Human centric security policy and management design for small and medium business

Size: px
Start display at page:

Download "Human centric security policy and management design for small and medium business"

Transcription

1 SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2014; 7: Published online 11 June 2013 in Wiley Online Library (wileyonlinelibrary.com)..814 SPECIAL ISSUE PAPER for small and medium business Yanghoon Kim 1 and Hangbae Chang 2 * 1 The Institute of Computer Software and Media Technology, Sangmyung University, Seoul, Korea 2 Division of Business Administration, College of Business, Sangmyung University, Seoul, Korea ABSTRACT As companies core technologies are integrated with IT to computerize, they are leaked out at ease. In addition, means of technology leakage are changed from technical leakage to personal one by people. This technology leakage has led to the increase in the estimate and frequency of damages to companies year after year. To exploit core technologies owned by companies to ensure sustainable growth, it should make effort to improve security levels from various perspectives at the same time. Therefore, this paper designed a model to measure security levels of small and medium business and a human centric security policy. In detail, it measured the security status and level of small and medium business by designing a conceptual system for measuring security levels and analyzing empirically. In addition, it analyzed results of measuring the levels in depth to design a human centric security policy for enhancing the security level of companies. Copyright 2013 John Wiley & Sons, Ltd. KEYWORDS human centric security; security policy; security management; small and medium business; measurement security; evaluation security *Correspondence Hangbae Chang, Division of Business Administration, College of Business, Sangmyung University, Seoul, Korea. hbchang@smu.ac.kr 1. BACKGROUND Computerization of companies is not a simple change of business environments but a means of securing competitiveness of companies by improving productivity and reducing transaction cost [1 3]. In addition, computerization of companies is a key basis for creating high added value throughout the economic society using knowledge and information, and it would lead to be capable of coping with high uncertainty of markets [4,5]. While computerization has this good effect, industrial technologies, which should be protected in safety, are recently leaked out to competitors or overseas at ease as they are integrated with IT to computerize. In addition, the number of accidents and the amount of damage by them has been increased rapidly every year [6]. The technology leakage rate and the amount of damage for Korea s companies adversely affect sustainable growth of the companies in the integrated IT environment [7]. To exploit core technologies owned by companies to ensure sustainable growth, it should make effort to improve security levels from various perspectives at the same time. Companies recognize a need to prevent from leaking technologies, and invest separate budget to build security systems. However, a consistent environment is not built according to an integrated security system, and an isolated introduction limited only to specific areas is carried out. In detail, it is vulnerable to security levels for security policies, human resource management, facility management, IT security management, leakage accident response, and so on except asset management [8,9]. To achieve a goal in compliance with companies security investment efficiently and effectively, a correct evaluation (diagnosis) should be preceded for current security levels of the companies. Therefore, this paper would like to measure the security level of small and medium business to remove impediments to companies competitiveness and to prepare a chance to improve it. With such a goal, it would like to design a model to measure the security level of small and medium business and a human centric security policy. In detail, it designs the model to measure security levels through the preceding studies, and applies it to companies to analyze the security level of the companies empirically. Finally, it designs a strategy to enhance the security level of companies Copyright 2013 John Wiley & Sons, Ltd.

2 2. STATUS OF SMALL AND MEDIUM BUSINESS TECHNOLOGY LEAKAGE 2.1. The number and scale of small and medium business technology leakage damage (Korea cases) The 161 companies responded that they had experienced technology leakage from 2008 to 2010, which occupy 10.5% of the whole 1529 sample companies. For each company type, 11.1%, 10.0%, and 11.6% of large, small and medium, and venture companies responded that they had experienced technology leakage, respectively. As a result of conducting an additional survey for companies experiencing technology leakage, it was found that the ratios of companies experiencing one and two or more technology leakage accidents repeatedly are 64.0% and 36.0%, respectively. It was calculated that the average number of technology leakage accidents of companies experiencing technology leakage is 1.6. For each company type, it was analyzed that the large, small and medium, and venture companies have 2.2, 1.6, and 1.5 cases, respectively. It was found that the average amount of damage for each technology leakage accident is 1.66 billion won, and 3.14, 1.02, and 2.47 billion won for large, small and medium, and venture companies, respectively. It was found that companies with a heavier damage loss compared with their business scale are venture ones. In detail, it was found that the average sales scale of small and medium, and venture companies experiencing the technology leakage is billion won. Accordingly, it is estimated that about 12% of the total sales is the damage loss amount caused by the technology leakage. Also, it was found that the sales scale of only the venture companies is 8.27 billion won. Therefore, it is estimated that 29.8% of the total sales is the damage loss amount caused by the technology leakage Technology leakage paths of small and medium companies For persons concerned in the technology leakage of small and medium companies, retired employees played the most important role (74.5%), and it was found in the order of competitors (15.5%) and subcontractors employees (14.9%) (Figure 1). It was found that the technology leakage means by these persons concerned in the technology leakage are in the order of the headhunting of key manpower (42.2%), duplication and stealing (38.5%), missing of portable storage devices, joint projects, and joint researches (11.2%) (Figure 2). It was analyzed that the technology leakage method by manpower movement itself is higher than the one by tools. The ratio was 57.8% that small and medium companies answering security management status has improved after technology leakage. It was analyzed that companies recognizing importance and wide-spreading wariness of technology leakage accident Small and medium companies leakage technology target and their post response It was found that the types of small and medium companies technologies leaked were in the order of that the result data of the project in execution was 39.8%, the final research result as 36.0%, and the design drawing of major equipment as 30.4% (Figure 3). It was found that 37.9% had accused the persons (companies) concerned as the follow-up action for the technology leakage and that 26.7% had also reinforced the security management system in the laboratory. However, companies not carrying out special measures were also found as a level of 33.5% as ever. Additionally, the ratio of answering that a retiree had moved to its competitor within the past 2 years was indicated as 14.7%. It was found that the ratio of changing jobs Current Employees Retired Employees Subcontractors Employees Competitors Employees Average Large Companies Small and Medium Companies Venture Companies Potential Investors Figure 1. Persons concerned in the technology leakage of small and medium companies (multiple answers). Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd. 1623

