Information Security Risk Management in HEIs: From Processes to Operationalization Wolfgang Hommel, Stefan Metzger, Michael Steinke
|
|
- Derek Hart
- 8 years ago
- Views:
Transcription
1 Information Security Risk Management in HEIs: From Processes to Operationalization Wolfgang Hommel, Stefan Metzger, Michael Steinke EUNIS 2015 Dundee,
2 Leibniz Supercomputing Centre (LRZ) Photo: Ernst A. Graf, 2012 Data center for all Munich HEIs o o o 130,000+ users (~180,000+ systems) Comm. network spawns 550+ buildings 100+ PB file servers/backup/archive National HPC center o Flagship: SuperMUC, 3 PetaFlops o Large Linux cluster (~ 10k cores) o Gauss Computing Centre member 2
3 Doing information risk management together Cooperative approach: Risk management can t be done by one person or HEI s higher-level management alone Template supporting this cooperative approach can be adapted on every HEI s infrastructure (available at: Motivation on discussion and feedback for further improvement of template 3
4 Overview Motivation Risk management in HEIs an analyst s perspective Gap between reading about risk management and doing it Template based risk management Objectives and benefits Design process Selected content Next steps 4
5 SANS Analyst survey (June 2014): Higher education: Open and secure? 55% of organisations lacking formal risk assessment and remediation policies Data at risk: Personal identifiable data (PII) receives special attention 46% of organisations don t encrypt PII on transit Security Teams understaffed and under budget 5
6 Technicians Business processes Decentral organisation, but cooperative HEI s CRM... Faculty RM (Team / IO)... Service administrators... Service administrators 6
7 Decentral information flows, but also cooperative HEI s CRM... Faculty RM (Team / IO)... Service administrators... Service administrators 7
8 Continuous risk management process Define your risk appetite Establish the RM context Higher-level management RM Team Administrators Identify threats Likelihood & Impact Remediation Implemented safeguards 8
9 Where do I start and what do I do in there? Establish the RM context Higher-level management focuses on (business) processes Technicians and system administrators focus on information, hard-/software and operational details Acquire identical data (RM tools on market lack required import functions) Administrators cover identical threats delegate to special groups (e.g. facility management,...) Remediation through mapping of safeguards to threat 9
10 Template based risk management Desired benefits Enables involved stakeholders to contribute to HEI s overall risk management Current overall HEI s or faculty-/service-specific risk levels For technically staff: Is the service s risk level acceptable? nothing to do! If risk level is not acceptable Who has to respond? 10
11 How we created the risk management template Interview LRZ security team Interview LRZ administrators Existing LRZ security concepts Standards/Frameworks (ISO/IEC 27005, BSI IT Base protection, Literature: scientific papers, various web sources Template s content and structure Continual improvement Management approval and commitment LRZ Risk management template 11
12 Template content overview Document s structure: Metadata / introduction Risk acceptance Risk management context Threat identification + Risk assessment Remediation / measures 12
13 Metadata and introduction Metadata Author and version information Storage location Last modification / update until Introduction Objectives (HEI s overall risk level vs. staff s perspective) Cooperative risk management process How to complete 13
14 HEI s risk appetite / acceptance Curve through risk assessment matrix divides risks in acceptable or not Criteria for risk acceptance (financial impact) (legal, contractual liability) How many users are affected? What is an acceptable MTTR? PII processed or not? Position/group of affected user 14
15 HEI s risk management context Systems or / asset s prioritization From: SANS Analyst Survey Higher Education: Open and secure (June 2014) 15
