# Network Security. Task 1 Security Measures

Save this PDF as:

Size: px
Start display at page:

## Transcription

2 Task 2 Encryption Encryption is the transformation of data into a form unreadable by anyone without a secret decryption key. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it was not intended, including those who can see the encrypted data. Encryption may be used to make stored data private or to allow a non-secure communications channel to serve as a private communications channel. A cryptographic system uses two keys - a public key known to everyone and a private key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them and it is virtually impossible to deduce the private key if you know the public key. Public-key systems, such as Pretty Good Privacy (PGP), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use. The only difficulty with public-key systems is that you need to know the recipient's public key to encrypt a message for him or her. Of course, it is possible to decrypt data by brute force, trying out every possible key until you get readable text. This however takes huge amounts of time depending upon the size of the key. The idea of a super computer designed to decrypt data is described in Dan Brown s novel, The Digital Fortress. Task To encrypt data, you must perform an operation on these binary codes. For example you might perform a logical XOR operation with a key. 0 XOR 0 = 0, 1 XOR 0 = 1, 0 XOR 1 = 1 1 XOR 1 = 0 E.g. FRED = XOR each character using a key, e.g = FRED XOR = EQFG To decrypt the data you must know the key and perform the same operation. If you try with another key the data will be garbled. Using ASCII codes, encode a four letter word using an 8 bit encryption key. Attempt to decrypt a classmates code. Page 2

3 Task 3 Security Requirements and Threats There are certain requirements of any network when transmitting data: Confidentiality user to user communication must be secure from unauthorised users viewing or accessing the data. Data Integrity data must be received without any changes being made to the data. Mathematical checks can be carried out to ensure that the binary data is not altered during its transmission. Availability the network must be reliable so that when users wish to make use of any network service, it is available. There are two main types of security threat when connected to a network. Passive threats where data transmissions are covertly monitored without a users knowledge and then using information without authorisation. Active threats when the data transmission is modified or a false stream is created. Questions 1. Describe a situation where the confidentiality of data is essential. 2. Describe a situation where the integrity of data is essential. 3. Describe a situation where the availability of a network is essential. 4. Describe a situation where a data stream could be under threat from a passive attack. 5. Describe a situation where a data stream could be under threat from an active attack. Page 3

4 Task 4 Denial of Service (DoS) Attacks In recent months there have been a series of news stories about criminals attempting to blackmail large companies by threatening to launch a Denial of Service attack on their website. The cost to a large e-commerce site of losing one day of trading can run into the hundreds of thousands of pounds as well as damaging their reputation and credibility. There is also the expense of restoring the server to full working order and securing it from further DoS attacks. In a DoS attack, you flood an Internet server with such a volume of traffic in a short time that it simply cannot cope and stops accepting requests for data. Typically, this would be a company s web or server and in severe cases can force the server to completely cease operating. DoS attacks can also be used as a weapon against spammers, software pirates and other cyber criminals. Controversially, the search engine Lycos made available a screensaver which, when installed on a users machine, launched a distributed DoS attack on servers which persistently send junk or spam s. Examples of denial of services are: Winnuke, Teardrop, Land, Nestea, Fraggle, Ping of Death, SYN flood, IP spoofing and Smurf attacks Task Investigate either one of the DoS examples named above or an example of a DoS attack against a large company. Prepare a presentation about your findings. Questions 1. Why would Amazon be wary of DoS attacks? 2. If no data is changed or deleted and if no viruses are released, could anyone conducting a DoS attack be charged under the Computer Misuse Act? 3. Do you agree with Lycos and their use of a DoS attack against spammers? Explain your decision. 4. How can cyber criminals make money through DoS attacks? 5. A mirror site is an exact replica of an Internet server. How can a mirror site help protect against. 6. What is meant by spoofing? 7. What is meant, therefore, by IP spoofing? Page 4

