Development of Information System for Evaluation of Risk and Readiness of Cyber Security

Size: px
Start display at page:

Download "Development of Information System for Evaluation of Risk and Readiness of Cyber Security"

Transcription

1 Development of Information System for Evaluation of Risk and Readiness of Cyber Security Wiparat Pathakkhinang Siam Technology College, Thailand Assoc. Prof. Dr. Prasong Praneetpolgrang Sripatum University, Thailand Abstract - This research study aims to risk and readiness analysis on cyber security propose risk and readiness model on cyber security and information system development for appraisal on organizational cyber security. The researchers used a case study of Siam Technology College. The data were collected from the sample groups which were lecturers and officers performing their ICT duties. According to the results of this research, the cyber readiness elements comprised of 7 aspects, namely, 1. on cyber security strategy, 2. on rules and regulations in association with the cyber security, 3. on cyber security coordination and maintenance center, 4. on cyber crime prevention, 5. on manpower development of cyber security, 6. on budgets supporting basic and applied researches, and 7. on cooperation with other agencies. The risk appraisal model consisted of 4 aspects, namely, 1. on determining the risk management topics, 2. on risk analysis, 3. on planning for risk reduction, and 4. reporting and appraisal. Additionally, upon appraisal of Siam Technology College based upon the aforementioned models, the readiness on organizational cyber security is in the readiest level; meanwhile, the risk analysis on organizational cyber security is in the low risk level. Keywords - Cyber Security, Risk Management, Readiness I. INTRODUCTION Using technology also provide the risk of information threat and related information system vulnerabilities, which could be used as a channel for the several forms of crimes, including both using internet to commit crimes directly called "computer crime" and using internet as a medium to commit various crimes. Therefore, public authorities and private sectors and citizens should be aware of the severity of the impact and damage that may occur. They should maintain the security to protect, prevent, or deal with the cyber security, which will cause the enterprise system to be compromised or attacked, and cause the security to be threatened. From the priority issues, the risk and readiness analysis and the conceptual model for the creation of indicators should be done in order to evaluate the risks and the availability of the cyber security and develop the information systems of the organizations, to reduce the upcoming cyber threats that are likely to occur with the organization, and to enhance the further overview. II. RISK MANAGEMENT Risk is a measurement of capabilities to operate the purpose of the work successfully under the decision, budget, deadline, and the existed technical limitations. For example, managing a project as a set of activity to operate any issue in the future by using the 70

2 Wiparat Pathakkhinang and Assoc. Prof. Dr. Prasong Praneetpolgrang limited resources successfully under the limited time. Because the project is scheduled for future operations, so the risk may occur at any time due to the uncertainty and limitation of the resources used in the project. Thus, the project managers must manage the project risks in order to reduce the problem within the project and to be able to work successfully according to the expected goals effectively and efficiently. Risk management is the management of risk in several processes, including specifying, risk analysis, risk evaluation, taking care, examination, and the control of the risks associated with the activities, functions and working processes to reduce the organization s damages from the risks as much as possible due to the threat that organizations face during a time known as the accident. A. Security Security, or in other words might mean stability or safety are adopted widely as general word used in everyday life. However, some people often discuss the word security along with the word safety. Security is an important word for the military, as well as for the administration country, and for the international politics. The definition of "security" is really broad, and it can be from the individual security, the group security, the state security, and the international security. However, the basic meaning of security is to feel free from threats, anxiety, or danger. So, security is the mental state of a person, whether the political leaders of the country, or the general citizens who feel safe from any harm from others. Therefore, it can be said that The security of the state means the state (or state leaders and citizens) believed that the state itself safe from the fear of being threatened by any other state or international organization. B. Cyber Security Nowadays, the number of online users has increased due to many factors, such as the rise of portable devices or cheaper service charges, so the cyber security is important in order to prevent the harm from online world that may affect the online users and assets (data). The cyber security means the protecting process to enable the organizations to reduce all forms of risk and damage that may affect the cyber security physically and electronically. Cyber security is a way to maintain confidentiality, accuracy, availability, application security, computer network security used for storage, access, processing, and distributing information, also to maintain internet security and information technology security, as well as prevention of crime from attack, subverting, espionage and accidents. The word cyber security is often used together with the word safety security. Although, there is an overlap of the meaning between cyber security and safety security, but both two have small differences of concepts. Moreover, there is a description explained that the cyber security is conducted within the confines of the traditional data security, which is not only to protect information resources, but also to protect other assets, including the person as well. According to the cyber security, the human factor is often consistent with the role of humans in the cyber security process. This factor has additional dimensions, for example, human is the target of cyber attacks, or is involved in the attacks without knowing it. These additional dimensions have ethical meaning for society, such as protecting weak groups and children, which is also a social responsibility. C. National Cyber Security Policy National Cyber Security Policy Framework is divided into eight strategies, including 1) integrating management of national cyber security; 2) building the capacity to deal with emergency situations related to the cyber security; 3) protecting the important information infrastructure of the country; 4) cooperating between public and private sectors to maintain the cyber security; 5) creating the awareness and knowledge of cyber security; 6) developing the regulations and laws to maintain cyber security; 7) Research and development for cyber security maintenance; and 8) coordinating the international cooperation to strengthen the cyber security. 71