16 Technicians risk management context Bases on HEI s primary assets definition (Technical) secondary assets Hardware Installed software / base services Processed information and its flows (Operational details) 16
17 Threat identification Threat catalogues (ISO/IEC 27005, BSI IT base protection,...) How to find further threat events Structured, scenario based description of threat events Actor (trigger or cause of a threat) Threat type (e.g. malicious intent, failure,...) Event description Asset / asset group affected (Time) 17
18 Risk assessment & remediation Each administrator / faculty RM staff can do it, but have also be done by HEI s RM Structured, also template-based description of measures Start easy, become complex! Try simple (technical) solutions first Share your information/knowledge and solutions with others Generate HEI-wide synergies, esp. for cost-intensive measures 18
19 Next steps Continuously improve LRZ risk management template Discussions in regional and national groups Web-application (released as open-source) Support of importing existing data Central storage Reporting of service-/group- or HEI-wide risk level Statistics and Export functions 19
20 Conclusion Our template-based risk management approach... helps doing (technical) risk management... helps service owners to decide if further action is required... provides an estimation of overall risk-level for HEIs... it is not finalized yet but a good starting point PDF of current version at We welcome any feedback! riskmgmtdoc@lrz.de How to make the template more intuitive to use? Which topics should be covered additionally? Another/better risk management approach? Let s talk about 20
IT security concept documentation in higher education data centers: A template-based approach
IT security concept documentation in higher education data centers: A template-based approach Wolfgang Hommel Leibniz Supercomputing Centre, Munich, Germany EUNIS 2013 June 12th, 2013 Leibniz Supercomputing
More informationIdentity Management to support Hybrid Cloud environments at higher education institutions
Identity Management to support Hybrid Cloud environments at higher education institutions Lessons learnt at the Technische Universität München and the Leibniz Supercomputing Centre EUNIS 2011 Silvia Knittl,
More informationReplace or Integrate? Decision Support for Building a Federated Configuration Management Database
Leibniz Supercomputing Centre of the Bavarian Academy of Sciences and Humanities Replace or Integrate? Decision Support for Building a Federated Configuration Management Database Authors: Michael Brenner,
More informationAccess, Documentation and Service Desk. Anupam Karmakar / Application Support Group / Astro Lab
Access, Documentation and Service Desk Anupam Karmakar / Application Support Group / Astro Lab Time to get answer to these questions Who is allowed to use LRZ hardware? My file system is full. How can
More informationEUNIS 2009: AVAILABILITY AND CONTINUITY MANAGEMENT AT TECHNISCHE UNIVERSITÄT MÜNCHEN AND THE LEIBNIZ SUPERCOMPUTING CENTRE
EUNIS 2009: AVAILABILITY AND CONTINUITY MANAGEMENT AT TECHNISCHE UNIVERSITÄT MÜNCHEN AND THE LEIBNIZ SUPERCOMPUTING CENTRE Wolfgang Hommel 1, Silvia Knittl 2, and Daniel Pluta 3 1 Leibniz Supercomputing
More informationIT Service Management at the Leibniz Supercomputing Centre
IT Service Management at the Leibniz Supercomputing Centre People, Process, Technology Dr. Michael Brenner brenner@lrz.de http://www.mnm-team.org/~brennera/ The Leibniz Supercomputing Centre (LRZ) Who
More informationIT security concept documentation in higher education data centers: A template-based approach
IT security concept documentation in higher education data centers: A template-based approach Wolfgang Hommel 1, Stefan Metzger 2, Helmut Reiser 3, Felix von Eye 4 1-4 Leibniz Supercomputing Centre, 85748
More informationExtreme Scaling on Energy Efficient SuperMUC
Extreme Scaling on Energy Efficient SuperMUC Dieter Kranzlmüller Munich Network Management Team Ludwig- Maximilians- Universität München (LMU) & Leibniz SupercompuFng Centre (LRZ) of the Bavarian Academy
More informationChallenges on Extreme Scale Computers - Complexity, Energy, Reliability
