NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15."

Transcription

1 NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella

2 Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities Part Two: Policies Importance Team Members Wireless Security Password Requirements USB Drives Part Three: Disaster Recovery Policy Business Continuity Plan Basic Process What If Plan of Action Recovery Part Four: Summary References:

3 Universities and organizations should all have information system policies to protect and define their network and systems. Policies are implemented to create a stable rulebook for all users to follow for their own benefits. The way cyber security is evolving, having a strong policy is a top priority especially at any university. A typical large university in NYC will host around 10,000 15,000 students or even more. All students must be registered in the school databases, which must be secure. Since this university is located in a popular city, it will attract a lot of students. With all the students it brings and the location of the campus it also sets itself up as a target for malicious attacks. The city is a congested area filled with many companies providing Internet access to their users. The school Internet must be widespread so even no students could access it, which makes it vulnerable in a certain sense. The university isn t to far out from Time Square and the people coming in and out will change almost every day. Risk Analysis of vulnerabilities must be performed along with a plan if any disasters were to occur on or near the campus. Risk Analysis is the first of the policies to be created for the University. This contains the threats to resources and assets, which helps outline any vulnerabilities in the system. Anything that compromises Confidentially, Integrity, and Availability is included in the risk analysis plan. This university is very large and has multiple server rooms across the campus. The rooms need to be placed in every building including classrooms, library, and dorms for student access to the network. All of the servers on the campus are considered the biggest asset to the university. All of the schools virtual machines and workstations are hosted on them. If they ever go down, a lot of students will be limited to what they can do for their work. The servers are

4 everywhere in the school, but the main ones are the most protected. Other assets include the database, printers, people, and computers. The threats towards the server range from hacks, DDoS attacks, users, flood/fires, power loss, hard drive failures, and memory loss. Hacks and DDoS attacks are at a medium threat priority because the chances of someone attacking a school virtual machine server aren t too high. The impact if it did happen would be high because it will be dangerous if the wrong people get a hold of the school s server. Careless users are at a level four priority because there is always a chance for any kind of user error. The admins sometime need to tweak and make changes to the server to meet students needs and things can go wrong even though it s usually accidental. Flood/Fires are at a low priority because the likelihood of that happening is low because it hasn t been a problem yet. But if it did happen, everything could be washed away or destroyed in the flames so it receives a high impact. A power loss has a medium likelihood because in NYC, there are always so many things going on and consuming a lot of energy. The impact would be low because the school has generators that most likely work and will start up quickly to ensure the servers are back up and running. Hard drive failures and memory loss has a medium to high threat because with all the virtual machines and workstations running and programs that it is constantly supporting; you never know when one machine might take up too much. For specific classes, the virtual machines are assigned a certain amount of hardware, but with them running all at the same time it causes overflow so it has a high impact.

5 The safeguards for hacks are better firewalls, IDPs, and more secure routers, which could cost up to $100,000 for enterprise equipment. This equipment will be bought straight from the company itself to provide only the best. Careless users can be helped with more training and increased staff with more experience. Not all faculties in the school are aware how technology fully works and they can be doing harmful things without even knowing it. The university will provide free classes for faculty to join and learn more about the proper use of their systems and technology they use everyday. Depending on the training, it can cost up to $500. Floods/fires will only result with replaceable equipment if the school has insurance to pay for it since the server most likely will not be usable after the incident. Say good insurance will cost around $300 a month. Damage to servers from a power loss can be reduced because of power surges and generators, which are in the $10,000 range or more. Hard drive failures and memory loss can be safeguarded by backup drives and expanding the memory to full capacity that the server can hold. Backup drives are very important especially to a large university. They will need more than to constantly run backups of the data. It is so important because there is a lot of information that can t be lost in a university. They keep records of everything and all grades the students receive. With around 10,000 15,000 students, that is a lot of information to backup and store. For more hard drives depending on the size, it will be $1,000 and for memory $500. This leaves the total cost for the university in the final plan for everything to be $112,300.

