Computer and Network Security in Higher Education
|
|
- Phillip Bryant
- 8 years ago
- Views:
Transcription
1 Index Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication of EDUCAUSE Copyright 2003 Jossey-Bass Inc. Published by Jossey-Bass, A Wiley Company. Reprinted by permission of John Wiley & Sons, Inc. For personal use only. Not for distribution.
2 Index A Academic freedom, 4, 7. See also Intellectual freedom Academic values, 3 5 Acceptable use policy, 66 Access: convenience vs. security in, 16; equal, 5; equity and diversity goals and, 8; fairness in, 9; Internet, and intellectual freedom, 4; policies for dealing with abuses of, 9; privacy and confidentiality considerations with, 8; vulnerability due to ease of, 78; wireless, VPNs for, Administration, security education for, Advanced Networking with Minority-Serving Institutions (AN-MSI) Security Committee, 8 Alerts, security, 97 American Association of University Professors, 13n2 American Council on Education, xix American Library Association (ALA), 5 Application-based security, Arnone, M., 48 Articles, for delivering security education, Association of College and University Policy Administrators (ACUPA), policy procedure information from, Association of Research Libraries, 13n2 Attorneys, in-house, security education for, 94 Auditors: risk analysis supported by, 42; security education for, 93 Authentication: appropriateness of, 10; central-service approach to, 82 83; enterprise directories for, 84, 86 Authentication and authorization systems, privacy practices of, 8 Autonomy, as academic value, 4 B Barman, S., 63 Barton, T., 73, 84 Bickel, R. D., Biometrics, 12 Border firewalls, 75 Boyer, E. L., 2 Briney, A., 78 Bruhn, M., 59 Bugtrak Mailing List Archive, 81 Business continuity, C Campus directories, 84 Campus police, security education and, 93 94,
3 106 Index Cantor, S., 86 Carnegie Mellon University, CERT Coordination Center, 95 Carroll, L., 45 Cassat, P. C., 46 Cassidy, D., 33 Cavanaugh, L., 64 Center for Academic Integrity, 13n2 Center for Internet Security (CIS): CISECURITY toolkit, 80; security benchmarks, CERIAS (Center for Education and Research in Information Assurance and Security), Purdue University, 103 CERT Advisory, 79 CERT Coordination Center, security education offered by, 95 Certification, of security professionals, Certified information systems security professionals (CISSPs), 27 Checklists, as element of policy, 63 Chief information officers (CIOs), 22, Chief security officers (CSOs), CISECURITY toolkit, 80 Civil liability, 49 Civility, as principle for security in higher education, 6 Clarke, R., xix Columbia University, 13n2 Community: as academic value, 3 4; as principle for security in higher education, 6 Computer Science and Telecommunications Board, xvi Computers: firewalls in, 81; as target of hackers, 31, 77. See also Hostbased security Computing Technology Industry Association (CompTIA), certification program, 27 Confidentiality, as principle for security in higher education, 7 8 Consultants, hired for security purposes, 20 21, 28, 29 Content filtering, 11 Convenience, balancing security with, 16 Cornell University, policy procedure information from, 64 Cybersecurity insurance, 56 D Definitions, as element of policy, 62 Desman, M. B., 63 Developing a Strategy to Manage Enterprisewide Risk in Higher Education (Cassidy and others), 33 Distributed denial-of-service (DDOS) attacks, xi, 31 Diversity, as principle for security in higher education, 8 Dors, N., 86 Duderstadt, J. J., 2, 3 Dunn, J., 77 Duty, in negligence law, E encrypted vs. unencrypted, 85; filtering content of, 11 Eaton, J., 4 Education. See Security education EDUCAUSE/Cornell Institute for Computer Policy and Law, models for campus IT security policies, 101 EDUCAUSE/Internet2 Computer and Network Security Task Force: Framework for Action, xviii xix; participated in development of national security strategy, xvii; principles for implementing security in higher education, 6 10, 13n2; security policies information from, 65 66; security resources from, 103 Encryption, necessity of, Enterprise directories, 84, 86 Equity, as principle for security in higher education, 8
