Information Assurance in Practice: Information Security in Small Businesses
|
|
- Adam Flynn
- 8 years ago
- Views:
Transcription
1 Information Assurance in Practice: Information Security in Small Businesses Julie J. C. H. Ryan, D.Sc. Assistant Professor Engineering Management and Systems Engineering Department School of Engineering and Applied Science The George Washington University 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 1
2 Businesses & InfoSec Business Information Security Experiences, Practices Meta-analysis of 14 large surveys: About half of respondents have security policies About half have experienced security breaches About 12 % have been hacked About half have had problems with insiders Of those with $$ loss, only 37% can quantify amount Viruses, theft, and component failure are big concerns About half have business continuity plans Questions for Research: 1: How do small businesses match up? 2: Does having connectivity make a difference? 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 2
3 Why Small Businesses? A lot easier to research than huge businesses One and only one response from each business Small businesses in the US: Are 99 % of all employers Employ 53 % of all workers from: SBA Office of Advocacy Employ 38 % of private sector high tech workers Account for 51 % of private sector output Most importantly: Small businesses account for 55 % of innovations and register more patents And occasionally they grow up to take over the world AOL, Microsoft 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 3
4 Policies 1 1 Percent Respondents with Policy Mean One Standard Deviation % mean % Small businesses are less likely to have security policies 0 0 WarRoom96 KPMG96 BISS98 PWC98 EY98 ISM99 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 4
5 Security Breaches 1 Percent Respondents Reporting Security Breaches Mean 48 % mean 48.3 % Small businesses are equally likely to have experienced a security breach 0 CSI96 CSI97 E&Y97 CSI98 PWC98 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 5
6 Financial Losses Experienced financial loss? % reported losses for one survey (PWC98) Quantification of losses varies From 31% (CSI99) to 48 % (CSI97) Small businesses much less likely to lose money % But better able to quantify when it happens 73.7 % /29/04 c Julie J.C.H. Ryan All Rights Reserved 6
7 Outsiders Percent Respondents Reporting Unauthorized Access by Outsiders Small businesses are much less likely to have had outsiders break in One Standard Deviation E&Y95 WarRoom96 CSI98 PWC98 EY98 CSI99 ISM99 Ebiz99 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 7 Mean 12.8 % mean 1.9 %
8 Insiders Percent Respondents Reporting Insider Access Abuse Mean 54.5 % mean Small businesses are much less likely to have experienced insider problems 3.3 % WarRoom96 CSI98 PWC98 CSI99 ISM99 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 8
9 Concerns 53% of small businesses think viruses are of extreme of high concern Survey Top Five Security Concerns 36.1 % think that power failure is of extreme or high concern 32.2 % think that data theft is of high or extreme concern E&Y95 Network failure Software error Viruses Hardware failure Stolen data E&Y98 Unauthorized users Authorized user Contract worker Former employee Competitors access violation access violation access violation access violation access violation BISS98 Power failure User error LAN failure Viruses Theft CSI98 Denial of Service System penetration Theft of Financial fraud Sabotage attack from outside proprietary data PWC98 Viruses Loss of information Loss of integrity Denial of Service Software manipulation CSI99 Insider abuse Viruses Laptop theft Denial of service Sabotage attacks Ebiz99 Viruses incidents Spam Power failure Hoaxes, jokes, pranks ISM99 Viruses Employee access Unauthorized Theft or destruction Loss of proprietary data abuse outsider of computer resources 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 9
10 Concerns Extremely High Moderate Low Not Concerned Average Score 3.60 Viruses Data Availability 3.30 Data Integrity 3.23 Transaction Integrity 3.22 Software Problems 3.04 Power Failure 2.98 Data Secrecy 2.71 User Errors 2.69 Data Theft 2.67 Data Sabotage 2.67 Outsider Access Abuse 2.52 Natural Disaster Scale is from 1 to 5, where 1 equates to Not Concerned and 5 equates to Of Extreme Concern 2.49 Fraud 1.90 Insider Access Abuse 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 10
