CDW-G School Safety Index 2009
|
|
- Piers Hardy
- 8 years ago
- Views:
Transcription
1 CDW-G School Safety Index 2009 May 18, CDW Government, Inc. 1
2 CDW-G School Safety Index 2009 Study Focus and Objectives Now in its third year, the CDW-G School Safety Index provides a nationwide, firsthand view of school safety issues from the perspective of district IT and security directors. Additionally, the index enables schools to measure themselves against a national benchmark. CDW-G expanded the survey to understand the steps districts are taking to strengthen security, protect wireless networks, and monitor buildings. CDW-G surveyed more than 400 K-12 district IT and security directors to: Evaluate districts cyber and physical security Assess current cyber and physical security measures Understand the proliferation of security breaches Understand the impact of cyber and physical education and communication 2
3 CDW-G School Safety Index 2009 Contents Executive Summary 4 Understanding the Index 5 The School Safety Index 6 Cyber Security 8 Physical Security 17 Homework: Calls to Action 23 Methodology 24 Respondent Demographics Cyber Safety Index Physical Safety Index 28 3
4 Executive Summary Report Card: Threats outpace school security improvements CDW-G School Safety Index 2009 K-12 districts scores fell in the 2009 School Safety Index Continued threats, such as breaches and lack of end-user compliance, coupled with budget and staffing challenges make progress difficult» In the last 12 months, 55% of districts report experiencing a cyber security breach and 67% report experiencing a physical security breach» Only 19% of districts are confident that students are following acceptable use policies Schools are taking positive steps to improve security» The majority of districts (87%) report that the IT and physical security departments are collaborating» 88% of respondents say their district has a wireless network; of these, 92% use encryption to secure the network» 70% of districts report using a mass notification system to improve emergency communication But security perceptions do not align with reality While K-12 districts report an increase in physical and cyber breaches in the last year vs. previous years, most still say their schools are safe. By their own self-assessment:» Just 22% of respondents indicated that their cyber security needs improvement» Just 24% of respondents indicated that their physical security needs improvement Budget is the top impediment to improving security Despite increased threats and breaches:» Just 34% of districts plan to make a case for increased investment in these areas» Less than a quarter (20%) say they seek best practices from other districts 4
5 CDW-G School Safety Index 2009 Understanding the Index Based on online survey research, the CDW-G School Safety Index s 10 positive indicators and 4 contraindicators represent the elements of an overall security program. The CDW-G School Safety Index sets a national benchmark to gauge the current status of school safety and outlines steps for improvement. Additionally, the index aims to focus attention on the convergence of IT and physical security in public school districts. Cyber Security Indicators» Self-Assessment» District Cooperation» Strengthening Security» Security Updates» Wireless Security» AUP Contraindicators» IT Breaches» IT Barriers Physical Security Indicators» Self-Assessment» Strengthening Security» Campus Monitoring» Mass Notification Contraindicators» Physical Breaches» Physical Barriers 5
6 CDW-G School Safety Index 2009 The CDW-G School Safety Index** Taken together, the Cyber Safety Index and the Physical Safety Index comprise the School Safety Index. In 2009, K-12 districts scores fell, in line with continued threats and budget and staffing challenges. The 2009 National Cyber Safety Average was 22.2; the Physical Safety Average was 32.2.* The results point to a need for increased focus on both cyber and physical security in K-12 districts. *See slides for expanded information on the cyber and physical indexes. **This year, CDW-G provided specific definitions of breaches for the first time. 6
7 Cyber/Physical Security Collaboration: Teamwork Lightens the Load CDW-G School Safety Index 2009 Districts are working to integrate cyber and physical security efforts, with the majority 87% reporting collaboration, up from 65% in % 45% 40% 46% 35% 30% 25% 20% 15% 35% 33% 21% How does your district IT department share or collaborate with the security department on plans and/or purchases?* 10% 13% 5% 0% Share staff Share resources Meet regularly Consult on purchases Do not collaborate *Respondents were asked to select all that apply. 7
