Development of Information System for Evaluation of Risk and Readiness of Cyber Security
|
|
- Kerrie Chandler
- 8 years ago
- Views:
Transcription
1 Development of Information System for Evaluation of Risk and Readiness of Cyber Security Wiparat Pathakkhinang Siam Technology College, Thailand Assoc. Prof. Dr. Prasong Praneetpolgrang Sripatum University, Thailand Abstract - This research study aims to risk and readiness analysis on cyber security propose risk and readiness model on cyber security and information system development for appraisal on organizational cyber security. The researchers used a case study of Siam Technology College. The data were collected from the sample groups which were lecturers and officers performing their ICT duties. According to the results of this research, the cyber readiness elements comprised of 7 aspects, namely, 1. on cyber security strategy, 2. on rules and regulations in association with the cyber security, 3. on cyber security coordination and maintenance center, 4. on cyber crime prevention, 5. on manpower development of cyber security, 6. on budgets supporting basic and applied researches, and 7. on cooperation with other agencies. The risk appraisal model consisted of 4 aspects, namely, 1. on determining the risk management topics, 2. on risk analysis, 3. on planning for risk reduction, and 4. reporting and appraisal. Additionally, upon appraisal of Siam Technology College based upon the aforementioned models, the readiness on organizational cyber security is in the readiest level; meanwhile, the risk analysis on organizational cyber security is in the low risk level. Keywords - Cyber Security, Risk Management, Readiness I. INTRODUCTION Using technology also provide the risk of information threat and related information system vulnerabilities, which could be used as a channel for the several forms of crimes, including both using internet to commit crimes directly called "computer crime" and using internet as a medium to commit various crimes. Therefore, public authorities and private sectors and citizens should be aware of the severity of the impact and damage that may occur. They should maintain the security to protect, prevent, or deal with the cyber security, which will cause the enterprise system to be compromised or attacked, and cause the security to be threatened. From the priority issues, the risk and readiness analysis and the conceptual model for the creation of indicators should be done in order to evaluate the risks and the availability of the cyber security and develop the information systems of the organizations, to reduce the upcoming cyber threats that are likely to occur with the organization, and to enhance the further overview. II. RISK MANAGEMENT Risk is a measurement of capabilities to operate the purpose of the work successfully under the decision, budget, deadline, and the existed technical limitations. For example, managing a project as a set of activity to operate any issue in the future by using the 70
2 Wiparat Pathakkhinang and Assoc. Prof. Dr. Prasong Praneetpolgrang limited resources successfully under the limited time. Because the project is scheduled for future operations, so the risk may occur at any time due to the uncertainty and limitation of the resources used in the project. Thus, the project managers must manage the project risks in order to reduce the problem within the project and to be able to work successfully according to the expected goals effectively and efficiently. Risk management is the management of risk in several processes, including specifying, risk analysis, risk evaluation, taking care, examination, and the control of the risks associated with the activities, functions and working processes to reduce the organization s damages from the risks as much as possible due to the threat that organizations face during a time known as the accident. A. Security Security, or in other words might mean stability or safety are adopted widely as general word used in everyday life. However, some people often discuss the word security along with the word safety. Security is an important word for the military, as well as for the administration country, and for the international politics. The definition of "security" is really broad, and it can be from the individual security, the group security, the state security, and the international security. However, the basic meaning of security is to feel free from threats, anxiety, or danger. So, security is the mental state of a person, whether the political leaders of the country, or the general citizens who feel safe from any harm from others. Therefore, it can be said that The security of the state means the state (or state leaders and citizens) believed that the state itself safe from the fear of being threatened by any other state or international organization. B. Cyber Security Nowadays, the number of online users has increased due to many factors, such as the rise of portable devices or cheaper service charges, so the cyber security is important in order to prevent the harm from online world that may affect the online users and assets (data). The cyber security means the protecting process to enable the organizations to reduce all forms of risk and damage that may affect the cyber security physically and electronically. Cyber security is a way to maintain confidentiality, accuracy, availability, application security, computer network security used for storage, access, processing, and distributing information, also to maintain internet security and information technology security, as well as prevention of crime from attack, subverting, espionage and accidents. The word cyber security is often used together with the word safety security. Although, there is an overlap of the meaning between cyber security and safety security, but both two have small differences of concepts. Moreover, there is a description explained that the cyber security is conducted within the