3 Figure 2. Means for the technology leakage of small and medium companies (multiple answers). Figure 3. Types of industrial secrets leaked (multiple answers). by the retirees of large companies was 37.0%, which was higher than other company types. For the cause of occurring the technology leakage, companies replied in the order of that the loose security management and supervision system is 56.3%, the employees insufficient security awareness as 52.4%, and personal pursuit of financial profit as 27.6%. In detail, for small and medium companies and venture ones, their difficulties of investing in the security cost due to the small scale are 20.7% and 17.6%, respectively, of which difficulties were indicated higher than those of large companies. Therefore, it is expected that reinforcing security awareness for members of the company and building a security management system with lower cost rather than building a separate security system with high cost could be selected as an efficient security strategy for small and medium/venture companies with insufficient managerial resources. The ratio of companies, which replied that they had invested in the technology leakage prevention, was on the level of 63.4%. It was found as venture companies (68.5%), small and medium ones (61.7%), and large ones (51.9%). In addition, it was found that the average amount of investment for the technology leakage prevention is 19.5 million won. In detail, it was found as 128.8, 17.7, and 13.4 million won for large, small and medium, and venture companies, respectively. 3. DESIGN OF A MODEL TO EVALUATE THE SECURITY LEVEL OF SMALL AND MEDIUM COMPANIES AND ITS EMPIRICAL STUDY 3.1. Design of a model to evaluate the security level of small and medium companies With the preceding studies, a model to evaluate the security level of small and medium companies was designed. To redesign typical areas such as the security policy, asset 1624 Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd.

4 management, human resource management, facility management, IT security management, and leakage accident response for evaluating the existing security level, the conceptual system was designed as shown in Figure 4. With the conceptual system to measure the security level of small and medium companies, a model to evaluate the security level of small and medium companies considering the preceding studies was designed. The designed evaluation model was based on the fact that organizations, which are influenced by the technology protection environment (legal system, political and economic environment, social consensus, etc.) from the outside and by the technology protection awareness/culture from the inside, carry out security activities such as the technology protection environment, technology protection activities, and continuous management of technology protection. As the basic premise for security activities, the technology protection support environment area was composed of the security policy, security organizations, security investment items, and so on. The technology protection activity area was composed of the asset management (asset identification and classification), personnel management (management of authorized inside/outside staff, management of new employees/incumbents/retirees), physical security (areas and equipment), technical security (IT security system) items, and so on. Finally, the continuous management area of technology protection was composed of the operation management (security activity confirmation and improvement), accident response (response system for the occurred accident) items, and so on (Table I). The security level was measured by adding up scores of respective areas, and the maturity was divided into five levels such as excellent, good, average, weak, and dangerous by its score. Level 1 is a dangerous one, which represents the case below 40 points. It is a state that serious defects and vulnerability always reside for security, and the fatal damage is concerned depending on the leakage and infringement extent of technology. Level 2 is a vulnerable one, which indicates from 40 points to below 55 ones. It involves somewhat serious defects and vulnerability for security, and represents a state that could result in the fatal damage depending on the leakage and infringement extent of technology. Level 3 is an average one, which indicates from 55 points to below 70 ones. It involves usual defects and vulnerability for security, and represents a state that the damage could grow worse depending on the leakage and infringement extent of technology. Level 4 is a good one, which indicates from 70 points to below 85 ones. It involves minor defects and vulnerability for security, and represents a state that the security work is partially carried out on the company level. Level 5 is an excellent one, which indicates 85 points or more. It has little defect and vulnerability for security, and represents a state that the damage is minimized when the technology leakage and infringement accident occurs Design of an evaluation survey for the security level of small and medium companies and its result A survey in the form of a respondent entry was conducted from 21 November 2011 to 14 January 2012 by post, fax, , and so on, for 1529 sample companies possessing a laboratory affiliated with a company. Samples were extracted by the multilevel stratified sampling method for three respective company types based on the sales; the power allocation using advantages of Neyman s optimum distribution and proportional allotment methods was used for maintaining representativeness of each stratum; the size of samples was determined by the random stratification sampling. It was found that the security level of the small and medium company group (small and medium/venture companies) is In detail, it showed the satisfaction level under half in most areas except the protection policy in Figure 4. A conceptual system to measure the security level of small and medium companies. Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd. 1625