8 Cyber Security Wireless Networks: Connecting to Learn Wireless networks are proliferating, bringing increased access to the Internet and other computing resources. 88% Of districts report they have a wireless network Where are the networks located?* 59% administrative offices 59% classrooms 58% common areas Small districts lag in classroom connections: 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 45% 66% Have wireless in classrooms Of those districts without a wireless network, approximately two-thirds (65%) are currently considering or implementing one Under 1,000 students Over 50,000 students *Respondents were asked to select all that apply. 8
9 Cyber Security Wireless Networks: Connecting to Learn Wireless networks also bring new security concerns. Districts are taking steps to protect themselves. How does your district secure its wireless network?* Firewalls Wireless Encryption Protocol (WEP) 38% 54% 92% Wireless Protected Access 2 (WPA2) Wireless Protected Access (WPA) 23% 24% of districts use some type of encryption Open, segmented, VLAN, multiple SSID 16% Perimeter and/or wireless intrusion detection WPA Enterprise/802.1x 9% 11% *Respondents were asked to select all that apply. 9
10 Cyber Security Network Monitoring: Hall Pass for Hackers? Districts are not taking all possible steps to ensure their systems have current security software, leaving their networks vulnerable. How do you ensure that district computers have the latest security patches and updates?* 58% 48% 35% Patch management Use Network Access Control (NAC) to view and control who is on the network and provide updates and patches Prevent computers from connecting until security updates are complete *Respondents were asked to select all that apply. 10
11 Cyber Security Acceptable Use: Engage the Community Acceptable use policies (AUP) enable school districts to ensure that users follow the policies and procedures that protect students and the network. The data shows that districts need to put a greater emphasis on compliance monitoring. How confident are you that your students are following AUP regarding Internet use? Low confidence may result from lack of supervision Very confident; we filter, monitor logs extensively, and test for gaps in our protection Somewhat confident; we filter and monitor filtering logs only 40% of districts say they are strengthening network security by enforcing their AUP 17% 19% 64% additionally 40% say they spend 4 or fewer hours per month reviewing/investigating questionable Internet activity Not at all confident; we only do basic filtering 11
12 Cyber Security IT Breaches: Threats on the Rise District IT breaches*, defined as unauthorized user access, hacking, or viruses, are rising rapidly, with districts reporting that the majority of IT breaches are internal confirming the need to bolster AUPs and improve end-user education and monitoring. Consequences of IT Security Breaches** Experienced a breach in the prior 12 months: 60% Loss of staff hours to deal with/correct the breach 59% Purchase of new software/hardware to correct the breach 19% Compromised data or loss of confidential data 18% 50% 55% Negative publicity 17% 40% Personnel terminated 4% 30% 20% Causes of IT Security Breaches** Internal breach student 41% 10% 0% 9% 14% IT Breaches External breach 35% Internal breach staff employees 22% Unsure 21% *The study defined IT breaches in 2009, which was not done in previous years. **Respondents were asked to select all that apply. 12
13 Cyber Security IT Barriers: Holding Back Progress For the third year in a row, budget challenges, lack of staff resources, and hardware/software barriers top the list of cyber security challenges. Still, few districts are planning to reallocate IT budget for increased focus, and just a third plan to make a business case for improving IT security. What are your district s top three barriers to improving IT security?* 70% 60% 67% 50% 56% 40% 42% 30% 20% 10% Most districts are not allocating additional budget to address the top concern:» Just 20% say they plan to reallocate district IT budget to address security needs and/or reallocate staff resources to address security concerns» Just 33% say they plan to make the business case to the administration/school board for improving IT security 0% Lack of budget Too few staff resources Hardware/software barriers *Respondents were asked to pick their top three. 13
14 Cyber Security IT Barriers: Holding Back Progress K-12 IT professionals are examining a variety of options to address security concerns; there is no consensus on the best path forward. How do you plan to overcome your district s barriers to better IT security in the next 12 months? 36% 33% 27% 25% 20% Engage the district s administration to improve IT processes and procedures Make the business case to the administration/school board for improving IT security Purchase additional software Change IT security policies for users Purchase additional hardware Reallocate district IT budget to address security needs Reallocate staff resources to address security concerns *Respondents were asked to select all that apply. 14