Challenges on Extreme Scale Computers - Complexity, Energy, Reliability Dieter Kranzlmüller Munich Network Management Team Ludwig-Maximilians-Universität München (LMU) & Leibniz SupercompuFng Centre (LRZ)
More informationPROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution
PROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution 1. The Challenge Large enterprises are experiencing an ever increasing burden of regulation and legislation against which they
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More informationInsert Client Name Request for Proposal for Security Risk Assessment Services Consulting
Insert Client Name Request for Proposal for Security Risk Assessment Services Consulting Release Date: Closing Date: SUBMIT THE PROPOSAL TO: Insert Name Insert Title Insert Email or Physical Address Table
More informationIT Service Management System at the Leibniz Supercomputing Centre
IT Service Management System at the Leibniz Supercomputing Centre People, Process, Technology Dr. Michael Brenner brenner@lrz.de Leibniz Supercomputing Centre of the Bavarian Academy of Sciences and Humanities
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationB SVF - Bavaria Long Term Preservation
Klaus Kempf Long Term Preservation: Needs and Activities at the Bavarian State Library (BSB) Agenda BSB s Institutional Profile Munich Digitization Center (MDZ) Current Responsibilities, Milestones, Activities
More informationORACLE ENTERPRISE DATA QUALITY PRODUCT FAMILY
ORACLE ENTERPRISE DATA QUALITY PRODUCT FAMILY The Oracle Enterprise Data Quality family of products helps organizations achieve maximum value from their business critical applications by delivering fit
More informationSUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR
SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our
More informationComparison of computational services at LRZ
Dedicated resources: Housing and virtual Servers Dr. Christoph Biardzki, Group Leader IT Infrastructure and Services 1 Comparison of computational services at LRZ SuperMUC Linux- Cluster Linux-Cluster
More informationHealthcare and IT Working Together. 2013 KY HFMA Spring Institute
Healthcare and IT Working Together 2013 KY HFMA Spring Institute Introduction Michael R Gilliam Over 7 Years Experience in Cyber Security BA Telecommunications Network Security CISSP, GHIC, CCFE, SnortCP,
More informationRisk Management in the Development Process A Progress Report
Risk Management in the Development Process A Progress Report 1 Introduction 2 Smart Meter Gateway - basic facts 3 Real Life Example Introduction Industry 4.0 and IoT gain importance of Embedded Systems
More informationInformation security risk management using ISO/IEC 27005:2008
Information security risk management using ISO/IEC 27005:2008 Hervé Cholez / Sébastien Pineau Centre de Recherche Public Henri Tudor herve.cholez@tudor.lu sebastien.pineau@tudor.lu March, 29 th 2011 1
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationRightsWATCH. Data-centric Security.
RightsWATCH. Data-centric Security. Rui Melo Biscaia, Watchful Software www.watchfulsoftware.com Director of Product Management rui.biscaia@watchfulsoftware.com The Perimeter Paradigm Well Meant Insider
More informationOverview TECHIS60851. Manage information security business resilience activities
Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,
More informationJoint School Computing Service (JSCS)
Joint School Computing Service (JSCS) Requirements and Design Workshops: Scientific Computing School of Biological Science & School of Clinical Medicine Today s Agenda Project background Overview of related
More informationDevelop your Legal Practice using Cloud applications, but
Develop your Legal Practice using Cloud applications, but Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton, Inpractice UK www.inpractice.co.uk Management Solutions
More informationInformation Security and Continuity Management Information Sharing Portal. Category: Risk Management Initiatives
Information Security and Continuity Management Information Sharing Portal Category: Risk Management Initiatives Contact: Chip Moore, CISO State of North Carolina Office of Information Technology Services
More informationTHE BUSINESS CASE FOR HYBRID HTML5 MOBILE APPS