5 Task 5 Content Filtering Almost everyone with any experience or knowledge of the Internet will be aware of the volume of inappropriate and undesirable content on the World Wide Web. However there also exists a wealth of useful, educational and enjoyable content which you should be able to access easily. It is possible to by software programs which filter the content that can be viewed on a web browser. It screens out data by checking, for example, URLs or key words and blocking undesirable, dangerous or inappropriate Internet content. For home use the software can be installed on a single machine or organizations can block content at the server level. An alternative to trying to block the huge number of inappropriate sites is to create a walled garden. This is a sub-section of the Internet where users can only view a limited number of approved sites and all other content is blocked. While this ensures all content is suitable for the audience it does restrict the value of being able to actively research and exploit the huge number of valuable sites on the Internet. Task Search the web for information on either CyberSitter, NetNanny, CyberPatrol or similar. Write a short paragraph describing the product, how it works, how much it costs and how it can be customised to protect web users from being exposed to inappropriate content. Questions 1. In content filtering software, what are whitelists and blacklists? 2. Are there any drawbacks to installing and using content filtering software? 3. Why is content filtering important in educational settings? 4. Why is content filtering important in business settings? 5. What facilities are already available in Windows XP to filter Internet content? Page 5

7 Task 7 Network Failure From your previous study, you should be aware of the main topologies: star, ring, bus and mesh. Each topology can fail if there is a problem with one of the nodes, the cabling linking the nodes or the software running on the nodes. Different topologies, however, react to these failures in different ways. Copy and complete the following table or amend your table from the previous module, describing the effect of node, channel and software failure in different topologies. Topology Node Failure Channel Failure Software Failure Star Ring Bus Mesh Page 7

9 Task 9 Backup Strategies In a client server network, the server controls which users can log onto the network, which resources they may access and which files they may use. An effective backup strategy, therefore, is to have a backup server, often known as a mirror. With a backup server in place, mirroring exactly the contents of your main server, as soon as there is a problem with your main server the backup server can immediately replace it. This is not cost effective, however, since an expensive server might never be used. An alternative solution might therefore to only keep a mirror disk, an exact copy of the server s hard disk so that in the event of any disk failure the disks can be swapped over. This mirror disk must be synchronised at regular intervals to minimise data loss in the event of a disk failure. Large capacity hard disks are also expensive and so, for less critical information, a backup may be made onto magnetic tape. This is the cheapest form of backing storage but is not suitable for primary backing storage as it is a sequential medium rather than offering direct or random data access. Finally, when making duplicate copies or backups, it is important that a backup schedule is in place to ensure that a minimum of data is lost in the event of a network failure. It is recommended that three generations of backup are kept, these are called the grandparent, parent and child file according to their age. Backups should be kept in a secure location, away from the server and away from each other. Questions 1. What is meant by sequential data access? 2. What is meant by random or direct data access? 3. Name a sequential access medium. 4. Name two direct access data medium. 5. Does your school network use a backup server, a mirror disk, magnetic tape backups or a combination of all three to ensure the security of data? 6. What advice would you give to a pupil working on an important essay at home? 7. Why should backups be kept in different locations? 8. If a backup server is such an expensive option, why would some networks use them? Page 9

10 Homework Exercise 1 1. Describe, with examples, three levels of access which can be set on a file. (3) 2. Describe two types of physical security. (2) 3. (a) What is meant by a key in relation to data encryption? (1) (b) Describe one disadvantage of data encryption. (1) 4. A school pupil wants to obtain information as part of a homework exercise. She finds a suitable file which can be downloaded but when she tries to download the file in school, she finds that the FTP access has been barred. (a) Why might FTP access be barred by the school? (1) (b) Which application on the school network has barred FTP access? (1) 5. Network users will be able to delete and save files to their home directory but may not be allowed to change other files which they would need to access. How could a network administrator implement this? (1) 6. Describe the threats to network security posed by the following people: (a) Pupils accessing the staff network (1) (b) Employees in a law firm (1) (c) Accountants working for a company (1) (d) Ex-employees of a company (1) 7. What is meant by data integrity? (1) TOTAL(15) Page 10