3 Development of Information System for Evaluation of Risk and Readiness of Cyber Security III. METHODOLOGIES A. Population and Sample The population of this research consisted of instructors and personnel in Siam Technology College. The sample of this study consisted of 35 information technology officers in Siam Technology College. B. Research Instruments The research instrument was the questionnaire. 35 copies of questionnaires were distributed to 35 samples. The response rate was %. C. Data Analysis This study was quantitative research. Data were collected from the questionnaire and analyzed by statistics including mean and standard deviation (S.D.). IV. RESEARCH RESULTS A. The Levels of Readiness of Cyber Security From the study, the levels of readiness of cyber security can be explained by separating into 7 aspects as shown in Table I. TABLE I REPRESENTS THE LEVELS OF READINESS OF CYBER SECURITY From Table I, the information can be described in detail by each of the seven aspects to separate the results of each aspect as follows. 1. Cyber Security Strategy: The level of readiness of cyber security strategy is very ready by the mean = 4.19, showing that the organization has defined a policy and strategy of security, and has announced its personnel to be aware of the cyber security strategy, as well as has provided the person who responsible for the issue. 2. Personnel: The level of readiness of personnel security is moderate ready by the mean = 2.91, showing that the staffs of the Institute of Physical Education have agreed that the organization should establish the criteria for personnel selection, employment, work delivery, and property inspection, rights cancellation, trainings, as well as raise the personnel s awareness of the security to the moderate level. 3. The coordination center for cyber security: The level of readiness of the coordination center for cyber security is very ready by the mean = 3.96, showing that the organization has the coordination centers or responds to the emergency notification of cyber threats, has the coordination for the exchange of information and software between agencies, and has the information control for the information that is sent through SMS and others. 4. The cyber crime prevention: The level of readiness of the cyber crime prevention is very ready by the mean = 3.99, showing that the organization has strict policies for information protection, has information systems to prevent the information from unauthorized access or inappropriate usage, has personnel who detect and deal with the threats, and has the notifications for users to be aware of the impacts from threats, as well as restrict the access to information based on the information protection policies. 72

4 Wiparat Pathakkhinang and Assoc. Prof. Dr. Prasong Praneetpolgrang 5. Personnel development for cyber security: The level of readiness of the personnel development for cyber security is very ready by the mean = 4.13, showing that the organization has developed its personnel by off-site training or field study for cyber security, so that the personnel of the organization will understand their own role, duties and responsibilities, as well as raise the awareness, educate, and remind all staff about the cyber security. 6. Budgetary support for basic research and application-oriented research: The level of readiness of the budgetary support for basic research and application-oriented research is very ready by the mean = 3.88, showing that the organization supports the basic research and application-oriented research for cyber security, provides the budget supports for research articles publication, and provides the budget supports for organizing the seminars on cyber security. 7. Collaboration with other agencies: The level of readiness of the collaboration between agencies is very ready by the mean = 4.09, showing that the organization is ready to collaborate with the external institutions for security, and establishes the security centers to exchange information between other agencies, also provides person to coordinate and responsible for the cyber security. B. Risk Evaluation Model of Cyber Security for Siam Technology College The risk evaluation model of cyber security for Siam Technology College can be described in detail in the steps below. Fig 1. The Risk Evaluation Model of Cyber Security for Siam Technology College. 1. Context Establishment for example, job title, tasks, workflow, workplace, tool, personnel, criteria for risk evaluation, criteria for impact, criteria for risk acceptance, etc. 2. Risk analysis is a process used to identify risks, risk analysis and guidelines or control measurement to prevent or minimize the risk in order to achieve the following aims of the organization. Risk analysis includes information as property, networks, software, hardware, information, and the internal and external threats. 3. Risk reducing plan is an operation to manage or deal with risks by planning the risk management step by step to minimize the risks. 4. Report and Evaluation complete the report and evaluation is to prevent the organization from the changes of its defined objectives, to maintain, to review the risks, and to carry out the risk evaluation continuously. The risk evaluation of cyber security has taken steps to make a diagram defining the risk evaluation process clearly. V. CONCLUSIONS In order to study and analyze the risks and readiness of Cyber security for Siam Technology College, the results found that the overall level of readiness of the cyber security for Siam Technology College is very ready. 73