Exploring the business case for building hybrid HTML5 mobile applications for enterprise mobility projects compared to implementing with a purely native development approach. THE BUSINESS CASE FOR HYBRID
More informationInformation Security Risk Management
Information Security Risk Management Based on ISO/IEC 17799 Houman Sadeghi Kaji Spread Spectrum Communication System PhD., Cisco Certified Network Professional Security Specialist BS7799 LA info@houmankaji.net
More informationLong-term preservation activities of the Bavarian State Library
Long-term preservation activities of the Bavarian State Library Latest challenges and developments aêk=qüçã~ë=tçäñjhäçëíéêã~åå=== aáöáí~ä=iáäê~êó=aéé~êíãéåí g~åì~êó OSI=OMNM The Bavarian State Library
More informationHigh Performance Computing OpenStack Options. September 22, 2015
High Performance Computing OpenStack PRESENTATION TITLE GOES HERE Options September 22, 2015 Today s Presenters Glyn Bowden, SNIA Cloud Storage Initiative Board HP Helion Professional Services Alex McDonald,
More informationNIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions
More informationExtreme Scale Compu0ng at LRZ
Extreme Scale Compu0ng at LRZ Dieter Kranzlmüller Munich Network Management Team Ludwig- Maximilians- Universität München (LMU) & Leibniz SupercompuFng Centre (LRZ) of the Bavarian Academy of Sciences
More informationARMA Vancouver Island and Government Records Services EDRMS in Theory and Practice October 8, 2016
ARMA Vancouver Island and Government Records Services EDRMS in Theory and Practice October 8, 2016 Law Society of British Columbia. See >Terms of use Our Safari into EDRMS Presented by Bernice Chong, Manager
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationPetascale Software Challenges. Piyush Chaudhary piyushc@us.ibm.com High Performance Computing
Petascale Software Challenges Piyush Chaudhary piyushc@us.ibm.com High Performance Computing Fundamental Observations Applications are struggling to realize growth in sustained performance at scale Reasons
More informationRisk Management Strategy, Policy and Procedure
Risk Management Strategy, Policy and Procedure DNV Quality and Risk Forum Autumn 2013 Strategy Strategy a plan of action designed to achieve a long-term or overall aim Looks to address and confirm the
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationBringing agility to Business Intelligence Metadata as key to Agile Data Warehousing. 1 P a g e. www.analytixds.com
Bringing agility to Business Intelligence Metadata as key to Agile Data Warehousing 1 P a g e Table of Contents What is the key to agility in Data Warehousing?... 3 The need to address requirements completely....
More informationInformation Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project
Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Introduction This Advice provides an overview of the steps agencies need to take
More informationOverview of Future Purchasing s fundamental and advanced training workshops...
Performance Learning Presented by: Anna Del Mar - Director, Performance Learning Future Purchasing Overview of Future Purchasing s fundamental and advanced training workshops... Tailored excellence.. Our
More informationManage Compliance with External Requirements
Manage Compliance with External Requirements Description IT is subject to requirements that are highly complex and constantly changing. The school jurisdiction s senior leadership is ultimately accountable
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationOffice of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)
Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) PSCR Public Safety Broadband Stakeholder Conference June 4 th, 2014 Alex Kreilein Technology Policy Strategist Office
More informationInformation security policy
Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current
More informationADVERT POSITION: SPECIALIST: CONTRACTS MANAGEMENT JOB LEVEL: 6 DURATION 3 YEAR CONTRACT LOCATION: NATIONAL OFFICE PORTFOLIO: DSU
ADVERT POSITION: SPECIALIST: CONTRACTS MANAGEMENT JOB LEVEL: 6 DURATION 3 YEAR CONTRACT LOCATION: NATIONAL OFFICE PORTFOLIO: DSU PURPOSE: To lead and facilitate effective organisation-wide contracts development,
