Human centric security policy and management design for small and medium business
|
|
- Albert Stevens
- 5 years ago
- Views:
Transcription
1 SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2014; 7: Published online 11 June 2013 in Wiley Online Library (wileyonlinelibrary.com)..814 SPECIAL ISSUE PAPER for small and medium business Yanghoon Kim 1 and Hangbae Chang 2 * 1 The Institute of Computer Software and Media Technology, Sangmyung University, Seoul, Korea 2 Division of Business Administration, College of Business, Sangmyung University, Seoul, Korea ABSTRACT As companies core technologies are integrated with IT to computerize, they are leaked out at ease. In addition, means of technology leakage are changed from technical leakage to personal one by people. This technology leakage has led to the increase in the estimate and frequency of damages to companies year after year. To exploit core technologies owned by companies to ensure sustainable growth, it should make effort to improve security levels from various perspectives at the same time. Therefore, this paper designed a model to measure security levels of small and medium business and a human centric security policy. In detail, it measured the security status and level of small and medium business by designing a conceptual system for measuring security levels and analyzing empirically. In addition, it analyzed results of measuring the levels in depth to design a human centric security policy for enhancing the security level of companies. Copyright 2013 John Wiley & Sons, Ltd. KEYWORDS human centric security; security policy; security management; small and medium business; measurement security; evaluation security *Correspondence Hangbae Chang, Division of Business Administration, College of Business, Sangmyung University, Seoul, Korea. hbchang@smu.ac.kr 1. BACKGROUND Computerization of companies is not a simple change of business environments but a means of securing competitiveness of companies by improving productivity and reducing transaction cost [1 3]. In addition, computerization of companies is a key basis for creating high added value throughout the economic society using knowledge and information, and it would lead to be capable of coping with high uncertainty of markets [4,5]. While computerization has this good effect, industrial technologies, which should be protected in safety, are recently leaked out to competitors or overseas at ease as they are integrated with IT to computerize. In addition, the number of accidents and the amount of damage by them has been increased rapidly every year [6]. The technology leakage rate and the amount of damage for Korea s companies adversely affect sustainable growth of the companies in the integrated IT environment [7]. To exploit core technologies owned by companies to ensure sustainable growth, it should make effort to improve security levels from various perspectives at the same time. Companies recognize a need to prevent from leaking technologies, and invest separate budget to build security systems. However, a consistent environment is not built according to an integrated security system, and an isolated introduction limited only to specific areas is carried out. In detail, it is vulnerable to security levels for security policies, human resource management, facility management, IT security management, leakage accident response, and so on except asset management [8,9]. To achieve a goal in compliance with companies security investment efficiently and effectively, a correct evaluation (diagnosis) should be preceded for current security levels of the companies. Therefore, this paper would like to measure the security level of small and medium business to remove impediments to companies competitiveness and to prepare a chance to improve it. With such a goal, it would like to design a model to measure the security level of small and medium business and a human centric security policy. In detail, it designs the model to measure security levels through the preceding studies, and applies it to companies to analyze the security level of the companies empirically. Finally, it designs a strategy to enhance the security level of companies Copyright 2013 John Wiley & Sons, Ltd.
2 2. STATUS OF SMALL AND MEDIUM BUSINESS TECHNOLOGY LEAKAGE 2.1. The number and scale of small and medium business technology leakage damage (Korea cases) The 161 companies responded that they had experienced technology leakage from 2008 to 2010, which occupy 10.5% of the whole 1529 sample companies. For each company type, 11.1%, 10.0%, and 11.6% of large, small and medium, and venture companies responded that they had experienced technology leakage, respectively. As a result of conducting an additional survey for companies experiencing technology leakage, it was found that the ratios of companies experiencing one and two or more technology leakage accidents repeatedly are 64.0% and 36.0%, respectively. It was calculated that the average number of technology leakage accidents of companies experiencing technology leakage is 1.6. For each company type, it was analyzed that the large, small and medium, and venture companies have 2.2, 1.6, and 1.5 cases, respectively. It was found that the average amount of damage for each technology leakage accident is 1.66 billion won, and 3.14, 1.02, and 2.47 billion won for large, small and medium, and venture companies, respectively. It was found that companies with a heavier damage loss compared with their business scale are venture ones. In detail, it was found that the average sales scale of small and medium, and venture companies experiencing the technology leakage is billion won. Accordingly, it is estimated that about 12% of the total sales is the damage loss amount caused by the technology leakage. Also, it was found that the sales scale of only the venture companies is 8.27 billion won. Therefore, it is estimated that 29.8% of the total sales is the damage loss amount caused by the technology leakage Technology leakage paths of small and medium companies For persons concerned in the technology leakage of small and medium companies, retired employees played the most important role (74.5%), and it was found in the order of competitors (15.5%) and subcontractors employees (14.9%) (Figure 1). It was found that the technology leakage means by these persons concerned in the technology leakage are in the order of the headhunting of key manpower (42.2%), duplication and stealing (38.5%), missing of portable storage devices, joint projects, and joint researches (11.2%) (Figure 2). It was analyzed that the technology leakage method by manpower movement itself is higher than the one by tools. The ratio was 57.8% that small and medium companies answering security management status has improved after technology leakage. It was analyzed that companies recognizing importance and wide-spreading wariness of technology leakage accident Small and medium companies leakage technology target and their post response It was found that the types of small and medium companies technologies leaked were in the order of that the result data of the project in execution was 39.8%, the final research result as 36.0%, and the design drawing of major equipment as 30.4% (Figure 3). It was found that 37.9% had accused the persons (companies) concerned as the follow-up action for the technology leakage and that 26.7% had also reinforced the security management system in the laboratory. However, companies not carrying out special measures were also found as a level of 33.5% as ever. Additionally, the ratio of answering that a retiree had moved to its competitor within the past 2 years was indicated as 14.7%. It was found that the ratio of changing jobs Current Employees Retired Employees Subcontractors Employees Competitors Employees Average Large Companies Small and Medium Companies Venture Companies Potential Investors Figure 1. Persons concerned in the technology leakage of small and medium companies (multiple answers). Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd. 1623