15 Cyber Security Cyber Security: How to Raise the Grade When asked what needs to be done to strengthen network security, 71% of respondents said improve enduser education. But just 52% report that they are taking steps to do so. Improving end-user education Enforcing the acceptable use policy (AUP) 37% 40% Increasing access control, such as network log-ons 28% 43% Improving URL content management/web filtering 27% 37% Sharing best practices with other districts 24% 25% Utilizing students to identify security gaps/white hat hackers 21% 14% Increasing the granularity of network authentication 20% 22% 52% *Respondents were asked to select all that apply. Ranking shows most popular responses. 71% What needs to be done to strengthen your network security?* What steps are being taken to strengthen your network security?* 15
16 Cyber Security Cyber Security: How to Raise the Grade K-12 districts may be missing an opportunity to leverage lessons learned due to lack of communication with other districts on security issues. 67% 25% cite budget as their most significant challenge but just of districts say they are sharing best practices with other districts $ Leverage lessons learned from other districts to save money and improve security 16
17 Physical Security Campus Monitoring: Under the Microscope Districts report a slight increase in security camera use, with 79% reporting they use cameras (up from 70% in 2008). Still, just 50% say their district uses cameras to monitor indoor common areas. Does your district currently use security cameras to monitor the following? Outside of buildings/parking lots 58% Entry/exit points 57% Common areas (cafeteria and hallways) 50% Offices 17% Gymnasium 12% Classrooms 11% Rural schools at greater risk? Use cameras: 82% of urban/suburban districts 70% of rural districts 36% 24% of districts enable local emergency response personnel, such as police, fire, or dispatchers, to view security camera footage in real time (up from 33% in 2008) of those who do not link to local authorities are planning or implementing a program within the next 12 months 17
18 Physical Security Mass Notification: Critical Communications Districts report a significant increase in use of mass notification systems, strengthening real-time safety communication. Use a Mass Notification System: 46% 2008: 45% 2009: 70% of those without a mass notification system are planning or implementing one within the next 12 months 75% Rural Districts Lag: Have a Mass Notification System: Yes 71% Yes 59% Yes Urban Suburban Rural 80% 70% 60% 50% 40% 30% 20% 10% 0% 18
19 Physical Security Mass Notification: Critical Communications Despite increased deployment of mass notification systems, districts are not taking advantage of all available communication methods. Text alerts, which may provide the fastest communication, are in place in fewer than half of districts with mass notification systems. And 1/3 of parents are not able to receive communication from districts with mass notification systems. Most commonly cited mass notification capabilities: 80% 70% 60% 50% 40% 30% 20% 10% 0% 70% 69% Automated phone messages 61% 65% 32% 39% 28% 38% alerts Text message alerts Sirens/loud speakers The following groups receive messages from their district s mass notification system: Faculty/staff 91% Administration 85% Parents/guardians 62% Students 49% Local police and emergency personnel 42% 19
20 Physical Security Physical Breaches: Lock Down K-12 districts report a rise in physical security concerns. While most respondents believe their physical security is adequate, the data indicates a need to strengthen. Experienced a physical security breach* in the last 12 months, defined as a break-in, unauthorized persons in school buildings, or vandalism 70% 60% 50% 40% 30% 20% 10% 0% 21% 31% IT Breaches 67% Consequence of Physical Security Breaches** Loss of staff hours to deal with/correct the breach 53% Loss of physical assets 51% Negative publicity 24% Purchase of security cameras to deter crime 21% Purchase of new software to correct the breach 9% Personnel terminated 4% Causes of Physical Security Breaches** Unidentified person(s) 42% Students 37% Unsure 29% Staff/employees 13% *The study defined physical breaches in 2009, which was not done in previous years. **Respondents were asked to select all that apply. 20
