Smith College Information Security Risk Assessment Checklist

Size: px
Start display at page:

Download "Smith College Information Security Risk Assessment Checklist"

Transcription

1 Smith College Information Security Risk Assessment Checklist This form contains a checklist for individual data handlers who are conducting an information security risk assessment of their work environment. The checklist is intended to provide you with options to consider in assessing information security risks. You and your department are encouraged to change, add, or delete specific and/or general items in the checklist to make the assessment more relevant to the specific environment and needs of your job or workplace. Please review the results of your assessment with your supervisor or manager. The ultimate goal of this process is for departments to develop plans and action items that will reduce their risk, help them align their business practices with risk management and compliance needs, and assist in evaluating a potential security breach event. Name: Location: Date: YES NO In summary, does the hard drive of your computer contain any legallyprotected personal information* or other classified information? If YES, please provide the following information: Desktop computers -> Ethernet computer identifier: Laptop computers -> Ethernet computer identifier: -> Wireless computer identifier: For instructions on finding your computer identifier(s), see:

2 For each item on the following checklist, please enter one of the following: Y = Yes N = No IP = In progress NA = Not applicable Overall Location Assessment: For each location Has this location been inspected for the presence of both physical and electronic classified information? Is any PI* data stored in this location? If yes, is there a continuing business need to keep the information in this location? If yes, is the location locked or monitored during normal business hours? If yes, is the location locked and/or monitored during non-business hours? If yes, can only authorized personnel access the location? If yes, is classified information stored in a secured enclosure? If no, is there a plan to move the information to an appropriate location? Or, is there a plan to securely remove or destroy the information? Physical Information Assessment: For any location in which classified information is stored or processed on physical media (e.g., paper, index cards, computer printout, etc.) Are there guidelines in place that specify who is granted access to classified information in this location? Is the information stored securely when not in use? Is there physical PI* data in this location? If yes, are there clear guidelines on how it is stored and accessed? If yes, are there clear guidelines for who is allowed to see or have copies of this information?

3 Electronic Information Assessment: For each computer you use in your location, please provide the following information. Computer type (Windows, Mac, other): Computer identifier (e.g., IP address, MAC address, or network name): Has the hard drive (C: drive) of this computer been scanned for PI* data using Identity Finder? Have all external devices used with this computer, including hard drives, thumb drives, and backup media, been scanned for PI* data using Identity Finder? Have you scanned your personal network drive (H: drive) for PI* data using Identity Finder? Did you find any PI* data? If yes, has the PI* data been reviewed with the relevant Data Custodian? If yes, have you decided what action to perform on the PI* data (e.g., shred, encrypt, scrub, move, or leave in place)? If yes, have all remediation steps been completed? Is any other classified information processed or maintained on this computer? If yes, has the data been reviewed by the relevant data custodian or their representative? Are any remediation steps required to ensure that only needed data is maintained? Are there clear guidelines in place for the storage and handling of the data?

4 Computer Security: Security considerations for all computer systems, including office desktops and laptops, that contain or process PI* data or other classified information Does the computer require a password on startup and wake from sleep mode? Does the computer have an idle timer set and a screen saver with password protection? Are system updates and security patch checks performed automatically by the system? Does the system have up-to-date virus and malware detection (e.g., McAfee VirusScan) installed? Are computer access passwords shared among several users? If yes, are there specific authorized user access controls for classified information? Are all files or folders containing confidential information protected by encryption or by at least two levels of passwords (e.g., workstation and network passwords)? Does the system have internal firewalls enabled and configured? Does the computer have a cable lock or other physical security protection? Does the computer have electrical surge or UPS protection? Is the computer used for other purposes not related to classified information? Laptops and Other Portable Devices: Additional considerations for laptop systems and other portable devices that contain or process PI* data or other classified information Are all files or folders containing PI* information encrypted? Do you carry and use a cable lock when traveling? Does your laptop have a lost/stolen system retrieval service installed (eg. CompuTrace)? For handheld devices, can the device be remotely wiped if lost or stolen? Are all removable storage devices stored in a secure location? Is there a procedure for securely destroying classified information from external storage? Is information about the laptop or other device recorded and maintained outside the device itself? If a laptop or other device is lost or stolen, it is very helpful to have its serial number, computer identifier(s), operating system type, and a list of files and folders containing classified information

