Cyber Security Governance in Open Distance Learning
|
|
- Corey Pearson
- 8 years ago
- Views:
Transcription
1 Cyber Security Governance in Open Distance Learning With specific reference to Online Evaluation and Assessment Prof Basie Von Solms Director : Centre for Cyber Security Academy for Computer Science and Software Engineering University of Johannesburg basievs@uj.ac.za Prof Elmarie Kritzinger School of Computing University of South Africa kritze@unisa.ac.za UNISA logo
2 Overview What is Corporate Governance? What is Information and Cyber Security governance? Cyber Risks related to ODL Evaluation and Assessment Plan of Action
3 What is Corporate Governance? Corporate Governance consists of the set of policies and internal controls by which organizations, irrespective of size or form, are directed and managed.. the system by which corporations are directed and controlled.
4 What is Information Security Governance? Information Security Governance consists of the management commitment and leadership, organizational structures, user awareness and commitment, policies, procedures, processes, technologies and compliance enforcement mechanisms, all working together to ensure that the confidentiality, integrity and availability (CIA) of the company s electronic assets (data, information, software, hardware, people etc) are maintained at all times.
5 What is Cyber Security Governance? Cyber Security Governance can be seen as that part of Information Security Governance which specifically concentrates on securing electronic assets against threats and risks arising because of the use of the Internet As any ODL environment uses the Internet, Cyber Security Governance is core to properly governing and managing an ODL environment
6 Relationship between Corporate Governance and Cyber Security Governance Information security governance (and therefore Cyber Security Governance) is a subset of organizations overall (corporate) governance program. Cyber Security Governance is a component of Corporate Governance, and therefore a Top Management responsibility
7 Cyber Security Governance in a tertiary institution ODL systems : integrated environment for teaching, evaluating, assessing and managing activities an complete learning environment based on the use of the Internet As stated, it is a part of good Corporate Governance to manage the related cyber security risks to the confidentiality, integrity and availability of this whole ODL environment
8 Cyber Security Governance in a tertiary institution Cyber Security in an ODL environment has to do with managing the cyber (internet) risks related to all activities in an ODL environment Let us look at an example
9 University of South Africa (UNISA) UNISA has a global reach with students on all continents. UNISA (South Africa s biggest university) accounts for more than a third of all university students in the country. Between students. UNISA is moving from ODL to ODeL. UNSA aims to fully online by UNISA have assessments (assignments & exams) that is based on electronic submissions. UNISA students expected to part of the electronic student community. Prof SH von Solms
10 An Example of an ODL environment A comprehensive ODL environment provides, amongst others, the following to lecturers (L) and students (S): (L) : Load course material onto course websites for students to retrieve (S) : Retrieve course material and lectures from a course website (S) : Submit assignments to a course web site from where lecturers retrieve and mark such assignments (L) : Store assignment marks on course web site
11 An Example e-learning environment (S) : Access a course web site to retrieve their marks for assignments (L) : Store tests to be written directly on the course web site (S) : Write difference types of tests directly on their work stations (from different decentralized locations) with results marked by the system and stored on a course database (S) : Access course web sites to get the results of tests
12 Cyber Risks arising from this environment Course material may be altered by unauthorized people Bogus course material may be loaded on course web sites, or web sites may be defaced Submitted assignments can be copied from course web sites by unauthorized parties Submitted assignments can be changed or deleted by unauthorized parties Marks can be changed/deleted Access to test papers may happen, test contents can be changed, or the test can be deleted before the scheduled test date
13 Cyber Risks arising from this environment People may masquerade as students and write tests on behalf of such students Students may get unauthorized help during the writing of tests The destruction of course web sites and course databases containing marks Denial of service attempts against course websites preventing authorized students to access the web site Logon information (student/user ID and passwords) of lecturers and students can be intercepted and misused
14 Cyber Risks arising from this environment These risks arise because the following 6 characteristics of Cyber Security are not enforced: Identification and Authentication Authorization (Logical Access control) Confidentiality Integrity Non-repudiation Availability
15 Cyber Risks arising from this environment Let us investigate a few of these risks which are specifically related to evaluation and assessment
16 Cyber Risks arising from this environment Risk 1 : It may not be the correct student writing the test. The student might have given his/her student-id and password to another student, who writes the test on behalf of the real student. If this is not prevented right at the logon phase, it may probably never be found out Reason : Identification and Authentication not properly enforced
17 Cyber Risks arising from this environment Risk 2 : The answers are intercepted by another student while these answers are being sent over the Internet, and the interceptor may now submit these answers directly as his/her own Reason : Confidentiality not properly enforced
18 Cyber Risks arising from this environment Risk 3: During the writing of the test, a student may realize that he/she will not be able to pass the test, and then cause a denial of service attack which may take the web site down, in effect causing the test to be rescheduled because no other student would be able to access the relevant web site any more Reason : Availability not properly enforced
19 Cyber Risks arising from this environment Risk 4: A student may log on, but not submit any answers. At a later stage the student may claim that he/she had supplied all answers, and claim that the system lost them Reason : Identification and Authentication, Non-repudiation and Availability (Backups) not properly enforced
20 Consequences If such risks are not countered, the standard of education will fall and the brand name of the institution will be negatively affected Good Cyber Security Governance must realize and counter all these risks right from the start
21 Plan of Action when intending to implement an ODL Environment 1 Perform a proper risk analysis to identify all the Cyber and business related risks involved in the implemented, or intended, ODL system. 2 Determine the potential impact of these risks on the institution if they should materialize 3 Determine how to handle these risks, ie ignore them, transfer them or accept and manage them
22 Plan of Action 4 Determine the information security counter measures needed to manage those risks which are accepted investigate how well the intended commercial ODL package to be implemented addresses these risks 5 Create a proper Enterprise Information and Cyber Security Management (EICSM) system to continuously manage these risks 6 Review the risk situation (step 1 above) on an annual basis and adapt the EICSM system as necessary.