5 Development of Information System for Evaluation of Risk and Readiness of Cyber Security In order to present the risk and readiness evaluation model of cyber security for Siam Technology College, the results of the risk evaluation model of cyber security for Siam Technology College by using the average and the standard deviation found that the overall level of risk of the implementation for Siam Technology College is at the low risk level. VI. SUGGESTIONS [8] ITU-T X.1200-X.1299, Series X: Data Networks. Open System Communications and Security. < D/cyb/cybersecurity/docs/ITU NationalCybersecurityStrategy Guide.pdf>. Accessed 15 June [9] Rossouw von Solms. (2013). From information security to cyber security. Computers& Security. International standards that take into consideration of the research: There are several security standards and risk management standards that can be applied with regard to the consistency with the vision, mission and strategy of the organization. REFERENCES (Arranged in the order of citation in the same fashion as the case of Footnotes.) [1] Ministry of Information and Communication Technology. Information Technology and Communication Policy Framework of Thailand. during B.E to B.E. 2563, 1 st, B.E [2] Ministry of Information and Communication Technology. (2007). ICT-Security National Master Plan. [3] Ministry of Information and Communication Technology. (2007). Cyber Security Policy Framework. [4] Meehingong, T. (2013). Model of Realtime Adaptive Intrusion Detection for Cyber Security Maintenance Based On Knowledge of Cyber Security. [5] Klahan, N. (2012). Application for Information Security Evaluation in Suphanburi Local Government. [6] Thailand Computer Emergency Response Team (ThaiCERT). (2012). Cybersecurity is out Mission. [7] CHEANG, S. (2009). Conceptual Model for Cybersecurity Readiness Assessment for Public Institutions In Developing Country: Cambodia. IEEE Xplore Digital Library. 74

The Future of Organization s Computer Network Security for the Next 5 Years (2011-2015) by Using Delphi Technique

The Future of Organization s Computer Network Security for the Next 5 Years (2011-2015) by Using Delphi Technique 2011 International Conference on Information and Electronics Engineering IPCSIT vol.6 (2011) (2011) IACSIT Press, Singapore The Future of Organization s Computer Network Security for the Next 5 Years (2011-2015)

More information

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number

More information

ISO 27000 Information Security Management Systems Foundation

ISO 27000 Information Security Management Systems Foundation ISO 27000 Information Security Management Systems Foundation Professional Certifications Sample Questions Sample Questions 1. is one of the industry standards/best practices in Service Management and Quality

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

The Analysis and Evaluation of Security Readiness in ICT Infrastructure for Supporting e-learning in Institute of Physical Education

The Analysis and Evaluation of Security Readiness in ICT Infrastructure for Supporting e-learning in Institute of Physical Education The Analysis and Evaluation of Readiness in ICT Infrastructure for Supporting e-learning in Institute of Physical Education Thanakorn Meehinkong 1 Prasong Praneetpolgrang 2 Kittima Mekhabunchakij 3 Faculty

More information

Development of Knowledge Management System for Broadening English Reading Skill on Mobile Phone

Development of Knowledge Management System for Broadening English Reading Skill on Mobile Phone Development of Knowledge Management System for Broadening English Reading Skill on Mobile Phone Pensri Srisawat Institute of Physical Education Suphanburi Campus, Suphanburi, Thailand srisawatt.ps@gmail.com

More information

CYBERSECURITY EXAMINATION SWEEP SUMMARY

CYBERSECURITY EXAMINATION SWEEP SUMMARY This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,