6 Policies are an important factor when it comes to any kind of organization or university. They are all based off the same thing, but are created to best suit the needs for the company. The university policy in NYC needs to ensure high-end security, but at the same time be user friendly for everyday students to follow. Policies can be strict and topnotch security, but it doesn t mean they will be the most effective. At the university, they hire people who are trained in policy writing. This team also consists of technical writers, system managers, supervisors, and HR specialists. The policy members know what is best for the university, but they need help from the system managers on other equipment and technical writers to make it sound very professional. The policies set a lot of guidelines and things can become restricted so the HR specialists makes sure everything stays in legal boundaries. Without any policies, the university will not have any structure on the information technology side. It is created to help benefit all users of the school and grant them privileges that others outside don t. Policy: Wireless Internet Access Policy The first policy that the university needs is for wireless Internet access. New York City is one of the most populated areas and the network the school is producing needs to be kept only to students and faculty. If it wasn t, the network could be compromised at any time leaving vital information of the school and the registered students to hackers. The wireless access policy states that all students and faculty must install an application client on their machine and pass all tests to be able to gain access to the Internet. Pros: This policy will allow for a more secure and safe network for the people to use.

7 Cons: Some cons are that everyone will need to do extra work in setting up their connection. With the installed client, a few requirements must be met in order for it to pass. Objective: Goals for this policy are to provide students with secure Internet access for everyday needs. Purpose: This policy exists so that only students and faculty will have access to the network. It is trying to be kept as isolated as possible for anyone living near the campus to using the their network without permissions. The city is a congested area with Wi-Fi hotspots being picked up every step someone takes. We need this policy because a lot of classes are based using the Internet and we want the students to be productive and successful in their studies. Since it is such a large school, they can t monitor everything and everyone who connects to it. Audience: It is attended for everyone who goes to the school and is registered. Policy Statements: The policy statement consists of strict rules that must be followed to gain access. All students will need to contact the help desk, which is located in the library. There will be instructions posted on how to download the client and meet it s requirements. The client will run on the background of the users machines and it is safe. Each time it starts, it checks the system for antivirus software and properly configured automatic updates.

8 The university wants everyone to protect themselves from viruses and malware as much as possible. The updates will help patch any vulnerabilities that may be found in software running on the system. The help desk has licensed copies of antivirus software that they will install on anyone s system for free that fails that requirement. The installation of the software is easy to do and should only take them around minutes to finish everything. Once everything is passed and the green light shows, the user can connect to the Internet and have full access. Since other devices like gaming systems can t run the client, they will need special privileges to be used on the network. Each of these devices is given a MAC address and students can submit that to the help desk using a form. This will be put in the system to bypass the client requirement when connecting to the Internet. The key to this client for being so successful is that every time it is ran, the user must sign in with their school account for it to work. Anyone not registered with school can still download the client, but they won t have the proper credentials to sign in so they will be locked out. Exceptions: The only exception to this policy is if your computer system is running some operating system that is not compatible with the client. In the case of this event, the student must bring the machine to the help desk for inspection to make sure it is safe and then the MAC address will be bypassed for total access.

9 Policy 2: Password Policy The next policy that the university wrote is for student and faculty passwords. Each user registered with the school is given an ID and address. This ID is based off the users last name and first initial. It uses the first six letters of the last name and one letter of the first. If the user has a short last name, numbers will be added to the ID. When completing registration for the university, students will be sent their ID. They must take this and go to the attached link to create their accounts, which be used for everything school related. This includes registration for classes, online assignments, and . With the rise of cyber security, passwords need to be strong so a hacker can t easily guess them. If this happened, all the students information will be compromised. Pros: of having this policy is that it will better protect the users confidential information and keep it out of the wrong hands. Cons: are that the password may be hard to remember and will need to be changed every certain amount of days. Objective: The goal of this policy to get all students a secure account and they can use it for all school related work with the university. Every week community mailers will be sent to students on their that give updates for what s going on with the campus. Also, this is the best way to communicate with teachers because they will recognize you by your ID. The university s are provided to students through Gmail. With these accounts, students also get access to everything Google provides including drive storage and cloud based work documents for real time editing. Purpose: This policy exists because if someone s password is very simple, it can be easily guessed or brute forced. This means a program is cracking the password by trying