4 Index 107 Ethernet, shared, 75 Ethics, as principle for security in higher education, 9 10 Events, for delivering security education, 97 F Facilitator university model, Faculty, security education for, 92 Fair information practices, 5, 7 8 Fairness, as academic value, 5 Family Educational Rights and Privacy Act, 92 FBI Academy, 102 Firewalls: appropriateness of, 10; border, 75; host-based, 81; multiple, 75 Foster, A., 18 Fraser, B., 74 Frasier, M., 76 Freedom. See Academic freedom; Intellectual freedom FTP, encrypted vs. unencrypted, 85 G Global information assurance certification (GIAC), 27 Government, independence from, 4 Gray, T., 75 Green, R., 49 Grimes, S., 76 Guidelines, as element of policy, 63 Gwaltney, R., 81 H Hackers: computers as target of, 31, 77; vulnerability to, xii, 31 32, 78, 79 Handbooks, security, Handouts, for delivering security education, 98 Health care professionals, security education for, 93 Health Insurance Portability and Accountability Act (HIPAA), 93, 102 Higher education: academic values in, 3 5; mission of, 2; operational environment of, 2 3; potential security practices for, 10 12; principles for implementing security in, 6 10, 13n2; security conditions with liability potential in, 47 48; security vulnerability of computers in, xii, 31 32, 78, 79 Higher Education Information Technology Alliance, xix Host-based firewalls, 81 Host-based security: best practices for, 78 83; defined, 78; importance of, I Identity management, 83 Indiana University, response to security breaches improved at, Information protection programs (IPPs), steps for establishing, Information security. See Security Institutional policies: elements of, 61 64; process of developing and maintaining, See also Security policies Institutional risk analysis. See Risk analysis Insurance, cybersecurity, 56 Integrity, as principle for security in higher education, 9 10 Intellectual freedom, 4, 7, 16. See also Academic freedom International Information Systems Security Certification Consortium, 27 Internet access, intellectual freedom and, 4 Internet Audit Project, security vulnerabilities revealed by, Internet Security Systems, 80 Internet2 Middleware initiative, 83 84, 86 Intrusion detection systems (IDSs), 11 12, 76 Intrusion prevention systems, 76
5 108 Index IT Security Cookbook, 66 IT security. See Security IT staff. See Security staff J Jacobson, H., 49 Joint Information Systems Committee, 63 Jopeck, E., 33 K Kenneally, E., 51 Kerberos, King, C. M., 63 Klingenstein, K., 83 Kohl, J., 82 Krebs, B., 56 L Lake, P. F., Leadership: security, 21 23; and security architecture, See also Security staff Legal liability. See Liability Liability, 45 57; civil, 49; and cybersecurity insurance, 56; and facilitator university model, 53 55; and negligence law, 50 53; security conditions with potential for, 47 48; and team approach to risk management, Libraries, privacy measures of, 5 Logging, 8, 11, 82 M Mandia, K., 66 Marchany, R., 31 McIntyre, D. J., 52 McRobbie, M., 19 Meetings, for presenting security education, 95 Microsoft products, virus protection when using, Middleware: defined, 83; security considerations with, Mission, higher education, 2 Mission Continuity Planning (Qayoumi), 33 Murrell v. Mount St. Clare College, 52 N National Association of College and Business Officers (NACUBO), risk assessment information, 33 National Infrastructure Protection Center (NIPC), risk assessment model, 33 National Institute for Standards and Technology Security Resource Center, 103 National Institute of Science and Technology (NIST), risk assessment information, 33 National Science Foundation, 6, 13n2, 86 National Strategy to Secure Cyberspace, xii, xvi xviii, 16 Negligence law, 50 53; breach in, 50, 52 53; duty in, 50 51; and facilitator university model, 53 55; and foreseeable harm, 51 52; general principles of, 50 Network scanning utilities, 80 Network security: best practices for, 75 77; defined, 74 Neumann, C., 82 Nichols, R. K., 63 NIMDA worm virus, 79 Nmap Network Mapping Software, 80 O Oblinger, D., 1 Olsen, F., 19 Online quizzes, for security education, 96 Openness, balancing security with, 16 OpenSAML, 86 The OpenSSL Project, 85
