Cyber Security through Education & Awareness. KSU Police Converged Security: A holistic approach to cyber safety and security. Community Policing

Similar documents
Introduction. Industry Changes

Chapter 1 Introduction

Contra Costa Community College District Business Procedure SECURITY CAMERA OPERATING PROCEDURE

Cyber Security Response to Physical Security Breaches

ST. CLOUD STATE UNIVERSITY INSTALLATION AND USE OF VIDEO SURVEILLANCE EQUIPMENT PROCEDURE. Purpose

Ethical and Responsible Use of EagleNet 03/26/14 AMW

Information Technology Policy

Business. Security Tips. Smarter Ways To Help Protect Your Business. Safer. Smarter. Tyco. TM

View. Select View Managed Video Services ADT

Surveillance Equipment

Site Security Standards and Strategy

Security Guidelines for. Agricultural distributors

IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN

Security in the Cloud an end to end Problem

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Security Enhancement Proposal. Charlotte-Mecklenburg Board of Education Presentation March 26, 2013

Presentation Objectives

Seventh Avenue Inc. 1

INFORMATION SECURITY PROGRAM

Setting the Standard in Risk Management Consulting and Investigation Services

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.

welcome to Telect s Minimum Security Criteria for Customs-Trade Partnership Against Terrorism (C-TPAT) Foreign Manufacturers Training Presentation

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

SMALL BUSINESS PRESENTATION

Business Protection Online Activity Store Self Assessment

State of Michigan Department of Technology, Management & Budget. Acceptable Use of Information Technology (former Ad Guide 1460.

Internal Control Guide & Resources

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Introduction. Conducting a Security Review

How To Protect The Time System From Being Hacked

HIPAA Security Alert

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

U. S. Attorney Office Northern District of Texas March 2013

UK SBS Physical Security Policy

Risk Assessment Guide

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

CAMPUS KEY POLICY. Gerry, Bomotti, Senior Vice President for Finance and Business

University of Pennsylvania Handbook for Faculty and Academic Administrators 2015 Version

Physical Security for Companies that Maintain Social Infrastructure

Information Technology Cyber Security Policy

SECURITY IN TRUCKING

Intermec Security Letter of Agreement

Exploring Converged Access of IT Security and Building Access Today, Tomorrow and the Future

WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM

EMERGENCY MANAGEMENT IN SCHOOLS

SECURITY INCIDENT REPORTING AND MANAGEMENT. Standard Operating Procedures

Overview of Computer Forensics


East Haven Police Department

Importers must have written and verifiable processes for the selection of business partners including manufacturers, product suppliers and vendors.

Security Criteria for C-TPAT Foreign Manufacturers in English

Data Security for the Hospitality

File 6: Appendix A, 36 CFR 1234 (formally numbered as 36 CFR 1228 subpart K) Federal Facility Security Standards (version 2.0 issued May 15, 2014)

IIABSC Spring Conference

Protecting your Home Business Future

Court Security Guidelines

Cyber Security Awareness. Internet Safety Intro.

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Tyco Integrated Security Managed Video Services. Gain enhanced security by leveraging your existing video surveillance equipment investment

Image credits: Front cover: U.S. Army photo by Sgt. Brandon Little, Task Force XII PAO, MND-B Inside back cover: U.S Army photo by Staff Sgt.

HIPAA Security. assistance with implementation of the. security standards. This series aims to

Cyber Security: Beginners Guide to Firewalls

13. Acceptable Use Policy

Responsible Access and Use of Information Technology Resources and Services Policy

ABBVIE C-TPAT SUPPLY CHAIN SECURITY QUESTIONNAIRE

SMALL BUSINESS PRESENTATION

WHY DO I NEED DATA PROTECTION SERVICES?

Remote Monitoring offers a comprehensive range of services, which are continually

WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009

C-TPAT Self-Assessment - Manufacturing & Warehousing

Ed Ferrara, MSIA, CISSP Fox School of Business

A Message for Warehouse Operators And Security Guidelines for Warehouse Operators

MODESTO CITY SCHOOLS Administrative Regulation

DOT HAZMAT SECURITY AWARENESS TRAINING

Technology Crime Services

Guidelines for Setting up Security Measures to Stop Domestic Violence in the Workplace

Global Supply Chain Security Recommendations

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Camera Use. Policy Statement and Purpose. Table of Contents

Home Security Assessment Checklist DATE

RECURRENT FLIGHT SCHOOL SECURITY AWARENESS (FSSA) TRAINING

Your company protected against cybercrime

SecurityMetrics Vision whitepaper

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Administrative Procedure

POLICY TEMPLATE. Date initially approved: November 5, 2013 Date of last revision: same

Western Kentucky University, The Center. The Michael Minger Act Report for 2015 Activity Reported for Calendar Year 2014

Personal Security Practices of the CAO

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

COMMUNITY SERVICES OFFICER

SECURITY SURVEY AND RISK ASSESSMENT. any trends or patterns in the incidents occurring at the school; the efficiency of the chosen security measures.