More informationUsing Mindjet Software and Templates for Strategic Consulting
Getting Started Guide Using Mindjet Software and Templates for Strategic Consulting Mindjet Getting Started Guide Using Mindjet Software and Templates for Strategic Consulting 2 One of the challenges we
More informationServer Virtualization with Windows Server Hyper-V and System Center
Server Virtualization with Windows Server Hyper-V and System Center About this Course This five day course will provide you with the knowledge and skills required to design and implement Microsoft Server
More informationNIST National Institute of Standards and Technology
NIST National Institute of Standards and Technology Lets look at SP800-30 Risk Management Guide for Information Technology Systems (September 2012) What follows are the NIST SP800-30 slides, which are
More informationScala Storage Scale-Out Clustered Storage White Paper
White Paper Scala Storage Scale-Out Clustered Storage White Paper Chapter 1 Introduction... 3 Capacity - Explosive Growth of Unstructured Data... 3 Performance - Cluster Computing... 3 Chapter 2 Current
More informationINFORMATION SECURITY STRATEGIC PLAN
INFORMATION SECURITY STRATEGIC PLAN UNIVERSITY OF CONNECTICUT INFORMATION SECURITY OFFICE 4/20/10 University of Connecticut / Jason Pufahl, CISSP, CISM 1 1 MISSION STATEMENT The mission of the Information
More informationManaging Network-related Risk for SMEs
Managing Network-related Risk for SMEs SANS Information Security Webcast 20 Mar 2012 Geneva, Switzerland version 1b Jim Herbeck Managing Partner, Nouvel Strategies JHerbeck@NouvelStrategies.com Member
More informationA Practical Guide for Creating an Information Management Strategy and Strategic Information Management Roadmap
A Practical Guide for Creating an Information Management Strategy and Strategic Information Management Roadmap Principal Author Sam McCollum, CRM, MBA Director of End User Consulting Parity Research LLC
More informationNetwork and Device Level Mobile Security Controls IT Considera-ons in the BYOD Era
Network and Device Level Mobile Security Controls IT Considera-ons in the BYOD Era Sco$ Gordon CISSP- ISSMP Vice President, ForeScout June 14, 2012 2012 ForeScout, Page 1 Bring Your Own Device BYOD Many
More informationCourse Outline. Foundation of Business Analysis Course BA30: 4 days Instructor Led
Foundation of Business Analysis Course BA30: 4 days Instructor Led Prerequisites: No prerequisites - This course is suitable for both beginner and intermediate Business Analysts who would like to increase
More informationAchieving Business Imperatives through IT Governance and Risk
IBM Global Technology Services Achieving Business Imperatives through IT Governance and Risk Peter Stremus Internet Security Systems, an IBM Company Introduction : Compliance Value Over the past 15 years
More informationITIL and Business Continuity (Service Perspective)
(Service Perspective) Hepix 2012 Conference Prague, 23-27 April 2012 Patricia Méndez Lorenzo, Mats Moller On behalf of the (IT&GS) Service Management team Outlook ITIL Principles Risk Management in ITIL
More informationPRESENTATION. Top 5 Security Trends for 2015 Presented: March 17, 2015 By: MacKenzie Mizenko and Anthony Catalano
PRESENTATION Top 5 Security Trends for 2015 Presented: March 17, 2015 By: MacKenzie Mizenko and Anthony Catalano MEET THE SPEAKERS MacKenzie Mizenko Consultant Specialized in Security Awareness and Training
More informationEnterprise Application Monitoring with
Enterprise Application Monitoring with 11/10/2007 Presented by James Peel james.peel@altinity.com / www.altinity.com 1 Who am I? James Peel - james.peel@altinity.com Job: Managing Director of Altinity
More informationEnterprise Risk Management Policy
Enterprise Risk Management Policy A Framework for Managing Opportunity and Risk Date: 27 November 2015 Version: 13.0 Classification: Unclassified Authors: Julie Holland - Risk Management Facilitator Quality
More informationService management: what standards can do for business the example of FitSM. 2015 Cloud Security Alliance - All Rights Reserved.