6 Index 109 Operational environment, higher education, 2 3 Operational security, 25 Outsourcing security, 20 21, 28, 29 P Packet filtering, 10 Parents, security education for, 92 Partnerships, security obtained through, Passwords: central authentication service for, 82 83; encrypted vs. unencrypted, 84 86; enterprise directory for managing, 84, 86 Patches, 32, Payne, S., 89 Peltier, T. R., Personnel. See Security staff Pescatore, J., 90 Petersen, R., 59 Physical security, Planning. See Security plan; Security policies Policies. See Security policies Policy statement, as element of policy, Postel, J., 80 Princeton University, Principles, for implementing security in higher education, 6 10, 13n2 Privacy: as academic value, 5; as principle for security in higher education, 7 8 Procedures, as element of policy, 62 Prosise, C., 66 Purpose statement, as element of policy, 61 Q Qayoumi, M. H., 33 R Rationale statement, as element of policy, 61 Read, B., 18, 48 Recor, J., 15 References, as element of policy, 63 Research and Educational Networking Information Sharing Analysis Center (REN-ISAC), xii Researchers, security education for, Responsibility, as principle for security in higher education, 9 10 Risk analysis, 31 42; benefits of, 32; case study of, at Virginia Tech, 33 42; CIS security benchmarks for, 40 42; models for, 33; need for, 31 32, 42; as step in designing host-based security plan, 79 Risk assessment. See Risk analysis Risk management: and insurance, 55 56; team approach to, Roesch, M., 76 Roles and responsibilities, as element of policy, 62 Ryan, D. J., 63 Ryan, J.J.C.H., 63 S Safe SQL Slammer Worm Attack Mitigation, 75 Salaries, of certified security professionals, 28 Salomon, K. D., 46 San Diego Super Computer Security Advisory, 85 Scanning, 11 Scope, as element of policy, 62 Security: balancing convenience and openness with, 16; functions of, 23 26; goals of program for, 60; obtaining support for, 18 20; principles for implementing, in higher education, 6 10, 13n2; range of practices for, Security + certification, 27 Security administrators, responsibilities of, 26 Security alerts, 81
7 110 Index Security analysts, responsibilities of, 26 Security architecture, 73 87; application-based security element of, 84 86; CIO s role with, 86 87; context for, 73; host-based security element of, 77 83; middleware and directory services element of, 83 84; network security element of, 74 77; technical resource on, 74. See also Security infrastructure Security breaches: due process for dealing with, 9; examples of preventable, 17 18; by insiders, 90; institutional responses to, 52 53; monitoring, 20; response to, improved by security policies, Security convergence, Security education, ; delivery methods for, 95 98; need for, 89, 90; obstacles to, 90 91; recommended approach to, ; targets audiences for, 91 95; tips for communicating, Security engineers, responsibilities of, 26 Security incidents. See Security breaches Security infrastructure: institutional characteristics influencing, 17; steps for establishing, See also Security architecture Security plan: developing, 18; obtaining support for, 18 20; potential security practices in, Security policies, 59 70; acceptable use policy as component of, 66; and elements of institutional policies, 61 64; and goals of information security program, 60; information security policy statement vs., 59 60; issues to be addressed by, 65 68; necessity of establishing, 9; process for developing and maintaining, 64 65; response to security breach improved with, 68 70; security education program based on, ; sources of information on, 65 66, 101 Security professionals. See Security staff Security Self-Assessment Guide for Information Technology Systems (Swanson), 33 Security staff: certification of, 27 28; common job titles and responsibilities for, 22 23, 26; number of, and size of organization, 23, 24, 25; outside