5 Table I. The evaluation model for the security level of small and medium companies proposed in this study. Area (weight) Item(weight) Technology protection support environment (13) Protection policy (6) Protection organization (4) Protection investment (3) Technology protection activity (69) Protection asset management (13) Protection training (3) Personnel management (12) Inside personnel management (8) Incumbent (4) Retiree (4) Outside personnel management (4) Physical protection (15) Technical protection (26) PC protection (6) Information system security management (12) Communication network management (4) Electronic information protection (4) Continuous management of technology protection (18) Operation management (4) Accident response (14) the technology protection support environment area and the physical protection item in the technology protection activity area (Table II). The security level of the whole companies including large, small and medium, and venture ones was 43.8 points, which indicated as the vulnerable level. Dividing into the company groups, the large company was 75.4 points, which was a good level, but the small and medium one was 42.6, the venture one was 42.8, which were investigated as the vulnerable level (Figure 5). For the distribution of companies for each security level, the dangerous level was 46.4%, which was the largest, and it indicated in the order of vulnerable as 24.2%, average as 15.3%, good as 9.2%, and excellent as 5.0%. For the security level of large companies, the excellent level was 37.0%, which was the largest, and was in the order of good as 29.6% and average as 20.4%. In addition, it was analyzed that the security level under the vulnerable one was only 13.0% for large companies. For the security level of small and medium companies, the dangerous level was 47.7%, which was the largest, and was in the order of vulnerable as 24.9% and average as 15.1%. However, the security level above the good was only 12.2% for small and medium companies. The security level of venture companies also showed the same form as the small and medium ones. In detail, for the security level of venture Table II. Security levels of small and medium companies (overall). Area Item Point Technology protection support Protection policy 3.7/6 environment Protection organization 0.9/4 Protection investment 0.8/3 Technology protection activity Protection asset management 6.3/13 Protection training 1.1/3 Personnel management Inside personnel management Incumbent 1.9/4 Retiree 1.4/4 Outside personnel management 1.2/4 Physical protection 8/15 Technical protection PC protection 2.5/6 Information system security management 4.5/12 Communication network management 1.6/4 Electronic information protection 1.7/4 Continuous management of technology Operation management 1.8/4 protection Accident response 5.2/14 Total 42.6/ Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd.

6 Figure 5. Security levels for each form of companies. companies, the dangerous level was 46.4%, which was the largest, and was investigated in the order of vulnerable as 27.5% and average as 16.8%. In addition, the security level above the good was only 9.3% for venture companies (Figure 6). 4. DESIGN OF A STRATEGY FOR IMPROVING THE SECURITY LEVEL OF SMALL AND MEDIUM COMPANIES 4.1. Concentration of the technology-intensive small and medium companies To establish the concentrated support target for the small and medium companies technology protection, the security level was compared between the technology-intensive companies, which have relatively many protection assets, and the less labor-intensive ones. The technologyintensive company means one that the investment ratio compared with the sales and the possession ratio of research manpower are high. In addition, the labor-intensive company means one that the portion occupied by the capital is low in the production factor and the degree of coupling with labor is high. It was found that the technology-intensive companies had higher management performance than the general companies. Because the overall security level of the labor-intensive companies was investigated as 43.0 points, which was measured as rather higher than 41.1 points that was the security level of the technology-intensive companies possessing relatively many assets for protection, it was found that there is a need to concentrate the target segment of supporting the technology Figure 6. Distribution of companies for each security level (for each type of companies). Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd. 1627

7 protection policy for the small and medium companies on the technology-intensive companies (Table III) Development of an improvement methodology for each security advancement stage of small and medium companies As a result of investigating the distribution of the investigation-target companies security levels, it was found that most of small/medium and venture companies are currently situated on the dangerous level. In detail, because it was measured that 46.7%, 25.1%, 15.4%, 8.8%, and 4.0% of the investigation-target companies are situated on the dangerous, vulnerable, average, good, and excellent levels, respectively, it was analyzed that there is a need to carry out, by priority, the government s security policy for improving the security level from level 1, dangerous one, to the next one (level 2) (Figure 7). To trigger the dangerous level of companies currently belonged to most of small/medium and venture ones, the asset management, physical security activity, and so on were extracted as the decisive factors compared with other elements. In detail, it was found that the asset identification and classification process, which forms the foundation of security activities, methods to manage major facilities and equipment, methodology to control activities (access, Table III. Comparison of the security levels between technology-intensive and labor-intensive small/medium companies. Technology intensive (n = 380)Labor intensive (n = 936) Area Item Point Area Point Point Area point Technology protection support environment Technology protection activity Protection policy 3.7/6 5.3/13 3.8/6 5.5/13 Protection organization 0.8/4 0.9/4 Protection investment 0.8/3 0.8/3 Protection asset 6.1/ /69 6.4/ /69 management Protection training 1.1/3 1.1/3 Personnel Inside personnelincumbent 1.9/4 1.9/4 management management Retiree 1.3/4 1.4/4 Outside personnel 1.2/4 1.2/4 management Physical protection 7.6/15 8.1/15 Technical protection PC protection 2.3/6 2.5/6 Information system 4.2/12 4.6/12 security management Communication 1.5/4 1.6/4 network management Electronic 1.7/4 1.8/4 information protection Operation management 1.7/4 6.9/18 1.8/4 7/18 Accident response 5.2/14 5.2/14 Continuous management of technology protection Total 41.1/ / / /100 Figure 7. Distribution of companies by the security advancement stage Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd.

