporate data when an ESE credential is lost. This has led to further discussions with system owners and a proposal for positive action over changes to the security model for the Student Systems area. Ongoing work has continued with both Janet and other Russell Group institutions on the ability to share information on the number and severity of security incidents. This work only proceeds very slowly as there is still extreme reluctance to admit to events unless the issue is forced upon an institution. During the year there have been 11 security incidents which can be graded as serious. This compares to 14 incidents in the previous year. It should be noted that 3 of these incidents have been in the EUS website area. We are engaged with EUS about how they can improve the security awareness of their web site managers. Date Incident Effect Cause Owner 15-ug-13 IRC Bot infection Network attacks - Inadequate patching Biological Caused DoS issues Sciences 16-Sep-13 Trojan 'Key Logger Potential loss of Responded to HSS information phishing Compromised Website 500 bytes Inadequate patching Informatics 12-Nov-13 downloaded (style sheets) 29-Nov-13 Phishing ttack bility to read Responded to Staffmail. phishing 06-Feb-14 Compromised Website Inserted web pages Inadequate patching Biological Sciences 20-Feb-14 Credential Loss Id theft through Guardian-Bad CM bogus adverts password Policy 03-Mar-14 Careless Permissions Publically available Carelessness Geosciences files 01-ug-14 Compromised website dded web links Inadequate patching IS-pps 18-Sep-13 Compromised Website Viagra dverts Inadequate patching EUS 22-pr-14 Compromised Website Viagra dverts Inadequate patching EUS 18-Jul-14 Compromised Website Viagra dverts Inadequate patching EUS

Information Services. Information Technology Committee. 21 st June 2012. IT Risks in Schools

Information Services. Information Technology Committee. 21 st June 2012. IT Risks in Schools Information Services Information Technology Committee 21 st June 2012 IT Risks in Schools Brief description of the paper re your IT services sufficiently robust for the purpose they are intended? There

More information

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0 NOS for IT User and Application Specialist IT Security (ESKITU04) November 2014 V1.0 NOS Reference ESKITU040 ESKITU041 ESKITU042 Level 3 not defined Use digital systems NOS Title Set up and use security

More information

Audit and Risk Management Committee. IT Security Update

Audit and Risk Management Committee. IT Security Update Audit and Risk Management Committee 26 th February 2015 IT Security Update Description of paper 1. The purpose of this paper is to update the Committee on current security issues and what steps are being

More information

Cybersecurity. Are you prepared?

Cybersecurity. Are you prepared? Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data

More information

Click to edit Master title style

Click to edit Master title style EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Information Services Information Technology Committee. 10 th June 2014. IT-Infrastructure Review Roadmap

Information Services Information Technology Committee. 10 th June 2014. IT-Infrastructure Review Roadmap ITC: 13.11.14 B Information Services Information Technology Committee 10 th June 2014 IT-Infrastructure Review Roadmap Brief description of the paper The paper is the IT Infrastructure Review Roadmap.

More information

US companies experience and attitudes towards security threats

US companies experience and attitudes towards security threats US companies experience and attitudes towards security threats Q u a n t i t a t i v e s u r v e y w i t h i n L a r g e a n d M e d i u m c o m p a n i e s i n t h e U S A Objectives Determine the existing

More information

Portfolio: Transformation, Modernisation and Regulation

Portfolio: Transformation, Modernisation and Regulation Portfolio: Transformation, Modernisation and Regulation Procurement Committee 19 October 2006 Procurement of E-mail, Calendar and Archiving System Report by: Ward Implications: Head of City Service and

More information

Oxford City Council ICT Strategy 2015 2018

Oxford City Council ICT Strategy 2015 2018 Oxford City Council ICT Strategy 2015 2018 1 Contents 2 Overview... 2 3 OCC Business Drivers... 2 4 ICT Principles... 3 4.1 Business Requirements... 3 4.2 Information Management... 3 4.3 Applications...