confines of the traditional data security, which is not only to protect information resources, but also to protect other assets, including the person as well. According to the cyber security, the human factor is often consistent with the role of humans in the cyber security process. This factor has additional dimensions, for example, human is the target of cyber attacks, or is involved in the attacks without knowing it. These additional dimensions have ethical meaning for society, such as protecting weak groups and children, which is also a social responsibility. C. National Cyber Security Policy National Cyber Security Policy Framework is divided into eight strategies, including 1) integrating management of national cyber security; 2) building the capacity to deal with emergency situations related to the cyber security; 3) protecting the important information infrastructure of the country; 4) cooperating between public and private sectors to maintain the cyber security; 5) creating the awareness and knowledge of cyber security; 6) developing the regulations and laws to maintain cyber security; 7) Research and development for cyber security maintenance; and 8) coordinating the international cooperation to strengthen the cyber security. 71
3 Development of Information System for Evaluation of Risk and Readiness of Cyber Security III. METHODOLOGIES A. Population and Sample The population of this research consisted of instructors and personnel in Siam Technology College. The sample of this study consisted of 35 information technology officers in Siam Technology College. B. Research Instruments The research instrument was the questionnaire. 35 copies of questionnaires were distributed to 35 samples. The response rate was %. C. Data Analysis This study was quantitative research. Data were collected from the questionnaire and analyzed by statistics including mean and standard deviation (S.D.). IV. RESEARCH RESULTS A. The Levels of Readiness of Cyber Security From the study, the levels of readiness of cyber security can be explained by separating into 7 aspects as shown in Table I. TABLE I REPRESENTS THE LEVELS OF READINESS OF CYBER SECURITY From Table I, the information can be described in detail by each of the seven aspects to separate the results of each aspect as follows. 1. Cyber Security Strategy: The level of readiness of cyber security strategy is very ready by the mean = 4.19, showing that the organization has defined a policy and strategy of security, and has announced its personnel to be aware of the cyber security strategy, as well as has provided the person who responsible for the issue. 2. Personnel: The level of readiness of personnel security is moderate ready by the mean = 2.91, showing that the staffs of the Institute of Physical Education have agreed that the organization should establish the criteria for personnel selection, employment, work delivery, and property inspection, rights cancellation, trainings, as well as raise the personnel s awareness of the security to the moderate level. 3. The coordination center for cyber security: The level of readiness of the coordination center for cyber security is very ready by the mean = 3.96, showing that the organization has the coordination centers or responds to the emergency notification of cyber threats, has the coordination for the exchange of information and software between agencies, and has the information control for the information that is sent through SMS and others. 4. The cyber crime prevention: The level of readiness of the cyber crime prevention is very ready by the mean = 3.99, showing that the organization has strict policies for information protection, has information systems to prevent the information from unauthorized access or inappropriate usage, has personnel who detect and deal with the threats, and has the notifications for users to be aware of the impacts from threats, as well as restrict the access to information based on the information protection policies. 72
4 Wiparat Pathakkhinang and Assoc. Prof. Dr. Prasong Praneetpolgrang 5. Personnel development for cyber security: The level of readiness of the personnel development for cyber security is very ready by the mean = 4.13, showing that the organization has developed its personnel by off-site training or field study for cyber security, so that the personnel of the organization will understand their own role, duties and responsibilities, as well as raise the awareness, educate, and remind all staff about the cyber security. 6. Budgetary support for basic research and application-oriented research: The level of readiness of the budgetary support for basic research and application-oriented research is very ready by the mean = 3.88, showing that the organization supports the basic research and application-oriented research for cyber security, provides the budget supports for research articles publication, and provides the budget supports for organizing the seminars on cyber security. 7. Collaboration with other agencies: The level of readiness of the collaboration between agencies is very ready by the mean = 4.09, showing that the organization is ready to collaborate with the external institutions for security, and establishes the security centers to exchange information between other agencies, also provides person to coordinate and responsible for the cyber security. B. Risk Evaluation Model of Cyber Security for Siam Technology College The risk evaluation model of cyber security for Siam Technology College can be described in detail in the steps below. Fig 1. The Risk Evaluation Model of Cyber Security for Siam Technology College. 1. Context Establishment for example, job title, tasks, workflow, workplace, tool, personnel, criteria for risk evaluation, criteria for impact, criteria for risk acceptance, etc. 2. Risk analysis is a process used to identify risks, risk analysis and guidelines or control measurement to prevent or minimize the risk in order to achieve the following aims of the organization. Risk analysis includes information as property, networks, software, hardware, information, and the internal and external threats. 3. Risk reducing plan is an operation to manage or deal with risks by planning the risk management step by step to minimize the risks. 4. Report and Evaluation complete the report and evaluation is to prevent the organization from the changes of its defined objectives, to maintain, to review the risks, and to carry out the risk evaluation continuously. The risk evaluation of cyber security has taken steps to make a diagram defining the risk evaluation process clearly. V. CONCLUSIONS In order to study and analyze the risks and readiness of Cyber security for Siam Technology College, the results found that the overall level of readiness of the cyber security for Siam Technology College is very ready. 73