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

R345, Information Technology Resource Security 1

INFORMATION SECURITY PROGRAM

Partners in Protection / C-TPAT Supply Chain Security Questionnaire


Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Transcription:

KSU Police Converged Security: A holistic approach to cyber safety and security Cyber Security through Education & Awareness by Community Policing Community Policing Community Policing Initial meeting with parents and students at orientations Familiarization of crime prevention and crime statistics. Safe and Sound brochures Information about security cameras and emergency phone locations Importance of keeping serial/model numbers on all personal electronic equipment Social networking survey for security awareness and prevention on Police website Importance of reporting thefts as soon as possible to help deter future instances Timely Warnings issued campus wide through e- mail about ongoing potential threats or crimes on campus Community Policing Provide information to students about harassing communications Which includes Unwanted excessive text messages, phone calls and e- mails How to obtain a Temporary Protective Order Physical Protection & Prevention through Converged Security By Office of Physical Security 1

The use of Physical Security PHYSICAL SECURITY: Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism. Converged Security KSU approaches Prevention through the use of Converged Security What is Converged Security? The combination of cyber, physical, and human elements of security: Cyber-ITS Physical-Public Safety-largely by use of cyber based security items/tools/systems, also requirement of background for employees with access, etc. Human-physical patrols by police and security officers, investigations of crimes Operations of Converged Security KSU Police is charged with the physical security of cyber assets and systems. The majority of our security mechanisms used are themselves, cyber-based items. The use of Cyber Security CYBER SECURITY: Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack. i.e. protect from theft, corruption, or natural disaster. Tools used in Protection & Prevention: Cameras Alarms Access Controls Background Checks Patrolling Gate Access Determent on Camera Locations: Life Safety High-dollar equipment and/or high-consequence areas Point of Sale Choke-points: entrances, exits, high-traffic areas Cameras 2

Current Camera Options [REDACTED FOR SECURITY] Alarms Currently 33 Fire Alarms 23 Panic Alarms 22 Security Alarms Increasing due to high-dollar equipment and/or high consequence areas, as well as KSU expansion to facilities off the main campus. **None of our alarm systems, including fire, panic, security, are web based; however, we are moving in that direction. Access Controls Background Checks Building entrances Telco and Data Room Computer rooms Classrooms Mechanical rooms Storage, offices, suites, etc. [REDACTED FOR SECURITY] Run on all KSU employees New policy addresses contractors access to restricted areas which is another physical security measure, aiding in the prevention of criminal activity [REDACTED FOR SECURITY] Patrolling Gate Access Additional knowledge about who comes on campus and why Use of other physical access controls such as visitors being managed on a restricted movement concept via the use of The Welcome Center Parking Area and other such designated areas NetScan: Web-based technology used to prevent the physical movement of undesirable personnel into the KSU environment and maintain separation between non-ksu personnel and the student body Investigated tool providing logs from all gate locations (date, time, etc.) 3

Dual Functionality in Cyber Security: Investigations and Intelligence By Criminal Investigation Unit Cyber based Investigative Tools Investigations begin with initial research on persons or property identified as involved in the crime Research on both persons and property conducted via searches on web based applications i.e. LexisNexis, social networking sites, media archives, GCIC/NCIC, Google, Craig s List, etc. Cyber based Investigative Tools cont d Use of campus web based tools: Cameras Analog and IP system cameras Analog cameras will eventually be advanced to IP cameras Access controls Access logs from parking gates Access logs on door locks Cybercrime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. KSU s Information Security Office is heavily relied upon in these crimes to identify the who, what, when, where, why, and how when it is contained in cyber activity on campus. They are also used as forensic crime scene technicians and are certified forensic examiners of computer related equipment. In this position, these technicians and examiners are used to seize equipment, make mirror images of hard drives for examination, maintain chain of custody and even provide testimony in court proceedings following criminal charges General challenges faced during investigation of cyber crimes: Victims of computer-related crimes are sometimes unaware that a crime has been committed; therefore, a lengthy delay in reporting occurs. Assigned investigators that have not been properly trained face challenges when dealing with computer-related crimes i.e. cyber criminals are usually more technologically sophisticated and have more resources, more access to the newest technology, and more time to devote Due to continuous development of advanced technology and cyber capability, in order to remain aware of current trends in cyber criminal activity, Law Enforcement must constantly seek training in the following areas: the unique requirements of computer-related crimes; digital evidence; indentifying, marking and storing this evidence; the capabilities of present private and state agencies to analyze this evidence; and the procedures for developing teams to conduct investigations of computer-related crimes. 4