10 different phrases against it until it receives a match. The university doesn t want anyone to lose power over his or her own account. Audience: This policy is attended for all students and faculty that have an account with the school. Policy Statement: The policy statements say that the password requirements must be followed in order to get an account. When creating a password, it is done on a certain website that checks to make sure the guidelines are met. It will not accept anything that doesn t fit. The first rule is that the password must be an eight-character minimum. Within the password, it must consist of one capital letter and the use of one symbol. These rules are set because the more variety and mix in a password, the more unique it is and can t be easily guessed. The last requirement is that it must be changed every 60 days to a different password that wasn t used before. Exceptions: There are no exceptions for this policy and it is highly enforced. The university really cares about user confidentiality because within these accounts are private information, including birthdate, addresses, and financial aid. Policy 3: USB Drive Policy This policy allows the use of USB drives for students and faculty in any on campus computer system. Pros: Users can save and make backups of their work and bring them to the library or other lab rooms to finish up.

11 Cons: The use of USB drives can be harmful to the systems because they can carry viruses and malware. One user may obtain a virus on their device and once plugged into the system, it can harm the computer and affect future users. Objective: The goal of this policy is to allow students to continue their work from outside their home or dorm. A lot of students may feel more comfortable doing their work in the library and lab, so they can transport any documents or projects via USB drive. Also, students may work on a project in the lab with specific software and can save copies of it on the USB drive for use later on. Purpose: This policy exists because we want students to be able to complete their work from anywhere on campus. The university doesn t want to limit students on how or where they do their assignments. Everything is being done on computers today and the access to systems and files should be allowed. Audience: This policy is attended for all students and staff who attend the university. Policy Statement: The policy statement states that users can save files on USB drives from their local machines and use them on computer systems. They are allowed to plug their own USB devices into machines and access files on them. Users should make sure their device is safe and perform scans on them when possible. Disaster Recovery Policies are created to help out organizations in case of an emergency and equipment and buildings get completely destroyed. This policy is a plan

12 of action for what to do for example a fire or flood occurs. Each company usually has a dedicated team to these types of services. The disaster recovery standards for this policy provide a systematic approach for safeguarding the vital technology and data managed by the Information Technologies and Services Department (Information Technology, 2015). At our university, we need a plan of recovery if anything vital was to happen to the school. Our policy will consist of a Business Continuity Plan. There are three parts to any plan for all organizations. The disaster preparation plan is first and it basically outlines what the school will do if they know a disaster is going to occur like a serve storm approaching the city. For a university, they can maybe cancel classes or shut down certain wings to keep students safe and protect any data loss or equipment failure. Next is the disaster response plan and this needs to be followed the moment right after a disaster happened. If an unexpected disaster occurred and the power was lost or a fire happened, actions have to take place as quick as possible. The university needs to find the source of the problem and analyze any damage that was done. If servers were destroyed, new ones will need to be set up and the image reinstalled from the latest backup made. If anything was to happen to the main servers that handle pay roles or student s personal information, they will need to be brought back up first. The policy will consist of an order of events that things should be brought back up and running. Lastly is the recovery phase of the business continuity plan. A lot of recovery will begin to happen in the previous response plan, but this is where everything is starting to be fixed and brought back to the last current state. Not everything for a university will be technology based in disaster recovery; classrooms