5 Development of Information System for Evaluation of Risk and Readiness of Cyber Security In order to present the risk and readiness evaluation model of cyber security for Siam Technology College, the results of the risk evaluation model of cyber security for Siam Technology College by using the average and the standard deviation found that the overall level of risk of the implementation for Siam Technology College is at the low risk level. VI. SUGGESTIONS [8] ITU-T X.1200-X.1299, Series X: Data Networks. Open System Communications and Security. < D/cyb/cybersecurity/docs/ITU NationalCybersecurityStrategy Guide.pdf>. Accessed 15 June [9] Rossouw von Solms. (2013). From information security to cyber security. Computers& Security. International standards that take into consideration of the research: There are several security standards and risk management standards that can be applied with regard to the consistency with the vision, mission and strategy of the organization. REFERENCES (Arranged in the order of citation in the same fashion as the case of Footnotes.) [1] Ministry of Information and Communication Technology. Information Technology and Communication Policy Framework of Thailand. during B.E to B.E. 2563, 1 st, B.E [2] Ministry of Information and Communication Technology. (2007). ICT-Security National Master Plan. [3] Ministry of Information and Communication Technology. (2007). Cyber Security Policy Framework. [4] Meehingong, T. (2013). Model of Realtime Adaptive Intrusion Detection for Cyber Security Maintenance Based On Knowledge of Cyber Security. [5] Klahan, N. (2012). Application for Information Security Evaluation in Suphanburi Local Government. [6] Thailand Computer Emergency Response Team (ThaiCERT). (2012). Cybersecurity is out Mission. [7] CHEANG, S. (2009). Conceptual Model for Cybersecurity Readiness Assessment for Public Institutions In Developing Country: Cambodia. IEEE Xplore Digital Library. 74
The Future of Organization s Computer Network Security for the Next 5 Years (2011-2015) by Using Delphi Technique
2011 International Conference on Information and Electronics Engineering IPCSIT vol.6 (2011) (2011) IACSIT Press, Singapore The Future of Organization s Computer Network Security for the Next 5 Years (2011-2015)
More informationImpact of Cybersecurity Innovations in Key Sectors (Technical Insights)
Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number
More informationISO 27000 Information Security Management Systems Foundation
ISO 27000 Information Security Management Systems Foundation Professional Certifications Sample Questions Sample Questions 1. is one of the industry standards/best practices in Service Management and Quality
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationThe Analysis and Evaluation of Security Readiness in ICT Infrastructure for Supporting e-learning in Institute of Physical Education
The Analysis and Evaluation of Readiness in ICT Infrastructure for Supporting e-learning in Institute of Physical Education Thanakorn Meehinkong 1 Prasong Praneetpolgrang 2 Kittima Mekhabunchakij 3 Faculty
More informationDevelopment of Knowledge Management System for Broadening English Reading Skill on Mobile Phone
Development of Knowledge Management System for Broadening English Reading Skill on Mobile Phone Pensri Srisawat Institute of Physical Education Suphanburi Campus, Suphanburi, Thailand srisawatt.ps@gmail.com
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationLessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
More informationThe Danish Cyber and Information Security Strategy
February 2015 The Danish Cyber and Information Security Strategy 1. Introduction In December 2014 the Government presented a National Cyber and Information Security Strategy containing 27 government initiatives
More informationUS Cyber Marathon. David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury
US Cyber Marathon David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury Context: US Government Scope/Scale 320M US citizens 4.1M Government
More informationINTRODUCTION TO NETWORK SECURITY. Nischit Vaidya, CISSP Instructor
INTRODUCTION TO NETWORK SECURITY Nischit Vaidya, CISSP Instructor COPYRIGHT ARGOTIS, INC. 2 0 1 3 1 INSTRUCTOR BIOGRAPHY Nischit Vaidya, CISSP, Security+ President/CEO of Argotis, Inc. - Providing Cybersecurity
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationREPUBLIC OF TURKEY. Ministry of Transport, Maritime Affairs and Communications. National Cyber Security Strategy and 2013-2014 Action Plan
REPUBLIC OF TURKEY Ministry of Transport, Maritime Affairs and Communications National Cyber Security Strategy and 2013-2014 Action Plan [The page intentionally left blank.] National Cyber Security Strategy
More informationCyber security in an organization-transcending way
Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationVENDOR MANAGEMENT. General Overview
VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor
More informationCyber Stability 2015 Geneva, 09 July 2015. African Union Perspectives on Cybersecurity and Cybercrime Issues.
