NOT PROTECTIVELY MARKED. A087 Version 1.0
|
|
- Charles Weaver
- 8 years ago
- Views:
Transcription
1 POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Vulnerability & Patch Management POLICY REFERENCE NUMBER A087 Version 1.0 POLICY OWNERSHIP DIRECTORATE BUSINESS AREA ENABLING SERVICES INFORMATION AND COMMUNICATIONS TECHNOLOGY POLICY IMPLEMENTATION DATE June 2015 NEXT REVIEW DATE: June 2016 RISK RATING EQUALITY ANALYSIS HIGH HIGH Warwickshire Police and West Mercia Police welcome comments and suggestions from the public and staff about the contents and implementation of this policy. Please write to the Business Planning Manager, Strategic Service Improvement, at Hindlip Hall, PO Box 55, Worcester, WR3 8SP or 1
2 1.0 POLICY OUTLINE Information Communication Technology (ICT) is key to Warwickshire Police and West Mercia Police (WPWMP) being able to deliver services to the public. Vulnerabilities in software and firmware present a risk to availability, confidentiality and integrity of systems and their data. The forces have an obligation under the Public Service Network Code of Connection (PSN CoCo) and the Police Community Code of Connection (CoCoCo) to undertake vulnerability management including the application of security patches. 2.0 PURPOSE OF POLICY This policy and its accompanying procedure are directly linked to the overarching Information Assurance policy. This document, details vulnerability & patch management and is intended for use by all ICT support staff, business units and management. The procedure is contained within a separate document, not disclosable under FOI. 3.0 IMPLICATIONS of the POLICY The implications of this policy are considered as being: The organisation has a regulatory obligation under the PSN CoCo and CoCoCo to develop and operate a Patch Management policy and to apply patches with minimal delay to ensure compliance with the policy. Application of patches promotes improved availability, integrity and confidentiality of force information. Implementation of this policy has both resourcing and financial implications, namely, the cost of provisioning specialist tools and staff resources including training, to operate the policy. For unsupported systems that cannot be patched, the organisation will manage related risks. 4.0 CONSULTATION Consultation has taken place with Data Protection Officers, Information Security Officer, Head of Forensics, Head of MIU, Head of Territorial Policing, Head of Operational Support Services, Head of Crimes Management, Head of Finance, Head of Procurement, Head of Estates, Head of ICT and key internal ICT stakeholders 5.0 DOCUMENT HISTORY The history and rationale for change to policy will be recorded using the following chart: 2
3 Date Author / Reviewer Amendment(s) & Rationale Date of Approval / Adoption Paul Williams V0.1 Initial draft version N/A Paul Williams V0.2-V0.5 numerous internal N/A revisions and consultation within ICT Paul Williams V0.6 migrate to Force N/A Template Paul Williams V0.7 incl Invest, Maintain, N/A Retire rationale, & split procedure out to separate doc (non-foia) Paul Williams V0.8 incorporating feedback N/A from ICT stakeholders Paul Williams V0.9 incorporating feedback N/A from critical friends Paul Williams V1.0 for approval JNCC 03/06/2015 Document References: Ref 1: Cabinet Office. (2012). Common Standard for Patch Management. Available: Common Standard for Patch Management 6.0 KEY PRINCIPLES 6.1 The policy promotes a risk-managed approach to vulnerability assessment and application of patches and adopts the following key principles: The policy applies to all supported software & firmware installed on electronic assets in the WPWMP ICT estate including server, End User Devices (e.g. PCs, Winterms, Laptops etc), networking components and IP telephony All key ICT Systems will be classified by ICT, where necessary in liaison with relevant Information Asset Owners, as either INVEST, MAINTAIN or RETIRE (See Annex A) depending on their lifecycle status. In principle, systems classified as INVEST or MAINTAIN should be patched where as systems classified as RETIRE, are not mandated for patching but could be risk managed instead. This policy applies to security vulnerabilities and related security patches and service packs only. To minimise the risk of a loss of service availability the number of changes to a system must be kept to a minimum therefore non-security related patches should not be applied unless the patch addresses a specific issue or requirement. There should be a means of monitoring for new vulnerabilities; prioritisation of patches based on risk to infrastructure, and identification of which patches need to be/have been applied to which ICT assets (Ref 1); Only software necessary to deliver the organisation s business should be installed (to minimise the need to patch) and it should be configured such that it minimises the vulnerabilities available to potential attackers (the attack surface ) (Ref 1); 3