11 Business Continuity Plans Management Tools Counts Percentages Survey BISS98 E&Y98 Business Continuity Plan Yes No Yes No 56 percent had a business continuity plan percent of those said it reduced the impact of a security breach Data Recovery Procedures % 60.3% Information Security Policy % 69.4% Computer Use & Misuse Policy % 75.1% Information Security Procedures % 77.0% Business Continuity Plan % 78.5% 23 percent had incident response teams in place percent had put a business continuity plan in place the previous year Proprietary Data Use & Misuse Policy % 81.8% Communications Use & Misuse Policy % 86.1% Information Sensitivity Levels or Coding % 86.6% Computer Emergency Response Plan % 86.6% Data Destruction Procedures % 87.1% Computer Emergency Response Team % 92.8% Media Destruction Procedures % 93.3% 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 11
12 Technology Use Technology Tools Percentages Yes No Yes No Anti-Virus Software % 12.9% Data Backup System % 24.9% System Access Control % 27.3% Power Surge Protectors % 29.7% Redundant Systems % 54.5% Shredders % 55.5% Data Segregation % 71.3% Firewalls % 74.2% Encryption % 74.6% Intrusion Detection Systems % 77.5% System Activity Monitor % 84.2% Facility Access Control % 85.6% Security Evaluation System % 88.5% Dial Back Modem % 90.0% Media Degaussers % 96.7% Less than 50% use Less than 25% use 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 12
13 Question Does having connectivity make a difference??? In concern for information security? In use of written policies? In information security experiences? Information security breach, financial loss, insider problems, outsiders Use of business continuity plans? In use of technologies? Types of connectivity considered: Internet access Web presence E-commerce participation 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 13
14 Concerns Internet connectivity Related to only one type of concern: viruses Less likely to indicate low or no concern, more likely to indicate moderate concern, and equally likely to indicate high or extreme concern Web presence More likely to be extremely or highly concerned in two areas: Outsider access abuse (41.7% vs. 26.6%) Data Availability (59.4% vs. 42.2%) E-Commerce More likely to be extremely or highly concerned in two areas: Transaction integrity (67.6% vs. 43.4%) Data Availability (67.6% vs. 46.4%) 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 14
15 Written Policies Internet access alone doesn t make a difference Those with web presence more likely to have: Computer Use & Misuse Policy 32% vs. 18.7% Proprietary Data Use & Misuse Policy 24.7% vs. 12.5% Communications Use & Misuse Policy 19.6% vs. 8.9% Those participating in E-commerce more likely to have: Information Security Policy 54.1% vs. 25.6% Computer Use & Misuse Policy 43% vs. 20.9% Proprietary Data Use & Misuse Policy 35% vs. 14.5% Communications Use & Misuse Policy 29.7% vs. 10.5% 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 15
16 Experiences Null hypotheses cannot be rejected in those areas, but: For those with Web presence Viruses (27.8% vs. 14.3%); secret data divulged (4.1% vs. 0%) For those participating in E-commerce Natural disaster (13.5% vs. 1.2%); secret data divulged (8.1% vs. 0.6%) Internet Access Web Presence E-Commerce Past 12 month: chi sq chi sq p Fisher's P chi sq chi sq p Fisher's P chi sq chi sq p Fisher's P Info security incident Natural disaster * Fraud > > >.9999 Insider access abuse > Outsider access abuse > Theft proprietary data > Viruses 2.75E > * >.9999 Secret data divulged > * * Data corruption, lost Reliability problems Theft computers > Employees abuse I'net > Financial loss > /29/04 c Julie J.C.H. Ryan All Rights Reserved 16
17 Business Continuity Plans Null hypotheses of equality could not be rejected Internet access Chi Square p value = % vs % Web presence Chi Square p value = % vs. 17 % E-Commerce Chi Square p value = % vs % 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 17
18 Use of Technology Tools Internet access alone not related to aggregate count Unpaired t-test p value = Web Presence, E-Commerce are related to technology use Unpaired t-test p values = and Internet Access Web Presence E-Commerce chi sq chi sq p Fisher's P chi sq chi sq p Fisher's P chi sq chi sq p Fisher's P Anti-Virus Software * * Data Backup System * System Access Control * * Power Surge Protectors * Redundant Systems * * Shredders Data Segregation * * Firewalls * <.0001 <.0001 * Encryption Intrusion Detection Systems * System Activity Monitor * Facility Access Control * * Security Evaluation System * * Dial Back Modem Media Degaussers > > /29/04 c Julie J.C.H. Ryan All Rights Reserved 18