More information

Lessons from Defending Cyberspace

Lessons from Defending Cyberspace Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat

More information

The Danish Cyber and Information Security Strategy

The Danish Cyber and Information Security Strategy February 2015 The Danish Cyber and Information Security Strategy 1. Introduction In December 2014 the Government presented a National Cyber and Information Security Strategy containing 27 government initiatives

More information

US Cyber Marathon. David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury

US Cyber Marathon. David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury US Cyber Marathon David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury Context: US Government Scope/Scale 320M US citizens 4.1M Government

More information

INTRODUCTION TO NETWORK SECURITY. Nischit Vaidya, CISSP Instructor

INTRODUCTION TO NETWORK SECURITY. Nischit Vaidya, CISSP Instructor INTRODUCTION TO NETWORK SECURITY Nischit Vaidya, CISSP Instructor COPYRIGHT ARGOTIS, INC. 2 0 1 3 1 INSTRUCTOR BIOGRAPHY Nischit Vaidya, CISSP, Security+ President/CEO of Argotis, Inc. - Providing Cybersecurity

More information

OCIE CYBERSECURITY INITIATIVE

OCIE CYBERSECURITY INITIATIVE Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.

More information

REPUBLIC OF TURKEY. Ministry of Transport, Maritime Affairs and Communications. National Cyber Security Strategy and 2013-2014 Action Plan

REPUBLIC OF TURKEY. Ministry of Transport, Maritime Affairs and Communications. National Cyber Security Strategy and 2013-2014 Action Plan REPUBLIC OF TURKEY Ministry of Transport, Maritime Affairs and Communications National Cyber Security Strategy and 2013-2014 Action Plan [The page intentionally left blank.] National Cyber Security Strategy

More information

Cyber security in an organization-transcending way

Cyber security in an organization-transcending way Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

PACB One-Day Cybersecurity Workshop

PACB One-Day Cybersecurity Workshop PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

Cyber Stability 2015 Geneva, 09 July 2015. African Union Perspectives on Cybersecurity and Cybercrime Issues.

Cyber Stability 2015 Geneva, 09 July 2015. African Union Perspectives on Cybersecurity and Cybercrime Issues. Cyber Stability 2015 Geneva, 09 July 2015 African Union Perspectives on Cybersecurity and Cybercrime Issues. FACTS AND FIGURES As African countries increase access to broadband Internet, issues relating

More information

Introduction to Cybersecurity Overview. October 2014

Introduction to Cybersecurity Overview. October 2014 Introduction to Cybersecurity Overview October 2014 Introduces the importance of cybersecurity and current trends Eight modules with presentations and panel discussions that feature industry experts Activities,

More information

Combating Cyber Risk in the Supply Chain

Combating Cyber Risk in the Supply Chain SESSION ID: CRWD-W01 Combating Cyber Risk in the Supply Chain Joshua C. Douglas CTO Raytheon Cyber Products @RaytheonCyber Did You Know? 76% of all data breaches result from a third-party which introduced

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

The Ministry of Information & Communication Technology MICT

The Ministry of Information & Communication Technology MICT The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.

More information

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

EFL LEARNERS PERCEPTIONS OF USING LMS

EFL LEARNERS PERCEPTIONS OF USING LMS EFL LEARNERS PERCEPTIONS OF USING LMS Assist. Prof. Napaporn Srichanyachon Language Institute, Bangkok University gaynapaporn@hotmail.com ABSTRACT The purpose of this study is to present the views, attitudes,

More information

Springfield College Performance Planning and Review

Springfield College Performance Planning and Review PERFORMANCE APPRAISAL/ANNUAL REVIEW SPRINGFIELD COLLEGE Employee Name Position Department Supervisor Performance Review Period beginning (month) (year) Job Importance Rating Scale 0 - Not Applicable to

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

Information Ethics in Malaysia Paperless Hospital

Information Ethics in Malaysia Paperless Hospital Proceedings of the Postgraduate Annual Research Seminar 2006 314 Information in Malaysia Paperless Hospital Sapiah Binti Sulaiman, Prof. Dr. Rose Alinda Alias Faculty of Computer Science & Information

More information

Information Systems and Tech (IST)

Information Systems and Tech (IST) California State University, San Bernardino 1 Information Systems and Tech (IST) Courses IST 101. Introduction to Information Technology. 4 Introduction to information technology concepts and skills. Survey