21 Physical Security Physical Barriers: Holding Back Progress Nearly all (84%) districts encounter obstacles to physical security improvement. For the third year in a row, budget is cited as the top barrier, but just a third (35%) of respondents report they plan to make a business case to the administration/school board for improving physical security. 70% 60% 50% 40% 30% 20% 10% What are your district s top three barriers to improving physical security?* 69% 46% 27% How do you plan to overcome your district s barriers to better physical security in the next 12 months?** Make the business case to the administration/school board for improving physical security 35% Engage the district s administration to improve IT processes and procedures 31% Change security policies 26% Purchase additional hardware 23% Reallocate staff resources to address security concerns 23% Purchase additional software 17% 0% Lack of budget Too few staff resources Need for more tools Reallocate district IT budget to address security needs 14% *Respondents were asked to pick their top three. **Respondents were asked to select all that apply. 21
22 Physical Security Physical Security: How to Raise the Grade Respondents recommend a wide range of tactics to improve physical security there is no silver bullet. What needs to change to improve overall building security?* What steps is your district taking to improve overall building security?* 38% Better physical access control, such as RFID, door badges, locks, etc. 36% Better faculty/staff cooperation 36% Better surveillance 26% Better physical security plan 21% Better student cooperation 14% Better collaboration with IT 12% Sharing best practices with other districts 6% District building security does not need improvements 31% Better physical access control, such as RFID, door badges, locks, etc. 29% Better faculty/staff cooperation 29% Better surveillance 25% Better physical security plan 17% Better student cooperation 16% Better collaboration with IT 14% Sharing best practices with other districts 5% District building security does not need improvements *Respondents were asked to select all that apply. Ranking shows most popular responses. 22
23 CDW-G School Safety Index 2009 Homework: Calls to Action Renew Your Self-Assessment: Given lower year-over-year scores and increasing numbers of reported breaches, assess your district s current security, use of available tools, and user community compliance with established security policies and leverage those findings to prioritize. Visit to use the 2009 School Safety Index Self-Assessment Tool and receive instant scores and feedback Cover the Basics: Prevent computers that do not have security updates from connecting to your network. Increase use of cameras for indoor common areas Strengthen Acceptable Use and Monitoring: End-user education is cited as a significant need. Strengthen education, but don t rely on the end users. Deploy automated tools to assist, particularly in the face of staff shortages Learn From Your Peers: Reach out to other districts to share real-world advice and security best practices. Collective knowledge will help prioritize investments and maximize stretched budgets 23
24 CDW-G School Safety Index 2009 Methodology CDW-G conducted an online survey of district IT and security personnel in March and April 2009 A total of 408 IT and security personnel from a variety of K-12 public school districts from urban to rural completed the survey The sample size equates to a +/- 4.80% margin of error at a 95% confidence level Calculating the CDW-G School Safety Index:» Each positive indicator question is based on a value of 10» Each contraindicator question is based on a value of -10» Using the data from the national survey, the percentages were divided by 10, resulting in a numeric value 24
25 CDW-G School Safety Index 2009 Respondent Demographics Job Function:» 26% IT director/coordinator» 16% Network systems administrator» 9% Chief Information/ Technology/ Security Officer» 8% Superintendent» 4% Assistant superintendent for network security or emergency planning» 2% Director of emergency planning or security» 35% Other IT or security title Metropolitan Statistical Area:» 32% Urban» 48% Suburban» 20% Rural District Enrollment:» 15% 1,000 or fewer students» 34% 1,001-5,000 students» 24% 5,001-20,000 students» 27% 20,001+ students Job Responsibilities Include*:» 69% IT or network security» 14% Emergency communications» 17% Emergency planning» 14% Building security IT Budget:» 20% Average percent of district IT budget spent on IT safety for school year *Respondents were asked to select all that apply. 25
26 CDW-G School Safety Index Cyber Safety Index Element Question % Self Assessment Strengthening Security Strengthening Security Strengthening Security Strengthening Security Strengthening Security Would you rate the overall security of your district's IT network as safe or very safe? What steps are you taking to strengthen your network security? Improving end-user education 78% 52% Increasing access control 43% Utilizing students to identify security gaps/white hat hackers 14% Enforcing acceptable use policy (AUP) 40% Improving URL content management/web filtering 37% Element Question % Strengthening Security Strengthening Security District Cooperation Security Updates Increasing the granularity of network authentication 22% Sharing best practices with other districts 25% Regarding plans or purchases that affect cyber security and physical security, do your district IT and physical security departments share or collaborate on plans and/or purchases? How do you ensure that district computers have the latest security patches and updates? Utilize network access control to view and control who is on the network 87% 48% Security Updates Prevent computers from connecting until security updates are complete 35% Security Updates Patch management 58% 2009 National Cyber Safety Average = Factors in red are 2009 School Safety Index additions. 26