19 Conclusions Mostly, the data in this research isn t surprising Small businesses don t spend the money or time required to ensure holistic information security Anecdotal evidence tends to indicate that small businesses aren t looking for problems and thus don t find (or see) them There are a few surprises Little relationship between experiences, resource allocation What does occur seems to be a matter of advertising, buzz, and fad rather than a reasoned approach to security More research is needed to understand causal relationships The sociology of information security practice 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 19
20 Contact Information Julie J.C.H. Ryan, D.Sc G. Street NW #110 Washington DC, The George Washington University is an NSA Certified Center of Academic Excellence in Information Assurance Education and meets the Federal Training Standards for Information Systems Security Professionals (NSTISSI 4011). We offer Graduate Certificate, Master s, and Doctoral level education in Information Security Management for professionals from all educational backgrounds. GWU is located in the heart of Washington DC very near the White House and other government offices. 11/29/04 c Julie J.C.H. Ryan All Rights Reserved 20
Research Imperatives
Research Imperatives Areas of Research Needed in Information Security Julie J.C.H. Ryan, D.Sc. Assistant Professor The George Washington University What We Know Technology Fabulous research going on in
More informationCSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY
CSI/FBI 00 COMPUTER CRIME AND SECURITY SURVEY Statement of intent This survey was conducted by the Computer Security Institute (CSI) in association with the San Francisco Computer Crime Squad of the Federal
More informationEstablishing and Maintaining a Cybersecurity Program: The GWU EMSE Experience
Establishing and Maintaining a Cybersecurity Program: The GWU EMSE Experience Julie J.C.H. Ryan, D.Sc. Assistant Professor Engineering Management and System Engineering School of Engineering and Applied
More informationComputer Crime & Security Survey
3 rd Japan & US Computer Crime & Security Survey Katsuya Uchida Associate Professor Institute of Information Security uchidak@gol.com Graduate School of Information Security Intentionally blank Respondents
More informationComputer Crime & Security Survey
4 th Japan & US Computer Crime & Security Survey Katsuya Uchida Professor, Ph. D. Institute of Information Security uchida@iisec.ac.jp Graduate School of Information Security 1 Respondents by Number of
More informationTeaching Information Security to Engineering Managers
Teaching Information Security to Engineering Managers Julie Ryan Assistant Professor The George Washington University Washington, DC http://www.seas.gwu.edu/~infosec/ 1 Why Bother? Lots of CS and EE programs
More informationChapter 7 Information System Security and Control
Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationSecurity Basics: A Whitepaper
Security Basics: A Whitepaper Todd Feinman, David Goldman, Ricky Wong and Neil Cooper PricewaterhouseCoopers LLP Resource Protection Services Introduction This paper will provide the reader with an overview
More informationACE Advantage PRIVACY & NETWORK SECURITY
ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationProgram on Information Resources Policy
INCIDENTAL PAPER Information Security Practices and Experiences in Small Businesses Julie J. C H. Ryan May 2001 Program on Information Resources Policy Center for Information Policy Research Harvard University
More informationWhat s happening in the area of E-security for the Financial Transactions in China
What s happening in the area of E-security for the Financial Transactions in China Dr. Wang Jun Head of E-banking Division, Bank of China Sep. 26, 2002 A Tremendous Potential E-financing Market is is coming
More informationComputers and Society: Security and Privacy
1 Chapter 12 Computers and Society: Security and Privacy 2 Chapter 12 Objectives 3 Computer Security: Risks and Safeguards What is a computer security risk? 4 Computer Security: Risks and Safeguards 1
More information3 day Workshop on Cyber Security & Ethical Hacking
3 day Workshop on Cyber Security & Ethical Hacking 1 st day-highlights-hands On Phishing Attack Hammad Mashkoor Lari Freelancer What is Cyber Security? What is Ethical hacking? What is Computer Science?