More information

Ekachai Naowanich, Namon Jeerungsuwan. King Mongkut's University of Technology North Bangkok, Thailand. The Asian Conference on Education 2013

Ekachai Naowanich, Namon Jeerungsuwan. King Mongkut's University of Technology North Bangkok, Thailand. The Asian Conference on Education 2013 A Development of Management Model Using Business Intelligence Methodology for Higher Education Students to Enter the Occupation Internationally Ekachai Naowanich, Namon Jeerungsuwan King Mongkut's University

More information

Client Update SEC Releases Updated Cybersecurity Examination Guidelines

Client Update SEC Releases Updated Cybersecurity Examination Guidelines Client Update September 18, 2015 1 Client Update SEC Releases Updated Cybersecurity Examination Guidelines NEW YORK Jeremy Feigelson jfeigelson@debevoise.com Jim Pastore jjpastore@debevoise.com David Sarratt

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Cyber Security Governance in Open Distance Learning

Cyber Security Governance in Open Distance Learning Cyber Security Governance in Open Distance Learning With specific reference to Online Evaluation and Assessment Prof Basie Von Solms Director : Centre for Cyber Security Academy for Computer Science and

More information

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS These Cybersecurity Testing and Certification Service Terms ( Service Terms ) shall govern the provision of cybersecurity testing and certification services

More information

Cyber Security Strategy for Germany

Cyber Security Strategy for Germany Cyber Security Strategy for Germany Contents Introduction 2 IT threat assessment 3 Framework conditions 4 Basic principles of the Cyber Security Strategy 4 Strategic objectives and measures 6 Sustainable

More information

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Legislative Council Panel on Information Technology and Broadcasting. Information Security For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest

More information

立 法 會 Legislative Council

立 法 會 Legislative Council 立 法 會 Legislative Council LC Paper No. CB(4)1212/14-15(04) Ref. : CB4/PL/ITB Panel on Information Technology and Broadcasting Meeting on 17 July 2015 Updated background brief on information security Purpose

More information

Module: Introduction. Professor Trent Jaeger Fall 2010. CSE543 - Introduction to Computer and Network Security

Module: Introduction. Professor Trent Jaeger Fall 2010. CSE543 - Introduction to Computer and Network Security CSE543 - Introduction to Computer and Network Security Module: Introduction Professor Trent Jaeger Fall 2010 1 Some bedtime stories 2 This course We are going to explore why these events are not isolated,

More information

Cyberspace Situational Awarness in National Security System

Cyberspace Situational Awarness in National Security System Cyberspace Situational Awarness in National Security System Rafał Piotrowski, Joanna Sliwa, Military Communication Institute C4I Systems Department Zegrze, Poland, r.piotrowski@wil.waw.pl, j.sliwa@wil.waw.pl

More information

Computer Ethics. (Ethics) Ethics in Computer System (COMPUTER ETHICS AND COMPUTER SECURITY) Computer Ethics and Computer Security

Computer Ethics. (Ethics) Ethics in Computer System (COMPUTER ETHICS AND COMPUTER SECURITY) Computer Ethics and Computer Security 3 (COMPUTER ETHICS AND COMPUTER SECURITY) (Ethics) 4 Computer Ethics 2 Ethics in Computer System 4 Issues in Information Ethics* Consequences of Ethical Issues 5 6 *Richard O. Mason, Four Ethical Issues

More information

FIVE NON-TECHNICAL PILLARS OF NETWORK INFORMATION SECURITY MANAGEMENT

FIVE NON-TECHNICAL PILLARS OF NETWORK INFORMATION SECURITY MANAGEMENT FIVE NON-TECHNICAL PILLARS OF NETWORK INFORMATION SECURITY MANAGEMENT Elmarie Kritzinger 1 and Prof S.H. von Solms 2 1 School of Computing, University of South Africa, SA. 2 Department of Computer Science,

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

Observation and Findings

Observation and Findings Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network

More information

Global IT Security Risks

Global IT Security Risks Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most

More information

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting

More information

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology RUTGERS POLICY Section: 70.2.20 Section Title: Legacy UMDNJ policies associated with Information Technology Policy Name: Information Security: Incident Management Formerly Book: 95-01-09-02:00 Approval

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,

More information

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs 1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com