consultants as, 20 21, 28, 29; salaries of, 28; security education for, Security Targeting and Analysis of Risks (STAR) process for risk assessment, Security teams, 23 Semjanov, P., 82 Shibboleth, 86 Siri, L., 31 Sniffers, 11 SQL Slammer attack, xiii, 75 Staff, security education for, 92, See also Security staff Standards, as element of policy, Stanton v. University of Maine, Students: computer equipment of, 3; security education for, 92 Suess, J., 73 Support, obtaining, for information security, Swanson, M., 33 System Administration, Audit, Network, Security (SANS) Institute: certification program, 27; security education offered by, 95; security policies information from, 66 System logging service, 82 T Telnet, encrypted vs. unencrypted, 85 Thibeau, B. E., 46 Training, incorporating security education in, 98. See also Security education Tribbensee, N. E., 45
8 Index 111 TriWest Healthcare Alliance, 52, 53 Tudor, J. K., 64 U University of Colorado Encrypted Authentication Security Standards, 85 University of Delaware, security incident at, University of Maine, Stanton v., University of Maryland: computer security vulnerability at, 78, 79; security alert tracking at, 81; security education by Dept. of Public Safety at, 101 University of Minnesota, information on policy procedures from, 64 University of Virginia, FBI Academy operated by, 102 U.S. Department of Education, 64 U.S. Department of Homeland Security, 97, 103 V Values, in higher education, 3 5 Videos, for delivering security education, 98 Vinik, F., 53 Virginia Alliance for Secure Computing and Networking, 103 Virginia Tech, risk assessment at, Virtual private networks (VPNs), 11, Viruses: alerts about, 97; protection against, Vulnerability, of computers in higher education, xii, 31 32, 78, 79 W Walker, K. M., 64 Web ads, for delivering security education, 96 Web content filtering, 11 Web sites, for delivering security education, 96 WebISO, 86 Whatis, 11 Wireless networks, Wireless Security and VPN, 77 Wood, C. C., 64 Worms. See Viruses Y Yale University, Yasin, R., 83 Zager, M., 49 Z
Computer and Network Security in Higher Education
Chapter 6 Security Architecture Jack Suess Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication of EDUCAUSE Copyright 2003 Jossey-Bass Inc. Published
More informationComputer and Network Security in Higher Education
The Authors Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication of EDUCAUSE Copyright 2003 Jossey-Bass Inc. Published by Jossey-Bass, A Wiley Company.
More informationComputer and Network Security in Higher Education
Chapter 1 IT Security and Academic Values Diana Oblinger Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication of EDUCAUSE Copyright 2003 Jossey-Bass Inc.
More informationComputer and Network Security in Higher Education
Chapter 5 Policy Development for Information Security Mark Bruhn and Rodney Petersen Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication of EDUCAUSE
More informationComputer and Network Security in Higher Education
Chapter 3 Conducting a Risk Analysis Randy Marchany Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication of EDUCAUSE Copyright 2003 Jossey-Bass Inc. Published
More informationComputer and Network Security in Higher Education
Daniel Updegrove and Gordon Wishon Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication of EDUCAUSE Copyright 2003 Jossey-Bass Inc. Published by Jossey-Bass,
More informationComputer and Network Security in Higher Education
Mark Luker and Rodney Petersen Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication of EDUCAUSE Copyright 2003 Jossey-Bass Inc. Published by Jossey-Bass,
More informationComputer and Network Security in Higher Education
Chapter 4 Liability for Negligent Security: Implications for Policy and Practice Nancy E. Tribbensee Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication
More informationComputer and Network Security in Higher Education
Chapter 2 Organizing for Improved Security Jeff Recor Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication of EDUCAUSE Copyright 2003 Jossey-Bass Inc.