More information

D Ongoing Activities Update

D Ongoing Activities Update Knowledge Strategy Committee 23 January 2015 Ongoing Activities Update escription of paper 1. An update on various University-wide projects that fall within the remit of KSC. Action requested 2. KSC is

More information

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:

More information

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Ed McMurray, CISA, CISSP, CTGA CoNetrix Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats

More information

Technology Review Feedback Vale of Glamorgan Council

Technology Review Feedback Vale of Glamorgan Council Technology Review Feedback Vale of Glamorgan Council Audit year: Annual Improvement Assessment 2011 Issued: October 2011 Document reference: 538A2011 Status of report The person who delivered the work

More information

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Collaborated by Internet Society Hong Kong and Cloud Security Alliance (HK & Macau Chapter) Sponsored by Microsoft Hong Kong Jointly

More information

Summary of the State of Security

Summary of the State of Security Summary of the State of Security Tram Jewett, CISA CliftonLarsonAllen LLP Virginia GFOA Annual Spring Conference, 2016 1 1 Summary of the State of Security Tram Jewett, MS., CISA, 11 years IT audit and

More information

2012 NCSA / Symantec. National Small Business Study

2012 NCSA / Symantec. National Small Business Study 2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

UNIVERSITY OF STIRLING: INFORMATION SERVICES Review of Progress: Service Area Plan 2012 2015

UNIVERSITY OF STIRLING: INFORMATION SERVICES Review of Progress: Service Area Plan 2012 2015 UNIVERSITY OF STIRLING: INFORMATION SERVICES Review of Progress: Service Area Plan 2012 2015 Progress against the key priorities for 2012 as identified in the Service Area Plan 2012-15 are summarised in

More information

Keyfort Cloud Services (KCS)

Keyfort Cloud Services (KCS) Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency

More information

e-mail & Storage in the Cloud Case Study

e-mail & Storage in the Cloud Case Study e-mail & Storage in the Cloud Case Study Colleges and Projects Accrington & Rossendale East Riding College Exeter College Grimsby Institute Hartlepool College Highbury College Northampton North East Worcestershire

More information

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom

More information

Security Event Management. February 7, 2007 (Revision 5)

Security Event Management. February 7, 2007 (Revision 5) Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Autodesk PLM 360 Security Whitepaper

Autodesk PLM 360 Security Whitepaper Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure

More information

BE SAFE ONLINE: Lesson Plan

BE SAFE ONLINE: Lesson Plan BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take

More information

Information Services Strategy 2011-2013

Information Services Strategy 2011-2013 Information Services Strategy Issue 1 1 Introduction The States of Jersey public sector is facing significant pressure for efficiencies and savings. This has created the context to take a fresh look at

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Global IT Security Risks: 2012

Global IT Security Risks: 2012 Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection

More information

Student Tech Security Training. ITS Security Office

Student Tech Security Training. ITS Security Office Student Tech Security Training ITS Security Office ITS Security Office Total Security is an illusion security will always be slightly broken. Find strategies for living with it. Monitor our Network with

More information

FERPA: Data & Transport Security Best Practices

FERPA: Data & Transport Security Best Practices FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require

More information

Mid Suffolk District Council. Risk Management Strategy

Mid Suffolk District Council. Risk Management Strategy Mid Suffolk District Council Risk Management Strategy uthor Claire Reynolds and udit Officer (Lead for Risk Management) Version Control V1 30 October 2006 pproved by Executive Committee V2 October/ November

More information

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security. Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving

More information

VoIP Security, an overview of the Threat Landscape

VoIP Security, an overview of the Threat Landscape VoIP Security, an overview of the Threat Landscape Peter Cox CTO Borderware Technologies peter@borderware.com Abstract Voice over IP (VoIP) services are, as the name suggests a method of running Voice

More information

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices

More information

Availability Acceleration Access Virtualization - Consolidation

Availability Acceleration Access Virtualization - Consolidation Sales Guide straight to the point Availability Acceleration Access Virtualization - Consolidation F5 Battlecard Aligning business strategy and the IT infrastructure F5 provides strategic points of control

More information

Central Hosting. Case Study

Central Hosting. Case Study Central Hosting Case Study October, 2014 Central Hosting Case Study Background An Chéim was originally set up to procure, distribute and implement key MIS systems (hardware and software) for the Institutes

More information

Portal Annual Report 2012/13

Portal Annual Report 2012/13 Portal Annual Report 2012/13 Introduction This report is provided for a diverse audience and covers the year 1st September 2012 31st August 2013, the seventh year of operation of the Portal. The Portal

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015 Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated

More information

My CEO wants an ipad now what? Mobile Security for the Enterprise

My CEO wants an ipad now what? Mobile Security for the Enterprise My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager

More information

Protect Yourself in the Cloud Age

Protect Yourself in the Cloud Age Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation

More information

Strategic Plan FY 2014-2016

Strategic Plan FY 2014-2016 Strategic Plan FY 2014-2016 CONTENTS SUMMARY 3 ACADEMIC SERVICES 4 DATA MANAGEMENT & REPORTING 6 COMMUNICATIONS & COLLABORATION 7 IT SERVICES 8 INFRASTRUCTURE 9 SECURITY 10 BRAND BUILDING 11 INITIATION

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

Security aspects of e-tailing. Chapter 7

Security aspects of e-tailing. Chapter 7 Security aspects of e-tailing Chapter 7 1 Learning Objectives Understand the general concerns of customers concerning security Understand what e-tailers can do to address these concerns 2 Players in e-tailing

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information

Global IT Security Risks

Global IT Security Risks Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most

More information

Council, 6 February 2014. IT Report. Executive summary and recommendations. Introduction

Council, 6 February 2014. IT Report. Executive summary and recommendations. Introduction Council, 6 February 2014 IT Report Executive summary and recommendations Introduction The report sets out the main activities of the IT Department since the last meeting of Council. It includes statistical

More information

G-Cloud Definition of Services Security Penetration Testing

G-Cloud Definition of Services Security Penetration Testing G-Cloud Definition of Services Security Penetration Testing Commercial in Confidence G-Cloud Services An Overview Inner Security is a leading CREST registered information security services provider. We

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

Top 10 Risks in the Cloud

Top 10 Risks in the Cloud A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question

More information

INFORMATION SECURITY Humboldt State University

INFORMATION SECURITY Humboldt State University CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY Humboldt State University Audit Report 14-50 October 30, 2014 EXECUTIVE SUMMARY OBJECTIVE The objectives of

More information

www.fedtechmagazine.com/article/2012/05/locking-down-byod

www.fedtechmagazine.com/article/2012/05/locking-down-byod CASE STUDIES TACTICAL ADVICE RESOURCES Infrastructure Optimization Security Storage Networking Mobile & Wireless Hardware & Software Management CURRENT ISSUE Subscribe 1/8 5 Next Level Data Consolidation

More information

Computing & Telecommunications Services Monthly Report March 2015

Computing & Telecommunications Services Monthly Report March 2015 March 215 Monthly Report Computing & Telecommunications Services Monthly Report March 215 CaTS Help Desk (937) 775-4827 1-888-775-4827 25 Library Annex helpdesk@wright.edu www.wright.edu/cats/ Last Modified

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

2011 NATIONAL SMALL BUSINESS STUDY

2011 NATIONAL SMALL BUSINESS STUDY 2011 NATIONAL SMALL BUSINESS STUDY The National Cyber Security Alliance has conducted a new study with Symantec to analyze cyber security practices, behaviors and perceptions of small businesses throughout

More information

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative

More information

Security Whitepaper: ivvy Products

Security Whitepaper: ivvy Products Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

University of Strathclyde: Information Services Directorate Operational Plan for 2014/15

University of Strathclyde: Information Services Directorate Operational Plan for 2014/15 University of Strathclyde: Information Services Directorate Operational Plan for 2014/15 Enabling the future: transforming our information systems and technology 2014/15 2014/2015 CONTENTS 1 DRIVERS, STRATEGIC

More information

Strategic Plan for Technology 2015-2020

Strategic Plan for Technology 2015-2020 Florida Gulf Coast University Strategic Plan for Technology 2015-2020 Information Resource Committee I. Overview of the Process Information Resource Committee In the Fall of 2014, the Planning and Budget

More information

Data Breach Response Planning: Laying the Right Foundation

Data Breach Response Planning: Laying the Right Foundation Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA

More information

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014 CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION Architecture Framework Advisory Committee November 4, 2014 1 Agenda TIME TOPICS PRESENTERS 9:00 9:15 Opening Remarks and Introductions Shirley Ivan,

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

Information Security Team

Information Security Team Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface

More information

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University. Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able

More information

Guidance on data security breach management

Guidance on data security breach management ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...

