Human Behaviour and Security Compliance
|
|
- Jerome Parks
- 8 years ago
- Views:
Transcription
1 Human Behaviour and Security Compliance M. Angela Sasse University College London, UK Research Institute for Science of Cyber Security Academic Centre of Excellence for Cyber Security Research
2 Overview 1. Why do employees not comply with security policies? 2. How can organisations improve security compliance? 1. Decide what you want. Compliance? Or Security? 2. Understand what you are asking employees to do. 3. Reduce friction better design. And improve productivity in the process! 4. Engage employees from passive compliance to active participation.
3 The image part with relationship ID rid2 was not found in the file. Background 1996: Usability study to explain password security (with Anne Adams) Published in 1999: Users Are Not the Enemy Also 1999: Whitten & Tygar Why Johnny can t encrypt Started research in usable security Adams & Sasse CACM 1999
4 Has it made a difference in practice? Consider authentication: Nielsen (2000) said that biometrics are highly usable and would replace passwords. Schneier (2000) and Gates (2004) predicted that passwords would become obsolete. Instead: People have more passwords. Longer ones. They write down, store, re-use and re-cycle passwords. They have to think up and recall back-up credentials for passwords. And solve a CAPTCHA before they are allowed to attempt to remember them.
5 Allendoerfer & Pai (2005): Human Factors Considerations for Passwords and Other User Identification Techniques. US DOT/FAA/CT- 05/20
6 Designing better security mechanisms 1. Fitting the system around the human (90% of the time bending human to fit the task (10%) 2. Security is a secondary task it should create as little additional workload and disruption as possible 3. More complex than what s easy to remember - It Depends : on specific user characteristics (universal access), frequency of use, interference physical and social context of use characteristics of the device (Sasse et al., 2001)
7 Usable authentication Authenticate users when needed but minimize the effort it requires from them Move from explicit to implicit authentication let technology do the work Learning from e-commerce: recognize users through cookies, history/patterns, etc. Using tokens or biometrics Exploit modality of interaction touch on touchscreens, video, audio Maximize the benefits for users and/or organizations productive security
8 Security people don t track long-term impact of their policies Such as - employees not using corporate laptops stop logging in from home not collaborating with externals leaving the organization and the vulnerabilities created by workarounds (e.g password sharing, mouse jigglers) bad general security perceptions and habits
9 Glossy brochure of UK railway company complete with passwords on whiteboard
10 Usability Makes Economic Sense Workshop on Economics of Security (WEIS), founded by Ross and Anderson and Bruce Schneier, is now 10 years old Security people value users time at zero. (Herley NSPW 2009)
11 The Compliance Budget Beautement et al. 2008
12 Example dashboard interface for CISOs Parkin et al. 2010
13 Cost of security measures Pallas 2008 Meta- Measure Architect. Means Formal Rules Informal Rules Initial Costs (once) high Enforcement Costs none / negligible Loss from noncompliance none / negligible low high high medium low (spont.) high
14 Don t isolate, integrate Challenger & Clegg (2011)
15 Engage employees to achieve culture change 1 Semi-structured interviews with vertical cross section of the target organisation 2 Scenario-based survey, based on interview analysis, that assesses responses to conflict situations 3 Work with organisation to determine strategy and capability 4 Select optimal intervention, targeting appropriate sociotechnical factor(s) 5 Develop and utilise metrics to measure change in security behaviour and levels of compliance
16 Jason is an XY Commercial Analyst and is currently involved in an important project that requires him to present progress updates to clients, often in offsite locations. He would normally use his laptop to take presentations to clients, but his laptop developed a problem and is currently with maintenance. He decides to use an encrypted USB memory stick to transfer the required files to the client site. Shortly before he is due to leave for the meeting, Jason realises he lent his encrypted USB stick to a colleague. He knows he will not get a replacement at such short notice, but needs some way to transfer information. The presentation includes embedded media and is too large to , and he cannot access the internal network from the client s site.
17 Option A: Take the required data on an unencrypted USB stick - you have one to hand. Option B: Borrow an encrypted stick from a colleague. You would have to also make a note of their password so you can access the data at the client's site. The colleague had asked that you do not share / erase the confidential data already on the stick. Option C: An employee of the client has been visiting XY and is due to travel back with you. Use the available unencrypted USB stick to put a copy of the data onto their laptop and ask them to take it to the client's site. Option D: Upload the files to a public online data storage service and recover them at the client's site.
