Think secure. Information security at the University of Copenhagen

Size: px
Start display at page:

Download "Think secure. Information security at the University of Copenhagen"

Transcription

1 Think secure Information security at the University of Copenhagen All staff and students at the University of Copenhagen (KU) have to be familiar with information security (IS), because: we need to take care of the knowledge we produce and disseminate; it is for the benefit of ourselves, each other, the present and the future; we need to protect the good name and reputation of KU. This brochure outlines, clearly and concisely, what students need to know about IS. Side 1 af

2 Information security in brief In your dealings with the University of Copenhagen, it is important that you know how to look after your own, other people's and the University's shared knowledge. It is therefore essential that all users comply with the security rules. These rules are designed to be user-friendly and easy to follow, so that everybody is able play their part in safeguarding information. The aim is for IS to become part of everyday life at the University. Who should know what? We all have to be familiar with and follow certain rules about security in our daily work. As students, it is particularly important that you learn the rules for passwords and pin codes. You also have to be able to spot security breaches and react appropriately. Why do I have to know it? You must know about the most common security threats in order to protect the University. You must know the rules in order to safeguard your own and other people's knowledge and movements. You must know when and how to react. What do I do next? Read through the rules. Make security considerations part of your daily routine. Contact us if you know of or suspect a security breach. What do I do if I discover something suspicious or if I am uncertain? Ring your IS line manager, whose number you will find below. If it is a matter of urgency, you may contact KU's security manager directly on tel.: If you are in any doubt about whether you are following the security procedures correctly, you will find the appropriate rules, as well as links to local security pages, at informationssikkerhed.ku.dk. Irrespective of the situation, you are always welcome to ring the person responsible for IS in your area (contact details are available at informationssikkerhed.ku.dk/lisu.dk). If you are unable to contact the IS line manager or do not know who it is, call KU s IT security manager (tel.: ) or send an (IS@adm.ku.dk). Side 2 af

3 For safety s sake Knowledge is our most valuable asset We generate and communicate knowledge online, in writing and orally. This is KU s most important activity and asset. It really is as simple as that. So we all of us need to take due care of that knowledge. IS should become a habit, a normal part of our daily lives. All it requires is a little effort. Simple and secure It is very simple: we have to protect what we produce. In other words, we have to look after KU s knowledge resources for the benefit of ourselves, each other, the past, the present and the future. Knowledge and information are everywhere in our daily lives: in chats in the corridor; in mobile-phone conversations on the street; written down on paper; stored on a laptop; sent and received as ; transmitted along cables; beamed through the air; or kept on film. Every time that information takes the form of speech, text or data, we must ensure that it is secure. Everybody at KU needs to know how to protect knowledge and information so that the day-to-day work of the University continues to run smoothly, both now and in the future. Imagine that......your laptop breaks down and you have failed to back up your files. Many years' worth of work is lost, and even the best IT experts and most sophisticated tools cannot re-create it. This is a real security threat. A breach of security is not just a fire or a theft; and it is not something that only happens to somebody else. There are potential security risks in everything we do. We must face up to all threats, not just the most serious ones viruses, theft, fraud, espionage, sabotage, terror, fire, flooding. Every threat counts, no matter how trivial it may seem. Side 3 af

4 As unrestricted as possible As a research and education institution, KU makes extensive use of internal and external electronic communications for the digital exchange of information. It is essential that we are able to continue to do this, preferably with as few restrictions as possible we must be user-friendly and avoid unnecessarily complicated security measures. Our security initiatives will be updated with this principle in mind. IS is organised in such a way that it safeguards our greatest asset, i.e. knowledge, and takes account of the fact that we are sometimes on the cutting edge of research and teaching. IS covers man-made, natural and technological threats. IS is organised on the basis of the desire to create a good balance between openness, security and costs. Accessibility, integrity and confidentiality These three aspects are central to our security measures: Accessibility We must be able to use the relevant IT systems unhindered, and gain access to the relevant data whenever necessary. Integrity Our knowledge must be stored correctly and be intact, and the IT systems must function perfectly. Confidentiality Our knowledge must be protected, and must be inaccessible to unauthorised users. Individual responsibility is the most important aspect of security. Side 4 af