Service management: what standards can do for business the example of FitSM Owen Appleton Managing Director, Emergence Tech Limited Dr. Thomas Schaaf FedSM Project Director, Ludwig-Maximilians-Universität
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationHow to Use the NYeC Privacy and Security Toolkit V 1.1
How to Use the NYeC Privacy and Security Toolkit V 1.1 Scope of the Privacy and Security Toolkit The tools included in the Privacy and Security Toolkit serve as guidance for educating stakeholders about
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationData Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationCompliance Services CONSULTING. Gap Analysis. Internal Audit
Compliance Services Gap Analysis The gap analysis is a fast track assessment to establish understanding on an organization s current capabilities. The purpose of this step is to evaluate the current capabilities
More informationDomain 5 Information Security Governance and Risk Management
Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association
More informationServer Virtualization with Windows Server Hyper-V and System Center
Course 20409 Server Virtualization with Windows Server Hyper-V and System Center Length: Language(s): Audience(s): 5 Days English IT Professionals Level: 300 Technology: Windows Server 2012 Type: Delivery
More informationICA60211 Advanced Diploma of Network Security
ICA60211 Advanced Diploma of Network Security Release 2 ICA60211 Advanced Diploma of Network Security Modification History Release Release 2 Release 1 Comments This version first released with ICA11 Information
More informationIT Services Risk Management Strategy
Prepared by: DOCUMENT CONTROL Change Control Table Version Amendment Description Release Date 1.00 Initial Draft Reviewed by DIB 16.01.14 Updated by 1.00 Approved by IT Lead
More informationInformation Security Policy. Chapter 11. Business Continuity
Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton
More informationWhitepaper. Advanced Threat Hunting with Carbon Black
Advanced Threat Hunting with Carbon Black TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage Comprehensive Threat
More informationBusiness Continuity Planning
Business Continuity Planning Erinn Skiba Emergency Management Specialist Hillsborough County Fire Rescue Office of Emergency Management June 26 th, 2013 Welcome History of BCP with Hillsborough County
More informationRisk Management Strategy and Guidelines
Swale Borough Council Risk Management Strategy and Guidelines Status: Final Originating Date: January 2008 Date Ratified: February 2008 (Audit Committee) Next Review Date: January 2009 Accountable Member:
More informationAdaptive defense measures against the security hazards induced by systems virtualisation
Adaptive defense measures against the security hazards induced by systems virtualisation Vitalian A. Danciu 1, Nils gentschen Felde 1, Wolfgang Hommel 1, Tobias Lindinger 1 Munich Network Management Team,
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationNeed to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI
Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification is a unique new certification which
More informationSD0-302 Service Desk Manager Qualification
SD0-302 Service Desk Manager Qualification Version 4.5 Topic 1, Volume A QUESTION NO: 1 What is the key outcome of keeping commitments to users, team members and organizations? A. It boosts credibility,
More informationConsultation on financial management guidelines for defined benefit schemes
Consultation on financial management guidelines for defined benefit schemes Introduction Trustees of defined benefit (DB) schemes are faced with complicated financial responsibilities, and this requires
More informationExisting Technologies and Data Governance
Existing Technologies and Data Governance Adriaan Veldhuisen Product Manager Privacy & Security Teradata, a Division of NCR 10 June, 2004 San Francisco, CA 6/10/04 1 My Assumptions for Data Governance
More informationRISK MANAGEMENT STRATEGY
RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate
More informationCLOUD FAX SOLUTIONS BUYER S GUIDE
CLOUD FAX SOLUTIONS BUYER S GUIDE TABLE OF CONTENTS INTRODUCTION 1 2 3 4 Define Your Needs Business Goals Requirements Compare Solutions Select Top Solutions Talk to References Do Demos/Trials Make Your
More informationPERARES PROJECT EVALUATIONS
PERARES PROJECT EVALUATIONS The checklist and survey forms in the following pages are proposed for use in 2012 2014 by Perares partners in evaluation of projects they undertake within Perares or independently
More informationHuman Resource Strategy for Researchers action plan
Human Resource Strategy for Researchers action plan Starting point In 2009 the University of Applied Sciences Northwestern Switzerland (FHNW) became a signatory 1 to the European Charter for Researchers
More informationIncreasing Data Center Energy Efficiency via Simulation and Optimization of Cooling Circuits - A Practical Approach
Increasing Data Center Energy Efficiency via Simulation and Optimization of Cooling Circuits - A Practical Approach Torsten Wilde (LRZ), Tanja Clees, Hayk Shoukourian, Nils Hornung, Michael Schnell, Inna
More informationRisk Management and Safe Innovation For Nanotechnologies
Risk Management Strategy for nanotechnologies: How research results could be used by decision-makers? HORIZON 2020 EUROPEAN UNION FUNDING FOR RESEARCH & INNOVATION Table of Content Introduction Risk management
More informationNeed to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI
Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification differentiates you from your competition.