8 movement) for members of the organization, and so on are needed (Table IV) Carrying out of a balanced security strategy The weak point for security levels was drawn from the security strategy perspective of small/medium and venture companies. The security strategy means a directivity that arranges (designs) a variety of security activities in an organization. In other words, it is an interpretation of why is the technology protection carried out? What is carried out? and so on in terms of the whole organization. It could be classified diversely according to the strategy application time, strategy application place, the decision making process for applying the strategy, and so on. By classifying the security strategy by the time-based criterion, it could be divided into the proactive strategy (awareness improvement, training, authentication method, warning, etc.), detective one (internal/external audit, observation, sensing/warning, contents filtering, etc.), reactive one (external institution s cooperation, evidence collection, and penalty), and so on (Figure 8). When currently classifying the model to survey the security level in terms of the security promotion strategy, it was found that it is relatively concentrated in the technology leakage accident prevention activities (45.3%) and that the measurement on the detection of technology leakage actions (42.1%) or the post treatment activities (33.7%) was insufficient, so it is considered that the balance of security strategy is not maintained (Figure 9). It is necessary to change the policy from the viewpoint of how to protect technologies to the one of how to minimize damages of leakage accidents. Considering that the perfect blocking of technology leakage is practically difficult, the degree of preparation for securing the business continuity in case of a security accident is a relatively high level. The satisfaction level for the reactive strategy is lower than the proactive and detective strategies also in terms of the security strategy. A virtuous circular accident prevention effect is expected through a visual accident response process (Figure 10) Design of a security management system centered on humans rather than systems It is time to take effort to improve awareness of members, which is the primary cause of the technology leakage, rather than the security system technology support. For the technology leakage, the method by manpower movement is more increased than the one by tools compared with the past. Reinforcing of security awareness for members and building of a security management system with relatively low cost rather than building of a security system with high cost could become an efficient security strategy for small/medium and venture companies with insufficient management resources. Furthermore, it is necessary to take effort to form a security consensus (culture) from the multi-dimensional viewpoint of members of the organization. It requires efforts of reinforcing individual level s security awareness and information ethics, organizational level s multi-dimensional risk analysis, consistent policy design, best case benchmarking, continuous security investment, forming mutual trust, and so on (Figure 11). 5. CONCLUSION AND FUTURE TASKS The technology leakage rate and the amount of damage for companies adversely affect sustainable growth of the companies in the integrated IT environment. To exploit core technologies owned by companies to ensure sustainable growth, it should make effort to improve security levels from various perspectives at the same time. In particular, to achieve a goal efficiently and effectively in compliance with the security investment of small and medium companies possessing limited human/material resources, a correct evaluation should be preceded for current security levels of the companies. Therefore, this paper designed the conceptual system and model to measure security levels of small and medium companies, and measured the security level by the survey for the small and medium companies. In addition, it designed the strategy to enhance the companies security level. It has three meanings as follows. First, by restructuring items to measure the security level presented by the preceding studies, it suggested the conceptual system that could measure the security level of small and medium companies. Second, by investigating the present condition of the small and medium companies security level to analyze the distribution according to the security development stage, it suggested the focus target of a political improvement method for enhancing the security level. Third, by understanding the present condition that the current model for measuring the security of the preceding studies is constructed mainly with the proactive strategy, it suggested the balanced method to measure the security level. For the future study, it would be desirable to study the external security environment suggested by this study model and the effect of security awareness/culture on the security level. In addition, it would be desirable to study a process that the technology protection culture returns to the technology protection elements by analyzing the relationship between the technology protection elements for forming the security culture and the technology protection actions and by again analyzing the relationship between the technology protection actions and the technology protection culture. Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd. 1629

9 Table IV. Security levels by the security advancement stage. Area Item Dangerous (614, 46.7%) Vulnerable (330, 25.1%) Average (203, 15.4%) Good (116, 8.8%) Excellent (53, 4.4%) Technology protection support environment Technology protection activity Protection policy 2.7/ Protection organization 0.3/ Protection investment 0.3/ Protection asset management 3.5/ Protection training 0.6/ Personnel management Inside personnel Incumbent 1/ management Retiree 0.7/ Outside personnel 0.5/ management Physical protection 5.3/ Technical protection PC protection 1.3/ Information system security management Communication network management Electronic information protection 2.3/ / / Continuous management of Operation management 1.1/ technology protection Accident response 2.8/ Total 24.2/ Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd.