27 CDW-G School Safety Index Cyber Safety Index, Cont. Element Question % Wireless Security If your district has a wireless network, how do you secure it? 38% Wireless Encryption Protocol (WEP) Wireless Security Wireless Protected Access (WPA) 23% Wireless Security Wireless Protected Access 2 (WPA2) 24% Wireless Security WPA Enterprise/802/1x 9% Wireless Security Firewalls 54% Wireless Security Intrusion detection perimeter and/or wireless 11% Wireless Security Open, segmented, VLAN, multiple SSID 16% Wireless Security No encryption 8% AUP IT Breaches Are you confident that your students are following the acceptable use policy (AUP) regarding Internet use? Has your district had an IT breach in the last 12 months? 19% 55% Element Question % IT Breaches IT Barriers Compared to this time last year, have the cyber security breaches in your district increased? What are your district's main barriers to improving IT security? Yes Budget 7% 67% IT Barriers Too few staff resources 56% IT Barriers Lack of defined policies 21% IT Barriers Out of date hardware 26% IT Barriers Out of date software 16% IT Barriers Lack of IT infrastructure 15% IT Barriers Lack of user participation 19% 2009 National Cyber Safety Average = Factors in red are 2009 School Safety Index additions. 27
28 CDW-G School Safety Index Physical Safety Index Element Question % Self Assessment Strengthening Security Strengthening Security Strengthening Security Strengthening Security Strengthening Security Strengthening Security Would you rate the overall security of your district s buildings as safe or very safe? What steps are you taking to improve overall building security? Better physical access control, such as RFID, door badges, locks, etc. 76% 31% Better physical security plan 25% Better collaboration with IT 16% Better surveillance 29% Better student cooperation 17% Better faculty/staff cooperation 29% Element Question % Strengthening Security Sharing best practices with other districts 14% Campus Monitoring Does your district use security cameras to monitor any of the following? 58% Outside of buildings/parking lots Campus Monitoring Common areas such as cafeteria and hallways 50% Campus Monitoring Entry/exit points 57% Campus Monitoring Classrooms 11% Campus Monitoring Gymnasium 12% Campus Monitoring Offices 17% Campus Monitoring Does your district enable local emergency response personnel, such as police, fire, or dispatchers, to view security camera footage in real time? Yes 36% 2009 National Physical Safety Average = Factors in red are 2009 School Safety Index additions. 28
29 CDW-G School Safety Index Physical Safety Index, Cont. Element Question % Mass Notification Does your district use a mass notification system? 70% Mass Notification Does your mass notification have any of the following capabilities? 69% Automated phone messages Mass Notification Text message alerts 39% Mass Notification alerts 65% Mass Notification Sirens/loud speakers 38% Mass Notification Who can receive messages from your district's mass notification system? 91% Faculty/staff Mass Notification Administration 85% Mass Notification Students 49% Mass Notification Parents/Guardians 62% Mass Notification Local police and emergency personnel 42% Element Question % Physical Breaches Physical Breaches Physical Barriers Has your district had a physical breach in the last 12 months? Compared to this time last year, have the number of physical security breaches in your district increased? What are your district's main barriers to improving physical security? Budget 67% 7% 69% Physical Barriers Too few staff resources 46% Physical Barriers Lack of defined policies 19% Physical Barriers Need for more tools 27% Physical Barriers Poor infrastructure 19% Physical Barriers Lack of student participation 12% Physical Barriers Lack of faculty/staff participation 18% 2009 National Physical Safety Average = Factors in red are 2009 School Safety Index additions. 29
30 CDW-G School Safety Index 2009 Thank You For all media questions and inquiries, please contact: Kelly Caraher Meredith Braselman CDW Government, Inc. O Keeffe & Company (847) (703) ext. 107 kellyc@cdw.com mbraselman@okco.com
CDW-G Federal Cybersecurity Report: Danger on the Front Lines. November 2009. 2009 CDW Government, Inc.