4 Only the latest stable release of software should be used, not necessarily the latest released version (sometimes the latest version has more vulnerabilities and should not be used until the first service update release, e.g. service pack) (Ref 1); The sources of patches should be confirmed and those patches should be evaluated and regression tested before deployment into a live ICT infrastructure (Ref 1); Updates and patches should be deployed into the ICT infrastructure as quickly as possible to minimise exposure times to known vulnerabilities (particularly if a critical vulnerability) (Ref 1); The update and patching process should be integrated between operational and security management functions to achieve an effective decision-making process and minimise and resolve delays caused by conflicts in business priorities (Ref 1); A retrieval and deployment architecture for updates and patches should be implemented that is appropriate for their use informed by the output of a technical risk assessment and organisational risk appetite (Ref 1); Good update and patch management processes and regimes should be enforced to make it more difficult for potential attackers to successfully attack an ICT infrastructure and therefore the information held on it (Ref 1). 6.2 Further reading /support Further guidance on patch management can be found in the PSN Technical Standard, Common Standard for Patch Management. 6.3 Policy Review This policy & procedure must be reviewed on an annual basis. 6.4 Procedure The procedure is a restricted document 7.0 ASSESSMENT AND ANALYSIS The Equality Analysis (EA), Health & Safety Assessment (HAS) and Risk Assessment (RA) associated with this document are available on request. 4
5 Annex A: 1.1 System Classification & Prioritisation For the purpose of supporting compliance obligations, systems should be prioritised in terms of their business criticality, placement in the infrastructure, supportability and the data and services held within them. The objective should be to place them in one of three groupings: Invest Maintain Retire These groupings reflect a system life-cycle, where new systems are sourced, approved, funded and implemented under INVESTMENT, age and enter a static state under MAINTAIN and ultimately become legacy applications, which when listed for replacement move to RETIRE INVEST Systems in this category will generally have the following characteristics: Support core business activities Operate current, supportable software Operate on current supportable hardware, or virtualised platforms Have a defined lifecycle, with an end-of-life date of greater than 5 years. INVEST systems reflect the current or planned systems which will form the operational infrastructure of the organisation for the next 5-10 years. They are often active projects and may still be under development or implementation. New systems and software introduced into the estate will initially fall under the INVEST category. INVEST systems will normally be easy to develop a business case for further expenditure and should form the core of a well managed estate MAINTAIN Systems in this category will generally have the following characteristics: Support core or non-essential business activities Run software which is approaching end of life within 2 years, or may have recently expired (normally less than 12 months) Operates on hardware which is approaching end of life within 2 years, or may have recently expired (normally less than 12 months) May be patchable only through use of specialist support agreements or bespoke development MAINTAIN systems reflect existing systems forming part of the operational infrastructure of the organisation, but are understood to have a finite (if not yet documented) lifetime. 5
6 These systems are not generally related to active projects, unless under a replacement programme, and will generally be considered to be static systems operating under a BAU model. MAINTAIN systems may have an operating life between 2-10 years, and it is not uncommon for major systems (such as databases, financial systems) to have operational lifecycles extending to 20 years, through incidences of these are becoming rarer. MAINTAIN systems will not normally be easy to develop a business case for further expenditure RETIRE Systems in this category will generally have the following characteristics: May support some business activities, which are non-core in nature Run out of support software and/or operating systems, which may be expensive or difficult to find skilled resource to manage Operate on unsupportable and end of life hardware Cannot be patched or maintained in a secure state even with specialist support Will generally be depreciated investments that can be removed from asset registers with no financial penalty RETIRE systems reflect aged or obsolete technologies which previously formed the operational infrastructure of the organisation, but which are no longer operationally required. RETIRE systems will often reflect a high cost operation due to their size, power consumption and inability to migrate to current modes of operation (i.e. Cold Corridor, virtualisation or cloud). They represent a major area of vulnerability on an estate due to the availability of public exploits and inability to patch. 1.2 General Approach The general approach should be to maximise current supportable INVEST technologies, minimise and actively manage MAINTAIN technologies and work to eliminate RETIRE technologies. 6