More informationAlways Worry About Cyber Security. Always. Track 4 Session 8
Always Worry About Cyber Security. Always. Track 4 Session 8 Mark Stevens SVP, Global Services and Support Digital Guardian MStevens@DigitalGuardian.com 781-902-7818 www.digitalguardian.com 2 Abstract
More informationQuick Guide: Meeting ISO 55001 Requirements for Asset Management
Supplement to the IIMM 2011 Quick Guide: Meeting ISO 55001 Requirements for Asset Management Using the International Infrastructure Management Manual (IIMM) ISO 55001: What is required IIMM: How to get
More informationApril 26-27, 2014 Vienna, Austria. Executive Summary
BELMONT FORUM COLLABORATIVE RESEARCH ACTION ON E-INFRASTRUCTURE AND DATA MANAGEMENT PHASE 1: DEVELOPING A COMMUNITY STRATEGY AND IMPLEMENTATION PLAN SECOND STEERING COMMITTEE MEETING April 26-27, 2014
More informationData Security on Every Network Layer. Internet Security Days 2015, Phantasialand Brühl ADVA Optical Networking SE
Data Security on Every Network Layer Internet Security Days 2015, Phantasialand Brühl ADVA Optical Networking SE Agenda Impact of Cyber Crime and Data Theft Financial Service Sector Production Industry
More informationIBM QRadar Security Intelligence Platform appliances
IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event
More informationComprehensive Risk Assessment and Developing the Audit Plan
Comprehensive Risk Assessment and Developing the Audit Plan Laure Boyd, CIA, CGAP Internal Audit Manager Leon County Clerk of the Circuit Court and Comptroller Our Time Today Background Risk Assessment
More information: SDI SD0-302 : SDI - SERVICE DESK MANAGER QUALIFICATION. Version : R6.1
Exam : SDI SD0-302 Title : SDI - SERVICE DESK MANAGER QUALIFICATION Version : R6.1 Prepking - King of Computer Certification Important Information, Please Read Carefully Other Prepking products A) Offline
More informationDOCUMENT CONTROL SHEET
[SAR Template Academic Unit] [Document Title Line 2] DOCUMENT CONTROL SHEET Name of Unit Project Title Document Title Document No. This Document Comprises DCS TOC Text List of Tables List of Figures No.
More informationThe Security Plan for the joint EURATOM/IAEA remote monitoring network
The Security Plan for the joint EURATOM/IAEA remote monitoring network Johan Stronkhorst Vienna, 23/10/2014 The roots. The EURATOM Treaty (1957) Chapter VII Safeguards executive tasks are given to the
More informationquality of service Screenshots
versasrs HelpDesk quality of service Screenshots versasrs HelpDesk Main Screen Ensures that your internal user issues remain visible until resolved. Prevents problems from falling through the cracks. Send
More informationData Breaches and Trade Secrets: What to Do When Your Client Gets Hacked
Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked R. Mark Halligan, FisherBroyles, LLP Andreas Kaltsounis, Stroz Friedberg Amy L. Carlson, Stoel Rives LLP Moderated by David A. Bateman,
More information