1 SECURITY ENHANCEMENT IN PUBLIC ICT SERVICES IN WALES Nick Robinson 1 and Stuart Cunningham 2 1 Wrexham County Borough, Wrexham, North Wales, UK 2 Centre for Applied Internet Research (CAIR), University of Wales, NEWI, Plas Coch Campus, Wrexham, North Wales, UK ABSTRACT This paper investigates and establishes current and planned best practice for implementing ICT security within public libraries Wales. These investigations lead to the identification of security policies and practices across and range of public ICT services. We show that there is a range of practices currently employed across various local authorities within Wales. Given that each of these local authorities is part of a larger, national network infrastructure, we recommend that a large-scale security policy be considered to ensure uniformity and compliance across all of the local authorities. The findings of our investigation act as foundations for forming a cohesive policy and indicate areas of current common practice which may lead forward future developments. The investigation highlights opportunities for Welsh local authorities to enhance the ICT security service, particularly in the areas of: plans for dealing with security issues, standardisation of security products and policies, adequate security training for ICT support staff and measures for reporting security incidents. KEYWORDS ICT, Security, Policies 1. INTRODUCTION In 2002 each local authority in Wales had the opportunity to receive grant money from the Welsh Assembly to provide computer network links to all their public libraries. The computer network links were to feed back to a location where the local authority had a connection to the Internet. The grant money also included for the provision of computers, software, other peripheral devices, furniture, and crucially, the cost of security measures. At around the same time grant money became available to provide a network for public libraries, money was also made available to provide similar services to secondary and primary schools throughout Wales. The schools network would be in two parts. Part one concentrated on providing a network between schools within the boundaries of each local authority. Part two concentrated on linking all local authorities together, onto what is known today as the Lifelong Learning Network Wales (LLNW). The LLNW would then connect to SuperJanet, the higher and further education network and eventually global Internet. Figure 1 shows a diagram of the Welsh LLNW backbone .
2 Figure 1. Welsh Local Authority Lifelong Learning Network Wales (LLNW) For Internet services, all school connections were to find their way back to the core of the local authority s network, then go out to the Internet via the LLNW connection: an identical requirement to the public libraries. A big advantage of connecting all sites back to the network core is that enterprise-wide systems can be implemented at the core and delivered to any connected site, making it financially feasible to put in place effective and efficient computer security systems. Once the computer network was in place, local authorities began providing members of the public with free Internet access, provided they were members of one of the libraries and agreed to the library Information and Communication Technology (ICT) Acceptable Use Policy (AUP). Over three years have passed since the framework was implemented. During that time thousands of people have used ICT facilities within public libraries. As the IT industry continually identifies security holes, newly identified vulnerabilities, exploitable security weaknesses and threats from the Internet, it is beneficial for local authority ICT staff to continue to enforce strong security policies and protection . Each local authority is responsible for conducting their security implementation at public libraries. Local authority ICT departments are able to involve organisations who deliver consultation and implementation of computer services whilst considering the security of the ICT system. These two factors have lead to various configurations in delivering ICT services for libraries across Wales. There are no global guidelines issued to local authorities as to what security measures should be introduced as part of their ICT services with public libraries. Without guidelines or best practice, some local authorities may be providing ICT services within public libraries which are less secure than other local authorities. This shows clear disparity, which is unusual in an otherwise centrally controlled infrastructure. This paper investigates to what extent there is inequality in security practices between local authorities and as a result of this research identifies and proposes policies and standards to be considered for adoption across Welsh local authorities.