More informationAn Evaluation of Privacy and Security Issues at a Small University
An Evaluation of Privacy and Security Issues at a Small University Abstract by Michael North Carolina Agricultural and Technical State University mejones@ncat.edu Colleges and universities process large
More informationIT Security Procedure
IT Security Procedure 1. Purpose This Procedure outlines the process for appropriate security measures throughout the West Coast District Health Board (WCDHB) Information Systems. 2. Application This Procedure
More informationInformation Security Policy
Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current
More informationIT Security in Higher Education Survey Questionnaire
IT Security in Higher Education Survey Questionnaire Thank you for your participation in the EDUCAUSE Center for Applied Research (ECAR) study on IT Security in Higher Education. The study will cover the
More informationCybercrimes: A Multidisciplinary Analysis
Sumit Ghosh Elliot Turrini Editors Cybercrimes: A Multidisciplinary Analysis fyj Springer Part I Introducing Cybercrimes 1 A Pragmatic, Experiential Definition of Computer Crimes 3 1.1 Introducing Computer
More informationUIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting
SECURITY HANDBOOK Mission Statement: UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting investigations. UIT Security
More informationEllucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant
Ellucian Cloud Services Joe Street Cloud Services, Sr. Solution Consultant Confidentiality Statement The information contained herein is considered proprietary and highly confidential by Ellucian Managed
More informationCNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:
1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus
More informationComputer and Network Security in Higher Education
Chapter 7 Campuswide Security Education and Awareness Shirley Payne Computer and Network Security in Higher Education Mark Luker and Rodney Petersen, Editors A Publication of EDUCAUSE Copyright 2003 Jossey-Bass
More informationComputer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings
Computer Security Principles and Practice Second Edition William Stailings Lawrie Brown University ofnew South Wales, Australian Defence Force Academy With Contributions by Mick Bauer Security Editor,
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationDesigning Security for Microsoft SQL Server 2005
Designing Security for Microsoft SQL Server 2005 Course 2787 Two Days Hands-On, Instructor-Led Introduction This two-day instructor-led course enables database administrators who work with enterprise environments
More informationStatement of John (Jack) Suess, CIO, UMBC, and Cochair of the EDUCAUSE/Internet2 Computer and Network Security Task Force
Statement of John (Jack) Suess, CIO, UMBC, and Cochair of the EDUCAUSE/Internet2 Computer and Network Security Task Force National Cyber Security Awareness Month Kick-Off Event September 30, 2004 National
More informationPreliminary Course Syllabus
Preliminary Course Syllabus Designing Security for Microsoft SQL Server 2005 Elements of this syllabus are subject to change. Key Data Product #: 1917 Course #: 2787A Number of Days: 2 Format: Instructor-Led
More informationBest Practices For Department Server and Enterprise System Checklist
Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)
More information2012 Risk Assessment Workshop
2012 Risk Assessment Workshop Agenda Risk Assessment Strategy for Texas State Device Registration Application Risk Assessment using ISAAC Review Server Management responsibilities 1 Risk Assessment Strategy
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationNetwork Security Foundations
Network Security Foundations Matthew Strebe O San SrBBC Francisco London Introduction xv Chapter 1 Security Principles 1 Why Computers Aren't Secure 2 The History of Computer Security 4-1945 5 1945-1955
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationWhat is Management Responsible For?
What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional
More informationSecurity Transcends Technology
INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com
More informationOrganizing and Managing Information Resources on Your Campus
Organizing and Managing Information Resources on Your Campus Polley Ann McClure, Editor A Publication of EDUCAUSE Copyright 2003 Jossey-Bass Inc. Published by Jossey-Bass, A Wiley Company. Reprinted by
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationTHE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI
THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI Introduction. I. VULNERABILITIES AND TECHNOLOGIES. 1. Hackers and Threats. Contending with Vulnerability Realizing Value in Security
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationNetwork Security Policy
Network Security Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED QUESTIONS
More informationCONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker
ALL ElNis ONE CEH Certified Ethical Hacker EXAM GUIDE Matt Walker Mc Grain/ New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto McGraw-Hill
More informationMarist College. Information Security Policy
Marist College Information Security Policy February 2005 INTRODUCTION... 3 PURPOSE OF INFORMATION SECURITY POLICY... 3 INFORMATION SECURITY - DEFINITION... 4 APPLICABILITY... 4 ROLES AND RESPONSIBILITIES...
More informationCESG Certification of Cyber Security Training Courses
CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security
More informationExecutive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6
Securing the State Of Michigan Information Technology Resources Table of Contents Executive Overview...4 Importance to Citizens, Businesses and Government...5 Emergency Management and Preparedness...6
More informationNational Cyber League Certified Ethical Hacker (CEH) TM Syllabus
National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)
More informationThe Evolution of Information Security at Wayne State University
The Evolution of Information Security at Wayne State University Nathan W. Labadie ab0781@wayne.edu Sr. Systems Security Specialist Wayne State University A Bit of Background Covers mid-2000 to present.