5 Data backups: Security considerations for backed-up data Is important information on local drives backed up at regular intervals? Are the backups and backup media encrypted or stored in a secure location? Is there a defined retention period for backup media? Is there a procedure for securely destroying classified information from backup storage? Please enter any other comments or questions below:

Back to My Mac User s Guide

Back to My Mac User s Guide Back to My Mac User s Guide This guide will show you how to access a remote Leopard or Snow Leopard based Mac, Time Capsule, or external hard disk connected to an AirPort Extreme Base Station over the

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Course: Information Security Management in e-governance

Course: Information Security Management in e-governance Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security

More information

SAO Remote Access POLICY

SAO Remote Access POLICY SAO Remote Access POLICY Contents PURPOSE... 4 SCOPE... 4 POLICY... 4 AUTHORIZATION... 4 PERMITTED FORMS OF REMOTE ACCESS... 5 REMOTE ACCESS USER DEVICES... 5 OPTION ONE: SAO-OWNED PC... 5 OPTION TWO:

More information

Stable and Secure Network Infrastructure Benchmarks

Stable and Secure Network Infrastructure Benchmarks Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day

More information

Back to My Mac User s Guide

Back to My Mac User s Guide Back to My Mac User s Guide This guide will help you access your remote Leopard-based Macs over the Internet using.mac. Overview Getting something from your Mac when you are away from home is a daunting

More information

UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting

UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting SECURITY HANDBOOK Mission Statement: UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting investigations. UIT Security

More information

Congregation Data Security Education

Congregation Data Security Education Congregation Data Security Education Data Security Risks Incoming and Outgoing Internet Traffic Remote Access Outbound Email Improperly Discarded Paper Portable Media Devices (i.e. laptops, flash drives,

More information

Implementing an Effective Information Security Program in Your Agency

Implementing an Effective Information Security Program in Your Agency Implementing an Effective Information Security Program in Your Agency Presented by: Steve Aronson, Aronson Insurance Ted Joyce, N B Independent Brokerage Jeff Yates, Agents Council for Technology 1 Our

More information

Policies and Procedures

Policies and Procedures Policies and Procedures Provided by PROGuard The following are policies and procedures which need to be enforced to ensure PCI DSS compliance. In order to answer yes to the questions and pass the SAQ,

More information

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access

More information

Identity Finder Quick Start Guide for Mac

Identity Finder Quick Start Guide for Mac Identity Finder Quick Start Guide for Mac Maintained by University IT Security and Policy Revised date: 10/30/2013 Identity Finder assists in the discovery and removal of Personally Identifiable Information

More information

Security Practices Essentials. Viruses McAfee Virus Software Critical Windows Updates Network Settings. Spyware Adaware Spybot Windows Defender

Security Practices Essentials. Viruses McAfee Virus Software Critical Windows Updates Network Settings. Spyware Adaware Spybot Windows Defender Security Practices Essentials Viruses McAfee Virus Software Critical Windows Updates Network Settings Spyware Adaware Spybot Windows Defender Security Practices Essentials: All computer passwords should

More information

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College

More information

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI Office of Regulatory Compliance 13001 E. 17 th Place, Suite W1124 Mail Stop F497 Aurora, CO 80045 Main Office: 303-724-1010 Main Fax: 303-724-1019 HIPAA Policy 7.1 Title: Source: Prepared by: Approved

More information

Small Business IT Risk Assessment

Small Business IT Risk Assessment Small Business IT Risk Assessment Company name: Completed by: Date: Where Do I Begin? A risk assessment is an important step in protecting your customers, employees, and your business, and well as complying

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agency Mobile Security July 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: Mobile Security

More information

Georgia Institute of Technology Data Protection Safeguards Version: 2.0

Georgia Institute of Technology Data Protection Safeguards Version: 2.0 Data Protection Safeguards Page 1 Georgia Institute of Technology Data Protection Safeguards Version: 2.0 Purpose: The purpose of the Data Protection Safeguards is to provide guidelines for the appropriate

More information

Data Stored on a Windows Computer Connected to a Network

Data Stored on a Windows Computer Connected to a Network Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Computer Connected to

