Think secure. Information security at the University of Copenhagen
|
|
- Elinor Reynolds
- 7 years ago
- Views:
Transcription
1 Think secure Information security at the University of Copenhagen All staff and students at the University of Copenhagen (KU) have to be familiar with information security (IS), because: we need to take care of the knowledge we produce and disseminate; it is for the benefit of ourselves, each other, the present and the future; we need to protect the good name and reputation of KU. This brochure outlines, clearly and concisely, what students need to know about IS. Side 1 af
2 Information security in brief In your dealings with the University of Copenhagen, it is important that you know how to look after your own, other people's and the University's shared knowledge. It is therefore essential that all users comply with the security rules. These rules are designed to be user-friendly and easy to follow, so that everybody is able play their part in safeguarding information. The aim is for IS to become part of everyday life at the University. Who should know what? We all have to be familiar with and follow certain rules about security in our daily work. As students, it is particularly important that you learn the rules for passwords and pin codes. You also have to be able to spot security breaches and react appropriately. Why do I have to know it? You must know about the most common security threats in order to protect the University. You must know the rules in order to safeguard your own and other people's knowledge and movements. You must know when and how to react. What do I do next? Read through the rules. Make security considerations part of your daily routine. Contact us if you know of or suspect a security breach. What do I do if I discover something suspicious or if I am uncertain? Ring your IS line manager, whose number you will find below. If it is a matter of urgency, you may contact KU's security manager directly on tel.: If you are in any doubt about whether you are following the security procedures correctly, you will find the appropriate rules, as well as links to local security pages, at informationssikkerhed.ku.dk. Irrespective of the situation, you are always welcome to ring the person responsible for IS in your area (contact details are available at informationssikkerhed.ku.dk/lisu.dk). If you are unable to contact the IS line manager or do not know who it is, call KU s IT security manager (tel.: ) or send an (IS@adm.ku.dk). Side 2 af
3 For safety s sake Knowledge is our most valuable asset We generate and communicate knowledge online, in writing and orally. This is KU s most important activity and asset. It really is as simple as that. So we all of us need to take due care of that knowledge. IS should become a habit, a normal part of our daily lives. All it requires is a little effort. Simple and secure It is very simple: we have to protect what we produce. In other words, we have to look after KU s knowledge resources for the benefit of ourselves, each other, the past, the present and the future. Knowledge and information are everywhere in our daily lives: in chats in the corridor; in mobile-phone conversations on the street; written down on paper; stored on a laptop; sent and received as ; transmitted along cables; beamed through the air; or kept on film. Every time that information takes the form of speech, text or data, we must ensure that it is secure. Everybody at KU needs to know how to protect knowledge and information so that the day-to-day work of the University continues to run smoothly, both now and in the future. Imagine that......your laptop breaks down and you have failed to back up your files. Many years' worth of work is lost, and even the best IT experts and most sophisticated tools cannot re-create it. This is a real security threat. A breach of security is not just a fire or a theft; and it is not something that only happens to somebody else. There are potential security risks in everything we do. We must face up to all threats, not just the most serious ones viruses, theft, fraud, espionage, sabotage, terror, fire, flooding. Every threat counts, no matter how trivial it may seem. Side 3 af
4 As unrestricted as possible As a research and education institution, KU makes extensive use of internal and external electronic communications for the digital exchange of information. It is essential that we are able to continue to do this, preferably with as few restrictions as possible we must be user-friendly and avoid unnecessarily complicated security measures. Our security initiatives will be updated with this principle in mind. IS is organised in such a way that it safeguards our greatest asset, i.e. knowledge, and takes account of the fact that we are sometimes on the cutting edge of research and teaching. IS covers man-made, natural and technological threats. IS is organised on the basis of the desire to create a good balance between openness, security and costs. Accessibility, integrity and confidentiality These three aspects are central to our security measures: Accessibility We must be able to use the relevant IT systems unhindered, and gain access to the relevant data whenever necessary. Integrity Our knowledge must be stored correctly and be intact, and the IT systems must function perfectly. Confidentiality Our knowledge must be protected, and must be inaccessible to unauthorised users. Individual responsibility is the most important aspect of security. Side 4 af