CDW-G Federal Cybersecurity Report: Danger on the Front Lines November 2009 2009 CDW Government, Inc. 1 Table of Contents Introduction 3 Key Findings 4 The Threats 5 Frequent Threats 6 Persistence and
More informationThe App Age: How Enterprises Use Mobile Applications
The App Age: How Enterprises Use Mobile Applications Introduction The mobile app market is growing steadily as businesses seek ways to innovate, create business value and engage partners and customers
More informationTHE 2011 CDW-G 21ST-CENTURY CLASSROOM REPORT
THE 2011 CDW-G 21ST-CENTURY CLASSROOM REPORT June 27, 2011 2011 CDW Government INTRODUCTION A 21st-century classroom leverages technology to engage and empower teachers and students. In 2010, CDW-G launched
More information3. Are employees set as Administrator level on their workstations? a. Yes, if it is necessary for their work. b. Yes. c. No.
As your trusted financial partner, Maps Credit Union is committed to helping you assess and manage risks associated with your business online banking. We recommend that you do a periodic risk assessment
More informationCorporate Account Takeover (CATO) Risk Assessment
Corporate Account Takeover (CATO) Risk Assessment As a business, you want to be sure you have a strong process in place for monitoring and managing who has access to your ECorp services and how the information
More informationApril 17, 2012 2012 CDW
April 17, 2012 2012 CDW INTRODUCTION AND METHODOLOGY One in four organizations has experienced a data loss in the last two years. Many report breaches jeopardizing their email, network or other sensitive
More informationOCR LEVEL 3 CAMBRIDGE TECHNICAL
Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY
More informationBEYOND THE BREAK-IN: ADT SURVEY OF SMALL BUSINESS RETAILERS EVERYDAY SECURITY CONCERNS
BEYOND THE BREAK-IN: ADT SURVEY OF SMALL BUSINESS RETAILERS EVERYDAY SECURITY CONCERNS APRIL 2014 1 Table of Contents Background and Methodology Key Findings Detailed Findings Security Productivity New
More informationFROM TACTIC TO STRATEGY:
FROM TACTIC TO STRATEGY: The CDW 2011 Cloud Computing Tracking Poll 2011 CDW LLC TABLE OF CONTENTS Introduction 3 Key findings 4 Planning for the cloud 16 Methodology and demographics 19 Appendix 20 Industries
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More informationBAE Systems Cyber Security Survey Report
BAE Systems Cyber Security Survey Report Q1 2016 1 Copyright 2016 BAE Systems. All Rights Reserved. Table of Contents Page Number Objectives & Methodology 3 Executive Summary 4 Key Findings 7 Detailed
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationThe Importance of Cyber Threat Intelligence to a Strong Security Posture
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
More informationOnline Banking Fraud Prevention Recommendations and Best Practices
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee at Continental National Bank of Miami needs to know
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationHow To Protect Your School From A Breach Of Security
SECURITY MANAGEMENT IT Security Policy (ITSP- 1) 1A Policy Statement District management and IT staff will plan, deploy, and monitor IT security mechanisms, policies, procedures, and technologies necessary
More informationBusiness ebanking Fraud Prevention Best Practices
Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special
More informationBrainbench/ITAA Global Cyber Security Survey 2003
Brainbench/ITAA Global Cyber Security Survey 2003 June 2003 For additional information, please contact: Eileen Townsend or Bob Cohen Marketing Manager SVP, Communications Brainbench, Inc Information Technology
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationPREPARED TESTIMONY OF THE NATIONAL CYBER SECURITY ALLIANCE MICHAEL KAISER, EXECUTIVE DIRECTOR ON THE STATE OF CYBERSECURITY AND SMALL BUSINESS
PREPARED TESTIMONY OF THE NATIONAL CYBER SECURITY ALLIANCE MICHAEL KAISER, EXECUTIVE DIRECTOR ON THE STATE OF CYBERSECURITY AND SMALL BUSINESS BEFORE THE COMMITTEE ON HOUSE SMALL BUSINESS SUBCOMMITTEE
More informationNetwork Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationCyber Security: Beginners Guide to Firewalls
Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started
More informationYour security is our priority
Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationIBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure
IBM Global Small and Medium Business Keep Your IT Infrastructure and Assets Secure Contents 2 Executive overview 4 Monitor IT infrastructure to prevent malicious threats 5 Protect IT assets and information
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationThe Road to Integrated Systems Physical and Network Security Merge to Drive Business Processes White Paper
The Road to Integrated Systems Physical and Network Security Merge to Drive Business Processes White Paper www.honeywellintegrated.com Table of Contents Executive Summary...3 The Complexity of System Information...4
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationSecurity Orchestration with IF-MAP