More information

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts. Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms

More information

HELPFUL TIPS: MOBILE DEVICE SECURITY

HELPFUL TIPS: MOBILE DEVICE SECURITY HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information

More information

PimaCountyCommunityCollegeDistrict Standard Practice Guide Administrative Procedure

PimaCountyCommunityCollegeDistrict Standard Practice Guide Administrative Procedure PimaCountyCommunityCollegeDistrict Standard Practice Guide Administrative Procedure SPG AP Title: Portable College-Issued Mobile Device Security SPG AP Number: SPG-5702/AD AP 9.01.04 Effective Date: 11/13/06

More information

NETWORK INFRASTRUCTURE USE

NETWORK INFRASTRUCTURE USE NETWORK INFRASTRUCTURE USE Information Technology Responsible Office: Information Security Office http://ooc.usc.edu infosec@usc.edu (213) 743-4900 1.0 Purpose The (USC) provides its faculty, staff and

More information

Best Practices for Information Security

Best Practices for Information Security Best Practices for Information Security Suzanne Dmytrenko, Information Privacy Officer Email: suzanne@sfsu.edu. Ph: 415-338-2823 Mig Hofmann, Information Security Officer Email: mig@sfsu.edu. Ph: 415-338-3018

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

Follow the instructions below for first-time users only

Follow the instructions below for first-time users only Whittier Law School Law Library Cisco NAC Agent Wireless Installation Guide For Microsoft Windows In order to access the wireless network on campus, Microsoft Windows laptop users must go through the Cisco

More information

NETWORK SECURITY GUIDELINES

NETWORK SECURITY GUIDELINES NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus

More information

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information

More information

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems Security Tool Kit System Checklist Departmental Servers and Enterprise Systems INSTRUCTIONS System documentation specifically related to security controls of departmental servers and enterprise systems

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure

More information

MUSC Information Security Policy Compliance Checklist for System Owners Instructions

MUSC Information Security Policy Compliance Checklist for System Owners Instructions Instructions This checklist can be used to identify gaps in compliance with MUSC's information security policies and standards, which are published on the Web at http://www.musc.edu/security. Each of the

More information

Information Systems and Technology

Information Systems and Technology As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons

More information

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific

More information

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201 Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...

More information

Data Stored on a Windows Server Connected to a Network

Data Stored on a Windows Server Connected to a Network Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Server Connected to

More information

Healthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security

Healthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security Healthcare Security Vulnerabilities Adam Goslin Chief Operations Officer High Bit Security Webinar Overview IT Security and Data Loss Breach Sources / Additional Information Recent Medical Breach / Loss

More information

Service Level Agreement. Desktop Support

Service Level Agreement. Desktop Support Service Level Agreement Desktop Support Institute for Quantitative Social Science (IQSS) and Harvard MIT Data Center (HMDC) 15 October 2009 1. Overview This service level agreement defines the baseline

More information

Policy Title: HIPAA Access Control

Policy Title: HIPAA Access Control Policy Title: HIPAA Access Control Number: TD-QMP-7018 Subject: Ensuring that access to EPHI is only available to those persons or programs that have been appropriately granted such access. Primary Department:

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:

More information

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs The Identity Theft and Fraud Protection Act (Act No. 190) allows for the collection, use

More information

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Name: Position held: Company Name: Is your organisation ISO27001 accredited: Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:

More information

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher A Nemaris Company Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher 306 East 15 th Street Suite 1R, New York, New York 10003 Application Name Surgimap Vendor Nemaris Inc. Version

More information

NETWORK AND INTERNET SECURITY POLICY STATEMENT

NETWORK AND INTERNET SECURITY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

More information

University for the Creative Arts. Mobile Working and Remote Access Policy

University for the Creative Arts. Mobile Working and Remote Access Policy Mobile Working and Remote Access Policy Version 1.0 Date: 20 July 2009 Document History Version History 1.0 20 July 2009 Approved for publication by the IS Board after E&FC approval in June 2009 Title:

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

Data Stored on a Stand-Alone Computer

Data Stored on a Stand-Alone Computer Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from the National Longitudinal Study of Adolescent to Adult Health Data Stored on a Stand-Alone Computer All requests