3 Figure 2. Means for the technology leakage of small and medium companies (multiple answers). Figure 3. Types of industrial secrets leaked (multiple answers). by the retirees of large companies was 37.0%, which was higher than other company types. For the cause of occurring the technology leakage, companies replied in the order of that the loose security management and supervision system is 56.3%, the employees insufficient security awareness as 52.4%, and personal pursuit of financial profit as 27.6%. In detail, for small and medium companies and venture ones, their difficulties of investing in the security cost due to the small scale are 20.7% and 17.6%, respectively, of which difficulties were indicated higher than those of large companies. Therefore, it is expected that reinforcing security awareness for members of the company and building a security management system with lower cost rather than building a separate security system with high cost could be selected as an efficient security strategy for small and medium/venture companies with insufficient managerial resources. The ratio of companies, which replied that they had invested in the technology leakage prevention, was on the level of 63.4%. It was found as venture companies (68.5%), small and medium ones (61.7%), and large ones (51.9%). In addition, it was found that the average amount of investment for the technology leakage prevention is 19.5 million won. In detail, it was found as 128.8, 17.7, and 13.4 million won for large, small and medium, and venture companies, respectively. 3. DESIGN OF A MODEL TO EVALUATE THE SECURITY LEVEL OF SMALL AND MEDIUM COMPANIES AND ITS EMPIRICAL STUDY 3.1. Design of a model to evaluate the security level of small and medium companies With the preceding studies, a model to evaluate the security level of small and medium companies was designed. To redesign typical areas such as the security policy, asset 1624 Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd.
4 management, human resource management, facility management, IT security management, and leakage accident response for evaluating the existing security level, the conceptual system was designed as shown in Figure 4. With the conceptual system to measure the security level of small and medium companies, a model to evaluate the security level of small and medium companies considering the preceding studies was designed. The designed evaluation model was based on the fact that organizations, which are influenced by the technology protection environment (legal system, political and economic environment, social consensus, etc.) from the outside and by the technology protection awareness/culture from the inside, carry out security activities such as the technology protection environment, technology protection activities, and continuous management of technology protection. As the basic premise for security activities, the technology protection support environment area was composed of the security policy, security organizations, security investment items, and so on. The technology protection activity area was composed of the asset management (asset identification and classification), personnel management (management of authorized inside/outside staff, management of new employees/incumbents/retirees), physical security (areas and equipment), technical security (IT security system) items, and so on. Finally, the continuous management area of technology protection was composed of the operation management (security activity confirmation and improvement), accident response (response system for the occurred accident) items, and so on (Table I). The security level was measured by adding up scores of respective areas, and the maturity was divided into five levels such as excellent, good, average, weak, and dangerous by its score. Level 1 is a dangerous one, which represents the case below 40 points. It is a state that serious defects and vulnerability always reside for security, and the fatal damage is concerned depending on the leakage and infringement extent of technology. Level 2 is a vulnerable one, which indicates from 40 points to below 55 ones. It involves somewhat serious defects and vulnerability for security, and represents a state that could result in the fatal damage depending on the leakage and infringement extent of technology. Level 3 is an average one, which indicates from 55 points to below 70 ones. It involves usual defects and vulnerability for security, and represents a state that the damage could grow worse depending on the leakage and infringement extent of technology. Level 4 is a good one, which indicates from 70 points to below 85 ones. It involves minor defects and vulnerability for security, and represents a state that the security work is partially carried out on the company level. Level 5 is an excellent one, which indicates 85 points or more. It has little defect and vulnerability for security, and represents a state that the damage is minimized when the technology leakage and infringement accident occurs Design of an evaluation survey for the security level of small and medium companies and its result A survey in the form of a respondent entry was conducted from 21 November 2011 to 14 January 2012 by post, fax, , and so on, for 1529 sample companies possessing a laboratory affiliated with a company. Samples were extracted by the multilevel stratified sampling method for three respective company types based on the sales; the power allocation using advantages of Neyman s optimum distribution and proportional allotment methods was used for maintaining representativeness of each stratum; the size of samples was determined by the random stratification sampling. It was found that the security level of the small and medium company group (small and medium/venture companies) is In detail, it showed the satisfaction level under half in most areas except the protection policy in Figure 4. A conceptual system to measure the security level of small and medium companies. Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd. 1625