More information

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD The 2011 2015 Cyber Security Strategy of the Czech Republic is linked to the Security Strategy of the Czech Republic and reflects

More information

Factors Affecting Knowledge Management of State Academic Libraries in Thailand to Prepare for the ASEAN Community

Factors Affecting Knowledge Management of State Academic Libraries in Thailand to Prepare for the ASEAN Community Factors Affecting Knowledge Management of State Academic Libraries in Thailand to Prepare for the ASEAN Community Warapan Apisuphachok Abstract This research aims to investigate factors which affect knowledge

More information

SCAC Annual Conference. Cybersecurity Demystified

SCAC Annual Conference. Cybersecurity Demystified SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber

More information

WORKPLACE VIOLENCE POLICY

WORKPLACE VIOLENCE POLICY 1.0 Policy Statement/Rationale The Northern Ontario School of Medicine (NOSM) is committed to instituting a zero tolerance workplace violence and will make every reasonable effort to ensure that no employee

More information

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security

More information

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems. Panel on Emerging Cyber Security Technologies Robert F. Brammer, Ph.D., VP and CTO Northrop Grumman Information Systems Panel Moderator 27 May 2010 Panel on Emerging Cyber Security Technologies Robert

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

Why Email Encryption is Essential to the Safety of Your Business

Why Email Encryption is Essential to the Safety of Your Business Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations

More information

Qatar Computer Emergency Team

Qatar Computer Emergency Team Cyber Security Division Qatar Computer Emergency Team An initiative Introduction Qatar aims to fully exploit information and communications technology to become one of the most successful knowledge-based

More information

Cybersecurity Awareness for Executives

Cybersecurity Awareness for Executives SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity

More information

1. Do particular business sectors or company types lack sufficient incentives to make cybersecurity investments more than others? If so, why?

1. Do particular business sectors or company types lack sufficient incentives to make cybersecurity investments more than others? If so, why? Name: Dong Liu Email: dongl@andrew.cmu.edu 1. Do particular business sectors or company types lack sufficient incentives to make cybersecurity investments more than others? If so, why? In my opinion manufacturing

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 14 Risk Mitigation Objectives Explain how to control risk List the types of security policies Describe how awareness and training

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

Cyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP

Cyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Cyber Security Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Speakers: Keith Overly, Executive Director, Ohio Deferred Compensation Program Raj Patel, Partner, Plante & Moran, PLLC

More information

Code of Virginia, 1950, as amended, Sections 18.2 372, 18.2 374.1:1, 18.2 390, 22.1 70.2, and 22.1 78

Code of Virginia, 1950, as amended, Sections 18.2 372, 18.2 374.1:1, 18.2 390, 22.1 70.2, and 22.1 78 Book Section Title Number Status SCS Policy Manual I INSTRUCTION Acceptable Use of Electronic Network Resources and Internet Safety IIBEA * R Active Legal 18 U.S.C. Sections 1460 and 2256 47 U.S.C. Section

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report

More information

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012 Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon

More information

ITS425: Ethical Hacking and Penetration Testing

ITS425: Ethical Hacking and Penetration Testing ITS425: Ethical Hacking and Penetration Testing Credit Hours: 3 Contact Hours: This is a 3-credit course, offered in accelerated format. This means that 16 weeks of material is covered in 8 weeks. The

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

ITS425: Ethical Hacking and Penetration Testing

ITS425: Ethical Hacking and Penetration Testing ITS425: Ethical Hacking and Penetration Testing Credit Hours: 3 Contact Hours: This is a 3-credit course, offered in accelerated format. This means that 16 weeks of material is covered in 8 weeks. The

More information

Cybersecurity..Is your PE Firm Ready? October 30, 2014

Cybersecurity..Is your PE Firm Ready? October 30, 2014 Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Advantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches

Advantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches Chinese Business Review, ISSN 1537-1506 December 2011, Vol. 10, No. 12, 1106-1110 D DAVID PUBLISHING Advantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches Stroie Elena

More information

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services 1. Computer Security: An Introduction Definitions Security threats and analysis Types of security controls Security services Mar 2012 ICS413 network security 1 1.1 Definitions A computer security system

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

CSC574 - Computer and Network Security Module: Introduction

CSC574 - Computer and Network Security Module: Introduction CSC574 - Computer and Network Security Module: Introduction Prof. William Enck Spring 2013 1 Some bedtime stories 2 Some bedtime stories 2 Some bedtime stories 2 Some bedtime stories 2 This course We are