Difficulties exist in determining jurisdiction when equipment being employed criminally is located in one community and the computer that is illegally entered electronically is in another state or even country Another major challenge in investigating computer-related crimes include the need to determine the exact nature of the crime and to gather evidence in ways that do not disrupt an organization s operation Intelligence Gathering Through an investigation, intel about cyber security is obtained and then reported back to the appropriate areas for modifications, or further research of items. CIU is a major point of intel gathering for all cyber security on campus CIU reports back to CPU when new cyber threats are discovered that may affect our student population; Therefore, new cyber safety tips can be added to information given at orientations, posted on department website, etc. Intelligence Gathering Criminal Investigations Unit reports intel back to the Office of Physical Security when problematic items arise or there is potential for criminal activity. Physical security modifications or increases may prevent as well as, observed failures in current systems that are in place CIU reports back to ISO when breach in cyber systems occur, or we learn the potential exists. We also report to them when a currently used cyber system doesn t have what it needs to be able to ensure it is secure and will provide information of good evidentiary value in court. ISO performs vulnerability assessments on systems or potential weaknesses identified. Cyber Security of Police Assets: By Support Services Division KSU Police Internal Cyber Security Report Exec Direct (Records Management System) Web based. The data base is remotely hosted and data is secure and encrypted. Each user is assigned a unique user name and password by the departmental system administrator. When employment with the department is terminated, the user is locked out of the system and no longer has access. KSU Police Internal Cyber Security Release of Reports. Copies of reports are released to the general public in accordance with the Georgia Open Records Act and departmental policy. 5

Georgia Crime Information Center (GCIC) Provides criminal justice information on individuals, such as criminal histories, drivers license information, and vehicle registration. Georgia Crime Information Center (GCIG) Access to GCIC is provided by a private vendor who was required to install the terminals according to GCIC policy and specifications. Each user is assigned a unique user name and password by the departmental system administrator Georgia Crime Information Center (GCIC) Every member of the Department of Public Safety is required to sign a GCIC Awareness Statement. The Awareness Statement informs them that access to and dissemination of GCIC information is governed by state and federal laws and GCIC Council Rules. It also describes the criminal penalties if the information is used, except as permitted by law. Every member of the Department of Public Safety is required to be trained in Security and Integrity of Criminal Justice information. The training must be received every three years. All members of the Department of Public Safety who perform the duties of dispatcher must complete the Terminal Operator Training Program and be certified as Entry Level Operators within 3 months from their date of employment. They must be re-certified every two years. Equature Audio Recording System Used to record emergency phone lines and police radio traffic Equature Audio Recording System Web based. Database is hosted on site in a secure Telco room located in the Public Safety Building. Installation was overseen by the KSU Information Systems Security Officer to ensure security of the KSU network. Access to recordings is strictly limited. Users are assigned a unique user name and password to gain access to the recordings. One member of the department is assigned administrator access and controls access to the database. Copies of recordings are provided, upon request, as set forth in the Georgia Open Records Act and departmental policy. Digital In-Car Video Recording System (DP2) Used to record audio and video of police activity from a police car. 6

Digital In-Car Video Recording System (DP2) Web based. The database is hosted on site in a secure Telco room located on campus. Installation was overseen by KSU ITS personnel to ensure network security. Access to recordings is strictly limited. Users are assigned a unique user name and password to gain access to the database. Only certain members of the department are assigned administrator access and control access to the database. Copies of recordings are provided, upon request, as set forth in the Georgia Open Records Act and departmental policy. SGT. Bernadette Haynes, Community Policing; (770)423-6206, bhaynes@kennesaw.edu Maureen Patton, Physical Security Coordinator; (770) 423-3053, mpatton@kennesaw.edu SGT. Jennifer Elliott, Criminal Investigation; (678) 797-2043, jelliott@kennesaw.edu LT. Maloney, Support Services; (770) 423-3035, kmaloney@kennesaw.edu 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information