5 How do you guard 100 football pitches? The University of Copenhagen is spread out over many buildings and addresses. It covers a total of 670,000 square metres the equivalent of 100 football pitches. This is a very large area to safeguard, and so we must all help to protect against unauthorised access, physical damage and interference. This means that: buildings, rooms, etc., must fulfil a number of requirements; access controls enable only those with the right authorisation to gain entry; offices, rooms and equipment are safeguarded; account is taken of threats such as fire, flood, earthquake, explosions, civil unrest, terrorism and other natural or man-made threats; procedures, plans and safe areas are established to protect sensitive information assets; loading and unloading areas that are publicly accessible are kept under surveillance; equipment is protected against physical threats; procedures are in place for emergency supplies in the event of failures in water, electricity, sewage or ventilation systems; cables for electricity supply and data communications are protected; plant and equipment is maintained as per the guidelines; equipment that is used outside of University premises is protected; critical/sensitive information is removed from equipment upon disposal; the University's information assets must not be removed without permission. Side 5 af

6 Be aware and react! It is our joint responsibility to keep an eye on and report breaches of or weaknesses in security. Be aware of: Malicious acts such as: o burglary o theft o vandalism Human failings such as: o failure to follow procedures o failure to follow guidelines o lack of training o breaches of access control System failures such as: o hardware errors o errors in operating systems o errors in basic systems o supply failures Unusual occurrences such as: o abnormally slow systems o repetition of log-in requests o viruses, spam, spyware, etc. Remember to react! When we see or suspect a breach of security, we may hesitate to report it. After all, we might not be certain what we saw, we might be unsure of the rules, or we might not know exactly what to do. But don't hesitate we want to hear from you. When you discover or suspect a breach of security, call or your IS line manager (or KU s IT security manager on tel ) to report what you have seen. Be sure to leave contact details (i.e. your mobile number) in case we need more information. Side 6 af

7 Be careful with passwords and pin codes Our IT Department manages KU s network security. They ensure that the right people have access to the right systems, and also implement a whole series of security procedures, e.g. automatic backups, system surveillance, and measures to combat viruses, worms, Trojan horses, etc. Daily security reminders All staff and students have an ID card with a pin code. The card is personal and confidential. You must keep your ID card with you at all times and remember your pin code. These are the most important security considerations: Keep your passwords and access codes completely confidential at all times. Never reveal them or write them down. Never store your passwords and access codes in files in plain text. Select passwords and access codes that: are easy to remember; cannot be guessed by other people, based on, for example, names, telephone numbers, dates of birth, etc.; are not based on or found in dictionaries or other lists of words; do not contain identical numbers or letters beside each other. Change access codes at regular intervals and do not recycle old ones. Do not use the same access code for both private and work purposes. Change your access code if you suspect someone else has seen it. Do not include your access code in any automatic login process. Do not leave your computer unprotected so that others are able to gain access to its contents. Take particular care of PDAs, mobile phones, USB keys, CDs and other mobile equipment that contains confidential data. Pay attention to abnormal behaviour in others and report it to your IS line manager. What about laptops? When you are working at home or have mobile equipment e.g. a laptop, mobile phone, PDA, etc. you must comply with certain security measures. Your mobile equipment must be updated regularly so it is protected against harmful programmes, etc. You must ensure that you regularly back up important information. Side 7 af

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0 BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

More information

How To Protect Decd Information From Harm

How To Protect Decd Information From Harm Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Willem Wiechers 3 rd March 2015

Willem Wiechers 3 rd March 2015 Willem Wiechers 3 rd March 2015 1 Why do we want Malware & Virus Protection? To make our computers save Wish to keep our data private Wish to have a safe environment to do our online banking, shopping,

More information

Desktop and Laptop Security Policy

Desktop and Laptop Security Policy Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious

More information

Information Incident Management Policy

Information Incident Management Policy Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit

More information

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The

More information

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.

More information

Boston University Security Awareness. What you need to know to keep information safe and secure

Boston University Security Awareness. What you need to know to keep information safe and secure What you need to know to keep information safe and secure Introduction Welcome to Boston University s Security Awareness training. Depending on your reading speed, this presentation will take approximately

More information

Viruses, Worms, and Trojan Horses

Viruses, Worms, and Trojan Horses Viruses, Worms, and Trojan Horses Be a Power Reader Make Personal Connections As you read this article, think to yourself, How can I apply this knowledge? How will what I m learning be useful to me? You

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

INFORMATION SECURITY: UNDERSTANDING BS 7799. BS 7799 is the most influential, globally recognised standard for information security management.