23 Conclusion Top management of educational institutions, using or intending to use ODL environments to provide platforms for integrated educational, learning, evaluation and assessment environments must understand and accept their Corporate Governance responsibility and accountability for decisions to implement and use such systems, and ensure that the correct Information and Cyber Security Governance is in place If they do not, such systems will come back to haunt them.
24 Thanks
FIVE NON-TECHNICAL PILLARS OF NETWORK INFORMATION SECURITY MANAGEMENT
FIVE NON-TECHNICAL PILLARS OF NETWORK INFORMATION SECURITY MANAGEMENT Elmarie Kritzinger 1 and Prof S.H. von Solms 2 1 School of Computing, University of South Africa, SA. 2 Department of Computer Science,
More informationInformation Security governance: COBIT or ISO 17799 or both?
Computers & Security (2005) 24, 99e104 www.elsevier.com/locate/cose Information Security governance: COBIT or ISO 17799 or both? Basie von Solms* Academy for Information Technology, University of Johannesburg,
More informationTrustworthy ICT and Cyber Security Research Adding value from an African perspective
Trustworthy ICT and Cyber Security Research Adding value from an African perspective Prof Basie Von Solms Academy for Computer Science and Software Engineering University of Johannesburg basievs@uj.ac.za
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationTowards a more secure Cyber Space for South Africa
22 October 2013 Towards a more secure Cyber Space for South Africa Prof Basie Von Solms Director : Centre for Cyber Security University of Johannesburg basievs@uj.ac.za International comments African comments
More informationInformation Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationPERSONAL COMPUTER SECURITY
PERSONAL COMPUTER SECURITY April 2001 TABLE OF CONTENTS 1 INTRODUCTION... 1 1.1 PC INFORMATION SECURITY OVERVIEW... 1 1.2 EXCLUSIONS... 1 1.3 COMMENTS AND SUGGESTIONS... 1 2 PC INFORMATION SECURITY RESPONSIBILITIES...