10 Figure 8. Types of the security strategy (based on the strategy application time). Figure 9. Satisfaction degree from the viewpoint of strategies. Figure 10. Securing the balance of the model to survey security levels. Figure 11. Process to form the security culture. Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd. 1631

11 REFERENCES 1. Kim Y, Chang H. The industrial security management model for SMBs in smart work. Journal of Intelligent Manufacturing doi: /s Guo KH. Information systems security misbehavior in the workplace: the effects of job performance expectation and workgroup norm, ETD Collection for McMaster University 2010; AAINR Kim Y, Chang H. Smart sensor based total quality management service design in production process. Lecture Notes in Electrical Engineering 2012; 182: Wall DS. Enemies within: redefining the insider threat in organizational security policy. Security Journal doi: /sj Chang H, Kim K-k. Design of inside information leakage prevention system in ubiquitous computing environment. Lecture Notes in Computer Science 2005; 3483: Albrechtsen E. A qualitative study of users views on information security. Computers and Security 2007; 26(4): Chang H. The design of leakage prevention service for industry databases. Computers & Mathematics with Applications doi: /j. camwa Kruger HA, Kearney WD. A prototype for assessing information security awareness. Computers and Security 2006; 25(4): Da Veiga A, Eloff JHP. A framework and assessment instrument for information security culture. Computers & Security 2010; 29(2): Security Comm. Networks 2014; 7: John Wiley & Sons, Ltd.

(b) Fiscal 2016 Initiative Results and Fiscal 2017 Plans

(b) Fiscal 2016 Initiative Results and Fiscal 2017 Plans provide a new framework based on ISO 26000, the global standard for corporate social responsibility. In accordance, Hitachi Metals will further reinforce its PDCA cycle for CSR management to accurately

More information

Critical Information Infrastructure Protection Law

Critical Information Infrastructure Protection Law Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.

More information

The Information Security Guideline for SMEs in Korea

The Information Security Guideline for SMEs in Korea The Information Security Guideline for SMEs in Korea Ho-Seong Kim Mi-Hyun Ahn Gang Shin Lee Jae-il Lee Abstract To address current difficulties of SMEs that are reluctant to invest in information security

More information

REINVENTING ETHICAL, SUSTAINABLE SUPPLY CHAINS

REINVENTING ETHICAL, SUSTAINABLE SUPPLY CHAINS REINVENTING ETHICAL, SUSTAINABLE SUPPLY CHAINS HP Inc. Sustainability Briefing January 22, 2018 1 Copyright 2018 HP Development Company, L.P. The information contained herein is subject to change without

More information

ACCOUNTING (ACCT) Kent State University Catalog

ACCOUNTING (ACCT) Kent State University Catalog Kent State University Catalog 2018-2019 1 ACCOUNTING (ACCT) ACCT 23020 INTRODUCTION TO FINANCIAL ACCOUNTING 3 Credit (Equivalent to ACTT 11000) Introduction to the basic concepts and standards underlying

More information

Bachelor of Property Valuation

Bachelor of Property Valuation Course information for Bachelor of Property Valuation Course Number HE20507 Course design The Bachelor of Property Valuation is a three-year qualification that prepares graduates for work as a Valuer in

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management

More information

Certified Manager Certification

Certified Manager Certification Certified Manager Certification Get Trained Get Certified Get Recognized www.hr-pulse.org In Partnership With HR Pulse has the Learning Solutions to Empower Your People & Grow Your Business About ICPM

More information

STRATEGIC PLAN

STRATEGIC PLAN STRATEGIC PLAN 2013-2018 In an era of growing demand for IT services, it is imperative that strong guiding principles are followed that will allow for the fulfillment of the Division of Information Technology

More information

ITSS Model Curriculum. - To get level 3 -

ITSS Model Curriculum. - To get level 3 - ITSS Model Curriculum - To get level 3 - (Corresponding with ITSS V3) IT Skill Standards Center IT Human Resources Development Headquarters Information-Technology Promotion Agency (IPA), JAPAN Company

More information

NOKIA FINANCIAL RESULTS Q3 / 2012

NOKIA FINANCIAL RESULTS Q3 / 2012 Nokia Internal Use Only NOKIA FINANCIAL RESULTS Q3 / 2012 Conference Call October 18, 2012 15.00 / Helsinki 08.00 / New York Stephen Elop / President & CEO Timo Ihamuotila / CFO Matt Shimao / Head of Investor

More information

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee

More information

Nokia Conference Call 1Q 2012 Financial Results

Nokia Conference Call 1Q 2012 Financial Results Nokia Internal Use Only Nokia Conference Call 1Q 2012 Financial Results April 19 th, 2012 15.00 Helsinki time 8.00 New York time Stephen Elop President & CEO Timo Ihamuotila CFO Matt Shimao Head of Investor