5 Table I. The evaluation model for the security level of small and medium companies proposed in this study. Area (weight) Item(weight) Technology protection support environment (13) Protection policy (6) Protection organization (4) Protection investment (3) Technology protection activity (69) Protection asset management (13) Protection training (3) Personnel management (12) Inside personnel management (8) Incumbent (4) Retiree (4) Outside personnel management (4) Physical protection (15) Technical protection (26) PC protection (6) Information system security management (12) Communication network management (4) Electronic information protection (4) Continuous management of technology protection (18) Operation management (4) Accident response (14) the technology protection support environment area and the physical protection item in the technology protection activity area (Table II). The security level of the whole companies including large, small and medium, and venture ones was 43.8 points, which indicated as the vulnerable level. Dividing into the company groups, the large company was 75.4 points, which was a good level, but the small and medium one was 42.6, the venture one was 42.8, which were investigated as the vulnerable level (Figure 5). For the distribution of companies for each security level, the dangerous level was 46.4%, which was the largest, and it indicated in the order of vulnerable as 24.2%, average as 15.3%, good as 9.2%, and excellent as 5.0%. For the security level of large companies, the excellent level was 37.0%, which was the largest, and was in the order of good as 29.6% and average as 20.4%. In addition, it was analyzed that the security level under the vulnerable one was only 13.0% for large companies. For the security level of small and medium companies, the dangerous level was 47.7%, which was the largest, and was in the order of vulnerable as 24.9% and average as 15.1%. However, the security level above the good was only 12.2% for small and medium companies. The security level of venture companies also showed the same form as the small and medium ones. In detail, for the security level of venture Table II. Security levels of small and medium companies (overall). Area Item Point Technology protection support Protection policy 3.7/6 environment Protection organization 0.9/4 Protection investment 0.8/3 Technology protection activity Protection asset management 6.3/13 Protection training 1.1/3 Personnel management Inside personnel management Incumbent 1.9/4 Retiree 1.4/4 Outside personnel management 1.2/4 Physical protection 8/15 Technical protection PC protection 2.5/6 Information system security management 4.5/12 Communication network management 1.6/4 Electronic information protection 1.7/4 Continuous management of technology Operation management 1.8/4 protection Accident response 5.2/14 Total 42.6/ Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd.
6 Figure 5. Security levels for each form of companies. companies, the dangerous level was 46.4%, which was the largest, and was investigated in the order of vulnerable as 27.5% and average as 16.8%. In addition, the security level above the good was only 9.3% for venture companies (Figure 6). 4. DESIGN OF A STRATEGY FOR IMPROVING THE SECURITY LEVEL OF SMALL AND MEDIUM COMPANIES 4.1. Concentration of the technology-intensive small and medium companies To establish the concentrated support target for the small and medium companies technology protection, the security level was compared between the technology-intensive companies, which have relatively many protection assets, and the less labor-intensive ones. The technologyintensive company means one that the investment ratio compared with the sales and the possession ratio of research manpower are high. In addition, the labor-intensive company means one that the portion occupied by the capital is low in the production factor and the degree of coupling with labor is high. It was found that the technology-intensive companies had higher management performance than the general companies. Because the overall security level of the labor-intensive companies was investigated as 43.0 points, which was measured as rather higher than 41.1 points that was the security level of the technology-intensive companies possessing relatively many assets for protection, it was found that there is a need to concentrate the target segment of supporting the technology Figure 6. Distribution of companies for each security level (for each type of companies). Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd. 1627
7 protection policy for the small and medium companies on the technology-intensive companies (Table III) Development of an improvement methodology for each security advancement stage of small and medium companies As a result of investigating the distribution of the investigation-target companies security levels, it was found that most of small/medium and venture companies are currently situated on the dangerous level. In detail, because it was measured that 46.7%, 25.1%, 15.4%, 8.8%, and 4.0% of the investigation-target companies are situated on the dangerous, vulnerable, average, good, and excellent levels, respectively, it was analyzed that there is a need to carry out, by priority, the government s security policy for improving the security level from level 1, dangerous one, to the next one (level 2) (Figure 7). To trigger the dangerous level of companies currently belonged to most of small/medium and venture ones, the asset management, physical security activity, and so on were extracted as the decisive factors compared with other elements. In detail, it was found that the asset identification and classification process, which forms the foundation of security activities, methods to manage major facilities and equipment, methodology to control activities (access, Table III. Comparison of the security levels between technology-intensive and labor-intensive small/medium companies. Technology intensive (n = 380)Labor intensive (n = 936) Area Item Point Area Point Point Area point Technology protection support environment Technology protection activity Protection policy 3.7/6 5.3/13 3.8/6 5.5/13 Protection organization 0.8/4 0.9/4 Protection investment 0.8/3 0.8/3 Protection asset 6.1/ /69 6.4/ /69 management Protection training 1.1/3 1.1/3 Personnel Inside personnelincumbent 1.9/4 1.9/4 management management Retiree 1.3/4 1.4/4 Outside personnel 1.2/4 1.2/4 management Physical protection 7.6/15 8.1/15 Technical protection PC protection 2.3/6 2.5/6 Information system 4.2/12 4.6/12 security management Communication 1.5/4 1.6/4 network management Electronic 1.7/4 1.8/4 information protection Operation management 1.7/4 6.9/18 1.8/4 7/18 Accident response 5.2/14 5.2/14 Continuous management of technology protection Total 41.1/ / / /100 Figure 7. Distribution of companies by the security advancement stage Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd.