11 Homework Exercise 2 1. An online music store is worried about network security. (a) Why might it be worried about passive network threats? (1) (b) How could it ensure the confidentiality of data saved on its servers? (1) The store receives a threatening requesting payment of a large sum of money or else they will be subjected to a DoS attack. (c) What is meant by a DoS attack? (1) (d) Why would a DoS attack be damaging? Give two reasons. (2) 2. A school office has a local area network of desktop computers. Each office worker has arranged for one folder on their local hard disk to be shared so that other workers can copy files out of that folder. This allows workers to transfer files and messages between their computers. (a) (i) What name is given to this type of networking? (1) (ii) How can each worker ensure that only certain workers can access the shared folder on their computer? (1) (iii) How can they ensure that the other workers can only copy out of the folder and not into the folder? (1) (b) The school management have decided that it would be better to store all shared files on a central computer so that all office staff can access them from there. This was decided on the grounds of data security and data integrity. (i) What name is given to this type of networking? (1) (ii) Name one additional item of software and one additional item of hardware that would be required to implement this new system. (2) (c) For the type of network described in part (b): (i) (ii) Explain how this mode of networking provides data security and data integrity. (2) Describe an additional service which could be provided by this new networking mode and explain why it could not be provided before. (2) TOTAL(15) Page 11

12 Homework Exercise 3 1. A large insurance company makes extensive use of the Internet and . The company also has computer based networked information systems and its own intranet. Some of the company s staff have access to the entire network from home using a dial-up connection. (a) (b) (c) Suggest two reasons why access to the company s network is slower from home than it is from the office. (2) The IT manager is worried that the company s network might be broken into by unauthorised people. Describe two ways a firewall could prevent unauthorised access. (2) The dial-up server offers a callback facility. When an employee dials from home, the dial-up server checks their user name and password, terminates the connection and then re-establishes the link to the employee s home number. Give two reasons why this feature is used in addition to the firewall. (2) 2. A college is planning the installation of 200 new computer workstations. Unlike its original suite of computers, these will be networked. (a) Explain how the security of user files may be ensured in this network. (1) (b) Explain why a backup strategy is necessary for this network. (1) (c) Describe a suitable backup strategy, and explain how it could be implemented. (2) 3. Why would a UPS be an important part of any large network? (1) 4. Why is a firewall described as a two way security device? (1) 5. Which network topology is most resistant to network failure? Explain your answer. (1) 6. (a) Why is Internet filtering software desirable? (1) (b) How does this software work? (2) TOTAL(16) Page 12

### Chapter 8: Security Measures Test your knowledge

Security Equipment Chapter 8: Security Measures Test your knowledge 1. How does biometric security differ from using password security? Biometric security is the use of human physical characteristics (such

### Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while

### Information Security

Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

### 10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

### OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

### ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

### LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

LAW OFFICE SECURITY for Small Firms and Sole Practitioners Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan 1. Introduction CONTENTS 2. Security Consciousness Having a Firm Security

### Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

### Computer Security and Privacy

Computer Security and Privacy 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Guidelines for Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures

### INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org

INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup

### CloudDesk - Security in the Cloud INFORMATION

CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES

### Top tips for improved network security

Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

### E-Commerce Security and Fraud Protection CHAPTER 9

E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of

### 2. From a control perspective, the PRIMARY objective of classifying information assets is to:

MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

### Chapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy

Chapter 12 Objectives Chapter 12 Computers and Society: and Privacy p. 12.2 Identify the various types of security risks that can threaten computers Recognize how a computer virus works and take the necessary

### 4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web.

Topic 8 Database Security LEARNING OUTCOMES When you have completed this Topic you should be able to: 1. Discuss the important of database security to an organisation. 2. Identify the types of threat that

### NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent

### NETWORK AND INTERNET SECURITY POLICY STATEMENT

TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

### Storing and securing your data

Storing and securing your data Research Data Management Support Services UK Data Service University of Essex April 2014 Overview Looking after research data for the longer-term and protecting them from

### Protection of Computer Data and Software

April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

### Email Security: A Holistic Approach for SMB. 041: Email Security. Insight White Paper

Implementing the latest anti-virus software and security protection systems can prevent many internal and external threats. But these security solutions have to be updated regularly to keep up with new

### Storage, backup, transfer, encryption of data

Storage, backup, transfer, encryption of data Veerle Van den Eynden UK Data Archive Looking after your research data: practical data management for research projects 5 May 2015 Overview Looking after research

### E Safety Policy. 6 th March 2013. Annually. 26 th February 2014

E Safety Policy This e safety policy was approved by the Governing Body on: The implementation of this e safety policy will be monitored by: Monitoring will take place at regular intervals: Reporting to

### ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

### Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF

### Threat Events: Software Attacks (cont.)

ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to

### Computer Security Maintenance Information and Self-Check Activities

Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.