More informationRegulatory Framework for Communications Security and Privacy in Greece
Regulatory Framework for Communications Security and Privacy in Greece Georgia Bafoutsou, Nikolaos Antoniadis, Eugenia Nikolouzou, Athanasios Panagopoulos Authority for the Assurance of Communications
More informationAdvanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech
Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationAUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS
AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS OBJECTIVE Increase your IT vocab so that you can assess the risks related to your audits of EHRs and/or EHR related data AGENDA What
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationCertificate in Cyber Security
Certificate in Cyber Security Offered as a partnership between Cape Peninsula University of Technology (CPUT), French South African Institute of Technology (F SATI), CS Interactive Training and Boshoff
More informationTELE 301 Network Management. Lecture 18: Network Security
TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not
More informationPrinciples of Information Assurance Syllabus
Course Number: Pre-requisite: Career Cluster/Pathway: Career Major: Locations: Length: 8130 (OHLAP Approved) Fundamentals of Technology or equivalent industry certifications and/or work experience. Information
More informationNew York State Office Of Children And Family Services VPN
CLIENT VPN New York State Office Of Children & Family Services New York State Office of Children & Family Services (OCFS) Client Virtual Private Network (VPN) Access to the Human Services Enterprise Network
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements
More informationThe Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3
Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 1 September 2, 2015 CPSC 467, Lecture 1 1/13 Protecting Information Information security Security principles Crypto as a security
More informationCANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS STANDARD 012 IMAGE SECURITY STANDARD
CANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS STANDARD 012 IMAGE SECURITY STANDARD 2013 CANADIAN PAYMENTS ASSOCIATION 2013 ASSOCIATION CANADIENNE DES PAIEMENTS This Rule is copyrighted
More information1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services
1. Computer Security: An Introduction Definitions Security threats and analysis Types of security controls Security services Mar 2012 ICS413 network security 1 1.1 Definitions A computer security system
More informationOCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
More informationACEIE, CSP & NSTF workshop on digital wellness in SA. Jansie Niehaus Exec Director, NSTF 21 Aug 2015
ACEIE, CSP & NSTF workshop on digital wellness in SA Jansie Niehaus Exec Director, NSTF 21 Aug 2015 Introduction to the NSTF National Science and Technology Forum, since 1995 Non profit stakeholder body
More informationChapter 6: Fundamental Cloud Security
Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,
More informationNotes on Network Security - Introduction
Notes on Network Security - Introduction Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of messages and emails being sent on the Internet. Network
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationSUPPLIER SECURITY STANDARD
SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard
More informationInformation System Security
Information System Security Chapter 1:Introduction Dr. Lo ai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Chapter 1 Introduction The
More informationSERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security
International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationWhat s happening in the area of E-security for the Financial Transactions in China
What s happening in the area of E-security for the Financial Transactions in China Dr. Wang Jun Head of E-banking Division, Bank of China Sep. 26, 2002 A Tremendous Potential E-financing Market is is coming
More informationCSC 474 Information Systems Security
CSC 474 Information Systems Security Introduction About Instructor Dr. Peng Ning, assistant professor of computer science http://www.csc.ncsu.edu/faculty/ning pning@ncsu.edu (919)513-4457 Office: Room
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationElectronic Document and Record Compliance for the Life Sciences
Electronic Document and Record Compliance for the Life Sciences Kiran Thakrar, SoluSoft Inc. SoluSoft, Inc. 300 Willow Street South North Andover, MA 01845 Website: www.solu-soft.com Email: solusoftsales@solu-soft.com
More informationDATABASE SECURITY, INTEGRITY AND RECOVERY
DATABASE SECURITY, INTEGRITY AND RECOVERY DATABASE SECURITY, INTEGRITY AND RECOVERY Database Security and Integrity Definitions Threats to security and integrity Resolution of problems DEFINITIONS SECURITY:
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationCryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood
More informationINFORMATION SECURITY PROGRAM
Approved 1/30/15 by Dr. MaryLou Apple, President MSCC Policy No. 1:08:00:02 MSCC Gramm-Leach-Bliley INFORMATION SECURITY PROGRAM January, 2015 Version 1 Table of Contents A. Introduction Page 1 B. Security
More informationUnderstanding Cyber Defense A Systems Architecture Approach
NDIA 12th Annual Systems Engineering Conference, San Diego, CA, 26-29 Oct 2009 Understanding Cyber Defense A Systems Architecture Approach Tom McDermott Director of Research Georgia Tech Research Institute
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationECSA EuroCloud Star Audit Data Privacy Audit Guide
ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationAssistant Director of Facilities
Policy Title ID Number Scope Status Reviewed By IT Security Policy P04001 All Users Policy Assistant Director of Facilities Reviewed Date January 2011 Last Reviewed Due for Review January 2013 Impact Assessment
More informationSimplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls
Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section
More informationThird Party Security Requirements Policy
Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More informationA BEST PRACTICE APPROACH TO LIVE FORENSIC ACQUISITION
A BEST PRACTICE APPROACH TO LIVE FORENSIC ACQUISITION MM Grobler 1, SH von Solms 2 1 Council for Scientific and Industrial Research, Pretoria, South Africa 2 Academy for Information Technology, University
More informationFull Compliance Contents
Full Compliance for and EU Annex 11 With the regulation support of Contents 1. Introduction 2 2. The regulations 2 3. FDA 3 Subpart B Electronic records 3 Subpart C Electronic Signatures 9 4. EU GMP Annex