8 movement) for members of the organization, and so on are needed (Table IV) Carrying out of a balanced security strategy The weak point for security levels was drawn from the security strategy perspective of small/medium and venture companies. The security strategy means a directivity that arranges (designs) a variety of security activities in an organization. In other words, it is an interpretation of why is the technology protection carried out? What is carried out? and so on in terms of the whole organization. It could be classified diversely according to the strategy application time, strategy application place, the decision making process for applying the strategy, and so on. By classifying the security strategy by the time-based criterion, it could be divided into the proactive strategy (awareness improvement, training, authentication method, warning, etc.), detective one (internal/external audit, observation, sensing/warning, contents filtering, etc.), reactive one (external institution s cooperation, evidence collection, and penalty), and so on (Figure 8). When currently classifying the model to survey the security level in terms of the security promotion strategy, it was found that it is relatively concentrated in the technology leakage accident prevention activities (45.3%) and that the measurement on the detection of technology leakage actions (42.1%) or the post treatment activities (33.7%) was insufficient, so it is considered that the balance of security strategy is not maintained (Figure 9). It is necessary to change the policy from the viewpoint of how to protect technologies to the one of how to minimize damages of leakage accidents. Considering that the perfect blocking of technology leakage is practically difficult, the degree of preparation for securing the business continuity in case of a security accident is a relatively high level. The satisfaction level for the reactive strategy is lower than the proactive and detective strategies also in terms of the security strategy. A virtuous circular accident prevention effect is expected through a visual accident response process (Figure 10) Design of a security management system centered on humans rather than systems It is time to take effort to improve awareness of members, which is the primary cause of the technology leakage, rather than the security system technology support. For the technology leakage, the method by manpower movement is more increased than the one by tools compared with the past. Reinforcing of security awareness for members and building of a security management system with relatively low cost rather than building of a security system with high cost could become an efficient security strategy for small/medium and venture companies with insufficient management resources. Furthermore, it is necessary to take effort to form a security consensus (culture) from the multi-dimensional viewpoint of members of the organization. It requires efforts of reinforcing individual level s security awareness and information ethics, organizational level s multi-dimensional risk analysis, consistent policy design, best case benchmarking, continuous security investment, forming mutual trust, and so on (Figure 11). 5. CONCLUSION AND FUTURE TASKS The technology leakage rate and the amount of damage for companies adversely affect sustainable growth of the companies in the integrated IT environment. To exploit core technologies owned by companies to ensure sustainable growth, it should make effort to improve security levels from various perspectives at the same time. In particular, to achieve a goal efficiently and effectively in compliance with the security investment of small and medium companies possessing limited human/material resources, a correct evaluation should be preceded for current security levels of the companies. Therefore, this paper designed the conceptual system and model to measure security levels of small and medium companies, and measured the security level by the survey for the small and medium companies. In addition, it designed the strategy to enhance the companies security level. It has three meanings as follows. First, by restructuring items to measure the security level presented by the preceding studies, it suggested the conceptual system that could measure the security level of small and medium companies. Second, by investigating the present condition of the small and medium companies security level to analyze the distribution according to the security development stage, it suggested the focus target of a political improvement method for enhancing the security level. Third, by understanding the present condition that the current model for measuring the security of the preceding studies is constructed mainly with the proactive strategy, it suggested the balanced method to measure the security level. For the future study, it would be desirable to study the external security environment suggested by this study model and the effect of security awareness/culture on the security level. In addition, it would be desirable to study a process that the technology protection culture returns to the technology protection elements by analyzing the relationship between the technology protection elements for forming the security culture and the technology protection actions and by again analyzing the relationship between the technology protection actions and the technology protection culture. Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd. 1629
9 Table IV. Security levels by the security advancement stage. Area Item Dangerous (614, 46.7%) Vulnerable (330, 25.1%) Average (203, 15.4%) Good (116, 8.8%) Excellent (53, 4.4%) Technology protection support environment Technology protection activity Protection policy 2.7/ Protection organization 0.3/ Protection investment 0.3/ Protection asset management 3.5/ Protection training 0.6/ Personnel management Inside personnel Incumbent 1/ management Retiree 0.7/ Outside personnel 0.5/ management Physical protection 5.3/ Technical protection PC protection 1.3/ Information system security management Communication network management Electronic information protection 2.3/ / / Continuous management of Operation management 1.1/ technology protection Accident response 2.8/ Total 24.2/ Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd.