5 How do you guard 100 football pitches? The University of Copenhagen is spread out over many buildings and addresses. It covers a total of 670,000 square metres the equivalent of 100 football pitches. This is a very large area to safeguard, and so we must all help to protect against unauthorised access, physical damage and interference. This means that: buildings, rooms, etc., must fulfil a number of requirements; access controls enable only those with the right authorisation to gain entry; offices, rooms and equipment are safeguarded; account is taken of threats such as fire, flood, earthquake, explosions, civil unrest, terrorism and other natural or man-made threats; procedures, plans and safe areas are established to protect sensitive information assets; loading and unloading areas that are publicly accessible are kept under surveillance; equipment is protected against physical threats; procedures are in place for emergency supplies in the event of failures in water, electricity, sewage or ventilation systems; cables for electricity supply and data communications are protected; plant and equipment is maintained as per the guidelines; equipment that is used outside of University premises is protected; critical/sensitive information is removed from equipment upon disposal; the University's information assets must not be removed without permission. Side 5 af
6 Be aware and react! It is our joint responsibility to keep an eye on and report breaches of or weaknesses in security. Be aware of: Malicious acts such as: o burglary o theft o vandalism Human failings such as: o failure to follow procedures o failure to follow guidelines o lack of training o breaches of access control System failures such as: o hardware errors o errors in operating systems o errors in basic systems o supply failures Unusual occurrences such as: o abnormally slow systems o repetition of log-in requests o viruses, spam, spyware, etc. Remember to react! When we see or suspect a breach of security, we may hesitate to report it. After all, we might not be certain what we saw, we might be unsure of the rules, or we might not know exactly what to do. But don't hesitate we want to hear from you. When you discover or suspect a breach of security, call or your IS line manager (or KU s IT security manager on tel ) to report what you have seen. Be sure to leave contact details (i.e. your mobile number) in case we need more information. Side 6 af
7 Be careful with passwords and pin codes Our IT Department manages KU s network security. They ensure that the right people have access to the right systems, and also implement a whole series of security procedures, e.g. automatic backups, system surveillance, and measures to combat viruses, worms, Trojan horses, etc. Daily security reminders All staff and students have an ID card with a pin code. The card is personal and confidential. You must keep your ID card with you at all times and remember your pin code. These are the most important security considerations: Keep your passwords and access codes completely confidential at all times. Never reveal them or write them down. Never store your passwords and access codes in files in plain text. Select passwords and access codes that: are easy to remember; cannot be guessed by other people, based on, for example, names, telephone numbers, dates of birth, etc.; are not based on or found in dictionaries or other lists of words; do not contain identical numbers or letters beside each other. Change access codes at regular intervals and do not recycle old ones. Do not use the same access code for both private and work purposes. Change your access code if you suspect someone else has seen it. Do not include your access code in any automatic login process. Do not leave your computer unprotected so that others are able to gain access to its contents. Take particular care of PDAs, mobile phones, USB keys, CDs and other mobile equipment that contains confidential data. Pay attention to abnormal behaviour in others and report it to your IS line manager. What about laptops? When you are working at home or have mobile equipment e.g. a laptop, mobile phone, PDA, etc. you must comply with certain security measures. Your mobile equipment must be updated regularly so it is protected against harmful programmes, etc. You must ensure that you regularly back up important information. Side 7 af
Information Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationBCS IT User Syllabus IT Security for Users Level 2. Version 1.0
BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationWillem Wiechers 3 rd March 2015
Willem Wiechers 3 rd March 2015 1 Why do we want Malware & Virus Protection? To make our computers save Wish to keep our data private Wish to have a safe environment to do our online banking, shopping,
More informationDesktop and Laptop Security Policy
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
More informationInformation Incident Management Policy
Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit
More informationWelcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security
Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The
More informationKEELE UNIVERSITY IT INFORMATION SECURITY POLICY
Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical
More informationA Guide to Information Technology Security in Trinity College Dublin
A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2
More informationSAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION
SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.
More informationBoston University Security Awareness. What you need to know to keep information safe and secure
What you need to know to keep information safe and secure Introduction Welcome to Boston University s Security Awareness training. Depending on your reading speed, this presentation will take approximately
More informationViruses, Worms, and Trojan Horses
Viruses, Worms, and Trojan Horses Be a Power Reader Make Personal Connections As you read this article, think to yourself, How can I apply this knowledge? How will what I m learning be useful to me? You
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationContact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
More informationINFORMATION SECURITY: UNDERSTANDING BS 7799. BS 7799 is the most influential, globally recognised standard for information security management.