4 2.3. Current ICT Practices in Libraries Information detailing ICT security designed for use in public libraries is not readily available. There are numerous books and journals which discuss ICT service provision within libraries, what should be available and what basic security protection should be implemented but there is generally nothing technically solid by which an ICT practitioner could follow to ensure that the ICT security within public libraries is either sufficient or effectively adequate. To this end, we investigate the current state of ICT security practices within local authorities which provide public library ICT facilities within Wales. To examine the current practices, a qualitative investigation was undertaken involving 50% of the Welsh local authorities. The broad contexts outlined for analysis roughly fell into the areas of desktop/local security, enterprise-wide security, physical security, network infrastructure security, identifying and reducing threats, and staff training Overview Table 1 presents background information for each of the local authorities, gained as part of the investigation (Some figures were not disclosed by local authorities, this is denoted by N/D ). Table 1. Local Authority Library Demographics Local Authority # Libraries # Users # Computers Cardiff Carmarthenshire 35 N/D 300 Conwy 13 N/D 120 Denbighshire 8 N/D 114 Glamorgan 9 N/D N/D Gwynedd 17 N/D N/D Monmouthshire Pembrokeshire Rhondda-Cynon-Taf Swansea Wrexham 12 N/D 150 Average (non-zero) Desktop/Local Security To assess to what extent the local desktop machines were secure, we look first at the primary user security first-line measures which are in place. This incorporates investigation into the types of devices and removable media which users are permitted to use as well as the security measures employed in securing user access and protection from viruses and other threats. The allowance of removable media is often a primary cause of the infection and spread of viruses and other software-borne problems, as well as a simple mechanism which can allow data to be copied and removed from a system. The services permitted by each authority are shown in Table 2.
5 Local Authority USB Table 2. Removable Media CD/DVD Read CD Write DVD Write FDD Tape Drive Zip Drive Ext. HDD Cardiff Carmarthenshire Conwy Denbighshire Glamorgan Gwynedd Monmouthshire Pembrokeshire Rhondda-Cynon- Taf Swansea Wrexham N/D N/D As Table 2 shows, CDs and DVDs are the most used/permitted type of portable medium, with USB devices closely following behind. Tape and Zip drives are the least used/permitted. This may be due to the technology being dated and limited in functionality/storage capacity. DVD read/write devices are also restricted in their use, which may also be an indication of their comparatively higher cost. Table 3 shows security measures used on public access computers. It is worth noting that enterprise-wide solutions may be preferred, these are presented in section Table 3. Desktop Security Measures Local Authority Firewall Anti-Virus Anti-Virus Updates Anti- Spyware Browser Security Cardiff Windows Norton Immediate None None Carmarthenshire Windows e-trust Twice Daily None None Conwy None Sophos Daily None None Denbighshire None Trend As needed Trend None Glamorgan None McAfee Immediate McAfee None Gwynedd Windows e-trust Immediate None None Monmouthshire None Trend Daily None None Pembrokeshire RM McAfee McAfee Weekly None Safety Net Rhondda-Cynon- Taf None McAfee Monthly None None Swansea None e-trust Daily None None Wrexham None e-trust Daily None None
6 The data in Table 3 shows clear disparity between the software and security features employed by the surveyed council library facilities. In particular, the spectrum of polices applied in critical areas, such as the frequency of anti-virus update, use of firewalls, and lack in uptake of anti-spyware software indicate that there may be a need for a common policy and procedure in these areas. Figure 2 shows an overview of additional desktop security measures in place at Welsh Local Authority libraries. The graph indicates whether or not access to the named services or configurations is actively prevented YES NO Installing Software Removing Software Modifying Setup BIOS Access Bootable Media Figure 2. Prevention of Access to Services/Configuration Enterprise-Wide Security Given the nature and size of the network infrastructure which exists within each of the local authorities, there are also large-scale network security measures in place and deployed across the localised area. In this sub-section, we look briefly at these enterprise-wide security measures put in place across each of the local authorities to provide a bigger picture of the security measures which impact upon users across all of the sub-networks within the local authority. Table 4 shows the enterprise-wide security measures introduced to safeguard ICT services at public libraries. Local Authority Firewall Table 4. Enterprise-wide Security Adoption Anti- Virus Anti- Virus Update Anti- Spyware Browser Security IDS System Cardiff (Ca) Checkpoint Symantec Immediate Symantec Smartfilter None Carmarthenshire Cyber Twice Web Antigen None (Cm) guard Daily Marshall None Conwy (Cn) Nokia Trend Daily None Websense None Denbighshire (Dn) Nokia Trend Immediate None Websense None Glamorgan Cisco Pix McAfee Immediate McAfee None None
7 (Gm) Gwynedd (Gw) Monmouthshire (Mm) Pembrokeshire (Pb) Rhondda- Cynon-Taf (Rc) Swansea (Sw) Wrexham (Wx) Symantec etrust Immediate None Surf Control Symantec + Cisco MS ISA Trend Daily None MS ISA None Checkpoint McAfee Weekly None Checkpoint McAfee Immediate McAfee RM Safety Net Surf Control None Cisco Checkpoint etrust Daily None Websense None Checkpoint etrust Daily None Websense Checkpoint Figure 3 shows an overview, across all of the local authorities, of the network security measures in place to prevent and identify internal and external threats to the network infrastructure YES NO 2 0 Library & Business Network Physically Separate VPN Services Firewall between Library & Business Network Disabled Unused Ports Wi-Fi Access Figure 3. Network Infrastructure Security Figure 4 shows an overview, across all of the local authorities, of the use of policies and procedures within local authority libraries to prevent, report, and obtain information regarding the misuse of security breaches in systems.