POLICY. Yes. A029 Version 1.0
POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes T PROTECTIVELY MARKED POLICY TITLE Attendance Management POLICY REFERENCE NUMBER A029 Version 1.0 POLICY OWNERSHIP DIRECTORATE
More informationInformation Services Strategy 2011-2013
Information Services Strategy Issue 1 1 Introduction The States of Jersey public sector is facing significant pressure for efficiencies and savings. This has created the context to take a fresh look at
More informationNOT PROTECTIVELY MARKED. Yes. Disciplinary Policy and Procedures (POLICE STAFF) POLICY REFERENCE NUMBER VERSION 1.0
POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Disciplinary Policy and Procedures (POLICE STAFF) POLICY REFERENCE NUMBER A050 VERSION 1.0 POLICY OWNERSHIP
More informationMANAGING DIGITAL CONTINUITY
MANAGING DIGITAL CONTINUITY Project Name Digital Continuity Project DRAFT FOR CONSULTATION Date: November 2009 Page 1 of 56 Contents Introduction... 4 What is this Guidance about?... 4 Who is this guidance
More informationPOLICY. Yes. Crime Scene Attendance POLICY REFERENCE NUMBER
T PROTECTIVELY MARKED POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes T PROTECTIVELY MARKED POLICY TITLE Crime Scene Attendance POLICY REFERENCE NUMBER A003 Version
More informationTECHNICAL VULNERABILITY & PATCH MANAGEMENT
INFORMATION SECURITY POLICY TECHNICAL VULNERABILITY & PATCH MANAGEMENT ISO 27002 12.6.1 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-12.6.1 Version No: 1.1 Date: 1 st
More informationDigital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager
Role title Digital Cultural Asset Manager Also known as Relevant professions Summary statement Mission Digital Asset Manager, Digital Curator Cultural Informatics, Cultural/ Art ICT Manager Deals with
More informationEnterprise Architecture (EA) Principles
FINAL January 2016 Enterprise Architecture (EA) Principles Introduction The Enterprise Architecture principles express how Highways England needs to design and deploy information systems across the organisation.
More informationICT Category Sub Category Description Architecture and Design
A A01 Architecture and Design Architecture and Design Enterprise & Business Architecture A02 Architecture and Design Information Architecture A03 Architecture and Design Solution Architecture B Benchmarking
More informationJOB DESCRIPTION CONTRACTUAL POSITION
Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical
More informationThe Cadence Partnership Service Definition
The Cadence Partnership Service Definition About Cadence The Cadence Partnership is an independent management consultancy, specialising in working with a wide range of organisations, solving complex issues
More informationNOT PROTECTIVELY MARKED POLICY. Yes. A017 Version 1.0
T PROTECTIVELY MARKED POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes T PROTECTIVELY MARKED POLICY TITLE Social Media POLICY REFERENCE NUMBER A017 Version 1.0 POLICY
More informationPROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION
PROGRAMME OVERVIEW: G-CLOUD APPLICATIONS STORE FOR GOVERNMENT DATA CENTRE CONSOLIDATION 1. Introduction This document has been written for all those interested in the future approach for delivering ICT
More informationG-Cloud Service Definition Lotus Notes to Microsoft SharePoint Migration Discovery Service
G-Cloud Service Definition Lotus Notes to Microsoft SharePoint Migration Discovery Service Lotus Notes to Microsoft SharePoint Migration Discovery Service This service provides an opportunity to review
More informationMigrating to the Cloud. Developing the right Cloud strategy and minimising migration risk with Logicalis Cloud Services
Migrating to the Cloud Developing the right Cloud strategy and minimising migration risk with Logicalis Cloud Services Organisations are looking for new ways to deliver IT services and demanding that ICT
More informationAGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader
AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationSystem Center Configuration Manager
System Center Configuration Manager Software Update Management Guide Friday, 26 February 2010 Version 1.0.0.0 Baseline Prepared by Microsoft Copyright This document and/or software ( this Content ) has
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationPolish Financial Supervision Authority. Guidelines
Polish Financial Supervision Authority Guidelines on the Management of Information Technology and ICT Environment Security for Insurance and Reinsurance Undertakings Warsaw, 16 December 2014 Table of Contents
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationAsset management guidelines
Asset management guidelines 1 IT asset management (ITAM) overview Objective Provide a single, integrated view of agency assets in order to allow agencies to identify the asset location and assess the potential
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationHMG Security Policy Framework
HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of
More informationRisk Management. National Occupational Standards February 2014