More informationOracle Database Security
breaking through barriers to progress By Raman Jathar an award winning '2004 Future 50 Company' 18650 W. Corporate Drive Suite 120 Brookfield, WI 53045 262.792.0200 Database Security Lately, database security
More informationBrainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
More informationInformation Security Awareness Training Gramm-Leach-Bliley Act (GLB Act)
Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act) The GLB Act training packet is part of the Information Security Awareness Training that must be completed by employees. Please visit
More informationELECTRONIC COMMERCE SYSTEMS
CHAPTER ELECTRONIC COMMERCE SYSTEMS This chapter discusses one of the most visible segments of the business world today e-commerce. In general terms, the issues involve the electronic processing and transmission
More informationDepartment of Finance Department of Purchasing and Supply Management Fixed Assets System Audit Final Report
Department of Finance Department of Purchasing and Supply Management Fixed Assets System Audit Final Report November 2006 promoting efficient & effective local government Executive Summary The Department
More informationResidual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)
Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationBLOOMFIELD COLLEGE ACCEPTABLE USE POLICY
- 1 BLOOMFIELD COLLEGE ACCEPTABLE USE POLICY Summary of Acceptable Use Policy Bloomfield College provides technology resources to the College Community, including students, faculty, administration, alumni,
More informationHIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationIY2760/CS3760: Part 6. IY2760: Part 6
IY2760/CS3760: Part 6 In this part of the course we give a general introduction to network security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily
More informationUTMB INFORMATION RESOURCES PRACTICE STANDARD
IR Security Glossary Introduction Purpose Applicability Sensitive Digital Data Management Privacy Implications This abbreviated list provides explanations for typically used Information Resources (IR)
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationPotential Targets - Field Devices
Potential Targets - Field Devices Motorola Field Devices: Remote Terminal Units ACE 3600 Front End Devices ACE IP Gateway ACE Field Interface Unit (ACE FIU) 2 Credential Cracking Repeated attempts to
More informationUsing the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6
to Assess Cybersecurity Preparedness 1 of 6 Introduction Long before the signing in February 2013 of the White House Executive Order Improving Critical Infrastructure Cybersecurity, HITRUST recognized
More informationASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT
INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA AND PACIFIC OFFICE ASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT DRAFT Second Edition June 2010 3.4H - 1 TABLE OF CONTENTS 1.
More informationBest Practices for Network Security. Name. University/College. Unit Name. Unit Code. Lecturer
1 Best Practices for Network Security Name University/College Unit Name Unit Code Lecturer 27 March 2014 2 Outline Introduction...3 Developing Network Security Best Practices...5 I. The Pillars of network
More informationPRIVACY AND DATA SECURITY MODULE
"This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which
More informationEXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam
EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationOLEY VALLEY SCHOOL DISTRICT
No. 829 SECTION: OPERATIONS OLEY VALLEY SCHOOL DISTRICT TITLE: ELECTRONIC SIGNATURES ADOPTED: February 19, 2015 REVISED: 829. ELECTRONIC TRANSACTIONS, RECORDS AND SIGNATURES 1. Purpose 2. Authority 73
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationHow are we keeping Hackers away from our UCD networks and computer systems?
How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12
More informationSubject: Safety and Soundness Standards for Information
OFHEO Director's Advisory Policy Guidance Issuance Date: December 19, 2001 Doc. #: PG-01-002 Subject: Safety and Soundness Standards for Information To: Chief Executive Officers of Fannie Mae and Freddie
More informationBest Practices for Key Management for Secure Storage. Walt Hubis, LSI Corporation
Best Practices for Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may
More informationCryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely
More informationThird-Party Access and Management Policy
Third-Party Access and Management Policy Version Date Change/s Author/s Approver/s Dean of Information Services 1.0 01/01/2013 Initial written policy. Kyle Johnson Executive Director for Compliance and
More informationNEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security- Perspective for Management Information Security Management Program Concept
More informationMontana Tech Escalation Procedures for. Security Incidents
Montana Tech Escalation Procedures for Security Incidents 1.0 Introduction This procedure describes the steps which are to be taken for physical and computer security incidents which occur within the Montana
More informationNetwork Security. Instructor: Adam Hahn
Network Security Instructor: Adam Hahn The syllabus Reading for Wednesday Ken Thompson, Reflections on Trusting Trust, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. http://cm.bell-labs.com/who/ken/trust.html
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More informationCultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy
Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy September 2004 1.0 INTRODUCTION... 3 2.0 CHRC POLICY STATEMENT... 3 3.0 PRIVACY
More informationSouthern Law Center Law Center Policy #IT0004. Title: Email Policy
Southern Law Center Law Center Policy #IT0004 Title: Email Policy Authority: Department Original Adoption: 7/20/2007 Effective Date: 7/20/2007 Last Revision: 9/17/2012 1.0 Purpose: To provide members of
More informationChapter 4 Information Security Program Development
Chapter 4 Information Security Program Development Introduction Formal adherence to detailed security standards for electronic information processing systems is necessary for industry and government survival.
More informationNHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction
NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers
More informationLecture II : Communication Security Services
Lecture II : Communication Security Services Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 What is Communication
More information