INFORMATION SECURITY: UNDERSTANDING BS 7799. BS 7799 is the most influential, globally recognised standard for information security management. FACTSHEET The essence of BS 7799 is that a sound Information Security Management System (ISMS) should be established within organisations. The purpose of this is to ensure that an organisation s information

More information

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are

More information

Acceptable Use of Information Systems Standard. Guidance for all staff

Acceptable Use of Information Systems Standard. Guidance for all staff Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not

More information

TYPE: INFORMATIONAL & INSTRUCTIONAL TECHNOLOGY. POLICY TITLE: Technology Use Policy

TYPE: INFORMATIONAL & INSTRUCTIONAL TECHNOLOGY. POLICY TITLE: Technology Use Policy TYPE: INFORMATIONAL & INSTRUCTIONAL TECHNOLOGY POLICY TITLE: Technology Use Policy The technology resources at Northeast Wisconsin Technical College support the instructional, research and administrative

More information

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative

More information

Policy for Staff and Post 16 Student BYOD (Bring Your Own Device)

Policy for Staff and Post 16 Student BYOD (Bring Your Own Device) Policy for Staff and Post 16 Student BYOD (Bring Your Own Device) Date approved: 7 th May 2015 Review Schedule: Annual Reviewed: Next review: 1 Context Aims of this Policy Definitions CONTENTS 1. OVERVIEW...

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

PRIVACY POLICY. comply with the Australian Privacy Principles (APPs); ensure that we manage your personal information openly and transparently; PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal

More information

HIPAA: Privacy/Info Security

HIPAA: Privacy/Info Security HIPAA: Privacy/Info Security Jeff Jones HIPAA Privacy Officer HIPAA Information Security Officer KY Region What you should know Discussion Topics Protected Health Security Awareness Information(PHI) Disclosure

More information

Angard Acceptable Use Policy

Angard Acceptable Use Policy Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants

More information

CYBER-SAFETY BASICS. A computer security tutorial for UC Davis students, faculty and staff

CYBER-SAFETY BASICS. A computer security tutorial for UC Davis students, faculty and staff CYBER-SAFETY BASICS A computer security tutorial for UC Davis students, faculty and staff INTRODUCTION This tutorial provides some basic information and practical suggestions for protecting your personal

More information

InformatIon Security

InformatIon Security Information Security Behind the obvious advantages to sharing knowledge, researching or developing lies the risk of theft, espionage or sabotage of information. Consequently, there is good reason to prepare

More information

How To Maintain A Security Awareness Program

How To Maintain A Security Awareness Program (Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY Company Policies Security Awareness Program Purposes Integrate Define Feedback Activities Elicit Implement Employees

More information

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March

More information

The Ministry of Information & Communication Technology MICT

The Ministry of Information & Communication Technology MICT The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.

More information

Information Security: Business Assurance Guidelines

Information Security: Business Assurance Guidelines Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

Austin Peay State University

Austin Peay State University 1 Austin Peay State University Identity Theft Operating Standards (APSUITOS) I. PROGRAM ADOPTION Austin Peay State University establishes Identity Theft Operating Standards pursuant to the Federal Trade

More information

HIPAA Privacy & Security Health Insurance Portability and Accountability Act

HIPAA Privacy & Security Health Insurance Portability and Accountability Act HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

BSHSI Security Awareness Training

BSHSI Security Awareness Training BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

Policy Title: HIPAA Security Awareness and Training

Policy Title: HIPAA Security Awareness and Training Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:

More information

Saint Martin s Catholic Academy

Saint Martin s Catholic Academy Saint Martin s Catholic Academy E-Safety Policy - Acceptable Use - Students January 2015 Why have an Acceptable Use Policy? An Acceptable Use Policy is about ensuring that you, as a student at Saint Martin

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

Internal Control Guide & Resources

Internal Control Guide & Resources Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed

More information

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3 OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...