13 and buildings will need repairing as well. Students need to continue their education and that can t be possible if they don t have a safe place to learn. The university hired workers to dedicate their time to creating a solid policy for use. The planning team consists of upper management, information systems/security personnel, and human resources. They have specific roles and responsibilities for creating a disaster recovery policy. Some things they do are perform risk assessments, take inventory of information system assets, and identify critical applications, system and data in the university (Disaster Recovery, 2015). The disaster recovery plan will be reviewed every three months to make sure it s still in affect and add any updates if needed. It is never a bad idea to keep the plan active because disaster can happen at anytime. The disaster team will need an Information Security Manager. This person will be responsible for managing the team and making any critical decisions in tough times. All team members must go off what the manager says to do in a disaster recovery process. The university will make sure that each building with servers will be on a backup plan that creates daily images of the systems. At a large university with that many students, things change so fast so daily backups are definitely needed. These backups will also need to be checked to make sure they are functioning properly. They should consist of the data from financial aid, registration office, and critical data in server rooms that manages the network for all stations across the campus. In the event of a disaster, the school needs to get back up online so students can continue to stay on track with their coursework. Depending on the severity, the university can cancel classes and have teachers post notes and work online in forums. The school will identify the critical servers that will need to back up online first This information will

14 be left for the information security/systems personnel on the disaster team to find out. It is important to have a variety of members for each branch on the team because they each input something different. A certain budget will need to be kept aside in case of a disaster. For the most part, a lot of damage will occur to equipment and buildings and new products will need to be purchased and set up as a soon as possible. Everything that gets changed or replaced must be documented throughout the course of recovery. New products will need to be recorded so if anything happens again; they will know how to handle the new equipment. A large university in NYC has many assets to their organization. The size of the school is huge and the information technology specialists have a lot of expensive equipment to manage. These high-end products that the company has can be at risk to different threats including hacks, DDoS attacks, users, flood/fires, power loss, hard drive failures, and memory loss. These threats range in likelihood against a University. Memory loss and hard drive failure has high chance of occurring because they are working all day everyday to keep the workstations powered up and running. Backups are very important for the school to have because these threats or even disasters could happen at any time. The university is located in the city and wireless networks are popping up everywhere on compatible devices. The network for the school needs to have top security and can only accessed by students and faculty. The policy states that the users need to install a client and sign in with their credentials to be given access to the network. Their credentials will be created using their ID and password that meets the specific requirements. These consist of an eight-character minimum with the use of capital letters and symbols. Access to all these systems are great, but if a disaster happens and things

15 get shutdown and destroyed a lot of users won t be happy. The disaster recovery policy has plans set incase something tragic happens to the university. Backups will need to be installed, registration will need to be brought back up, and teachers will have to precede will education in a different manner most likely online. Policies are a key factor to not only universities but also all organizations. They keep everything within the organization running as expected and secure as possible with a reliable plan of action.

16 Bibliography Disaster Recovery Policy. (n.d.). Retrieved April 11, 2015, from INFORMATION SECURITY RISK MANAGEMENT POLICY. (2014, November 1). Retrieved April 10, 2015, from Information Technology Disaster Recovery Policy. (n.d.). Retrieved April 12, 2015, from

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains Information Security Advisor December 2015 Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains +GAMES Spot the insider & Human firewall Filtering EXerCISE Good

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT

More information

MAXIMUM PROTECTION, MINIMUM DOWNTIME

MAXIMUM PROTECTION, MINIMUM DOWNTIME MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

MONTHLY WEBSITE MAINTENANCE PACKAGES

MONTHLY WEBSITE MAINTENANCE PACKAGES MONTHLY WEBSITE MAINTENANCE PACKAGES The security and maintenance of your website is serious business, and what you don t know can certainly hurt you. A hacked or spamvertised site can wreak havoc on search

More information

October Is National Cyber Security Awareness Month!

October Is National Cyber Security Awareness Month! (0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life

More information

Stable and Secure Network Infrastructure Benchmarks

Stable and Secure Network Infrastructure Benchmarks Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day

More information

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and

More information

Cybersecurity Best Practices

Cybersecurity Best Practices Ten Essential Cybersecurity Best Practices Banking Business Employees Brought to you by: 1 Did you know? One in five small-to-medium-sized companies were the victims of cyber breaches in 2013.1 In 76%

More information

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer

More information

Remote Access Securing Your Employees Out of the Office

Remote Access Securing Your Employees Out of the Office Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction

More information

OWASP Top 10 for IoT - Explained

OWASP Top 10 for IoT - Explained OWASP Top 10 for IoT - Explained Table of Contents Introduction... 1 Insecure Web Interface... 2 Insufficient Authentication/Authorization... 3 Insecure Network Services... 3 Lack of Transport Encryption...