More information

Vendor Assessment Worksheet:

Vendor Assessment Worksheet: Vendor Assessment Worksheet: A sample set of IT security controls for evaluation of third party vendors capacity to protect institutional research data 1 Table of Contents Executive Summary... 3 Vendor

More information

Identity Finder Quick Start Guide for Windows

Identity Finder Quick Start Guide for Windows Identity Finder Quick Start Guide for Windows Maintained by University IT Security and Policy Revised date: 10/30/2013 Identity Finder assists in the discovery and removal of Personally Identifiable Information

More information

Remote Access and Mobile Working Policy. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.1. Approval. Review By June 2012

Remote Access and Mobile Working Policy. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.1. Approval. Review By June 2012 Remote Access and Mobile Working Policy Document Status Security Classification Version 1.1 Level 4 - PUBLIC Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the

More information

2011 NATIONAL SMALL BUSINESS STUDY

2011 NATIONAL SMALL BUSINESS STUDY 2011 NATIONAL SMALL BUSINESS STUDY The National Cyber Security Alliance has conducted a new study with Symantec to analyze cyber security practices, behaviors and perceptions of small businesses throughout

More information

Data Access Request Service

Data Access Request Service Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations

More information

Information Security Policy

Information Security Policy Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

Rules of the Road for Users of Smithsonian Computers and Networks

Rules of the Road for Users of Smithsonian Computers and Networks Rules of the Road for Users of Smithsonian Computers and Networks Introduction Smithsonian systems, networks and other computer resources are shared among Smithsonian employees, interns, visiting scholars,

More information

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University

More information

BSHSI Security Awareness Training

BSHSI Security Awareness Training BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement

More information

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information

More information

IT Maintenance Checklist. Infrastructure

IT Maintenance Checklist. Infrastructure Check Network Owners Manual on site IT Maintenance Checklist Infrastructure o LAN diagram showing computer and device locations Internet Service Provider o Name of Provider (i.e. AT&T, Time Warner, Embarq,

More information

GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS

GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS Your Login ID: GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS CONTENTS 1.0 Introduction... 3 1.1 Welcome to Edinburgh Napier University from Information Services!... 3 1.2 About Information

More information

Xerox Mobile Print Cloud

Xerox Mobile Print Cloud September 2012 702P00860 Xerox Mobile Print Cloud Information Assurance Disclosure 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the United

More information

Information Security Policy Manual

Information Security Policy Manual Information Security Policy Manual Latest Revision: May 16, 2012 1 Table of Contents Information Security Policy Manual... 3 Contact... 4 Enforcement... 4 Policies And Related Procedures... 5 1. ACCEPTABLE

More information

University of San Francisco

University of San Francisco University of San Francisco Acceptable Use Policy (AUP) & Agreement for POS Devices and PCI Network 1. Purpose University of San Francisco (USF) provides access to the PCI network for processing CASHNet

More information

Introduction. PCI DSS Overview

Introduction. PCI DSS Overview Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,

More information

Information Security Policy for Associates and Contractors

Information Security Policy for Associates and Contractors Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...

More information

WHITE PAPER: MASSACHUSETTS DATA SECURITY REGULATIONS

WHITE PAPER: MASSACHUSETTS DATA SECURITY REGULATIONS WHITE PAPER: MASSACHUSETTS DATA SECURITY REGULATIONS Introduction Massachusetts regulations set forth minimum requirements for both the protection of personal information and the electronic storage or

More information

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan LAW OFFICE SECURITY for Small Firms and Sole Practitioners Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan 1. Introduction CONTENTS 2. Security Consciousness Having a Firm Security

More information

Best Practices for Protecting Laptop Data

Best Practices for Protecting Laptop Data Laptop Backup, Recovery, and Data Security: Protecting the Modern Mobile Workforce Today s fast-growing highly mobile workforce is placing new demands on IT. As data growth increases, and that data increasingly

More information

2012 NCSA / Symantec. National Small Business Study

2012 NCSA / Symantec. National Small Business Study 2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National

More information

Countering and reducing ICT security risks 1. Physical and environmental risks

Countering and reducing ICT security risks 1. Physical and environmental risks Countering and reducing ICT security risks 1. Physical and environmental risks 1. Physical and environmental risks Theft of equipment from staff areas and Theft of equipment from public areas Theft of

More information

Massachusetts Identity Theft/ Data Security Regulations

Massachusetts Identity Theft/ Data Security Regulations Massachusetts Identity Theft/ Data Security Regulations Effective March 1, 2010 Are You Ready? SPECIAL REPORT All We Do Is Work. Workplace Law. In four time zones and 45 major locations coast to coast.