18 Behavior Types Type 1: Least compliant disregard policy to maximize productivity in case of any friction Type 2: Partly compliant - condone insecure behavior in case of friction, expect others to take care of security Type 3: Largely compliant try to comply, but occasionally prioritize productivity over security; prepared to take action if cost to themselves is low Type 4: Mostly compliant try to put security first, prepared to take action themselves Most frequent behaviour types were 3 and 4
19 Attitude types Type 1: Discount suspicions, cause no bother, passive Type 2: Report suspicions if easy to do, take no direct personal action Type 3: Report suspicions through prescribed channels, take no personal direct action Type 4: Take direct personal action against the threat Most frequent attitude types were 2 and 3
20 Analysis of free-text responses Overwhelming number suggested more secure workarounds (alternatives to options offered) but 97% of suggestions were not secure Large number of justifications for workarounds Less than 10% mentioned benefits of security policies and mechanisms
21 Other interventions Reporting point for issues and debating them openly Targeted campaigns for specific issues New forms of training better integrated, reminders Integration with safety, sustainability how do we Do the Right Thing in all of these?
22 Obstacle security = unproductive security
23 Security that supports user goals
24 Engagement next stages Target specific areas of non-compliance Design Communication- change the discourse Leadership Measure changes in behaviour build on what works,
The Compliance Budget: The Economics of User Effort in Information Security
The Compliance Budget: The Economics of User Effort in Information Security A. Beautement & M. A. Sasse 1. Introduction A significant number of security breaches result from employees failure to comply
More informationAppropriation of security technologies in the workplace
Appropriation of security technologies in the workplace Simon Parkin, Kat Krol University College London, London, UK s.parkin@ucl.ac.uk, k.krol@cs.ucl.ac.uk Abstract. Using two case studies, we examine
More informationExternal Communication to Third Parties
External Communication to Third Parties Egress Software Technologies Ltd Unit 16 Quadrant Business Center, 135 Salusbury Road, London, NW6 6RJ T: +44 (0)20 7624 8500 / F: +44 (0)20 7624 8200 / E: info@egress.com
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationAccess to Electronic PHI Finding the Balance. Security, Convenience, and Usability
Access to Electronic PHI Finding the Balance Security, Convenience, and Usability Speaker Lassaad Fridhi, MS Information Privacy & Security Officer Commonwealth Care Alliance Anatomy of Anthem s Massive
More informationBeyond Security Awareness Achieving culture and avoiding fatigue
Beyond Security Awareness Achieving culture and avoiding fatigue Prof. Steven Furnell Centre for Security, Communications & Network Research University of Plymouth United Kingdom Session Content Introduction
More informationThe Compliance Budget: Managing Security Behaviour in Organisations
The Compliance Budget: Managing Security Behaviour in Organisations Adam Beautement University College London Department of Computer Science Malet Place, London. WC1E 6BT +44 20 7679 7214 a.beautement@cs.ucl.ac.uk
More informationUsable Multi-Factor Authentication and Risk-Based Authorization
CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS Usable Multi-Factor Authentication and Risk-Based Authorization IBM T. J. Watson Research Center Larry Koved, Research Staff Member 17 September 2013
More informationHow To Protect School Data From Harm
43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:
More informationCHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
More informationAuthentication Part 4: Issues and Implications. People and Security Lecture 8
Authentication Part 4: Issues and Implications People and Security Lecture 8 The great authentication fatigue (1) 23 knowledge workers asked to keep a diary of all their authentication events for 24 hours
More informationEncryption Policy (ISP03)
Encryption Policy (ISP03) Issue Date: December 2014 Version 1.0 DOCUMENT CONTROL...3 1 INTRODUCTION...4 2 DEFINITION...4 3 WHEN TO USE ENCRYPTION...4 4 MANAGEMENT....4 5 ENCRYPTION STANDARDS...4 6 UK LAW...4
More informationPCI DSS: An Evolving Standard
White Paper PCI DSS: An Evolving Standard PCI 3.0 and 3.1 Key Requirements Explained 2015 SecurityMetrics PCI DSS: An Evolving Standard 2 PCI DSS An Evolving Standard The Payment Card Industry Data Security
More informationAppendix H: End User Rules of Behavior
Appendix H: End User Rules of Behavior 1. Introduction The Office of Management and Budget (OMB) has established the requirement for formally documented Rules of Behavior as set forth in OMB Circular A-130.