More information

Computer and Network Security Policy

Computer and Network Security Policy Coffeyville Community College Computer and Network Security Policy Created By: Jeremy Robertson Network Administrator Created on: 6/15/2012 Computer and Network Security Page 1 Introduction: The Coffeyville

More information

21 Questions you should ask your IT service provider Before hiring them to support your network

21 Questions you should ask your IT service provider Before hiring them to support your network 21 Questions you should ask your IT service provider Before hiring them to support your network Customer Service: Q1: Do they answer their phones live or do you always have to leave a voice mail and wait

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Business Continuity Requires the Best Cloud Storage Options

Business Continuity Requires the Best Cloud Storage Options Requires the Best Cloud Storage Options www.gr e xo.co m Requires the Best Cloud Storage Options Only about 38% of small to medium sized businesses have an IT business continuity plan in place. If you

More information

4 Ways an Information Security Analyst Improves Business Productivity

4 Ways an Information Security Analyst Improves Business Productivity 4 Ways an Information Security Analyst Improves Business Productivity www.gr e xo.co m 4 Ways an Information Security Analyst Improves Business Productivity The increase of data breaches and hackers has

More information

Working Practices for Protecting Electronic Information

Working Practices for Protecting Electronic Information Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

22 Questions You Should Ask Your Computer Consultant

22 Questions You Should Ask Your Computer Consultant 22 Questions You Should Ask Your Computer Consultant BEFORE HIRING THEM TO SUPPORT YOUR NETWORK Stuart J. Bryan I-M TECHNOLOGY, LLC 131 PROVIDENCE STREET, TAFTVILLE, CT 06380 22 Questions You Should Ask

More information

Preparing Your Personal Computer to Connect to the VPN

Preparing Your Personal Computer to Connect to the VPN Preparing Your Personal Computer to Connect to the VPN (Protecting Your Personal Computer Running Windows) Using the VPN to connect your computer to the campus network is the same as bringing your computer

More information

Hack Proofing Your Organization

Hack Proofing Your Organization Hack Proofing Your Organization Who am I Gary Bates Director of Information Services for the City of Harker Heights Microsoft Certified System Engineer Microsoft Certified Information Technology Professional

More information

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Mapping Your Path to the Cloud A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Table of Contents Why the Cloud? Mapping Your Path to the Cloud...4

More information

Whitepaper: Cloud Computing for Credit Unions

Whitepaper: Cloud Computing for Credit Unions Whitepaper: Cloud Computing for Credit Unions A new twist on an old strategy MYCU SERVICES December 29, 2011 Authored by: Lingle, Linda Table of Contents Introduction... 2 Cloud Providers... 3 Cloud Components...

More information

BUSINESS COMPUTER SECURITY. aaa BUSINESS SECURITY SECURITY FOR LIFE

BUSINESS COMPUTER SECURITY. aaa BUSINESS SECURITY SECURITY FOR LIFE aaa BUSINESS SECURITY SECURITY FOR LIFE CHAPTER 1: WHY COMPUTER SECURITY IS IMPORTANT FOR YOUR BUSINESS No matter how big or small your business is, it s highly likely that you have some information stored

More information

SPICE EduGuide EG0015 Security of Administrative Accounts

SPICE EduGuide EG0015 Security of Administrative Accounts This SPICE EduGuide applies to HSC information systems, specifically Administrative login accounts; (aka Admin accounts) and the faculty, staff and students who use them. Admin accounts are logon IDs and

More information

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Check Point and Security Best Practices. December 2013 Presented by David Rawle Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud Cloud Computing Chapter 10 Disaster Recovery and Business Continuity and the Cloud Learning Objectives Define and describe business continuity. Define and describe disaster recovery. Describe the benefits

More information

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere. Benefits & Features CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere. What can I do with Internet Banking? You can inquire