More information

An advanced data leakage detection system analyzing relations between data leak activity

An advanced data leakage detection system analyzing relations between data leak activity An advanced data leakage detection system analyzing relations between data leak activity Min-Ji Seo 1 Ph. D. Student, Software Convergence Department, Soongsil University, Seoul, 156-743, Korea. 1 Orcid

More information

TSC Business Continuity & Disaster Recovery Session

TSC Business Continuity & Disaster Recovery Session TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

IJESRT. (I2OR), Publication Impact Factor: (ISRA), Impact Factor: 2.114

IJESRT. (I2OR), Publication Impact Factor: (ISRA), Impact Factor: 2.114 IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY EVALUATING ISO STANDARDS APPLICATION OF SECURITY REQUIREMENTS OF E- BANKING IN SUDAN Inshirah M. O. Elmaghrabi*, Hoida A. Abdelgadir,

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

BOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018

BOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018 STATE OF IOWA SEPTEMBER 12-13, 2018 REQUEST FOR NEW PROGRAM AT IOWA STATE UNIVERSITY: BACHELOR OF SCIENCE IN CYBER SECURITY ENGINEERING Contact: Rachel Boon Action Requested: Consider approval of the request

More information

Research Infrastructures and Horizon 2020

Research Infrastructures and Horizon 2020 Research Infrastructures and Horizon 2020 Christos VASILAKOS DG Research & 1 st CoPoRI Workshop on EoE 11-12 June 2012 Hamburg, DE The EU Framework Programme for Research and 2014-2020 Research and Europe

More information

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose: STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security

More information

ISO/IEC Information technology Security techniques Code of practice for information security management

ISO/IEC Information technology Security techniques Code of practice for information security management This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security

More information

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile

More information

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security

More information

MIS Class 2. The Threat Environment

MIS Class 2. The Threat Environment MIS 5214 Class 2 The Threat Environment Agenda In the News Models Risk Hackers Vulnerabilities Information System Categorization Risk Assessment Exercise Conceptual Modeling and Information Systems In

More information

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements

More information

Problems and Countermeasures of Information Security of Electric. Power Enterprises in China

Problems and Countermeasures of Information Security of Electric. Power Enterprises in China 6th International Conference on Machinery, Materials, Environment, Biotechnology and Computer (MMEBC 2016) Problems and Countermeasures of Information Security of Electric Power Enterprises in China Haixun

More information

Getting Started with Stormwater Asset Management

Getting Started with Stormwater Asset Management Getting Started with Stormwater Asset Management Fall Conference Broken Arrow, OK September 17, 2018 Trey Shanks CFM, IAM, PACP ts@freese.com Asset management roadmap STEP 4 Risk Based Analysis STEP 3

More information

ADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT

ADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT ADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT 1 BY HUSSEIN K. ISINGOMA CISA,FCCA,CIA, CPA, MSC,BBS AG. ASSISTANT COMMISSIONER/INTERNAL AUDIT MINISTRY OF FINANCE, PLANNING AND ECONOMIC

More information

Business Continuity An Integral Part of Risk Management At Constellation Energy

Business Continuity An Integral Part of Risk Management At Constellation Energy Business Continuity An Integral Part of Risk Management At Constellation Energy World Disaster Management Conference Toronto, Canada June 19, 2006 Robert W. Cornelius Director Business Continuity Operating

More information

GoVenture

GoVenture BBI1O, BBI2O, Grades 9 or 10 Introduction to Business Strand: Business Fundamentals Economic Basics Types of Businesses C C C C C Business Ethics and Social Responsibility C C C C C C C C C C International

More information

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de

More information

School of Engineering and Technology. Department of Engineering

School of Engineering and Technology. Department of Engineering 1 2 School of Engineering and Technology Department of Engineering 3 Bachelor of Science in Communication Engineering The program focuses on the technical aspects of digital and analog communications,

More information

Security Management Models And Practices Feb 5, 2008

Security Management Models And Practices Feb 5, 2008 TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

EVALUATION AND APPROVAL OF AUDITORS. Deliverable 4.4.3: Design of a governmental Social Responsibility and Quality Certification System

EVALUATION AND APPROVAL OF AUDITORS. Deliverable 4.4.3: Design of a governmental Social Responsibility and Quality Certification System EVALUATION AND APPROVAL OF AUDITORS Deliverable 4.4.3: Design of a governmental Social Responsibility and Quality Certification System 1 TABLE OF CONTENTS 1. Scope and field of Application 3 2. Normative

More information

Green IT: Sustainability and Risk Analysis. David C. Chou Professor of Computer Information Systems Eastern Michigan University

Green IT: Sustainability and Risk Analysis. David C. Chou Professor of Computer Information Systems Eastern Michigan University Green IT: Sustainability and Risk Analysis 1 David C. Chou Professor of Computer Information Systems Eastern Michigan University 2 Purposes of this study Discuss the implication of Green IT and sustainability.