More information

The Bureau of Public Service System PERFORMANCE EVALUATION FORM

The Bureau of Public Service System PERFORMANCE EVALUATION FORM The Bureau of Public Service System PERFORMANCE EVALUATION FORM GENERAL INFORMATION In accordance with Public Service System Rules and Regulations Part 9.1 The performance evaluation system is designed

More information

Federal Bureau of Investigation s Integrity and Compliance Program

Federal Bureau of Investigation s Integrity and Compliance Program Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established

More information

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM Chandramohan Muniraman, Meledath Damodaran, Amanda Ryan University of Houston-Victoria Abstract As in any information management system security

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

Aalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014

Aalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014 Aalborg Universitet Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication

More information

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,

More information

Security Defense Strategy Basics

Security Defense Strategy Basics Security Defense Strategy Basics Joseph E. Cannon, PhD Professor of Computer and Information Sciences Harrisburg University of Science and Technology Only two things in the water after dark. Gators and

More information

Global Corporate IT Security Risks: 2013

Global Corporate IT Security Risks: 2013 Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs

More information

Defensible Strategy To. Cyber Incident Response

Defensible Strategy To. Cyber Incident Response Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

Utica College. Information Security Plan

Utica College. Information Security Plan Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles

More information

LogRhythm and NERC CIP Compliance

LogRhythm and NERC CIP Compliance LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate

More information

HP Laptop & Apple ipads

HP Laptop & Apple ipads Shalom College Student 1:1 Laptop & ipad Program HP Laptop & Apple ipads Policy and Guidelines Booklet TABLE OF CONTENTS 1. Educational Opportunities of A 1 to 1 Laptop & ipad Program... 2 2. Overview

More information

Secure by design: taking a strategic approach to cybersecurity

Secure by design: taking a strategic approach to cybersecurity Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk

More information

Result of the Attitude Survey on Information Security

Result of the Attitude Survey on Information Security Presentation Result of the Attitude Survey on Information Security Conducted toward the companies Operating in Thailand February, 2009 Center of the International Cooperation for Computerization of Japan

More information

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,

More information

OLYMPIC COLLEGE POLICY

OLYMPIC COLLEGE POLICY TITLE: Acceptable Use Policy POLICY NUMBER: OCP 200-17 REFERENCE: RCW 42.52.160, RCW 42.52.180, RCW 42.17, WAC 292-110-010, http://isb.wa.gov/policies/security.aspx, http://www.governor.wa.gov/execorders/archive.asp,

More information

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency 1 Challenge for Cyber Security in Financial Sector (1) Necessity to Strengthen

More information

County of San Mateo Health System

County of San Mateo Health System County of San Mateo Health System Request for Information Unified Patient Portal for the Health System Issue Date: Thursday, April 25, 2013 Submit Information Packets to: County of San Mateo San Mateo

More information

SRO-EA s Cyber security Initiatives in Eastern Africa

SRO-EA s Cyber security Initiatives in Eastern Africa UNECA Sub Regional Office For Esatern Africa SRO-EA 2010 EAIGF 11-13 August 2010, Kampala, Uganda SRO-EA s Cyber security Initiatives in Eastern Africa Mr Mactar SECK United Nations ECA SRO- EA Key Categories

More information

The ICS Approach to Security-Focused IT Solutions

The ICS Approach to Security-Focused IT Solutions The ICS Approach to Security-Focused IT Solutions for the State of Mississippi ICS offers a dynamic and comprehensive portfolio of security-driven IT solutions for the State of Mississippi. Taking a proactive

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

CERT.AZ description as per RfC 2350

CERT.AZ description as per RfC 2350 CERT.AZ description as per RfC 2350 Contact Cyber Security Center (CSC) Computer Emergency Response Team (CERT) Address Block 702, Drogal lane Baku, Azerbaijan Telephone: +99412 4932056 +99412 4932057

More information

ISM527 - Cyber Security Management

ISM527 - Cyber Security Management ISM527 - Cyber Security Management Credit Hours: 3 Contact Hours: This is a 3-credit course, offered in accelerated format. This means that 16 weeks of material is covered in 8 weeks. The exact number

More information

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns Benjamin GITTINS Ronald KELSON What is cyberspace and why is it so important? US Government Cyberspace

More information