10 Figure 8. Types of the security strategy (based on the strategy application time). Figure 9. Satisfaction degree from the viewpoint of strategies. Figure 10. Securing the balance of the model to survey security levels. Figure 11. Process to form the security culture. Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd. 1631
11 REFERENCES 1. Kim Y, Chang H. The industrial security management model for SMBs in smart work. Journal of Intelligent Manufacturing doi: /s Guo KH. Information systems security misbehavior in the workplace: the effects of job performance expectation and workgroup norm, ETD Collection for McMaster University 2010; AAINR Kim Y, Chang H. Smart sensor based total quality management service design in production process. Lecture Notes in Electrical Engineering 2012; 182: Wall DS. Enemies within: redefining the insider threat in organizational security policy. Security Journal doi: /sj Chang H, Kim K-k. Design of inside information leakage prevention system in ubiquitous computing environment. Lecture Notes in Computer Science 2005; 3483: Albrechtsen E. A qualitative study of users views on information security. Computers and Security 2007; 26(4): Chang H. The design of leakage prevention service for industry databases. Computers & Mathematics with Applications doi: /j. camwa Kruger HA, Kearney WD. A prototype for assessing information security awareness. Computers and Security 2006; 25(4): Da Veiga A, Eloff JHP. A framework and assessment instrument for information security culture. Computers & Security 2010; 29(2): Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd.
(b) Fiscal 2016 Initiative Results and Fiscal 2017 Plans
provide a new framework based on ISO 26000, the global standard for corporate social responsibility. In accordance, Hitachi Metals will further reinforce its PDCA cycle for CSR management to accurately
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationThe Information Security Guideline for SMEs in Korea
The Information Security Guideline for SMEs in Korea Ho-Seong Kim Mi-Hyun Ahn Gang Shin Lee Jae-il Lee Abstract To address current difficulties of SMEs that are reluctant to invest in information security
More informationREINVENTING ETHICAL, SUSTAINABLE SUPPLY CHAINS
REINVENTING ETHICAL, SUSTAINABLE SUPPLY CHAINS HP Inc. Sustainability Briefing January 22, 2018 1 Copyright 2018 HP Development Company, L.P. The information contained herein is subject to change without
More informationACCOUNTING (ACCT) Kent State University Catalog
Kent State University Catalog 2018-2019 1 ACCOUNTING (ACCT) ACCT 23020 INTRODUCTION TO FINANCIAL ACCOUNTING 3 Credit (Equivalent to ACTT 11000) Introduction to the basic concepts and standards underlying
More informationBachelor of Property Valuation
Course information for Bachelor of Property Valuation Course Number HE20507 Course design The Bachelor of Property Valuation is a three-year qualification that prepares graduates for work as a Valuer in
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationCertified Manager Certification
Certified Manager Certification Get Trained Get Certified Get Recognized www.hr-pulse.org In Partnership With HR Pulse has the Learning Solutions to Empower Your People & Grow Your Business About ICPM
More informationSTRATEGIC PLAN
STRATEGIC PLAN 2013-2018 In an era of growing demand for IT services, it is imperative that strong guiding principles are followed that will allow for the fulfillment of the Division of Information Technology
More informationITSS Model Curriculum. - To get level 3 -
ITSS Model Curriculum - To get level 3 - (Corresponding with ITSS V3) IT Skill Standards Center IT Human Resources Development Headquarters Information-Technology Promotion Agency (IPA), JAPAN Company
More informationNOKIA FINANCIAL RESULTS Q3 / 2012
Nokia Internal Use Only NOKIA FINANCIAL RESULTS Q3 / 2012 Conference Call October 18, 2012 15.00 / Helsinki 08.00 / New York Stephen Elop / President & CEO Timo Ihamuotila / CFO Matt Shimao / Head of Investor
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationNokia Conference Call 1Q 2012 Financial Results
Nokia Internal Use Only Nokia Conference Call 1Q 2012 Financial Results April 19 th, 2012 15.00 Helsinki time 8.00 New York time Stephen Elop President & CEO Timo Ihamuotila CFO Matt Shimao Head of Investor
More informationAn advanced data leakage detection system analyzing relations between data leak activity
An advanced data leakage detection system analyzing relations between data leak activity Min-Ji Seo 1 Ph. D. Student, Software Convergence Department, Soongsil University, Seoul, 156-743, Korea. 1 Orcid
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationIJESRT. (I2OR), Publication Impact Factor: (ISRA), Impact Factor: 2.114
IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY EVALUATING ISO STANDARDS APPLICATION OF SECURITY REQUIREMENTS OF E- BANKING IN SUDAN Inshirah M. O. Elmaghrabi*, Hoida A. Abdelgadir,
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationBOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018
STATE OF IOWA SEPTEMBER 12-13, 2018 REQUEST FOR NEW PROGRAM AT IOWA STATE UNIVERSITY: BACHELOR OF SCIENCE IN CYBER SECURITY ENGINEERING Contact: Rachel Boon Action Requested: Consider approval of the request