Cyber Stability 2015 Geneva, 09 July 2015 African Union Perspectives on Cybersecurity and Cybercrime Issues. FACTS AND FIGURES As African countries increase access to broadband Internet, issues relating
More informationIntroduction to Cybersecurity Overview. October 2014
Introduction to Cybersecurity Overview October 2014 Introduces the importance of cybersecurity and current trends Eight modules with presentations and panel discussions that feature industry experts Activities,
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CRWD-W01 Combating Cyber Risk in the Supply Chain Joshua C. Douglas CTO Raytheon Cyber Products @RaytheonCyber Did You Know? 76% of all data breaches result from a third-party which introduced
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More informationThe Ministry of Information & Communication Technology MICT
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
More informationORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA
ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY
More informationOhio Supercomputer Center
Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationEFL LEARNERS PERCEPTIONS OF USING LMS
EFL LEARNERS PERCEPTIONS OF USING LMS Assist. Prof. Napaporn Srichanyachon Language Institute, Bangkok University gaynapaporn@hotmail.com ABSTRACT The purpose of this study is to present the views, attitudes,
More informationSpringfield College Performance Planning and Review
PERFORMANCE APPRAISAL/ANNUAL REVIEW SPRINGFIELD COLLEGE Employee Name Position Department Supervisor Performance Review Period beginning (month) (year) Job Importance Rating Scale 0 - Not Applicable to
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationInformation Ethics in Malaysia Paperless Hospital
Proceedings of the Postgraduate Annual Research Seminar 2006 314 Information in Malaysia Paperless Hospital Sapiah Binti Sulaiman, Prof. Dr. Rose Alinda Alias Faculty of Computer Science & Information
More informationInformation Systems and Tech (IST)
California State University, San Bernardino 1 Information Systems and Tech (IST) Courses IST 101. Introduction to Information Technology. 4 Introduction to information technology concepts and skills. Survey
More informationEkachai Naowanich, Namon Jeerungsuwan. King Mongkut's University of Technology North Bangkok, Thailand. The Asian Conference on Education 2013
A Development of Management Model Using Business Intelligence Methodology for Higher Education Students to Enter the Occupation Internationally Ekachai Naowanich, Namon Jeerungsuwan King Mongkut's University
More informationClient Update SEC Releases Updated Cybersecurity Examination Guidelines
Client Update September 18, 2015 1 Client Update SEC Releases Updated Cybersecurity Examination Guidelines NEW YORK Jeremy Feigelson jfeigelson@debevoise.com Jim Pastore jjpastore@debevoise.com David Sarratt
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationCyber Security Governance in Open Distance Learning
Cyber Security Governance in Open Distance Learning With specific reference to Online Evaluation and Assessment Prof Basie Von Solms Director : Centre for Cyber Security Academy for Computer Science and
More informationCYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS
CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS These Cybersecurity Testing and Certification Service Terms ( Service Terms ) shall govern the provision of cybersecurity testing and certification services
More informationCyber Security Strategy for Germany
Cyber Security Strategy for Germany Contents Introduction 2 IT threat assessment 3 Framework conditions 4 Basic principles of the Cyber Security Strategy 4 Strategic objectives and measures 6 Sustainable
More informationLegislative Council Panel on Information Technology and Broadcasting. Information Security
For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest
More information立 法 會 Legislative Council
立 法 會 Legislative Council LC Paper No. CB(4)1212/14-15(04) Ref. : CB4/PL/ITB Panel on Information Technology and Broadcasting Meeting on 17 July 2015 Updated background brief on information security Purpose
More informationModule: Introduction. Professor Trent Jaeger Fall 2010. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Introduction Professor Trent Jaeger Fall 2010 1 Some bedtime stories 2 This course We are going to explore why these events are not isolated,
More informationCyberspace Situational Awarness in National Security System
Cyberspace Situational Awarness in National Security System Rafał Piotrowski, Joanna Sliwa, Military Communication Institute C4I Systems Department Zegrze, Poland, r.piotrowski@wil.waw.pl, j.sliwa@wil.waw.pl
More informationComputer Ethics. (Ethics) Ethics in Computer System (COMPUTER ETHICS AND COMPUTER SECURITY) Computer Ethics and Computer Security
3 (COMPUTER ETHICS AND COMPUTER SECURITY) (Ethics) 4 Computer Ethics 2 Ethics in Computer System 4 Issues in Information Ethics* Consequences of Ethical Issues 5 6 *Richard O. Mason, Four Ethical Issues
More informationFIVE NON-TECHNICAL PILLARS OF NETWORK INFORMATION SECURITY MANAGEMENT