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationAndrew Bragdon CS166: USABLE SECURITY
Andrew Bragdon CS166: USABLE SECURITY WHY CRYPTOSYSTEMS FAIL (ANDERSON, 1993) Traditionally, it was assumed that the biggest security threat is from sophisticated cryptanalysis Assumes government (e.g.
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationIntegrating Security and Usability at Requirement Specification Process
Integrating Security and Usability at Requirement Specification Process Author: Nikhat Parveen 1, Rizwan Beg 2, M. H. Khan 3 1,2 Department of Computer Application, Integral University, Lucknow, India.
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationOriginator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy. Computer Security Policy
Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy Computer Security Policy Contents 1 Scope... 3 2 Governance... 3 3 Physical Security... 3 3.1 Servers... 3 3.2
More informationPolicy Title: HIPAA Security Awareness and Training
Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationTHE HUMAN COMPONENT OF CYBER SECURITY
cybersecurity.thalesgroup.com.au People, with their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions, are the
More informationMobile E-Commerce: Friend or Foe? A Cyber Security Study
Research February 2015 Mobile E-Commerce: Friend or Foe? A A J.Gold Associates Research Report Many consumers now interact with the Internet primarily through mobile devices, avoiding traditional PC devices
More informationPCI Self-Assessment: PCI DSS 3.0
PCI Self-Assessment: PCI DSS 3.0 Achieving PCI DSS 3.0 Compliance with our PCI Self-Assessment tool (Author: Heinrich Van Der Westhuizen, Director) Requirement PCI DSS update Purpose/need Addressed 1 Have
More informationRemote Access Securing Your Employees Out of the Office
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationINTEGRATING SECURITY AND USABILITY INTO THE REQUIREMENTS AND DESIGN PROCESS
INTEGRATING SECURITY AND USABILITY INTO THE REQUIREMENTS AND DESIGN PROCESS Ivan Flechais Oxford University Computing Laboratory Wolfson Building UK Oxford OX1 3QD ivan.flechais@comlab.ox.ac.uk Cecilia
More informationInformation Technology Policy and Procedures
Information Technology Policy and Procedures Responsible Officer Author Ben Bennett, Business Planning & Resources Director Policy Development Group Date effective from April 2005 Date last amended February
More informationHOW TO PROTECT YOUR DATA
HOW TO PROTECT YOUR DATA INTRODUCTION Every day in the news, we hear about data breaches. Are you concerned your sensitive business, customer and supplier data is not protected? Do you have a secret sauce
More informationBusiness Banking Customer Login Experience for Enhanced Login Security
Business Banking Customer Login Experience for Enhanced Login Security User credentials uniquely identify each person who uses the banking platform. The intent of authentication is unequivocal verification
More informationAn Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance
An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security
More informationFour Top Emagined Security Services
Four Top Emagined Security Services. www.emagined.com Emagined Security offers a variety of Security Services designed to support growing security needs. This brochure highlights four key Emagined Security
More informationEmpower TM 2 Software
Empower TM 2 Software 21 CFR PART 11 COMPLIANCE ASSESSMENT Revision A, December, 2005 1 of 14 Waters Corporation Note: Information presented in this document assumes that the appropriate Empower 2 System
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable
More informationSECURITY POLICIES AND PROCEDURES
2014 WorldEscrow N.V./S.A. SECURITY POLICIES AND PROCEDURES This document describes internal security rules within the WorldEscrow N.V./S.A. organization. Content 1) Employee Responsibilities... 1 2) Use
More informationWhite Paper. Improved Delivery and Management of Critical Information: Solicitors Regulation Authority Compliance
White Paper Improved Delivery and Management of Critical Information: Solicitors Regulation Authority Compliance Author Document Number Revision Issue Date Copyright : : : : : Ben Martin WHP-1010 V2.2
More informationHow to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization
How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationEndPoint Device Secures Files Transferring and Sharing
EndPoint Device Secures Files Transferring and Sharing 1/24/2014 Rev 2.10 LucidPort Technology, Inc. www.lucidport.com Seminar series: Files transferring and Sharing Increasing Need for Data Protection
More informationLocal Government Cyber Security:
Local Government Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Elected Officials Administrative Officials Business Managers Multi-State Information Sharing and
More informationData Access Request Service
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
More informationThe Human Component of Cyber Security