More informationWhite Paper: The SaaSy Approach to Delivering Electronic Health Records
This white paper explains how Amazing Charts in Cloud can transform your practice without forcing you to sacrifice productivity or take on the costs of hosting your own EHR. White Paper: The SaaSy Approach
More informationCyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:
Company or Trading Name: Address: Post Code: Telephone: E-mail: Website: Date Business Established Number of Employees Do you have a Chief Privacy Officer (or Chief Information Officer) who is assigned
More informationStable and Secure Network Infrastructure Benchmarks
Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day
More informationCHAPTER 10: COMPUTER SECURITY AND RISKS
CHAPTER 10: COMPUTER SECURITY AND RISKS Multiple Choice: 1. In a survey of more than 500 companies and government agencies, percent detected computer security breaches. A. 20 B. 75 C. 85 D. 99 Answer:
More informationMaking the leap to the cloud: IS my data private and secure?
Making the leap to the cloud: IS my data private and secure? tax & accounting MAKING THE LEAP TO THE CLOUD: IS MY DATA PRIVATE AND SECURE? Cloud computing: What s in it for me? The more you know about
More informationOCR LEVEL 3 CAMBRIDGE TECHNICAL
Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationHow are we keeping Hackers away from our UCD networks and computer systems?
How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12
More informationBest Practices For Department Server and Enterprise System Checklist
Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)
More informationDisaster Recovery Planning Save Your Business
Disaster Recovery Planning Save Your Business Your business at risk! Your company is at risk for failure in the event of disaster Your data is at risk for costly loss Your revenue is at risk with lack
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationEnterprise PrivaProtector 9.0
IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS
More information1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established
Network Security ProPosal Form Important Please answer all questions from each section and complete in block capitals. Tick the appropriate boxes where necessary and supply any further information requested.
More informationCOB 302 Management Information System (Lesson 8)
COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this
More informationWe Believe in Security with a Capital S
Security Consulting by arvato Systems We Believe in Security with a Capital S The number of attacks on IT systems has increased dramatically in recent years, with the style and approach of such attacks
More informationSECURITY CONSIDERATIONS FOR LAW FIRMS
SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,
More informationISO? ISO? ISO? LTD ISO?
Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet
More information9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500
INFO 1500 9. Information Assurance and Security, Protecting Information Resources 11. ecommerce and ebusiness Janeela Maraj Tutorial 9 21/11/2014 9. Information Assurance and Security, Protecting Information
More informationLEADERSHIP STYLES AND INFORMATION SECURITY IN SMALL BUSINESSES: RESULTS OF AN EMPIRICAL INVESTIGATION. Debasis Bhattacharya
LEADERSHIP STYLES AND INFORMATION SECURITY IN SMALL BUSINESSES: RESULTS OF AN EMPIRICAL INVESTIGATION by Debasis Bhattacharya 2008 by DEBASIS BHATTACHARYA ALL RIGHTS RESERVED ii TABLE OF CONTENTS LIST
More information資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系
資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security
More informationE-Business, E-Commerce
E-Business, E-Commerce Lecture Outline 11 Instructor: Kevin Robertson Introduction to Information Systems Explain the differences between extranets and intranets as well as show how organizations utilize
More informationIT Security Management 100 Success Secrets
IT Security Management 100 Success Secrets 100 Most Asked Questions: The Missing IT Security Management Control, Plan, Implementation, Evaluation and Maintenance Guide Lance Batten IT Security Management
More informationThe Information Security Problem
Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify
More informationThe Information Security Process
The Information The Information Emiliano Kargieman Agenda The briefest introduction to IS Cybercrime indicators, threats and trends Defense Strategy: How to react? The technology Intro Information Security
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationmac guide to e-security
e-security booklet 20/12/02 2:11 am Page 1 Contact Us US Office Vicomsoft Inc. 265 E. Merrick Road Suite 209 Valley Stream NY 11580 USA Phone: 888-842-2608 Fax: 530-685-8896 Sales : sales@vicomsoft.com
More information787 Wye Road, Akron, Ohio 44333 P 330-666-6200 F 330-666-7801 www.keystonecorp.com
Introduction Keystone White Paper: Regulations affecting IT This document describes specific sections of current U.S. regulations applicable to IT governance and data protection and maps those requirements
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationIs it Possible to Live Without Having Real Estate?