More information

Hope for the best, prepare for the worst:

Hope for the best, prepare for the worst: Hope for the best, prepare for the worst: Why your customers will demand self-service back-up Presented by Ridley Ruth, COO 2014 a record year for hacking! 100K+ WordPress sites infected by mysterious

More information

Your complete guide to Cloud Computing

Your complete guide to Cloud Computing Your complete guide to Cloud Computing 1 Doc V1.0 Dec 2013 Table of Contents Hosted Desk- 3 The Cloud and Cloud Computing... 4 The benefits of Cloud Solutions 6 The Cloud is Growing - Rapidly 7 Resolving

More information

Network and Workstation Acceptable Use Policy

Network and Workstation Acceptable Use Policy CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of

More information

Cyber Security Best Practices

Cyber Security Best Practices Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters

More information

BSHSI Security Awareness Training

BSHSI Security Awareness Training BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement

More information

UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting

UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting SECURITY HANDBOOK Mission Statement: UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting investigations. UIT Security

More information

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or

More information

The Ministry of Information & Communication Technology MICT

The Ministry of Information & Communication Technology MICT The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.

More information

Securing Your Technology Infrastructure Five security areas of focus for small to medium businesses.

Securing Your Technology Infrastructure Five security areas of focus for small to medium businesses. Securing Your Technology Infrastructure Five security areas of focus for small to medium businesses. Anthony Suda Network Manager marketing + technology 701.235.5525 888.9.sundog fax: 701.235.8941 2000

More information

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan LAW OFFICE SECURITY for Small Firms and Sole Practitioners Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan 1. Introduction CONTENTS 2. Security Consciousness Having a Firm Security

More information

10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group

10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group 10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group Presented by: Michael Flavin and Stan Stahl Saalex Information Technology Overview Saalex Information

More information

White Paper - Crypto Virus. A guide to protecting your IT

White Paper - Crypto Virus. A guide to protecting your IT White Paper - Crypto Virus A guide to protecting your IT Contents What is Crypto Virus?... 3 How to protect yourself from Crypto Virus?... 3 Antivirus or Managed Agents... 3 Enhanced Email Services & Extra

More information

FREE REPORT: Answers To The Top 5 Questions Business Owners Have About Cloud Computing

FREE REPORT: Answers To The Top 5 Questions Business Owners Have About Cloud Computing FREE REPORT: Answers To The Top 5 Questions Business Owners Have About Cloud Computing Discover What Most IT Consultants Don t Know Or Won t Tell You About Moving Your Company s Network To The Cloud By

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

IIABSC 2015 - Spring Conference

IIABSC 2015 - Spring Conference IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber

More information

MaaS360 Mobile Service

MaaS360 Mobile Service Services > Overview MaaS360 Mobile Service Go Mobile! Everything for mobile work - visibility, control, easy mobile connectivity, management tools and security - all in one economical, hosted solution.

More information

TEKAMAH-HERMAN COMMUNITY SCHOOLS LEARNING INITIATIVE POLICY AND PROCEDURES 2014-2015

TEKAMAH-HERMAN COMMUNITY SCHOOLS LEARNING INITIATIVE POLICY AND PROCEDURES 2014-2015 TEKAMAH-HERMAN COMMUNITY SCHOOLS LEARNING INITIATIVE POLICY AND PROCEDURES 2014-2015 Tekamah-Herman Community Schools is proud to offer our High School Students Apple MacBook Air computers for use at school

More information

Introduction. Read on and learn some facts about backup and recovery that could protect your small business.