www.thalescyberassurance.com In this white paper Humans, their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions,
More informationPolicing Together. A quick guide for businesses to Information Security and Cyber Crime
Policing Together A quick guide for businesses to Information Security and Cyber Crime This leaflet has been produced by the Surrey and Sussex Cyber Crime Unit Who is this leaflet for? This leaflet will
More informationHow to reduce the cost and complexity of two factor authentication
WHITEPAPER How to reduce the cost and complexity of two factor authentication Published September 2012 48% of small and medium sized businesses consistently cite technical complexity and cost of ownership
More informationKEELE UNIVERSITY IT INFORMATION SECURITY POLICY
Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationPenetration Test Report
Penetration Test Report Acme Test Company ACMEIT System 26 th November 2010 Executive Summary Info-Assure Ltd was engaged by Acme Test Company to perform an IT Health Check (ITHC) on the ACMEIT System
More informationManaging for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud
Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to
More informationEDS Innovation Research Programme DISCUSSION PAPER SERIES. No.005 Media, Connectivity, Literacies and Ethics
EDS Innovation Research Programme DISCUSSION PAPER SERIES No.005 Media, Connectivity, Literacies and Ethics Security Challenges of Networks: Cyber Trust and Cyber Crime Robin Mansell March 2006 EDS Innovation
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationInformation Technology Acceptable Usage Policy
Information Technology Acceptable Usage Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly
More informationTECHNICAL SECURITY AND DATA BACKUP POLICY
TECHNICAL SECURITY AND DATA BACKUP POLICY PURPOSE Effective technical security depends not only on technical measures, but also on appropriate policies and procedures and on good user education and training.
More informationNHS Fife. Your Business @ Risk - Information Governance and Security Survey
NHS Fife Your Business @ Risk - Information Governance and Security Survey Prepared for NHS Fife September 2014 Audit Scotland is a statutory body set up in April 2000 under the Public Finance and Accountability
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationREPORT. Next steps in cyber security
REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15
More informationPolicy. London School of Economics & Political Science. Encrypted Authentication IMT. Jethro Perkins. Information Security Manager. Version 1.
London School of Economics & Political Science IMT Policy Encrypted Authentication Jethro Perkins Information Security Manager Version 1.1 Date 18/03/2015 Library reference ISM-PY-127 Document control
More informationBCS IT User Syllabus IT Security for Users Level 2. Version 1.0
BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4
More informationSecure Web Applications. The front line defense
Secure Web Applications The front line defense Agenda Web Application Security Threat Overview Exploiting Web Applications Common Attacks & Preventative techniques Developing Secure Web Applications -Security
More informationHow To Audit Health And Care Professions Council Security Arrangements
Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan
More informationHIPAA Security Checklist for Healthcare Providers - Self-Evaluation Checklist
HIPAA Security Checklist for Healthcare Providers - Self-Evaluation Checklist Individual Authentication of Users Unique individual identifier for each user Automatic logoff after specified time Change
More informationAngard Acceptable Use Policy
Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants
More informationSecurity aspects of e-tailing. Chapter 7
Security aspects of e-tailing Chapter 7 1 Learning Objectives Understand the general concerns of customers concerning security Understand what e-tailers can do to address these concerns 2 Players in e-tailing
More informationTOWARDS PREVENTING VIOLENT RADICALISATION
TOWARDS PREVENTING VIOLENT RADICALISATION PRACTICE GUIDELINES WORKING WITH VIOLENT EXTREMISTS With support from the Prevention of and Fight against Crime Programme of the European Union, European Commission
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More informationTOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE
TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE TODAY S HIGHLY MOBILE WORKFORCE IS PLACING NEW DEMANDS ON IT TEAMS WHEN PROTECTING LAPTOP DATA To guard this corporate data at
More informationEndPoint Device Secures Cloud Storage
EndPoint Device Secures Cloud Storage WeiTi Liu and Reid Augustin LucidPort Technology, Inc. www.lucidport.com Flash Memory Summit 2013 Santa Clara, CA 1 Increasing Need for Data Protection Data breaches
More informationTenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014
Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology
More informationCyberSecurity & Keeping your data safe. October 20, 2015
CyberSecurity & Keeping your data safe Medway Business Council John Haddad, Bisinet Technologies October 20, 2015 We are under attack!!! 2013 110 million records compromised 2014 56 million payment cards
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationSummary Electronic Information Security Policy
University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture
More informationUSER-MANAGED FILE SERVER BACKUP:
USER-MANAGED FILE SERVER BACKUP: An ineffective solution to Business Data Protection WHITE PAPER www.cibecs.com 2 EXECUTIVE SUMMARY In their latest report on endpoint user data backup (ID #: G00211731),
More informationLas Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
More informationThe Blended Learning Study On Corporate training
The Blended Learning Study On Corporate training Abstract Blended learning is a diverse and expanding area of corporate training design and implementation that combines face-to-face and online modalities,
More informationIT asset disposal for organisations
ICO lo Data Protection Act Contents Introduction... 1 Overview... 2 What the DPA says... 3 Create an asset disposal strategy... 3 How will devices be disposed of when no longer needed?... 3 Conduct a risk
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationThe virtual safe: A user-focused approach to data encryption
The virtual safe: A user-focused approach to data encryption Steganos GmbH, 2008 1 The hard disk: a snapshot of our lives The personal computer has never been more personal. We routinely trust it with
More informationToken Security or Just Token Security? A Vanson Bourne report for Entrust
Token Security or Just Token Security? A Vanson Bourne report for Entrust Foreword In 2011, Entrust Inc., an identity-based security company, partnered with respected technology research firm Vanson Bourne
More informationAlternative authentication what does it really provide?
Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies
More informationCyber Security: Guidelines for Backing Up Information. A Non-Technical Guide
Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationBuilding The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against
More informationR 143 CYBERSECURITY RECOMMENDATION FOR MEDIA VENDORS SYSTEMS, SOFTWARE & SERVICES
R 143 CYBERSECURITY RECOMMENDATION FOR MEDIA VENDORS SYSTEMS, SOFTWARE & SERVICES RECOMMENDATION Geneva April 2016 R 143 Cybersecurity Rec. for media vendors systems, software & services Cybersecurity
More informationINFORMATION TECHNOLOGY STANDARD
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY STANDARD Name Of Standard: IS Measures of Performance Domain: Security Date Issued: 11/13/2013 Date Revised: Number: STD-ENSS036
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationFirmware security features in HP Compaq business notebooks
HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot
More informationWhitepaper on AuthShield Two Factor Authentication with ERP Applications
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More informationi-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors
March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation
More informationRemote Access Policy
BASINGSTOKE AND NORTH HAMPSHIRE NHS FOUNDATION TRUST Remote Access Policy Summary This is a new document which sets out the policy for remote access to the Trust s network and systems. Remote access is
More informationExperiences with Studying Usability of Two-Factor Authentication Technologies. Emiliano De Cristofaro https://emilianodc.com
Experiences with Studying Usability of Two-Factor Authentication Technologies Emiliano De Cristofaro https://emilianodc.com Two Factor (2FA) Authentication Authentication Token password Fingerprint Phone
More informationInformation Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project
Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Introduction This Advice provides an overview of the steps agencies need to take
More informationLearning from Shadow Security:
Learning from Shadow Security: Why nderstanding on- ompliant ehaviors rovides the asis for ffective ecurity Iacovos Kirlappos, Simon Parkin, M. Angela Sasse Department of Computer Science University College
More informationFAQ s. SaferPayments. Be smart. Be compliant. Be protected. The benefits of compliance SaferPayments Non-compliance fees
SaferPayments Be smart. Be compliant. Be protected. What is the Payment Card Industry Data Security Standard (PCI DSS)? Do I have to comply? The PCI DSS is a mandatory requirement for any business who
More informationThe SMART Board Interactive Whiteboard
The SMART Board Interactive Whiteboard 1. Press the power button, the indicator ring flashes green to indicate that the projector lamp is starting up. The What would you like to do? menu will be displayed.
More informationWritten Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.
Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR
More information