More information

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing

More information

Information Technology. A Current Perspective on Risk Management

Information Technology. A Current Perspective on Risk Management Information Technology A Current Perspective on Risk Management Topics Covered Information Security Program Common Examination Findings Existing and Emerging Risks ACH/Wire Fraud and Corporate Account

More information

Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Private Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Cloud computing has completely transformed the way business organizations

More information

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare

More information

24x7 Help Desk Services Questions & Answers for RFP 40016_21030705

24x7 Help Desk Services Questions & Answers for RFP 40016_21030705 24x7 Help Desk Services Questions & Answers for RFP 40016_21030705 1. What % of the call volume that was listed in the RFP was related to LMS (BB and Moodle) support? See Table 5 2. What is the number

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

ICT Category Sub Category Description Architecture and Design

ICT Category Sub Category Description Architecture and Design A A01 Architecture and Design Architecture and Design Enterprise & Business Architecture A02 Architecture and Design Information Architecture A03 Architecture and Design Solution Architecture B Benchmarking

More information

e2e Secure Cloud Connect Service - Service Definition Document

e2e Secure Cloud Connect Service - Service Definition Document e2e Secure Cloud Connect Service - Service Definition Document Overview A cloud connectivity service that connects users, devices, offices and clouds together over the Internet. Organisations can choose

More information

Cost effective methods of test environment management. Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA

Cost effective methods of test environment management. Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA Cost effective methods of test environment management Prabhu Meruga Director - Solution Engineering 16 th July SCQAA Irvine, CA 2013 Agenda Basic complexity Dynamic needs for test environments Traditional

More information

IT Strategy Review April 2014

IT Strategy Review April 2014 IT Strategy Review April 2014 1. Executive Summary UCD IT Services developed a five year IT Strategy (2009-2013) and has now completed its implementation. The strategy set out key objectives for each area

More information

VPN Lesson 2: VPN Implementation. Summary

VPN Lesson 2: VPN Implementation. Summary VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

Cloud Computing Continued. Jan Šedivý

Cloud Computing Continued. Jan Šedivý Cloud Computing Continued Jan Šedivý Recapitulation Connect Anywhere, Anytime Central administration Cloud applications WEB applications Architecture Cloud architecture Deployment models Higher Reliability

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:

More information

Worry-free Email Security in the Cloud for Online Gaming Pioneer

Worry-free Email Security in the Cloud for Online Gaming Pioneer Microsoft Office 365 Customer Solution Case Study Worry-free Email Security in the Cloud for Online Gaming Pioneer Overview Country or Region: South Korea Industry: Entertainment Customer Profile Actoz

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

Best Practices for Trialing the Intronis Cloud Backup and Recovery Solution

Best Practices for Trialing the Intronis Cloud Backup and Recovery Solution Best Practices for Trialing the Intronis Cloud Backup and Recovery Solution Intronis Cloud Backup and Recovery is a file based backup application that allows users to back up their critical data to the

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security

More information

Physically secure facilities will better protect your computing equipment from theft, vandalism and accidental damage

Physically secure facilities will better protect your computing equipment from theft, vandalism and accidental damage ITS Service Level Agreement Last Changed: July 31, 2014 Co-Location Service What is Co Location? Co Location is an ITS service that allows departments and researchers at the University of Hawaii to locate

More information

Training Employees to Recognise & Avoid Advanced Threats

Training Employees to Recognise & Avoid Advanced Threats Training Employees to Recognise & Avoid Advanced Threats Joe Ferrara, President & CEO, Wombat Security Technologies Rashmi Knowles, Chief Security Architect EMEA, RSA The Security Division of EMC Session

More information

FRAMEWORK for NATIONAL NETWORK & CYBER SECURITY

FRAMEWORK for NATIONAL NETWORK & CYBER SECURITY FRAMEWORK for NATIONAL NETWORK & CYBER SECURITY 23 September 2009 1 06-02-200906.02.2009 Ram Narain Email: ramnarain@hotmail.com 7 Tier Approach to Network & Cyber Security 5 levels of Security Tier 1

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

Data Security Breach Management - A Guide

Data Security Breach Management - A Guide DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT GD21 2 DATA PROTECTION (JERSEY) LAW 2005: GUIDANCE ON DATA SECURITY BREACH MANAGEMENT Introduction Organisations which process

More information

The Business Case Migration to Windows Server 2012 R2 with Lenovo Servers

The Business Case Migration to Windows Server 2012 R2 with Lenovo Servers The Business Case Migration to Windows Server 2012 R2 with Lenovo Servers New levels of integration and capabilities provide the foundation for building more successful businesses with this new infrastructure

More information

CABINET 9 th February 2006. Report of the Director of Partnerships and Customer Services

CABINET 9 th February 2006. Report of the Director of Partnerships and Customer Services CABINET 9 th February 2006 Report of the Director of Partnerships and Customer Services ITEM 11 CRM DEVELOPMENT Purpose of the Report To seek approval to the replacement for the Council s Customer Relationship

More information

Injazat s Managed Services Portfolio

Injazat s Managed Services Portfolio Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information