Introduction. Read on and learn some facts about backup and recovery that could protect your small business. Introduction No business can afford to lose vital company information. Small-business owners in particular must take steps to ensure that client and vendor files, company financial data and employee records

More information

Reynoldsburg City Schools Computer and Technology Acceptable Use Policy Staff, Volunteers and Students

Reynoldsburg City Schools Computer and Technology Acceptable Use Policy Staff, Volunteers and Students Reynoldsburg City Schools Computer and Technology Acceptable Use Policy Staff, Volunteers and Students AUP Sections 1. Acceptable Use 2. Privileges 3. Internet Access 4. Procedures & Caveats 5. Netiquette

More information

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:

More information

IT Decisions for Small Business

IT Decisions for Small Business IT Decisions for Small Business The most frequently asked questions and answers By Keith Powell and Chris Brandow, Invision Partners Computing technology has become a necessary business tool, and there

More information

IT Security DO s and DON Ts

IT Security DO s and DON Ts For more advice contact: IT Service Centre T: (01332) 59 1234 E: ITServiceCentre@derby.ac.uk Online: http://itservicecentre.derby.ac.uk Version: February 2014 www.derby.ac.uk/its IT Security DO s and DON

More information

Security Statement. I. Secure Your PC

Security Statement. I. Secure Your PC Security Statement The security of your accounts and personal information is Sonabank s highest priority. Regardless of your preferred method of banking in person, by telephone or online you need to know

More information

Infocomm Sec rity is incomplete without U Be aware,

Infocomm Sec rity is incomplete without U Be aware, Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN

More information

Security Consultant Scenario INFO 517-900 Term Project. Brad S. Brady. Drexel University

Security Consultant Scenario INFO 517-900 Term Project. Brad S. Brady. Drexel University Security Consultant Scenario INFO 517-900 Term Project Drexel University Author Note This paper was prepared for INFO-517-900 taught by Dr. Scott White. Table of Contents ABSTRACT.1 THE INTERVIEW...2 THE

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Chapter 7 Information System Security and Control

Chapter 7 Information System Security and Control Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Security considerations are denoted by a lock icon.

Security considerations are denoted by a lock icon. About This Guide This guide introduces you to some of the technology resources available at the University of Iowa, with the aim of making those resources easily accessible to you. It is an overview of

More information

Guardian365. Managed IT Support Services Suite

Guardian365. Managed IT Support Services Suite Guardian365 Managed IT Support Services Suite What will you get from us? Award Winning Team Deloitte Best Managed Company in 2015. Ranked in the Top 3 globally for Best Managed Service Desk by the Service

More information

The 7 Disaster Planning Essentials

The 7 Disaster Planning Essentials The 7 Disaster Planning Essentials For Any Small Business Little-Known Facts, Mistakes And Blunders About Data Backup And IT Disaster Recovery Every Business Owner Must Know To Avoid Losing Everything

More information

BKDconnect Security Overview

BKDconnect Security Overview BKDconnect Security Overview 1 Introduction 1.1 What is BKDconnect 1.2 Site Creation 1.3 Client Authentication and Access 2 Security Design 2.1 Confidentiality 2.1.1 Least Privilege and Role Based Security

More information

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative

More information

How to Practice Safely in an era of Cybercrime and Privacy Fears

How to Practice Safely in an era of Cybercrime and Privacy Fears How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,

More information

Analyze. Secure. Defend. Do you hold ECSA credential?

Analyze. Secure. Defend. Do you hold ECSA credential? 1 Analyze. Secure. Defend. Do you hold ECSA credential? TM E C S A EC-Council Certified Security Analyst 1 EC-Council Cyber Security Professional Path Threat Agent Application of Methodology So You Can

More information

Backup & Disaster Recovery for Business

Backup & Disaster Recovery for Business Your complete guide to Online Backup and Disaster Recovery Backup & Disaster Recovery for Business 1 Doc V1.0 Jan 2014 Table of Contents 3 Hosted Desktop Backup and Disaster Recovery (DR) today 4 Different

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Introduction to Microsoft Small Business Server

Introduction to Microsoft Small Business Server Summary The aim of this article is to present some basic information about Small Business Server 2003 and how it can fit in with your business. Topics What is Small Business Server? (also known as SBS)

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Godley Primary School. E-Security Policy 23/05/2014. Schools ICT Security Policy 1

Godley Primary School. E-Security Policy 23/05/2014. Schools ICT Security Policy 1 Godley Primary School E-Security Policy 23/05/2014 Schools ICT Security Policy 1 E-Security Information systems (IS) play a major role in supporting the school s activities. The reliability, confidentiality

More information

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.