8 YES NO 2 0 Accesptable Use Policy available to Users Staff Policy for dealing with/reporting misuse ICT Policy for dealing with/reporting misuse Procedures for detection of misuse Figure 4. Reporting/Evidencing ICT Misuse ISO Compliance Finally, Figure 5 details the training undertaken by staff in each of the local authorities analysed. This includes staff from libraries within the local authority as well as staff from the local authority ICT department. By investigating this area we measure the depth and breadth of training which is provided to staff that have responsibility for computer security. Figure 5 details whether or not staff have received training in the named subject areas YES NO Security Policies/Procedures Refresher Training ICT Security Features Dealing with/reporting Misuse CISMP/CCNA Training Figure 5. Local Authority Staff Training The information gained in this section establishes that although there is disparity in practice and procedures across local authorities, there are also common approaches and tools used in the majority of cases. This leads us forwards in attempting to establish the basis and framework when attempting to define a recommended best practice to be considered by local authorities within Wales.
9 3. RECOMMENDED BEST PRACTICE There are currently 289 RFC documents on security, but very few with any direct relevance to ICT security within libraries. One RFC, 1244, titled Site Security Handbook written in 1991, provides a good framework for recommending best practice for ICT security in general, parts of which can be adopted for ICT security within libraries. The RFC, though covers a broad area of ICT security, does not cover all security aspects which require consideration. The following attempts to highlight the areas of ICT security best practice specifically within libraries, but could be used for other environments whereby ICT is used. Identified areas of best practice are a combination of information obtained from the results of this study, established security literature, and current RFC documents. Identified areas of best practice are obtained from a combination of information retrieved during research into best practice, which was conducted over numerous months from up-to-date security books, journals and websites, feedback from Welsh local authorities via the use of questionnaires, which were composed using the information derived from research, information obtained from existing RFC documents and considerations identified during security testing of libraries at a Welsh local authority. Consideration is also given in developing these recommendations, to the iterative approach to security policy and procedures given by Fites, et al. . The points presented provide a top-level overview of these guidelines Local/Desktop ICT Security Measures Desktop security measures which should be used for public library ICT computers include: Access to services via uniquely identifiable password protected login account linked to the library member via membership number. A desktop firewall and anti-virus. Automatic updating of operating system and applications, and patches. Prevention of the installation of unlicensed software. Prevention of the removal or disabling of desktop and security software. Prevention of access to the operating system controls, including command prompt. Restrictions in the use of some removal media. Encrypted and protected data file save areas. Enforce policies through Microsoft group and mandatory policies, lock-down software and BIOS passwords. Any of the above desktop measures may be replaced by an enterprise-wide solution which can deliver the same level of protection from a centrally managed solution. Implementation of measures at both the desktop and the enterprise would give a tiered level of security providing extra security, especially during times of failure of one of the systems. However, in some isolated cases it may not always be practical to implement enterprise-wide measures, especially if we consider the use of these guidelines beyond the cited example of Welsh local authorities Enterprise-wide ICT Security Measures Enterprise Firewall. Common practice within Welsh local authorities. Enterprise URL filtering system. Common practice within Welsh local authorities. Enterprise anti-spyware and anti-virus systems. Server and desktop patch / updates management system. Regular security backups of key systems. Desktop policy management systems including remote control. Default system user accounts, passwords and SNMP community strings should be changed, disabled or removed.