### Seminar Computer Security

Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

### BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were

### Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos

David Watterson & Ross Cavazos Chief Information Officer IT Director City of Billings Yellowstone County Local Government IT Group Vice-Chairmen Classic Battle of Good vs Evil GOOD EVIL Firewall E-Mail

### Using a Firewall General Configuration Guide

Using a Firewall General Configuration Guide Page 1 1 Contents There are no satellite-specific configuration issues that need to be addressed when installing a firewall and so this document looks instead

### SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

### Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World

Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly

### CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

### How Do People Use Security in the Home

How Do People Use Security in the Home Kaarlo Lahtela Helsinki University of Technology Kaarlo.Lahtela@hut.fi Abstract This paper investigates home security. How much people know about security and how

### Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

### CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

Benefits & Features CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere. What can I do with Internet Banking? You can inquire

### Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans

### Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

### PEER-TO-PEER NETWORK

PEER-TO-PEER NETWORK February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

### Stable and Secure Network Infrastructure Benchmarks

Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day

### Countermeasures against Bots

Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer

### WEB ATTACKS AND COUNTERMEASURES

WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

### Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That

### NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

### Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

### Please note this policy is mandatory and staff are required to adhere to the content

Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

### When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,

### THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

### Network and Workstation Acceptable Use Policy

CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of

### High Speed Internet - User Guide. Welcome to. your world.

High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

### Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Data Handling in University Information Classification and Handling Agenda Background People-Process-Technology

### Computers and Society: Security and Privacy

1 Chapter 12 Computers and Society: Security and Privacy 2 Chapter 12 Objectives 3 Computer Security: Risks and Safeguards What is a computer security risk? 4 Computer Security: Risks and Safeguards 1

### SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

### SHORT MESSAGE SERVICE SECURITY

SHORT MESSAGE SERVICE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

### October Is National Cyber Security Awareness Month!

(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life

### How to stay safe online

How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

### HIPAA Security Training Manual

HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,

### Acceptable Use Policy Revision date: 26/08/2013

Acceptable Use Policy Revision date: 26/08/2013 Acceptable usage Policy for all Services As a provider of web site hosting and other Internet-related services, Corgi Tech Limited offers its customer (also

### EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam

EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored

### InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

### Protect your personal data while engaging in IT related activities

Protect your personal data while engaging in IT related activities Personal Data (Privacy) Ordinance Six Data Protection Principles Principle 1 purpose and manner of collection of personal data Collection

### Data Security 2. Implement Network Controls

UNIT 19 Data Security 2 STARTER Consider these examples of computer disasters. How could you prevent them or limit their effects? Compare answers within your group. 1 You open an email attachment which

### Mountain Ash Comprehensive School Ysgol Gyfun Aberpennar. Network Security Policy

Mountain Ash Comprehensive School Ysgol Gyfun Aberpennar Network Security Policy Updated: September 2010 Next update: September 2013 Table of Contents: Supervised Use page 1 Privacy...page 1 User Access..page

### Interactive welcome kit. 866.603.3199 Charter-Business.com CB.016.fibCD.0210

CHARTER BUSINESS FIBER INTERNET Interactive welcome kit 866.603.3199 Charter-Business.com CB.016.fibCD.0210 CHARTER BUSINESS FIBER INTERNET 2 Turn your contacts on to affordable, powerful solutions from

### Common Remote Service Platform (crsp) Security Concept

Siemens Remote Support Services Common Remote Service Platform (crsp) Security Concept White Paper April 2013 1 Contents Siemens AG, Sector Industry, Industry Automation, Automation Systems This entry

### HoneyBOT User Guide A Windows based honeypot solution

Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

### 2) applied methods and means of authorisation and procedures connected with their management and use;

Guidelines on the way of developing the instruction specifying the method of managing the computer system used for personal data processing, with particular consideration of the information security requirements.