More information

O&M Service for Sustainable Social Infrastructure

O&M Service for Sustainable Social Infrastructure O&M Service for Sustainable Social Infrastructure Hitachi Review Vol. 62 (2013), No. 7 370 Toshiyuki Moritsu, Ph. D. Takahiro Fujishiro, Ph. D. Katsuya Koda Tatsuya Kutsuna OVERVIEW: Hitachi is developing

More information

WHITE PAPER. Title. Managed Services for SAS Technology

WHITE PAPER. Title. Managed Services for SAS Technology WHITE PAPER Hosted Title Managed Services for SAS Technology ii Contents Performance... 1 Optimal storage and sizing...1 Secure, no-hassle access...2 Dedicated computing infrastructure...2 Early and pre-emptive

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting

More information

Cyber Security in Smart Commercial Buildings 2017 to 2021

Cyber Security in Smart Commercial Buildings 2017 to 2021 Smart Buildings Cyber Security in Smart Commercial Buildings 2017 to 2021 Published: Q2 2017 Cyber Security in Smart Buildings Synopsis 2017 This report will help all stakeholders and investors in the

More information

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Shifting budgets and responsibilities require IT and physical security teams to consider fundamental change in day-to-day

More information

ITG. Information Security Management System Manual

ITG. Information Security Management System Manual ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005

More information

Domino s Pizza Enterprises Ltd. The Business Partner. Code of Practice

Domino s Pizza Enterprises Ltd. The Business Partner. Code of Practice Domino s Pizza Enterprises Ltd The Business Partner Code of Practice INTRODUCTION At Domino s we are committed to living our brand ethos of People Powered Pizza. This includes the people who work with

More information

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN Improving Data Governance in Your Organization Faire Co Regional Manger, Information Management Software, ASEAN Topics The Innovation Imperative and Innovating with Information What Is Data Governance?

More information

Information technology Security techniques Information security controls for the energy utility industry

Information technology Security techniques Information security controls for the energy utility industry INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques

More information

Report. Conceptual Framework for the DIAMONDS Project. SINTEF ICT Networked Systems and Services SINTEF A Unrestricted

Report. Conceptual Framework for the DIAMONDS Project. SINTEF ICT Networked Systems and Services SINTEF A Unrestricted SINTEF A22798- Unrestricted Report Conceptual Framework for the DIAMONDS Project Author(s) Gencer Erdogan, Yan Li, Ragnhild Kobro Runde, Fredrik Seehusen, Ketil Stølen SINTEF ICT Networked Systems and

More information

Hong Kong Mobile Apps Industry Survey 2017

Hong Kong Mobile Apps Industry Survey 2017 Hong Kong Mobile Apps Industry Survey 2017 Table of Content Introduction Methodology Situation in Hong Kong Company Overview Human Resources Startups Products & Services Business Environment Comparison

More information

ACCOUNTING (ACCT) Accounting (ACCT) 1

ACCOUNTING (ACCT) Accounting (ACCT) 1 Accounting (ACCT) 1 ACCOUNTING (ACCT) ACCT 201 Introduction to Accounting (3 crs) Prerequisite: Eligible for MATH 104 or above (MATH 104, MATH 106, MATH 108, MATH 109, MATH 111, MATH 112, MATH 113, MATH

More information

Information Security Management Criteria for Our Business Partners

Information Security Management Criteria for Our Business Partners Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents

More information

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: June 2013 Sponsored by Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information can be easily transported and lost, while the

More information

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets. REPORT FOR ACTION IT Infrastructure and IT Asset Management Review: Phase 1: Establishing an Information Technology Roadmap to Guide the Way Forward for Infrastructure and Asset Management Date: January

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

ISO/IEC/ IEEE INTERNATIONAL STANDARD. Systems and software engineering Architecture description

ISO/IEC/ IEEE INTERNATIONAL STANDARD. Systems and software engineering Architecture description INTERNATIONAL STANDARD ISO/IEC/ IEEE 42010 First edition 2011-12-01 Systems and software engineering Architecture description Ingénierie des systèmes et des logiciels Description de l'architecture Reference

More information

Emerging Technologies The risks they pose to your organisations

Emerging Technologies The risks they pose to your organisations Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things

More information

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010 Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at

More information

ISSA Guidelines on Information and Communication Technology: Overview

ISSA Guidelines on Information and Communication Technology: Overview ISSA Guidelines on Information and Communication Technology: Overview Raul Ruggia-Frick ISSA Secretariat ISSA Guidelines Information and Communication Technology 2 Outline Context The Guidelines on Information

More information

C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT

C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT Buy: http://www.globalmanagergroup.com/iso27001training.htm Chapter-1.0 CONTENTS OF ISO 27001-2005

More information

Results and Plan of the Hitachi Chemical Group s CSR Activities The Entire Group is Systematically Pursuing Even Higher Levels of CSR Activities

Results and Plan of the Hitachi Chemical Group s CSR Activities The Entire Group is Systematically Pursuing Even Higher Levels of CSR Activities Results and Plan of the Hitachi Chemical Group s CSR Activities The Entire Group is Systematically Pursuing Even Higher Levels of CSR Activities Based on the Group CSR Policy, the entire Hitachi Chemical