More information

Working Practices for Protecting Electronic Information

Working Practices for Protecting Electronic Information Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that

More information

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

When you listen to the news, you hear about many different forms of computer infection(s). The most common are: Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,

More information

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT

More information

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

Preparing for the HIPAA Security Rule

Preparing for the HIPAA Security Rule A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions

More information

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific

More information

SAFE ONLINE BANKING. Online Banking, Data Security You. Your Partnership for Safe Online Banking

SAFE ONLINE BANKING. Online Banking, Data Security You. Your Partnership for Safe Online Banking SAFE ONLINE BANKING Online Banking, Data Security You & Your Partnership for Safe Online Banking Partnering for Online Security O Online banking has grown rapidly from a niche service to a major new way

More information

IT ACCESS CONTROL POLICY

IT ACCESS CONTROL POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

CYBER-SAFETY. A computer security tutorial for UC Davis students, faculty and staff

CYBER-SAFETY. A computer security tutorial for UC Davis students, faculty and staff CYBER-SAFETY BASICS A computer security tutorial for UC Davis students, faculty and staff I N T R O D U C T I O N This tutorial provides some basic information and practical suggestions for protecting

More information

Child & Vulnerable Adults Protection Policy 2009 2012

Child & Vulnerable Adults Protection Policy 2009 2012 Child & Vulnerable Adults Protection Policy 2009 2012 Contents Introduction 3 Recruitment procedures 4 Responsible adults 5 Unaccompanied children 5 School pupils on work placements 5 Lost children 5 Family

More information

Information Security Incident Management Policy

Information Security Incident Management Policy Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation

More information

Deutsche Bank db easynet. Secure method of use of the db easynet e-banking system

Deutsche Bank db easynet. Secure method of use of the db easynet e-banking system Deutsche Bank Secure method of use of the e-banking system Introduction Deutsche Bank pays particular attention to your security. Therefore, the funds entrusted to us by our Customers are protected, using

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

ENISA s ten security awareness good practices July 09

ENISA s ten security awareness good practices July 09 July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European

More information

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup

More information

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...

More information

Welcome to Information Security Training

Welcome to Information Security Training Welcome to Information Security Training Welcome to Georgia Perimeter College s Information Security Training. Information security consists of processes, measures, and technologies employed to protect

More information

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity

More information

How To Protect Your Information From Being Hacked By A Hacker

How To Protect Your Information From Being Hacked By A Hacker DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate

More information

Information Security Code of Conduct

Information Security Code of Conduct Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks >Email & Internet >Software >Aon Information >Data Protection >ID Badges > Contents Aon Information Security

More information

Network Security and the Small Business

Network Security and the Small Business Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,

More information

1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft

More information

Our Code is for all of us

Our Code is for all of us This is Our Code This is Our Code Our Code How we behave forms the character of our company and dictates how others see us. How we conduct ourselves determines if people want to do business with us, work

More information

INFORMATION SECURITY GUIDE FOR STAFF

INFORMATION SECURITY GUIDE FOR STAFF INFORMATION SECURITY GUIDE FOR STAFF December 2013 TABLE OF CONTENTS Why is information security so important for you and the university...1 Use strong passwords and keep them safe...2 E-mail use...2 Beware

More information

Acceptable Use of ICT Policy. Staff Policy

Acceptable Use of ICT Policy. Staff Policy Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.

More information

HAZELDENE LOWER SCHOOL

HAZELDENE LOWER SCHOOL HAZELDENE LOWER SCHOOL POLICY AND PROCEDURES FOR MONITORING EQUIPMENT AND APPROPRIATE ICT USE WRITTEN MARCH 2015 SIGNED HEADTEACHER SIGNED CHAIR OF GOVERNORS DATE.. DATE. TO BE REVIEWED SEPTEMBER 2016

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to

More information

U07 Information Security Incident Policy

U07 Information Security Incident Policy Dartmoor National Park Authority U07 Information Security Incident Policy June 2010 This document is copyright to Dartmoor National Park Authority and should not be used or adapted for any purpose without

More information

Protecting your business against External Fraud

Protecting your business against External Fraud Monthly ebrief August 2012 Protecting your business against External Fraud Welcome to another edition of our monthly ebriefs, brought to you by Aquila Advisory, the boutique forensic accounting company.