### Email Management and Security Good Practice Guide. August 2009

Email Management and Security Good Practice Guide August 2009 contents 1 Introduction to Good Practice Guides 3 2 Email Management and Security Overview 3 2.1 Understanding Good and Better Practice 4 3

### Secure Email Frequently Asked Questions

Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com Outline of Information Security Introduction Impact of information Need

### Acceptable Usage Policy

Contents 1. INTRODUCTION... 2 2. PURPOSE... 2 3. APPLICATION... 2 4. YOUR OBLIGATIONS AND PROHIBITED USE... 2 5. SPAM... 3 6. EXCESSIVE USE... 3 7. SECURITY... 4 8. COPYRIGHT... 4 9. CONTENT... 4 10. REGULARTORY

### HOW SAFE IS YOUR DATA??

HOW SAFE IS YOUR DATA?? MANAGER AAffordable Protection for Electronic Business Data MANAGER YOUR KEY TO... Peace of mind Data Security Off-Site Data Protection State of the art Virus Protection Professional

### Computer Security and Safety, Ethics, and Privacy

Computer Security and Safety, Ethics, and Privacy Computer Security Risks Today, people rely on computers to create, store, and manage critical information. It is crucial to take measures to protect their

### CHAPTER 10: COMPUTER SECURITY AND RISKS

CHAPTER 10: COMPUTER SECURITY AND RISKS Multiple Choice: 1. In a survey of more than 500 companies and government agencies, percent detected computer security breaches. A. 20 B. 75 C. 85 D. 99 Answer:

### Pierce County Policy on Computer Use and Information Systems

Pierce County Policy on Computer Use and Information Systems Pierce County provides a variety of information technology resources such as computers, software, printers, scanners, copiers, electronic mail

### Technical Glossary from Frontier

Technical Glossary from Frontier A Analogue Lines: Single Analogue lines are generally usually used for faxes, single phone lines, modems, alarm lines or PDQ machines and are generally not connected to

### Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Network Security Ola Lundh ola.lundh@hh.se Schedule/ time-table: landris.hh.se/ (NetwoSec) Course home-page: hh.se/english/ide/education/student/coursewebp ages/networksecurity cisco.netacad.net Packet

### Spyware, online fraud, and other Internet threats are certainly not new. But they are growing more sophisticated and criminal every day.

10 Common Questions About Internet Safety Spyware, online fraud, and other Internet threats are certainly not new. But they are growing more sophisticated and criminal every day. So how can you protect

### Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Cloud Computing Chapter 10 Disaster Recovery and Business Continuity and the Cloud Learning Objectives Define and describe business continuity. Define and describe disaster recovery. Describe the benefits

### CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

CLEO ~Remote Access Services Remote Desktop Access User guide CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3 August 2007 page 1 of 16 CLEO 2007 CLEO Remote Access Services 3SGD

### Firewall and UTM Solutions Guide

Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers

### Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define

### Acceptable Usage Policy

Version 2.1 20141230 Acceptable Usage Policy Acceptable Usage Policy Contents 1. PURPOSE OF THIS POLICY... 2 2. GENERAL... 2 3. APPLICATION... 2 4. UNREASONABLE USE... 2 5. UNACCEPTABLE USE... 3 6. SPAM...

### Brainloop Cloud Security

Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

### 1.0 Overview. 4.0 Policy 4.1 General Use and Ownership

1.0 Overview Keuka College provides access to modern information technology in support of its mission to promote excellence and achievement across its mission areas of instruction, research, and service.

### SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

### Network Security Policy

KILMARNOCK COLLEGE Network Security Policy Policy Number: KC/QM/048 Date of First Issue: October 2009 Revision Number: 3 Date of Last Review: October 2011 Date of Approval \ Issue May 2012 Responsibility

### Computer Viruses: How to Avoid Infection

Viruses From viruses to worms to Trojan Horses, the catchall term virus describes a threat that's been around almost as long as computers. These rogue programs exist for the simple reason to cause you

Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

### INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information

### General Security Best Practices

General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking

### ACCEPTABLE USAGE PLOICY

ACCEPTABLE USAGE PLOICY Business Terms - February 2012 ACCEPTABLE USAGE POLICY Business Terms Version February 2012 Acceptable Usage Policy Feb12.Docx 1 Contents 1. INTRODUCTION... 3 2. PURPOSE... 3 3.