10 Monitoring, logging and management tools. Implement resilient enterprise-wide systems which use standby components or systems to ensure continual service such as clustered server farms and storage area networks. ICT security alerting services to provide early warnings of threats. Specialist IT security and policy/procedure training &updates for ICT support staff. The best practice guidelines proposed should be used as a target by which ICT staff should aim towards. However, it is accepted that there will be instances when best practice targets can not be reached, either due to technological or monetary restrictions, the business risk is less than the effort, the restrictions imposed by adoption of a security measure or the practice is not applicable to circumstances. 4. CONCLUSIONS There is a vast quantity of information available on topics of ICT security from a broad perspective. The challenge faced when implementing ICT security within public libraries is the ability to identify what security measures would be needed to successfully protect the libraries network and its users. As there has been no best practice guidelines identified specifically for public library ICT services, investigations were directed towards organisations which provided ICT security solutions, best practice and policies which addressed issues for organisations. The research conducted within this work could be used towards adopting a strategy specifically for the Welsh local authorities detailed and even wider, towards an RFC for ICT security best practice within any library or similar public access ICT service across the UK. Best practice, though valid in giving ICT staff a solid base to start and a checklist with pointers to security considerations during installation of a public library ICT suite, can not be produced in a definitive format due to the varying business requirements and topologies of the network and services to be delivered. What best practice guidelines can do is illustrate what is deemed to be the best way to deliver a security ICT service. The research conducted provided the necessary information to establish the best practice guidelines. ACKNOWLEDGEMENTS The authors would like to thank Ralph Hardy and Dave Hylands. REFERENCES  Big Lottery Funding Research Issue 7, The People s Network: evaluation summary. Available at: [Accessed April 2007]  Symberlist, R. (2002) Lifelong Learning Network (LLN) Network Diagrams, Welsh Networking Ltd. Available at: [Accessed February 2007]  Lemos, Robert (2006) Security flaws on the rise, questions remain, SecurityFocus. Available at: [Accessed January 2007]  Stallings, W. (2003) Network Security Essentials, 2nd Edition, Prentice Hall.  Pfleeger, C.P. & Pfleeger, S.L., (2003) Security in Computing, 3rd Edition, Prentice Hall.  Lampson, B.W., (2004) Computer security in the real world, Computer, IEEE Computer Society, Vol. 37, No.6, pp  Infosec Acceptable Use Policy Guide Available at: [Accessed April 2007]  Fites, M., Kratz, P. & Brebner, A., (1989), Control and Security of Computer Information Systems, Computer Science Press.
Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan
Student Tech Security Training ITS Security Office ITS Security Office Total Security is an illusion security will always be slightly broken. Find strategies for living with it. Monitor our Network with
MUNICIPAL WIRELESS NETWORK May 2009 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
(2) Countermeasures against Spyware Are you sure your computer is not infected with Spyware? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Spyware?
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
University of Kent Information Services Information Technology Security Policy IS/07-08/104 (A) 1. General The University IT Security Policy (the Policy) shall be approved by the Information Systems Committee
INFORMATION SECURITY POLICY TECHNICAL VULNERABILITY & PATCH MANAGEMENT ISO 27002 12.6.1 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-12.6.1 Version No: 1.1 Date: 1 st
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS188.8.131.52 ITS184.108.40.206 ITS220.127.116.11 ITS18.104.22.168 ITS22.214.171.124 ITS126.96.36.199
Connecting Windows 7 to the network This document outlines the procedure for setting up Windows 7 to use the College and University network. It assumes that the computer is set up and working correctly
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
COVER SHEET Subject IT SECURITY Author Deidre Butler Typed by Harma Freese Submitted to Council/ Community Board/ Council Subcommittee/ Board Committee Name of Board/ Committee/ Subcommittee Audit & Risk
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
Technology Help Desk 412 624-HELP  technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
2011 NATIONAL SMALL BUSINESS STUDY The National Cyber Security Alliance has conducted a new study with Symantec to analyze cyber security practices, behaviors and perceptions of small businesses throughout
Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
User Security Education and System Hardening Topic 1: User Security Education You have probably received some form of information security education, either in your workplace, school, or other settings.