FIVE NON-TECHNICAL PILLARS OF NETWORK INFORMATION SECURITY MANAGEMENT Elmarie Kritzinger 1 and Prof S.H. von Solms 2 1 School of Computing, University of South Africa, SA. 2 Department of Computer Science,
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationObservation and Findings
Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network
More informationGlobal IT Security Risks
Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most
More informationCombatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
More informationRUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology
RUTGERS POLICY Section: 70.2.20 Section Title: Legacy UMDNJ policies associated with Information Technology Policy Name: Information Security: Incident Management Formerly Book: 95-01-09-02:00 Approval
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationClient Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
More informationCYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD
CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD The 2011 2015 Cyber Security Strategy of the Czech Republic is linked to the Security Strategy of the Czech Republic and reflects
More informationFactors Affecting Knowledge Management of State Academic Libraries in Thailand to Prepare for the ASEAN Community
Factors Affecting Knowledge Management of State Academic Libraries in Thailand to Prepare for the ASEAN Community Warapan Apisuphachok Abstract This research aims to investigate factors which affect knowledge
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationWORKPLACE VIOLENCE POLICY
1.0 Policy Statement/Rationale The Northern Ontario School of Medicine (NOSM) is committed to instituting a zero tolerance workplace violence and will make every reasonable effort to ensure that no employee
More information資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系
資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security
More informationPanel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.
Panel on Emerging Cyber Security Technologies Robert F. Brammer, Ph.D., VP and CTO Northrop Grumman Information Systems Panel Moderator 27 May 2010 Panel on Emerging Cyber Security Technologies Robert
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationWhy Email Encryption is Essential to the Safety of Your Business
Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations
More informationQatar Computer Emergency Team
Cyber Security Division Qatar Computer Emergency Team An initiative Introduction Qatar aims to fully exploit information and communications technology to become one of the most successful knowledge-based
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More information1. Do particular business sectors or company types lack sufficient incentives to make cybersecurity investments more than others? If so, why?
Name: Dong Liu Email: dongl@andrew.cmu.edu 1. Do particular business sectors or company types lack sufficient incentives to make cybersecurity investments more than others? If so, why? In my opinion manufacturing
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 14 Risk Mitigation Objectives Explain how to control risk List the types of security policies Describe how awareness and training
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationCyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP
Cyber Security Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Speakers: Keith Overly, Executive Director, Ohio Deferred Compensation Program Raj Patel, Partner, Plante & Moran, PLLC
More informationCode of Virginia, 1950, as amended, Sections 18.2 372, 18.2 374.1:1, 18.2 390, 22.1 70.2, and 22.1 78
Book Section Title Number Status SCS Policy Manual I INSTRUCTION Acceptable Use of Electronic Network Resources and Internet Safety IIBEA * R Active Legal 18 U.S.C. Sections 1460 and 2256 47 U.S.C. Section
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationCommonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012
Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon
More informationITS425: Ethical Hacking and Penetration Testing
ITS425: Ethical Hacking and Penetration Testing Credit Hours: 3 Contact Hours: This is a 3-credit course, offered in accelerated format. This means that 16 weeks of material is covered in 8 weeks. The
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationITS425: Ethical Hacking and Penetration Testing
ITS425: Ethical Hacking and Penetration Testing Credit Hours: 3 Contact Hours: This is a 3-credit course, offered in accelerated format. This means that 16 weeks of material is covered in 8 weeks. The
More informationCybersecurity..Is your PE Firm Ready? October 30, 2014
Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationAdvantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches
Chinese Business Review, ISSN 1537-1506 December 2011, Vol. 10, No. 12, 1106-1110 D DAVID PUBLISHING Advantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches Stroie Elena
More information1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services