More informationResearch Infrastructures and Horizon 2020
Research Infrastructures and Horizon 2020 Christos VASILAKOS DG Research & 1 st CoPoRI Workshop on EoE 11-12 June 2012 Hamburg, DE The EU Framework Programme for Research and 2014-2020 Research and Europe
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationEUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE
EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile
More informationMitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment
Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security
More informationMIS Class 2. The Threat Environment
MIS 5214 Class 2 The Threat Environment Agenda In the News Models Risk Hackers Vulnerabilities Information System Categorization Risk Assessment Exercise Conceptual Modeling and Information Systems In
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationProblems and Countermeasures of Information Security of Electric. Power Enterprises in China
6th International Conference on Machinery, Materials, Environment, Biotechnology and Computer (MMEBC 2016) Problems and Countermeasures of Information Security of Electric Power Enterprises in China Haixun
More informationGetting Started with Stormwater Asset Management
Getting Started with Stormwater Asset Management Fall Conference Broken Arrow, OK September 17, 2018 Trey Shanks CFM, IAM, PACP ts@freese.com Asset management roadmap STEP 4 Risk Based Analysis STEP 3
More informationADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT
ADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT 1 BY HUSSEIN K. ISINGOMA CISA,FCCA,CIA, CPA, MSC,BBS AG. ASSISTANT COMMISSIONER/INTERNAL AUDIT MINISTRY OF FINANCE, PLANNING AND ECONOMIC
More informationBusiness Continuity An Integral Part of Risk Management At Constellation Energy
Business Continuity An Integral Part of Risk Management At Constellation Energy World Disaster Management Conference Toronto, Canada June 19, 2006 Robert W. Cornelius Director Business Continuity Operating
More informationGoVenture
BBI1O, BBI2O, Grades 9 or 10 Introduction to Business Strand: Business Fundamentals Economic Basics Types of Businesses C C C C C Business Ethics and Social Responsibility C C C C C C C C C C International
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationSchool of Engineering and Technology. Department of Engineering
1 2 School of Engineering and Technology Department of Engineering 3 Bachelor of Science in Communication Engineering The program focuses on the technical aspects of digital and analog communications,
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationEVALUATION AND APPROVAL OF AUDITORS. Deliverable 4.4.3: Design of a governmental Social Responsibility and Quality Certification System
EVALUATION AND APPROVAL OF AUDITORS Deliverable 4.4.3: Design of a governmental Social Responsibility and Quality Certification System 1 TABLE OF CONTENTS 1. Scope and field of Application 3 2. Normative
More informationGreen IT: Sustainability and Risk Analysis. David C. Chou Professor of Computer Information Systems Eastern Michigan University
Green IT: Sustainability and Risk Analysis 1 David C. Chou Professor of Computer Information Systems Eastern Michigan University 2 Purposes of this study Discuss the implication of Green IT and sustainability.
More informationO&M Service for Sustainable Social Infrastructure
O&M Service for Sustainable Social Infrastructure Hitachi Review Vol. 62 (2013), No. 7 370 Toshiyuki Moritsu, Ph. D. Takahiro Fujishiro, Ph. D. Katsuya Koda Tatsuya Kutsuna OVERVIEW: Hitachi is developing
More informationWHITE PAPER. Title. Managed Services for SAS Technology
WHITE PAPER Hosted Title Managed Services for SAS Technology ii Contents Performance... 1 Optimal storage and sizing...1 Secure, no-hassle access...2 Dedicated computing infrastructure...2 Early and pre-emptive
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationCyber Security in Smart Commercial Buildings 2017 to 2021
Smart Buildings Cyber Security in Smart Commercial Buildings 2017 to 2021 Published: Q2 2017 Cyber Security in Smart Buildings Synopsis 2017 This report will help all stakeholders and investors in the
More informationFundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL
Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Shifting budgets and responsibilities require IT and physical security teams to consider fundamental change in day-to-day
More informationITG. Information Security Management System Manual
ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005
More informationDomino s Pizza Enterprises Ltd. The Business Partner. Code of Practice
Domino s Pizza Enterprises Ltd The Business Partner Code of Practice INTRODUCTION At Domino s we are committed to living our brand ethos of People Powered Pizza. This includes the people who work with
More informationGOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationImproving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN
Improving Data Governance in Your Organization Faire Co Regional Manger, Information Management Software, ASEAN Topics The Innovation Imperative and Innovating with Information What Is Data Governance?