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
AN OVERVIEW OF VULNERABILITY SCANNERS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
Dublin Institute of Technology IT Security Policy BS7799/ISO27002 standard framework David Scott September 2007 Version Date Prepared By 1.0 13/10/06 David Scott 1.1 18/09/07 David Scott 1.2 26/09/07 David
FACTSHEET When setting up a small business there can be many areas of uncertainty, but getting your IT or computer systems right and connected does not need to be one of them. If your company is either
Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:
Information Services The University of Kent Information Technology Security Policy 1. General The University IT Security Policy (the Policy) shall be approved by the Information Services Committee (ISC)
DBC 999 Incident Reporting Procedure Signed: Chief Executive Introduction This procedure is intended to identify the actions to be taken in the event of a security incident or breach, and the persons responsible
IRS/FTA CSO Conference Enterprise Security Self Assessment March 8, 2007 Timothy R. Blevins, KDOR Chief Information Officer 1 Securing the Enterprise Outline of Presentation Kansas ITEC Security Council
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
Introduction This e-safety policy was approved by the School Senior Leadership Team: January2015 The implementation of this e-safety policy will be monitored by the: E-Safety Coordinator, Senior Leadership
Response to Questions CML 15-018 Managed Information Security 1. What are the most critical aspects that need to be provided for this RFP, in light of the comment that multiple awards might be provided?
safend S e c u r i n g Y o u r E n d p o i n t s Achieving PCI Compliance with the Safend Solution This paper introduces you to the PCI compliance requirements and describes how the Safend Solution can
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
IT OUTSOURCING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
PC Security and Maintenance by IMRAN GHANI PC Maintenance and Security-Forecast. Major sources of danger. Important steps to protect your PC. PC Security Tools. PC Maintenance Tools. Tips. PC Security-
Executive Summary PORTABLE DATA STORAGE SECURITY INFORMATION FOR CIOs/CSOs Best Before November 2011 1 In today s business environment, managing and controlling access to data is critical to business viability
NETWORK ENGINEERING TRACK Microsoft Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use
VMWARE TECHNICAL NOTE VMware ACE Managing Remote Access This technical note explains how to use VMware ACE to manage remote access through VPN to a corporate network. This document contains the following
IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version
AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION
ResNet Computer Consultant Job Description Description: ResNet is the Internet Service Provider within the Residence Halls and Family and Graduate Housing at Montana State University. In addition to providing
About Cisco PIX Firewalls The PIX firewall requires extensive provisioning to meet both industry best practices and regulatory compliance. By default the firewall operating system allows various methods
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:
Protecting Your Network Against Risky SSL Traffic ABSTRACT Every day more and more Web traffic traverses the Internet in a form that is illegible to eavesdroppers. This traffic is encrypted with Secure
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
Links in this document have been set for a desktop computer with the resolution set to 1920 x 1080 pixels. Cyber Security: Software Security and Hard Drive Encryption 301-1497, Rev A September 2012 Copyright
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
Log Management as an Early Warning System The Edge for Compliance Presented by: Nancy Wilson, CISA, CRISC, CISSP, C CISO Vice President, Compliance and Security Cautela Labs, Inc. Agenda What is log management
MERTHYR TYDFIL COUNTY BOROUGH COUNCIL Civic Centre, Castle Street, Merthyr Tydfil, CF47 8AN Main Tel: 01685 725000 To: Chairman, Ladies and Gentlemen CABINET REPORT www.merthyr.gov.uk Date Written 1 st
Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS
School of Computer Science and Engineering policy with regard to self-administered computers CSE Computer Security Committee October, 2002 Abstract The School s Computing Support Group (CSG) provides a
Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable.
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features