More informationCISCO IOS NETWORK SECURITY (IINS)
CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.
More informationIntegrating Security into Your Corporate Infrastructure
Integrating Security into Your Corporate Infrastructure December 13, 2001 Matthew K. Miller, CISSP, GIAC Manager, Security Services RedSiren Technologies 1 Who is RedSiren? We are a MSSP Managed Security
More informationInformation Security Policy and Handbook Overview. ITSS Information Security June 2015
Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information
More informationHIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures
HIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures Don Hewitt and Chris Goggans March 1, 2001 Copyright 2001 by Security Design International, Inc. 1 Agenda The Proposed Rule
More informationThrough the Security Looking Glass. Presented by Steve Meek, CISSP
Through the Security Looking Glass Presented by Steve Meek, CISSP Agenda Presentation Goal Quick Survey of audience Security Basics Overview Risk Management Overview Organizational Security Tools Secure
More informationJoseph Migga Kizza. A Guide to Computer Network Security. 4) Springer
Joseph Migga Kizza A Guide to Computer Network Security 4) Springer Contents Part I Understanding Computer Network Security 1 Computer Network Fundamentals 1.1 Introduction 1.2 Computer Network Models
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationSecuring your Corporate Infrastructure What is really needed to keep your assets protected
Securing your Corporate Infrastructure What is really needed to keep your assets protected Joseph Burkard CISA, CISSP October 3, 2002 1 Securing your Corporate Infrastructure Management Dilemma or Technical
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More information5 IT Security Planning and Practice
5 IT Security Planning and Practice Planning is bringing the future into the present so that you can do something about it now. Alan Lakein Key Findings The higher its FTE enrollment, the more likely an
More informationPrinciples of Information Assurance Syllabus
Course Number: Pre-requisite: Career Cluster/Pathway: Career Major: Locations: Length: 8130 (OHLAP Approved) Fundamentals of Technology or equivalent industry certifications and/or work experience. Information
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationEC-Council Certified Security Analyst (ECSA)
EC-Council Certified Security Analyst (ECSA) v8 Eğitim Tipi ve Süresi: 5 Days VILT 5 Day VILT EC-Council Certified Security Analyst (ECSA) v8 Learn penetration testing methodologies while preparing for
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More information933 COMPUTER NETWORK/SERVER SECURITY POLICY
933 COMPUTER NETWORK/SERVER SECURITY POLICY 933.1 Overview. Indiana State University provides network services to a large number and variety of users faculty, staff, students, and external constituencies.
More informationHosts HARDENING WINDOWS NETWORKS TRAINING
BROADVIEW NETWORKS Hosts HARDENING WINDOWS NETWORKS TRAINING COURSE OVERVIEW A hands-on security course that teaches students how to harden, monitor and protect Microsoft Windows based networks. A hardening
More informationSpooks in the Machine
A Higher Education Services Company Spooks in the Machine Proactive Strategies for Securing the Network Steven M. Helwig, CISSP Technical Director shelwig@sungardcollegis.com Contents of Presentation Aligning
More informationInformation Security Training for SysAdmins. Center for Education and Research in Information Assurance and Security, Purdue University
Information Security Training for SysAdmins Center for Education and Research in Information Assurance and Security, Purdue University Published by: CERIAS, The Center for Education and Research in Information
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationPRINCIPLES AND PRACTICE OF INFORMATION SECURITY
PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles
More informationEncryption. For the latest version of this document please go to: http://www.exchangedefender.com/docs. v 1.0 May 16,2011 Audience: Staff
Encryption For the latest version of this document please go to: http://www.exchangedefender.com/docs v 1.0 May 16,2011 Audience: Staff Table of Contents ExchangeDefender Overview 3 ExchangeDefender Encryption
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationUniversity System of Maryland University of Maryland, College Park Division of Information Technology
Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationABB s approach concerning IS Security for Automation Systems
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationServer Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating
Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating to all users of UNH IT resources, and improve the availability
More informationNext. CDS 2015 Survey Module 7 Information Security Survey Errata
1 CDS 2015 Survey Survey Errata This module includes questions about the IT security organization, staffing, policies, and practices related to information technology security. This is an optional module.