Risk Management National Occupational Standards February 2014 Skills CFA 6 Graphite Square, Vauxhall Walk, London, SE11 5EE T: 0207 0919620 F: 0207 0917340 E: info@skillscfa.org www.skillscfa.org Skills
More informationG-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)
G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS) Service Definition 6th October 2015 TABLE OF CONTENTS VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS) 3 SERVICE SUMMARY
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationInformation Governance and Assurance Framework Version 1.0
Information Governance and Assurance Framework Version 1.0 Page 1 of 19 Document Control Title: Original Author(s): Owner: Reviewed by: Quality Assured by: Meridio Location: Approval Body: Policy and Guidance
More informationThe benefits anticipated from the project can be summarised as follows:
UNO Benefits Realisation Plan Background The aim of the UNO project was to create an up to date ICT system to enable the Assembly to work independently of the Welsh Government, to improve business continuity
More informationReview of Information Technology Expenditure Summary 16 November 2011. Dr John Hogan. Registrar
Review of Information Technology Expenditure Summary 16 November 2011 Dr John Hogan Registrar Recap on scope The objective of the review was to recommend ways to improve the University s value for money
More informationTransition Guidelines: Managing legacy data and information. November 2013 v.1.0
Transition Guidelines: Managing legacy data and information November 2013 v.1.0 Document Control Document history Date Version No. Description Author October 2013 November 2013 0.1 Draft Department of
More informationSecurity Consultants / Security Managed Services
Security Consultants / Security Managed Services Service Definition Document for G-Cloudv7 Services October 2015 Table of Contents Service Overview...3 Our Approach... 3 Features... 3 Benefits... 4 ON-BOARDING
More informationSTL Microsoft Dynamics CRM Consulting and Support Services
STL Microsoft Dynamics CRM Consulting and Support Services STL Technologies Equis House Eastern Way Bury St Edmunds Suffolk IP32 7AB Service Description and Pricing Specialist Cloud Services www.stl.co.uk
More informationGuardian365. Managed IT Support Services Suite
Guardian365 Managed IT Support Services Suite What will you get from us? Award Winning Team Deloitte Best Managed Company in 2015. Ranked in the Top 3 globally for Best Managed Service Desk by the Service
More informationDVLA ELISE GSi Closed User Group Code of Connection
DVLA ELISE GSi Closed User Group Code of Connection Security Warning Notice The following handling instructions apply to this document: - Handle, use and transmit with care - Take basic precautions against
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationOxford City Council ICT Strategy 2015 2018
Oxford City Council ICT Strategy 2015 2018 1 Contents 2 Overview... 2 3 OCC Business Drivers... 2 4 ICT Principles... 3 4.1 Business Requirements... 3 4.2 Information Management... 3 4.3 Applications...
More informationHow To Make Money From Your Desktop Virtualisation
Shaping the future of end user services Desktop Virtualisation Seize opportunities before others see them Remember the not-too-distant past?» Traditional thin client systems struggled to gain wide acceptance,
More informationIT Heath Check Scoping guidance ALPHA DRAFT
IT Heath Check Scoping guidance ALPHA DRAFT Version 0.1 November 2014 Document Information Project Name: ITHC Guidance Prepared By: Mark Brett CLAS Consultant Document Version No: 0.1 Title: ITHC Guidance
More informationUtica College. Information Security Plan
Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles
More informationBRENT COUNCIL IT STRATEGY 2010-13
BRENT COUNCIL IT STRATEGY 2010-13 Contents 1 Introduction... 2 2 Empowering our customers... 3 2.1 Client Index... 3 2.2 Customer contact... 3 3 Tools for the Job... 4 3.1 Printing and scanning... 4 3.2
More informationUoD IT Job Description
UoD IT Job Description Role: Projects Portfolio Manager HERA Grade: 8 Responsible to: Director of IT Accountable for: Day to day leadership of team members and assigned workload Key Relationships: Management
More informationICAICT704A Direct ICT in a supply chain
ICAICT704A Direct ICT in a supply chain Release: 1 ICAICT704A Direct ICT in a supply chain Modification History Release Release 1 Comments This Unit first released with ICA11 Information and Communications
More informationImplementing an Electronic Document and Records Management System. Key Considerations
Implementing an Electronic Document and Records Management System Key Considerations Commonwealth of Australia 2011 This work is copyright. Apart from any use as permitted under the Copyright Act 1968,
More informationAUDIT COMMITTEE 10 DECEMBER 2014
AUDIT COMMITTEE 10 DECEMBER 2014 AGENDA ITEM 8 Subject Report by MANAGEMENT OF INFORMATION RISKS DIRECTOR OF CORPORATE SERVICES Enquiries contact: Tony Preston, Ext 6541, email tony.preston@chelmsford.gov.uk
More informationHSCIC IT Hosting Strategy
HSCIC IT Strategy Author: Paul A. Rawson Version: 1.7 Date: 30 April 2014 Purpose 1. The purpose of this paper is to seek approval of the HSCIC IT Strategy. The Strategy and Policy sections set out and