More information

Miami University. Payment Card Data Security Policy

Miami University. Payment Card Data Security Policy Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that

More information

The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures

The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures to protect and secure a covered entity s electronic information

More information

ADM:49 DPS POLICY MANUAL Page 1 of 5

ADM:49 DPS POLICY MANUAL Page 1 of 5 DEPARTMENT OF PUBLIC SAFETY POLICIES & PROCEDURES SUBJECT: IT OPERATIONS MANAGEMENT POLICY NUMBER EFFECTIVE DATE: 09/09/2008 ADM: 49 REVISION NO: ORIGINAL ORIGINAL ISSUED ON: 09/09/2008 1.0 PURPOSE The

More information

Supplier IT Security Guide

Supplier IT Security Guide Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA

More information

Using TS-ACCESS for Remote Desktop Access

Using TS-ACCESS for Remote Desktop Access Using TS-ACCESS for Remote Desktop Access Introduction TS-ACCESS is a remote desktop access feature available to CUA faculty and staff who need to access administrative systems or other computing resources

More information

CUMC IT. Encryption Policy. Author: Carlo Cuttitta CUMC IT Columbia University Medical Center PH 18-108, 630 West 168th Street New York, NY 10032

CUMC IT. Encryption Policy. Author: Carlo Cuttitta CUMC IT Columbia University Medical Center PH 18-108, 630 West 168th Street New York, NY 10032 CUMC IT Encryption Policy Author: Carlo Cuttitta CUMC IT Columbia University Medical Center PH 18-108, 630 West 168th Street New York, NY 10032 Document Revision History Version Author(s) Date Issued to

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

[BRING YOUR OWN DEVICE POLICY]

[BRING YOUR OWN DEVICE POLICY] 2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2

More information

Page 1. Copyright 2009. MFA - Moody, Famiglietti & Andronico, LLP. All Rights Reserved.

Page 1. Copyright 2009. MFA - Moody, Famiglietti & Andronico, LLP. All Rights Reserved. Page 1 Page 2 Page 3 Agenda Defining the Massachusetts Personal Data Security Law Becoming Compliant Page 4 Massachusetts Privacy Law Defining the Massachusetts Personal Data Security Law - 201 CMR 17.00

More information

Payment Card Industry Self-Assessment Questionnaire

Payment Card Industry Self-Assessment Questionnaire How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.

More information

University of Cincinnati Limited HIPAA Glossary

University of Cincinnati Limited HIPAA Glossary University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations

More information

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State

More information

HR Documents and Templates Information Technology PolicyPro

HR Documents and Templates Information Technology PolicyPro HR Documents and Templates Information Technology PolicyPro PLANNING Strategic Planning Contents of an IT Strategic Plan (F) Strategic Issues Checklist (CH) Tactical Planning Implementation Planning Change

More information

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks

More information

CVM Computer Security Training

CVM Computer Security Training CVM Computer Security Training Responsible Computing Practices Veterinary Information Systems March 2008 Agenda Physical Security Responsible Behavior Minimum Computer Security Standards (MCSS) Data Definitions

More information

PCI DSS Requirements - Security Controls and Processes

PCI DSS Requirements - Security Controls and Processes 1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data

More information

Bring Your Own Device

Bring Your Own Device Bring Your Own Device Save costs, deliver flexible working and manage the risks Gary Shipsey Managing Director 25 September 2014 Agenda Bring Your Own Device (BYOD) and your charity and how to avoid the

More information

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template) Below you will find the following sample policies: Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template) *Log in to erisk Hub for

More information

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific

More information

Bring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com

Bring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks

More information

SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE

SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE Checklist for taking personally identifiable information (PII) out of the workplace: q Does your organization s policy permit the removal of PII from the office?

More information