1. Computer Security: An Introduction Definitions Security threats and analysis Types of security controls Security services Mar 2012 ICS413 network security 1 1.1 Definitions A computer security system
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationCSC574 - Computer and Network Security Module: Introduction
CSC574 - Computer and Network Security Module: Introduction Prof. William Enck Spring 2013 1 Some bedtime stories 2 Some bedtime stories 2 Some bedtime stories 2 Some bedtime stories 2 This course We are
More informationThe Bureau of Public Service System PERFORMANCE EVALUATION FORM
The Bureau of Public Service System PERFORMANCE EVALUATION FORM GENERAL INFORMATION In accordance with Public Service System Rules and Regulations Part 9.1 The performance evaluation system is designed
More informationFederal Bureau of Investigation s Integrity and Compliance Program
Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established
More informationSECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM
SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM Chandramohan Muniraman, Meledath Damodaran, Amanda Ryan University of Houston-Victoria Abstract As in any information management system security
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationAalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014
Aalborg Universitet Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication
More informationAN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS
http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,
More informationSecurity Defense Strategy Basics
Security Defense Strategy Basics Joseph E. Cannon, PhD Professor of Computer and Information Sciences Harrisburg University of Science and Technology Only two things in the water after dark. Gators and
More informationGlobal Corporate IT Security Risks: 2013
Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs
More informationDefensible Strategy To. Cyber Incident Response
Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationUtica College. Information Security Plan
Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationHP Laptop & Apple ipads
Shalom College Student 1:1 Laptop & ipad Program HP Laptop & Apple ipads Policy and Guidelines Booklet TABLE OF CONTENTS 1. Educational Opportunities of A 1 to 1 Laptop & ipad Program... 2 2. Overview
More informationSecure by design: taking a strategic approach to cybersecurity
Secure by design: taking a strategic approach to cybersecurity The cybersecurity market is overly focused on auditing policy compliance and performing vulnerability testing when the level of business risk
More informationResult of the Attitude Survey on Information Security
Presentation Result of the Attitude Survey on Information Security Conducted toward the companies Operating in Thailand February, 2009 Center of the International Cooperation for Computerization of Japan
More informationOffice of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,
More informationOLYMPIC COLLEGE POLICY
TITLE: Acceptable Use Policy POLICY NUMBER: OCP 200-17 REFERENCE: RCW 42.52.160, RCW 42.52.180, RCW 42.17, WAC 292-110-010, http://isb.wa.gov/policies/security.aspx, http://www.governor.wa.gov/execorders/archive.asp,
More informationThe Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency
The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency 1 Challenge for Cyber Security in Financial Sector (1) Necessity to Strengthen
More informationCounty of San Mateo Health System
County of San Mateo Health System Request for Information Unified Patient Portal for the Health System Issue Date: Thursday, April 25, 2013 Submit Information Packets to: County of San Mateo San Mateo
More informationSRO-EA s Cyber security Initiatives in Eastern Africa
UNECA Sub Regional Office For Esatern Africa SRO-EA 2010 EAIGF 11-13 August 2010, Kampala, Uganda SRO-EA s Cyber security Initiatives in Eastern Africa Mr Mactar SECK United Nations ECA SRO- EA Key Categories
More informationThe ICS Approach to Security-Focused IT Solutions
The ICS Approach to Security-Focused IT Solutions for the State of Mississippi ICS offers a dynamic and comprehensive portfolio of security-driven IT solutions for the State of Mississippi. Taking a proactive
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationCERT.AZ description as per RfC 2350
CERT.AZ description as per RfC 2350 Contact Cyber Security Center (CSC) Computer Emergency Response Team (CERT) Address Block 702, Drogal lane Baku, Azerbaijan Telephone: +99412 4932056 +99412 4932057
More informationISM527 - Cyber Security Management
ISM527 - Cyber Security Management Credit Hours: 3 Contact Hours: This is a 3-credit course, offered in accelerated format. This means that 16 weeks of material is covered in 8 weeks. The exact number
More informationToday s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns
Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns Benjamin GITTINS Ronald KELSON What is cyberspace and why is it so important? US Government Cyberspace
More information