FACTSHEET The essence of BS 7799 is that a sound Information Security Management System (ISMS) should be established within organisations. The purpose of this is to ensure that an organisation s information
More informationOnline Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
More informationAcceptable Use of Information Systems Standard. Guidance for all staff
Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not
More informationTYPE: INFORMATIONAL & INSTRUCTIONAL TECHNOLOGY. POLICY TITLE: Technology Use Policy
TYPE: INFORMATIONAL & INSTRUCTIONAL TECHNOLOGY POLICY TITLE: Technology Use Policy The technology resources at Northeast Wisconsin Technical College support the instructional, research and administrative
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationPolicy for Staff and Post 16 Student BYOD (Bring Your Own Device)
Policy for Staff and Post 16 Student BYOD (Bring Your Own Device) Date approved: 7 th May 2015 Review Schedule: Annual Reviewed: Next review: 1 Context Aims of this Policy Definitions CONTENTS 1. OVERVIEW...
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationPRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;
PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal
More informationHIPAA: Privacy/Info Security
HIPAA: Privacy/Info Security Jeff Jones HIPAA Privacy Officer HIPAA Information Security Officer KY Region What you should know Discussion Topics Protected Health Security Awareness Information(PHI) Disclosure
More informationAngard Acceptable Use Policy
Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants
More informationCYBER-SAFETY BASICS. A computer security tutorial for UC Davis students, faculty and staff
CYBER-SAFETY BASICS A computer security tutorial for UC Davis students, faculty and staff INTRODUCTION This tutorial provides some basic information and practical suggestions for protecting your personal
More informationInformatIon Security
Information Security Behind the obvious advantages to sharing knowledge, researching or developing lies the risk of theft, espionage or sabotage of information. Consequently, there is good reason to prepare
More informationHow To Maintain A Security Awareness Program
(Company Name) SECURITY AWARENESS PROGRAM INFORMATION, PHYSICAL AND PERSONAL SECURITY Company Policies Security Awareness Program Purposes Integrate Define Feedback Activities Elicit Implement Employees
More informationBARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY
Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March
More informationThe Ministry of Information & Communication Technology MICT
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationAustin Peay State University
1 Austin Peay State University Identity Theft Operating Standards (APSUITOS) I. PROGRAM ADOPTION Austin Peay State University establishes Identity Theft Operating Standards pursuant to the Federal Trade
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationBSHSI Security Awareness Training
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More informationPolicy Title: HIPAA Security Awareness and Training
Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:
More informationSaint Martin s Catholic Academy
Saint Martin s Catholic Academy E-Safety Policy - Acceptable Use - Students January 2015 Why have an Acceptable Use Policy? An Acceptable Use Policy is about ensuring that you, as a student at Saint Martin
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationInternal Control Guide & Resources
Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationWorking Practices for Protecting Electronic Information
Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that
More informationWhen you listen to the news, you hear about many different forms of computer infection(s). The most common are:
Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,
More informationIT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST
INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationPreparing for the HIPAA Security Rule
A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions
More informationGuide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
More informationSAFE ONLINE BANKING. Online Banking, Data Security You. Your Partnership for Safe Online Banking
SAFE ONLINE BANKING Online Banking, Data Security You & Your Partnership for Safe Online Banking Partnering for Online Security O Online banking has grown rapidly from a niche service to a major new way
More informationIT ACCESS CONTROL POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationCYBER-SAFETY. A computer security tutorial for UC Davis students, faculty and staff
CYBER-SAFETY BASICS A computer security tutorial for UC Davis students, faculty and staff I N T R O D U C T I O N This tutorial provides some basic information and practical suggestions for protecting
More informationChild & Vulnerable Adults Protection Policy 2009 2012
Child & Vulnerable Adults Protection Policy 2009 2012 Contents Introduction 3 Recruitment procedures 4 Responsible adults 5 Unaccompanied children 5 School pupils on work placements 5 Lost children 5 Family
More informationInformation Security Incident Management Policy
Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation
More informationDeutsche Bank db easynet. Secure method of use of the db easynet e-banking system
Deutsche Bank Secure method of use of the e-banking system Introduction Deutsche Bank pays particular attention to your security. Therefore, the funds entrusted to us by our Customers are protected, using
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationENISA s ten security awareness good practices July 09
July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European
More informationINTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org
INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationWelcome to Information Security Training
Welcome to Information Security Training Welcome to Georgia Perimeter College s Information Security Training. Information security consists of processes, measures, and technologies employed to protect
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationHow To Protect Your Information From Being Hacked By A Hacker
DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate
More informationInformation Security Code of Conduct
Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks >Email & Internet >Software >Aon Information >Data Protection >ID Badges > Contents Aon Information Security
More informationNetwork Security and the Small Business
Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,
More information1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
More informationOur Code is for all of us
This is Our Code This is Our Code Our Code How we behave forms the character of our company and dictates how others see us. How we conduct ourselves determines if people want to do business with us, work
More informationINFORMATION SECURITY GUIDE FOR STAFF
INFORMATION SECURITY GUIDE FOR STAFF December 2013 TABLE OF CONTENTS Why is information security so important for you and the university...1 Use strong passwords and keep them safe...2 E-mail use...2 Beware
More informationAcceptable Use of ICT Policy. Staff Policy
Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.