More information

Datacenter Hosting. Scalable Technology and Insurance for Your Business. nsacom.com

Datacenter Hosting. Scalable Technology and Insurance for Your Business. nsacom.com Datacenter Hosting Scalable Technology and Insurance for Your Business nsacom.com Datacenter Hosting Scalable Technology and Insurance for Your Business Datacenter Hosting Gives You the Best of Both Worlds

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Multi-Factor Authentication

Multi-Factor Authentication Making the Most of Multi-Factor Authentication Introduction The news stories are commonplace: Hackers steal or break passwords and gain access to a company s data, often causing huge financial losses to

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

How users bypass your security!

How users bypass your security! How users bypass your security! IT Days Security issues 20 th November 2014 Tom Leclerc, Security Consultant SAGS - Security Audits and Governance Services, a Telindus Security department Classification:

More information

Neoscope www.neoscopeit.com 888.810.9077

Neoscope www.neoscopeit.com 888.810.9077 Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your practice without IT. Today,

More information

Security from the Cloud

Security from the Cloud Security from the Cloud Remote Vulnerability Scanning Writer: Peter Technical Review: David Contact: info@hackertarget.com Published: April 2008 Summary: This white paper describes advantages of using

More information

CREATING A BETTER BACKUP PLAN

CREATING A BETTER BACKUP PLAN eguide CREATING A BETTER BACKUP PLAN Copyright 2015 Gallery Systems. All rights reserved. CONTENTS Backing Up is Hard To Do...3 The Front Line of the Backup Plan...4 Holes in the Backup Plan...5 Solving

More information

Backing up your digital image collection provides it with essential protection.

Backing up your digital image collection provides it with essential protection. Backing up your digital image collection provides it with essential protection. In this chapter, you ll learn more about your options for creating a reliable backup of your entire digital image library.

More information

Know the Risks. Protect Yourself. Protect Your Business.

Know the Risks. Protect Yourself. Protect Your Business. Protect while you connect. Know the Risks. Protect Yourself. Protect Your Business. GETCYBERSAFE TIPS FOR S MALL AND MEDIUM BUSINESSES If you re like most small or medium businesses in Canada, the Internet

More information

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc.

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc. Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information

More information

Building a Business Case:

Building a Business Case: Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security

More information

If you lost all of your data right now... What would you do?... Backup Plan For Home Users and Very Small Businesses

If you lost all of your data right now... What would you do?... Backup Plan For Home Users and Very Small Businesses 2 If you lost all of your data right now... What would you do?... Backup Plan For Home Users and Very Small Businesses As the Story Goes... At seven pm, I received a distraught phone call on my cellphone...

More information

SAFEGUARDING YOUR WINDOWS COMPUTER

SAFEGUARDING YOUR WINDOWS COMPUTER SAFEGUARDING YOUR WINDOWS COMPUTER February 2011 www.cybersecurityguy.com 1 SAFEGUARDING YOUR WINDOWS COMPUTER It's important to safeguard your computer to protect your personal information against hackers

More information

Managed Security Services

Managed Security Services Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s

More information

Get Connected! How to Configure Your Computer for MITnet. Red Hat Enterprise Linux Mac OS X Windows XP Professional, Vista

Get Connected! How to Configure Your Computer for MITnet. Red Hat Enterprise Linux Mac OS X Windows XP Professional, Vista Get Connected! How to Configure Your Computer for MITnet Red Hat Enterprise Linux Mac OS X Windows XP Professional, Vista 2008 Massachusetts Institute of Technology Table of Contents Introduction...3 About

More information

Cyber Security: An Introduction

Cyber Security: An Introduction Cyber Security: An Introduction Security is always a trade-off between convenience and protection. A good security policy is convenient enough to prevent users from rebelling, but still provides a reasonable

More information

ScoMIS Encryption Service

ScoMIS Encryption Service Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend

More information