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationRARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 276 Windows Security Management
RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE CISY 276 Windows Security Management I. Basic Course Information A. Course Number & Title: CISY-276 Windows Security Management B. Date of Revision: Spring
More information3. Firewall Evaluation Criteria
Firewall Management Prep. drd. Radu Constantinescu Academy of Economics Studies, Bucharest ABSTRACT Network connectivity can be both a blessing and a curse. On the one hand, network connectivity can enable
More informationAGENDA HIP Ho AA w i rivacy d The B reach Happen? I P nc AA Secu dent R rit esp y o nse Corrective Action Plan What We Learned ACRONYMS USED
Michael Almvig Skagit County Information Services Director 1 AGENDA 1 2 HIPAA How Did Privacy The Breach Happen? HIPAA Incident Security Response 3 Corrective Action Plan 4 What We Learned Questions? ACRONYMS
More informationNext. CDS 2015 Survey Module 7 Information Security Survey Errata
CDS 2015 Survey Survey Errata This module includes questions about the IT security organization, staffing, policies, and practices related to information technology security. This is an optional module.
More informationUtica College. Information Security Plan
Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles
More informationHamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)
Hamilton College Administrative Information Systems Security Policy and Procedures Approved by the IT Committee (December 2004) Table of Contents Summary... 3 Overview... 4 Definition of Administrative
More informationIntroduction p. 2. Introduction to Information Security p. 1. Introduction
Introduction p. xvii Introduction to Information Security p. 1 Introduction p. 2 What Is Information Security? p. 3 Critical Characteristics of Information p. 4 CNSS Security Model p. 5 Securing Components
More informationData Management & Protection: Common Definitions
Data Management & Protection: Common Definitions Document Version: 5.5 Effective Date: April 4, 2007 Original Issue Date: April 4, 2007 Most Recent Revision Date: November 29, 2011 Responsible: Alan Levy,
More informationJort Kollerie SonicWALL
Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential
More informationManaging internet security
Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further
More informationRARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY-274 Privacy, Ethics & Computer Forensics
RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE CISY-274 Privacy, Ethics & Computer Forensics I. Basic Course Information A. Course Number & Title: CISY-274 - Privacy, Ethics, & Computer Forensics B. New
More informationResearch and Educational Networking Information Analysis and Sharing Center (REN-ISAC)
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC ren-isac@iu.edu Copyright Trustees of Indiana University 2003. Permission is granted
More informationResponsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More information全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks
全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks Agenda Challenges and PCI DSS 3.0 Updates Personal Information Protection Act Strategy to Protect against leak of Confidential Personal and Corporate
More informationCybercrime in Canadian Criminal Law
Cybercrime in Canadian Criminal Law Sara M. Smyth, LL.M., Ph. D. Member of the Law Society of British Columbia CARSWELL Table of Contents Preface Table of Cases v xvii PART ONE Introduction to Cybercrime
More informationUser Security Education and System Hardening
User Security Education and System Hardening Topic 1: User Security Education You have probably received some form of information security education, either in your workplace, school, or other settings.
More informationDATA SECURITY AGREEMENT. Addendum # to Contract #
DATA SECURITY AGREEMENT Addendum # to Contract # This Data Security Agreement (Agreement) is incorporated in and attached to that certain Agreement titled/numbered and dated (Contract) by and between the
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationBachelor of Information Technology (Network Security)
Bachelor of Information Technology (Network Security) Course Structure Year 1: Level 100 Foundation knowledge subjects SEMESTER 1 SEMESTER 2 ITICT101A Fundamentals of Computer Organisation ITICT104A Internetworking
More informationNetworking: EC Council Network Security Administrator NSA
coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA
More informationPage: Designed & Executed By: Presents Cyber Security Training
Page: 1 Designed & Executed By: TM S I v8 RAINNVESTIGATOR Cyber Security Training Presents T CCE TechBharat Certified Cyber Expert TechBharat Certified Cyber Expert EC-Council Computer Hacking Forensic
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More information