S max n i 1 a i q maxi n a i i 1 1 - - - - - - - - Information Security Goals Confidentiality Requirements Integrity Requirements Availability Requirements Mission Criticality C0 C1 C2 C3 I0
More informationThe Credit Research Foundation. Disaster Recovery and Business Continuity. Of Your E-mail, Credit & A/R System. An Occasional Paper February 2003
Disaster Recovery and Business Continuity Of Your E-mail, Credit & A/R System Executive Summary The Credit Research Foundation An Occasional Paper February 2003 Since September 11, 2001, 67% of the 229
More informationJeanne Schreurs, Rachel Moreau
110 Assessments 1) Parameters used for determining TIME and SIZE are sufficient for researching information security of objects and computer systems and networks for consumer, not governmental (corporate)
More informationDriveSavers. Premier Provider of Professional Data Recovery
DriveSavers Premier Provider of Professional Data Recovery How valuable is your data? When a data storage device fails and they all do a company quickly loses its cutting edge. Even a temporary loss of
More informationMANAGED SERVICES PROVIDER. Dynamic Solutions. Superior Results.
MANAGED SERVICES PROVIDER Dynamic Solutions. Superior Results. REVOLUTIONIZE YOUR INSTITUTION BY FULLY LEVERAGING THE BENEFITS OF TECHNOLOGY MAXIMIZE YOUR TECHNOLOGY INVESTMENTS ENHANCE SECURITY OF YOUR
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationComputer Security Incident Response Planning. Preparing for the Inevitable
Computer Security Incident Response Planning Preparing for the Inevitable Introduction Computers and computer networks have been part of the corporate landscape for decades. But it s only in the last five
More informationInstructions for Completing the Information Technology Officer s Questionnaire
Instructions for Completing the The (Questionnaire) contains questions covering significant areas of a bank s information technology (IT) function. Your responses to these questions will help determine
More informationCyber Security. From Computer Security to Information Assurance : Evolving Doctrines & Consequences. Peter Sommer
Cyber Security 11 11 July July 2011 2011 From Computer Security to Information Assurance : Evolving Doctrines & Consequences Peter Sommer London London School School of of Economics Economics Why a Global
More informationAUTOMATED PENETRATION TESTING PRODUCTS
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for automated penetration testing software and demonstrate
More informationSimplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls
Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationAUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM
GENERAL: The Technology department is responsible for the managing of electronic devices and software for the District, as well as the Help Desk for resolution of employee-created help tickets. The subgroups
More informationNetwork Support. Technical Certificate. Program Outcomes: FOUNDATION COURSES. 1 of 7
1 of 7 Network Support This technical certificate program prepares the student for employment as PC Technician; Computer Support Specialist, and Network Support Technician systems and computer network
More informationBeen in technology for 22 years Westinghouse Senior Manager at Clifton Gunderson-7th largest CPA and consulting firm in the U. S. Partner / Director
Been in technology for 22 years Westinghouse Senior Manager at Clifton Gunderson-7th largest CPA and consulting firm in the U. S. Partner / Director in Kenneally and Company s technology consulting practice
More informationTop Five Things You Need to Know About Cybersecurity. Larry Mattox, VC3 Session #7
Top Five Things You Need to Know About Cybersecurity Larry Mattox, VC3 Session #7 Cyber breaches are more sophisticated and can happen to any size organization. Victims of Cyber-espionage CNN, Washington
More informationChapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy
Chapter 12 Objectives Chapter 12 Computers and Society: and Privacy p. 12.2 Identify the various types of security risks that can threaten computers Recognize how a computer virus works and take the necessary
More informationTechDefender SM. Tech E&O, Network Security, Privacy, Internet Media, and MPL Insurance Application
IRONSHORE INSURANCE COMPANIES One State Street Plaza New York, NY 10004 Tel: 646-826-6600 Toll Free: 877-IRON411 TechDefender SM Tech E&O, Network Security, Privacy, Internet Media, and MPL Insurance Application
More informationIRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411
IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING
More informationEnterprise Computing Solutions
Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company
More informationID Theft P E R S O N A L A N D O R G A N I Z AT I O N A L P R E V E N T I O N A N D D E T E C T I O N