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationReport. Conceptual Framework for the DIAMONDS Project. SINTEF ICT Networked Systems and Services SINTEF A Unrestricted
SINTEF A22798- Unrestricted Report Conceptual Framework for the DIAMONDS Project Author(s) Gencer Erdogan, Yan Li, Ragnhild Kobro Runde, Fredrik Seehusen, Ketil Stølen SINTEF ICT Networked Systems and
More informationHong Kong Mobile Apps Industry Survey 2017
Hong Kong Mobile Apps Industry Survey 2017 Table of Content Introduction Methodology Situation in Hong Kong Company Overview Human Resources Startups Products & Services Business Environment Comparison
More informationACCOUNTING (ACCT) Accounting (ACCT) 1
Accounting (ACCT) 1 ACCOUNTING (ACCT) ACCT 201 Introduction to Accounting (3 crs) Prerequisite: Eligible for MATH 104 or above (MATH 104, MATH 106, MATH 108, MATH 109, MATH 111, MATH 112, MATH 113, MATH
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationTHE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:
June 2013 Sponsored by Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information can be easily transported and lost, while the
More informationIn 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.
REPORT FOR ACTION IT Infrastructure and IT Asset Management Review: Phase 1: Establishing an Information Technology Roadmap to Guide the Way Forward for Infrastructure and Asset Management Date: January
More informationCLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
More informationISO/IEC/ IEEE INTERNATIONAL STANDARD. Systems and software engineering Architecture description
INTERNATIONAL STANDARD ISO/IEC/ IEEE 42010 First edition 2011-12-01 Systems and software engineering Architecture description Ingénierie des systèmes et des logiciels Description de l'architecture Reference
More informationEmerging Technologies The risks they pose to your organisations
Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More informationISSA Guidelines on Information and Communication Technology: Overview
ISSA Guidelines on Information and Communication Technology: Overview Raul Ruggia-Frick ISSA Secretariat ISSA Guidelines Information and Communication Technology 2 Outline Context The Guidelines on Information
More informationC106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT
C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT Buy: http://www.globalmanagergroup.com/iso27001training.htm Chapter-1.0 CONTENTS OF ISO 27001-2005
More informationResults and Plan of the Hitachi Chemical Group s CSR Activities The Entire Group is Systematically Pursuing Even Higher Levels of CSR Activities
Results and Plan of the Hitachi Chemical Group s CSR Activities The Entire Group is Systematically Pursuing Even Higher Levels of CSR Activities Based on the Group CSR Policy, the entire Hitachi Chemical
More informationHow to Become a CMA (Certified Management Accountant) May 10, 2017
How to Become a CMA (Certified Management Accountant) May 10, 2017 Today s Moderator Featured Presenter Agenda The CMA Designation Institute of Management Accountants (IMA) Why get a CMA? CMA Requirements
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationNetwork Security Assessment
Network Security Assessment http://www.cta.com/content/docs/n et_ass.pdf 1 Introduction There are certain characteristics that the network should possess: 1. Security Policy. Networks should have an associated
More informationInformation Security Solutions
Information Security Solutions V Kiyotaka Uchida V Noriaki Sugano V Syouichi Andou (Manuscript received December 20, 2006) Now that regulations such as the Japanese Sarbanes-Oxley (J-SOX) act have been
More informationInter-American Port Security Cooperation Plan
Inter-American Port Security Cooperation Plan Thomas Morelli Program Manager for Port & Cargo Security Maritime Administration U.S. Department of Transportation Inter-American Port Security Cooperation
More informationCriteria for selecting methods in user-centred design
Extended version of I-USED 2009 workshop paper Criteria for selecting methods in user-centred design Nigel Bevan Professional Usability Services 12 King Edwards Gardens, London W3 9RG, UK mail@nigelbevan.com
More informationDeveloping an integrated approach to the analysis of MOD cyber-related risks
Developing an integrated approach to the analysis of MOD cyber-related risks James Tate, Colette Jeffery Joint Enablers Analysis Group 28 th July 2016 COVERING Overview 1. risk research 2. Customer requirement
More informationInformation Systems and Tech (IST)
Information Systems and Tech (IST) 1 Information Systems and Tech (IST) Courses IST 101. Introduction to Information Technology. 4 Introduction to information technology concepts and skills. Survey of
More informationMANAGEMENT OF INFORMATION SECURITY INCIDENTS
MANAGEMENT OF INFORMATION SECURITY INCIDENTS PhD. Eng Daniel COSTIN Polytechnic University of Bucharest ABSTRACT Reporting information security events. Reporting information security weaknesses. Responsible
More informationACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES
ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES ACCREDITATION SCHEME MANUAL Document Title: Document Number: Various Accreditation Schemes ACCAB-ASM-7.0 CONTROLLED COPY Revision Number Revision
More informationITIL Managing Across the Lifecycle Course