More information

Information Technology Cyber Security Policy

Information Technology Cyber Security Policy Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please

More information

Computer Security Maintenance Information and Self-Check Activities

Computer Security Maintenance Information and Self-Check Activities Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.

More information

Computer Security Basics For UW-Madison Emeritus Faculty and Staff Oakwood Village University Woods September 17, 2014

Computer Security Basics For UW-Madison Emeritus Faculty and Staff Oakwood Village University Woods September 17, 2014 Computer Security Basics For UW-Madison Emeritus Faculty and Staff Oakwood Village University Woods September 17, 2014 Presented by Nicholas Davis, CISA, CISSP UW-Madison, Division of Information Technology

More information

Information Security Incident Reporting & Investigation

Information Security Incident Reporting & Investigation Information Security Incident Reporting & Investigation Purpose: To ensure all employees, consultants, agency workers and volunteers are able to recognise an information security incident and know how

More information

An Approach to Records Management Audit

An Approach to Records Management Audit An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION

More information

Information Security Policy. Policy and Procedures

Information Security Policy. Policy and Procedures Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable

More information

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

STANDARD ON CONTROLS AGAINST MALICIOUS CODE EUROPEAN COMMISSION DIRECTORATE-GENERAL HUMAN RESOURCES AND SECURITY Directorate HR.DS - Security Informatics Security Brussels, 21/06/2011 HR.DS5/GV/ac ARES (2011) 663475 SEC20.10.05/04 - Standards European

More information

ACCIDENT & INCIDENT RECORDING AND REPORTING POLICY

ACCIDENT & INCIDENT RECORDING AND REPORTING POLICY POLICY Policy Statement We follow the guidelines of the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR), the Health & Safety Executive (HSE) and the Statutory Framework for

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

Information Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy

Information Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy Bolsover District Council North East Derbyshire District Council & Rykneld Homes Ltd Information Security Incident Management Policy September 2013 Version 1.0 Page 1 of 13 CONTROL SHEET FOR Information

More information

Retail/Consumer Client. Internet Banking Awareness and Education Program

Retail/Consumer Client. Internet Banking Awareness and Education Program Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet

More information

Common Cyber Threats. Common cyber threats include:

Common Cyber Threats. Common cyber threats include: Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...

More information

SETTING UP YOUR OWN LEGAL BUSINESS

SETTING UP YOUR OWN LEGAL BUSINESS SETTING UP YOUR OWN LEGAL BUSINESS CONTENTS Why do I want my own business? 2 Your business idea 3 Areas of competence and qualifications 4 Reserved legal activities 5 Practice rights 6 What can I call

More information

Fire Safety Risk Assessment Checklist for Residential Care Premises

Fire Safety Risk Assessment Checklist for Residential Care Premises Checklist for Residential Care Premises Name of Premises: Address of Premises: Name of Responsible Person: What area / location does the assessment cover? Does the assessment cover the whole site YES or

More information

Infocomm Sec rity is incomplete without U Be aware,

Infocomm Sec rity is incomplete without U Be aware, Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN

More information

Know the Risks. Protect Yourself. Protect Your Business.

Know the Risks. Protect Yourself. Protect Your Business. Protect while you connect. Know the Risks. Protect Yourself. Protect Your Business. GETCYBERSAFE TIPS FOR S MALL AND MEDIUM BUSINESSES If you re like most small or medium businesses in Canada, the Internet

More information

A guide to business continuity jelfsmallbusiness.co.uk 01905 888397

A guide to business continuity jelfsmallbusiness.co.uk 01905 888397 Business Continuity Management A guide to business continuity jelfsmallbusiness.co.uk 01905 888397 We know you re always going to try your best for your business, but things do occasionally and unexpectedly

More information

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0 NOS for IT User and Application Specialist IT Security (ESKITU04) November 2014 V1.0 NOS Reference ESKITU040 ESKITU041 ESKITU042 Level 3 not defined Use digital systems NOS Title Set up and use security

More information

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011) Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Customer Awareness for Security and Fraud Prevention

Customer Awareness for Security and Fraud Prevention Customer Awareness for Security and Fraud Prevention Identity theft continues to be a growing problem in our society today. All consumers must manage their personal information wisely and cautiously to

More information