ID Theft P E R S O N A L A N D O R G A N I Z AT I O N A L P R E V E N T I O N A N D D E T E C T I O N M i c h e l l e C u m m i n g s, C I A, C F E, C D F M According to the National Crime Victimization
More informationWhite Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks
White Paper April 2006 Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks According to a recent Harris Interactive survey, the country s leading business executives consider
More informationGuidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
More informationInformation Technology Security Standards. Effective Date: November 20, 2000 OFM Guidelines for Economic Feasibility Revision Date: January 10, 2008
Information Technology Security Standards Adopted by the Information Services Board (ISB) on November 20, 2000 Policy No: Also see: 400-P2, 402-G1 Supersedes No: 401-S2 Auditor's Audit Standards Effective
More informationLIGC-ACC Presentation November 9, 2015
Bryan Frank, DDIS Info Sec Corp, panelist Jennifer M. Mone, Deputy General Counsel, Hofstra University, panelist Keith J. Frank, Partner, Forchelli, Curto, Deegan, Schwartz, Mineo & Terrana,. LLP, moderator
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:
More informationBusiness Phone Security. Threats to VoIP and What to do about Them
Business Phone Security Threats to VoIP and What to do about Them VoIP and Security: What You Need to Know to Keep Your Business Communications Safe Like other Internet-based applications, VoIP services
More informationWhite Paper. Information Security -- Network Assessment
Network Assessment White Paper Information Security -- Network Assessment Disclaimer This is one of a series of articles detailing information security procedures as followed by the INFOSEC group of Computer
More informationVIRGINIA STATE UNIVERSITY RISK ANALYSIS SURVEY INFORMATION TECHNOLOGY
ASSESSABLE UNIT: ENTER THE NAME OF YOUR ASSESSABLE UNIT HERE BUSINESS PROCESS: ENTER YOUR BUSINESS PROCESS HERE BANNER INDEX CODE: ENTER YOUR BANNER INDEX CODE HERE Risk: If you monitor the activity and
More informationIncident categories. Version 2.0-04.02.2013 (final version) Procedure (PRO 303)
Version 2.0-04.02.2013 (final version) Procedure (PRO 303) Classification: PUBLIC / Department: GOVCERT.LU Table Contents Table Contents... 2 1 Introduction... 3 1.1 Overview... 3 1.2 Purpose... 3 1.3
More informationApril 2011. Cyber risks: Understanding your insurance protection
April 2011 Cyber risks: Understanding your insurance protection The information contained in this paper provides only a general overview of subjects covered. It is not intended to be taken as advice regarding
More informationBSHSI Security Awareness Training
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
More informationINFORMATION SECURITY PROGRAM
Approved 1/30/15 by Dr. MaryLou Apple, President MSCC Policy No. 1:08:00:02 MSCC Gramm-Leach-Bliley INFORMATION SECURITY PROGRAM January, 2015 Version 1 Table of Contents A. Introduction Page 1 B. Security
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationA GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT
A GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT TECHNICAL DOCUMENT SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT 2 OVERVIEW When it comes to deploying Microsoft
More informationesoft Technical White Paper: Who Needs Firewall Protection?
esoft Technical White Paper: Who Needs Firewall Protection? "Without the protection of a firewall, which serves as a buffer between an organization s internal network and myriad external networks including
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationAre you prepared to be next? Invensys Cyber Security
Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More informationIT - General Controls Questionnaire
IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow
More informationOffice of the State Controller. Self-Assessment of Internal Controls. Computer Security Cycle. Objectives and Risks
Office of the State Controller Self-Assessment of Internal Controls Computer Security Cycle Objectives and Risks Agency Year-End Objectives Risks Definition and communication of organizational structure,
More informationCONSIDERATIONS BEFORE MOVING TO THE CLOUD
CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part II By Debbie C. Sasso Principal In part I, we discussed organizational compliance related to information technology and what
More informationThe Ministry of Information & Communication Technology MICT
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationINFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:
INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST MADE
More informationHengtian Information Security White Paper
Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More information