More informationHAZELDENE LOWER SCHOOL
HAZELDENE LOWER SCHOOL POLICY AND PROCEDURES FOR MONITORING EQUIPMENT AND APPROPRIATE ICT USE WRITTEN MARCH 2015 SIGNED HEADTEACHER SIGNED CHAIR OF GOVERNORS DATE.. DATE. TO BE REVIEWED SEPTEMBER 2016
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationWhitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers
Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to
More informationU07 Information Security Incident Policy
Dartmoor National Park Authority U07 Information Security Incident Policy June 2010 This document is copyright to Dartmoor National Park Authority and should not be used or adapted for any purpose without
More informationProtecting your business against External Fraud
Monthly ebrief August 2012 Protecting your business against External Fraud Welcome to another edition of our monthly ebriefs, brought to you by Aquila Advisory, the boutique forensic accounting company.
More informationInformation Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
More informationComputer Security Maintenance Information and Self-Check Activities
Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.
More informationComputer Security Basics For UW-Madison Emeritus Faculty and Staff Oakwood Village University Woods September 17, 2014
Computer Security Basics For UW-Madison Emeritus Faculty and Staff Oakwood Village University Woods September 17, 2014 Presented by Nicholas Davis, CISA, CISSP UW-Madison, Division of Information Technology
More informationInformation Security Incident Reporting & Investigation
Information Security Incident Reporting & Investigation Purpose: To ensure all employees, consultants, agency workers and volunteers are able to recognise an information security incident and know how
More informationAn Approach to Records Management Audit
An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION
More informationInformation Security Policy. Policy and Procedures
Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable
More informationSTANDARD ON CONTROLS AGAINST MALICIOUS CODE
EUROPEAN COMMISSION DIRECTORATE-GENERAL HUMAN RESOURCES AND SECURITY Directorate HR.DS - Security Informatics Security Brussels, 21/06/2011 HR.DS5/GV/ac ARES (2011) 663475 SEC20.10.05/04 - Standards European
More informationACCIDENT & INCIDENT RECORDING AND REPORTING POLICY
POLICY Policy Statement We follow the guidelines of the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR), the Health & Safety Executive (HSE) and the Statutory Framework for
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationInformation Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy
Bolsover District Council North East Derbyshire District Council & Rykneld Homes Ltd Information Security Incident Management Policy September 2013 Version 1.0 Page 1 of 13 CONTROL SHEET FOR Information
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More informationCommon Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
More informationSETTING UP YOUR OWN LEGAL BUSINESS
SETTING UP YOUR OWN LEGAL BUSINESS CONTENTS Why do I want my own business? 2 Your business idea 3 Areas of competence and qualifications 4 Reserved legal activities 5 Practice rights 6 What can I call
More informationFire Safety Risk Assessment Checklist for Residential Care Premises
Checklist for Residential Care Premises Name of Premises: Address of Premises: Name of Responsible Person: What area / location does the assessment cover? Does the assessment cover the whole site YES or
More informationInfocomm Sec rity is incomplete without U Be aware,
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
More informationKnow the Risks. Protect Yourself. Protect Your Business.
Protect while you connect. Know the Risks. Protect Yourself. Protect Your Business. GETCYBERSAFE TIPS FOR S MALL AND MEDIUM BUSINESSES If you re like most small or medium businesses in Canada, the Internet
More informationA guide to business continuity jelfsmallbusiness.co.uk 01905 888397
Business Continuity Management A guide to business continuity jelfsmallbusiness.co.uk 01905 888397 We know you re always going to try your best for your business, but things do occasionally and unexpectedly
More informationNOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0
NOS for IT User and Application Specialist IT Security (ESKITU04) November 2014 V1.0 NOS Reference ESKITU040 ESKITU041 ESKITU042 Level 3 not defined Use digital systems NOS Title Set up and use security
More informationSecurity Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)
Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationCustomer Awareness for Security and Fraud Prevention
Customer Awareness for Security and Fraud Prevention Identity theft continues to be a growing problem in our society today. All consumers must manage their personal information wisely and cautiously to
More information