More informationSpecific recommendations
Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It
More informationSTATE OF NEW JERSEY IT CIRCULAR
NJ Office of Information Technology P.O. Box 212 www.nj.gov/it/ps/ Chris Christie, Governor 300 River View E. Steven Emanuel, Chief Information Officer Trenton, NJ 08625-0212 STATE OF NEW JERSEY IT CIRCULAR
More informationCentral Services. Business Support Service JOB DESCRIPTION
Central Services Business Support Service JOB DESCRIPTION POST: GRADE: Grade: Band 12 RESPONSIBLE TO: A Head of Business Support STAFF MANAGED: Team Leaders. In some instance, a Business Support Manager
More informationInternal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority
Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:
More informationFreedom of Information request 560-15
Freedom of Information request 560-15 General Questions Number of Employees? Do you have a set budget for IT projects and how & who manages this? What is the ICT budget for all departments for April 2015-16
More informationJob Description. Technical Architect (BISRID_55) Band: 9 ( 38,050-43,483)
Job Description Job Title: Reports to: Team: Location: Technical Architect (BISRID_55) Solution Architect Infrastructure & Data Centre Lead BIS Nelson Band: 9 ( 38,050-43,483) Job Purpose To ensure key
More informationCloud Computing Toolkit
DEPARTMENT OF INFORMATION STUDIES, ABERYSTWYTH UNIVERSITY Cloud Computing Toolkit Guidance for outsourcing information storage to the cloud Nicole Convery 26/08/2010 Toolkit to guide information professionals
More informationJob description. Job title: Server Infrastructure Analyst 1
Job description Job title: Server Infrastructure Analyst 1 Department: Resources Service: IT Service Grade: G Post reference number: 1 Job purpose To provide specialist enterprise level design, planning,
More informationTICSA. Telecommunications (Interception Capability and Security) Act 2013. Guidance for Network Operators. www.gcsb.govt.nz www.ncsc.govt.
TICSA Telecommunications (Interception Capability and Security) Act 2013 Guidance for Network Operators www.gcsb.govt.nz www.ncsc.govt.nz Contents Introduction...2 Overview of the Guidance...3 Focus of
More informationDIVISION OF INFORMATION SECURITY (DIS)
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Information Systems Acquisitions, Development, and Maintenance v1.0 October 15, 2013 Revision History Update this table every time a new
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is
More informationFreedom of Information request 162-13
Freedom of Information request 162-13 I would like to submit a Freedom of Information Request relating to specific a ICT contract(s) for Servers which may include: Server Hardware Server Licensing (Software)
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationJob Description and Person Specification. Post Number: HCI.C24 JE Ref: JE028
Job Description and Person Specification Job Title: Business Analyst Post Number: HCI.C24 JE Ref: JE028 Grade: PO1 (SCP 35 39) Other payments: Service: Progression: Hours per week: Accountable to: N/A
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report
ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,
More informationMicrosoft SharePoint and Records Management Compliance
Microsoft SharePoint and Records Management Compliance White Paper Revision: 2 Date created: 20 February 2015 Principal author: Nigel Carruthers-Taylor, Principal, icognition Reference: 15/678 Summary
More informationBuild (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)
It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The
More informationInformatics: The future. An organisational summary
Informatics: The future An organisational summary DH INFORMATION READER BOX Policy HR/Workforce Management Planning/Performance Clinical Document Purpose Commissioner Development Provider Development Improvement
More informationRole Profile. Job No. (Office Use) A238. Competency Job Type
Role Profile Job Title Information Security Job No. (Office Use) A238 Band/Band Range- (for career grades) Grade I Directorate Chief Executive s Office Department ICT Division Operational Service Delivery
More informationBusiness Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:
Module Db Technical Solution Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL: Cost is reduced through greater economies of scale, removal of duplication
More informationShmeisani: Al-Hussary Street Anshasi Sq P.O. Box 940314 Amman 11194 Jordan Telephone: +962-65007335
itil.org Service Management Essentials ITIL V3 Study Guide v1.0.0 Shmeisani: Al-Hussary Street Anshasi Sq P.O. Box 940314 Amman 11194 Jordan Telephone: +962-65007335 Fax: +962-65007300 Email: info@saadehgroup.com
More informationESKISP6054.01 Conduct security testing, under supervision
Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationSUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS
REPORT TO CABINET TO BE HELD ON 15 SEPTEMBER 2015 Key Decision No Forward Plan Ref No 23K Corporate Priority The proposals in this report contribute to the delivery of all the Council s priorities Cabinet
More informationCouncil is committed to achieving the three key outcomes identified by our local community:
Position Profile Position Title: Reports to: Department: Section: Information Technology Team Leader Information Technology Information Services Community Outcomes Council is committed to achieving the
More informationITIL Managing Digital Information Assets
ITIL Managing Digital Information Assets Shirley Lacy, ConnectSphere Frieda Midgley, Digital Continuity Project Judith Riley, Digital Continuity Project Nigel Williamson, Digital Continuity Project White
More informationBristol City Council ICT Update and New Opportunities
#ICT_Bristol_Supply Bristol City Council ICT Update and New Opportunities Chair/Facilitator: Barney Smith 27 June 2013 The Pavilion, Harbourside Slide 1 Orientation, Phones, Networks & Networking #ICT_Bristol_Supply
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationManchester City Council Role Profile. Enterprise Architect, Grade 12
Key Role Descriptors: Manchester City Council Role Profile Enterprise Architect, Grade 12 ICT Service, Corporate Core Directorate Reports to: Head of Enterprise Architecture Job Family: Technical This
More informationInfrastructure Support Engineer Job Profile
Infrastructure Support Engineer Job Profile About the HCPC The Health Professions and Care Council (HCPC) is the regulator of 16 different health and care professions, set up to protect the public. To
More informationLot 1 Service Specification MANAGED SECURITY SERVICES
Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationProcuring Penetration Testing Services
Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat
More informationWhy you need an Automated Asset Management Solution
solution white paper Why you need an Automated Asset Management Solution By Nicolas Renard, Support and Professional Services Manager, BMC France Table of Contents 1 OVERVIEW Automated Asset Discovery
More informationInformation Management Advice 39 Developing an Information Asset Register
Information Management Advice 39 Developing an Information Asset Register Introduction The amount of information agencies create is continually increasing, and whether your agency is large or small, if
More informationGuideline on Vulnerability and Patch Management
CMSGu2014-03 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Vulnerability and Patch Management National Computer Board
More informationIT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies
IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document
More informationAberdeen City Council IT Governance
Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or
More informationNational Approach to Information Assurance 2014-2017
Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version
More informationBetter secure IT equipment and systems
Chapter 5 Central Services Data Centre Security 1.0 MAIN POINTS The Ministry of Central Services, through its Information Technology Division (ITD), provides information technology (IT) services to government
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationRole Profile. Job No. (Office Use) A79
Role Profile Job Title Team Leader Service Desk Job No. (Office Use) A79 Band/Band Range- (for career grades) Grade I Directorate Corporate Support Department ICT Division Operational Service Delivery
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationUniversity of Brighton School and Departmental Information Security Policy
University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives
More informationJoint ICT Service ICT Strategy 2014-17
Document History Document Location This document is only valid on the day it was printed. The source of the document will be found in (see footer) Revision History Date of this revision: 19 th May 2014
More informatione-tourism Marketing Specialist
! Role Profile for e-tourism Marketing Specialist e-jobs-observatory.eu European Profiles in e-tourism Functions e-tourism Marketing Specialist 1 e-tourism Marketing Specialist 1. Role Profile Role title
More informationHow To Write An Audit And Governance Committee Report On An Itd Plan
Public Document Pack Worcestershire County Council Agenda Audit and Governance Committee Friday, 12 September 2014, 10.00 am County Hall, Worcester This document can be made available in other formats
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationThe Danwood Group Professional Services Offering DANWOOD
The Danwood Group Professional Services Offering DANWOOD Our Professional Services Our Professional Services department can provide you with a variety of services from Audit and Assessment to Technical
More informationImplications for the Honeywell Enterprise Buildings Integrator User Community
Microsoft Windows XP End-of-Life Implications for the Honeywell Enterprise Buildings Integrator User Community Executive Summary Thousands of building systems managers all over the world are using the
More informationLumension Endpoint Management and Security Suite Patch and Remediation 7.0 Service Pack 1 Migration Guide
Lumension Endpoint Management and Security Suite Patch and Remediation 7.0 Service Pack 1 Migration Guide Planning your migration with Service Pack 1 This document provides guidance for customers who plan
More information