ITIL Managing Across the Lifecycle Course Duration: 5 Days Course Delivery: Classroom Language: English Course Overview ITIL 2011 edition is comprised of five core publications: Service Strategy, Service
More informationLEHMAN COLLEGE OF THE CITY UNIVERSITY OF NEW YORK. Department of Economics and Business. Curriculum Change
Senate Meeting of April 28, 2010 Graduate Studies Committee Hegis Code: 0502 Program Code: 32786 LEHMAN COLLEGE OF THE CITY UNIVERSITY OF NEW YORK Department of Economics and Business Curriculum Change
More informationITG. Information Security Management System Manual
ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More informationInsider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey
Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com
More informationIBM Software IBM InfoSphere Information Server for Data Quality
IBM InfoSphere Information Server for Data Quality A component index Table of contents 3 6 9 9 InfoSphere QualityStage 10 InfoSphere Information Analyzer 12 InfoSphere Discovery 13 14 2 Do you have confidence
More informationHitachi Completes Transfer of Hard Disk Drive Business to Western Digital
FOR IMMEDIATE RELEASE Contact: Japan: Hajime Kito Hitachi, Ltd. +81-3-5208-9323 hajime.kito.qy@hitachi.com Hitachi Completes Transfer of Hard Disk Drive Business to Western Digital Tokyo, March 9, 2012
More informationExpanding ICT Infrastructure for Rural Areas in Korea
Expanding ICT Infrastructure for Rural Areas in Korea Hyongsoon Kim*, Eunyoung Lee** * Digital Infrastructure Division, National Information Society Agency, Seoul, Korea **Dept. of Computer Science, Dongduk
More informationAngela McKay Director, Government Security Policy and Strategy Microsoft
Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au
More informationPROTERRA CERTIFICATION PROTOCOL V2.2
PROTERRA CERTIFICATION PROTOCOL V2.2 TABLE OF CONTENTS 1. Introduction 2. Scope of this document 3. Definitions and Abbreviations 4. Approval procedure for Certification Bodies 5. Certification Requirements
More informationGeneral Framework for Secure IoT Systems
General Framework for Secure IoT Systems National center of Incident readiness and Strategy for Cybersecurity (NISC) Government of Japan August 26, 2016 1. General Framework Objective Internet of Things
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationPurpose of establishment and main functions. Greeting. Busan IT Industry Promotion Agency. (BIPA) is a leading IT CT industry in Busan.
Centum Venture Town (BIPA) 41 Centumdong-ro (1475 U-dong), Haeundae-gu, Busan, Korea TEL : +82-51-749-6660 FAX : +82-51-731-6664 Busan Cultural Contents Complex 140 Suyeonggangbyeon-daero (1466-1 U-dong),
More informationHow To Reduce the IT Budget and Still Keep the Lights On
How To Reduce the IT Budget and Still Keep the Lights On By Charles Williams and John Carnegie CIOs are now more challenged than ever to demonstrate mature financial management disciplines, greater transparency,
More informationBusiness Continuity. Policies. Promotion Framework
Business Continuity For many years NEC has been involved in the construction of social infrastructure through information and communications technologies. Social infrastructures, such as communication
More informationAPPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION. PT. TÜV NORD Indonesia PS - TNI 001 Rev.05
APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION PT. TÜV NORD Indonesia PS - TNI 001 Rev.05 Created : 20-06-2016 Checked: 20-06-2016 Approved : 20-06-2016 Indah Lestari Karlina
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationIndependent Assurance Statement
Independent Assurance Statement Scope and Objectives DNV GL Business Assurance USA, Inc. (DNV GL) was commissioned by Lockheed Martin Corporation (Lockheed Martin) to conduct independent assurance of its
More informationDoug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017
Cyber Concerns of Local Government and What Does It Mean to Transportation Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017 Transportation and Infrastructure
More informationⅠ Introduction 1. Ⅱ Information Security Infrastructure and Environment 2. Ⅲ Information Security Incident Prevention 8
Ⅰ Introduction 1 Ⅱ Information Security Infrastructure and Environment 2 1. Information Security Policy 2 A. Information (Personal Information) Security Policy 2 B. Information Security Policy 3 C. Personal
More informationIntroduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?
Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011
More informationKyocera Corporation Financial Presentation
Kyocera Corporation Financial Presentation (Year Ended March 31, 2007) May 7, 2007 Kyocera Corporation ForwardLooking Statements Certain of the statements made in this document are forwardlooking statements
More informationInformation Security and Cyber Security
Information Security and Cyber Security Policy NEC recognizes that it is our duty to protect the information assets entrusted to us by our customers and business partners as well as our own information
More informationThreat and Vulnerability Assessment Tool
TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...
More informationitexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공
itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and
More informationDemystifying GRC. Abstract
White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More information