Security Orchestration with IF-MAP Gary Holland, Lumeta/IMRI 2 November 2011 Copyright 2010 Trusted Computing Group Agenda Threat Landscape and Federal Networks Trusted Network Connect Explanation of IF-MAP
More informationNorth American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)
Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More informationThe 2010 21st-Century Campus Report: Campus 2.0. July 19, 2010. 2010 CDW Government LLC
The 2010 21st-Century Campus Report: Campus 2.0 July 19, 2010 2010 CDW Government LLC 1 Study Focus and Objectives Now in its third year, the CDW-G 21st-Century Campus Report examines the role of technology
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationThe 2010 Symantec Break in the Clouds Report. 2010 Symantec Break in the Clouds Report
The 2010 Symantec Break in the Clouds Report 1 Introduction The White House is urging Federal agencies to adopt cloud computing, with a clear focus on streamlining infrastructure management, improving
More informationCyber Threats in Physical Security Understanding and Mitigating the Risk
Cyber Threats in Physical Security Understanding and Mitigating the Risk Synopsis Over the last few years, many industrial control systems, including security solutions, have adopted digital technology.
More informationBusiness Internet Banking / Cash Management Fraud Prevention Best Practices
Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization
More informationOrganizations Continue to Rely on Outdated Technologies, When Advanced Threats a Reality
NETWORK SECURITY SURVEY RESULTS Is Network Access Putting You at Risk? Organizations Continue to Rely on Outdated Technologies, When Advanced Threats a Reality Introductions Given the proliferation of
More informationSecurity survey in the United States
Security survey in the United States This document contains the results of a survey on network security in 455 small and medium sized businesses, conducted in the United States in October/November 2007.
More informationBetter secure IT equipment and systems
Chapter 5 Central Services Data Centre Security 1.0 MAIN POINTS The Ministry of Central Services, through its Information Technology Division (ITD), provides information technology (IT) services to government
More informationLeadership has a relatively indepth understanding of digital
Leadership L1 Shared Vision Leadership has the basic awareness of the potential of digital learning in education to lead to personalized learning for students. Staff and leadership are exploring different
More informationReferences NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household
This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of
More informationHow To Protect A Wireless Lan From A Rogue Access Point
: Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationCyber Security Beginners Guide to Firewalls A Non-Technical Guide
Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationPCI Compliance in Multi-Site Retail Environments
TECHNICAL ASSESSMENT WHITE PAPER PCI Compliance in Multi-Site Retail Environments Executive Summary As an independent auditor, Coalfire seeks to be a trusted advisor to our clients. Our role is to help
More informationIt Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe
It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe Agenda Who Is VendorSafe Technologies? It Won t Happen to Me! PCI DSS Overview The VendorSafe Solution Questions
More informationCloudCheck Compliance Certification Program
CloudCheck Compliance Certification Program Ensure Your Cloud Computing Environment is Secure with CloudCheck Certification Organizations today are increasingly relying on a combination of private and/or
More informationWRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, & TRANSPORTATION HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM TESTIMONY
More informationMobility, Security Concerns, and Avoidance
By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to
More information2011 NATIONAL SMALL BUSINESS STUDY
2011 NATIONAL SMALL BUSINESS STUDY The National Cyber Security Alliance has conducted a new study with Symantec to analyze cyber security practices, behaviors and perceptions of small businesses throughout
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More information1B1 SECURITY RESPONSIBILITY
(ITSP-1) SECURITY MANAGEMENT 1A. Policy Statement District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure,
More informationName: Position held: Company Name: Is your organisation ISO27001 accredited:
Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:
More informationWHITE PAPER 2013 EDUCATION STUDY K-12 SCHOOL COMMUNICATIONS REPORT CARD 2013 NATIONWIDE EDUCATION STUDY
K-12 SCHOOL COMMUNICATIONS REPORT CARD 2013 NATIONWIDE EDUCATION STUDY SURVEY PARTICIPANTS Motorola s 2013 study offers a valuable snapshot of the current state of communications in school districts across
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationSecurityMetrics Vision whitepaper
SecurityMetrics Vision whitepaper 1 SecurityMetrics Vision: Network Threat Sensor for Small Businesses Small Businesses at Risk for Data Theft Small businesses are the primary target for card data theft,
More informationSeamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.
Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?
ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationComprehensive Video Solutions & Services. Industry-leading video solutions for your business
Comprehensive Video Solutions & Services Industry-leading video solutions for your business STANLEY VIDEO SURVEILLANCE & SERVICES Gaining visibility and insight into your business can be a challenge. Whether
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationNetwork/Cyber Security
Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security
More informationThe Encryption Enigma October 9, 2012
The Encryption Enigma October 9, 2012 Underwritten by: Introduction Two years ago, WikiLeaks posted 400,000 pages on the Iraq War that the Pentagon called the largest leak of classified documents in its
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationAssessing the Effectiveness of a Cybersecurity Program
Assessing the Effectiveness of a Cybersecurity Program Lynn D. Shiang Delta Risk LLC, A Chertoff Group Company Objectives Understand control frameworks, assessment structures and scoping of detailed reviews
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationGE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems
GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationi-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors
March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationResearch Results. April 2015. Powered by
Research Results April 2015 Powered by Introduction Where are organizations investing their IT security dollars, and just how confident are they in their ability to protect data form a variety of intrusions?
More informationMARGOLIS HEALY CAMPUS SAFETY SURVEY 2015
CAMPUS SAFETY SURVEY 2015 INTRODUCTION Margolis Healy conducted an anonymous, online survey for five and a half weeks beginning in April 2015 to assess the current state of campus public safety, confirm
More informationReliance Bank Fraud Prevention Best Practices
Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationThe MetLife Survey of
The MetLife Survey of Challenges for School Leadership Challenges for School Leadership A Survey of Teachers and Principals Conducted for: MetLife, Inc. Survey Field Dates: Teachers: October 5 November
More informationHackers are here. Where are you?
1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.
More informationOn-Site Computer Solutions values these technologies as part of an overall security plan:
Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and
More informationWhat s happening in the area of E-security for the Financial Transactions in China
What s happening in the area of E-security for the Financial Transactions in China Dr. Wang Jun Head of E-banking Division, Bank of China Sep. 26, 2002 A Tremendous Potential E-financing Market is is coming
More informationRemote Services. Managing Open Systems with Remote Services
Remote Services Managing Open Systems with Remote Services Reduce costs and mitigate risk with secure remote services As control systems move from proprietary technology to open systems, there is greater
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationGlobal IT Security Risks
Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More information2014 Security Pressures Report. Based on a survey COMMISSIONED by Trustwave
2014 Security Pressures Report Based on a survey COMMISSIONED by Trustwave Table of Contents INTRODUCTION.... 1 METHODOLOGY.... 3 FINDINGS OVERALL PRESSURE.... 5 SECURITY THREATS.... 6 CYBERATTACK AND
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationDepartment of Education. Network Security Controls. Information Technology Audit
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Department of Education Network Security Controls Information Technology Audit May 5, 2010 Report 10-17 FINANCIAL
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More information