More information

How to Become a CMA (Certified Management Accountant) May 10, 2017

How to Become a CMA (Certified Management Accountant) May 10, 2017 How to Become a CMA (Certified Management Accountant) May 10, 2017 Today s Moderator Featured Presenter Agenda The CMA Designation Institute of Management Accountants (IMA) Why get a CMA? CMA Requirements

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

Network Security Assessment

Network Security Assessment Network Security Assessment http://www.cta.com/content/docs/n et_ass.pdf 1 Introduction There are certain characteristics that the network should possess: 1. Security Policy. Networks should have an associated

More information

Information Security Solutions

Information Security Solutions Information Security Solutions V Kiyotaka Uchida V Noriaki Sugano V Syouichi Andou (Manuscript received December 20, 2006) Now that regulations such as the Japanese Sarbanes-Oxley (J-SOX) act have been

More information

Inter-American Port Security Cooperation Plan

Inter-American Port Security Cooperation Plan Inter-American Port Security Cooperation Plan Thomas Morelli Program Manager for Port & Cargo Security Maritime Administration U.S. Department of Transportation Inter-American Port Security Cooperation

More information

Criteria for selecting methods in user-centred design

Criteria for selecting methods in user-centred design Extended version of I-USED 2009 workshop paper Criteria for selecting methods in user-centred design Nigel Bevan Professional Usability Services 12 King Edwards Gardens, London W3 9RG, UK mail@nigelbevan.com

More information

Developing an integrated approach to the analysis of MOD cyber-related risks

Developing an integrated approach to the analysis of MOD cyber-related risks Developing an integrated approach to the analysis of MOD cyber-related risks James Tate, Colette Jeffery Joint Enablers Analysis Group 28 th July 2016 COVERING Overview 1. risk research 2. Customer requirement

More information

Information Systems and Tech (IST)

Information Systems and Tech (IST) Information Systems and Tech (IST) 1 Information Systems and Tech (IST) Courses IST 101. Introduction to Information Technology. 4 Introduction to information technology concepts and skills. Survey of

More information

MANAGEMENT OF INFORMATION SECURITY INCIDENTS

MANAGEMENT OF INFORMATION SECURITY INCIDENTS MANAGEMENT OF INFORMATION SECURITY INCIDENTS PhD. Eng Daniel COSTIN Polytechnic University of Bucharest ABSTRACT Reporting information security events. Reporting information security weaknesses. Responsible

More information

ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES

ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES ACCREDITATION SCHEME MANUAL Document Title: Document Number: Various Accreditation Schemes ACCAB-ASM-7.0 CONTROLLED COPY Revision Number Revision

More information

ITIL Managing Across the Lifecycle Course

ITIL Managing Across the Lifecycle Course ITIL Managing Across the Lifecycle Course Duration: 5 Days Course Delivery: Classroom Language: English Course Overview ITIL 2011 edition is comprised of five core publications: Service Strategy, Service

More information

LEHMAN COLLEGE OF THE CITY UNIVERSITY OF NEW YORK. Department of Economics and Business. Curriculum Change

LEHMAN COLLEGE OF THE CITY UNIVERSITY OF NEW YORK. Department of Economics and Business. Curriculum Change Senate Meeting of April 28, 2010 Graduate Studies Committee Hegis Code: 0502 Program Code: 32786 LEHMAN COLLEGE OF THE CITY UNIVERSITY OF NEW YORK Department of Economics and Business Curriculum Change

More information

ITG. Information Security Management System Manual

ITG. Information Security Management System Manual ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005

More information

IT risks and controls

IT risks and controls Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles

More information

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com

More information

IBM Software IBM InfoSphere Information Server for Data Quality

IBM Software IBM InfoSphere Information Server for Data Quality IBM InfoSphere Information Server for Data Quality A component index Table of contents 3 6 9 9 InfoSphere QualityStage 10 InfoSphere Information Analyzer 12 InfoSphere Discovery 13 14 2 Do you have confidence

More information

Hitachi Completes Transfer of Hard Disk Drive Business to Western Digital

Hitachi Completes Transfer of Hard Disk Drive Business to Western Digital FOR IMMEDIATE RELEASE Contact: Japan: Hajime Kito Hitachi, Ltd. +81-3-5208-9323 hajime.kito.qy@hitachi.com Hitachi Completes Transfer of Hard Disk Drive Business to Western Digital Tokyo, March 9, 2012

More information

Expanding ICT Infrastructure for Rural Areas in Korea

Expanding ICT Infrastructure for Rural Areas in Korea Expanding ICT Infrastructure for Rural Areas in Korea Hyongsoon Kim*, Eunyoung Lee** * Digital Infrastructure Division, National Information Society Agency, Seoul, Korea **Dept. of Computer Science, Dongduk

More information

Angela McKay Director, Government Security Policy and Strategy Microsoft

Angela McKay Director, Government Security Policy and Strategy Microsoft Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au

More information

PROTERRA CERTIFICATION PROTOCOL V2.2

PROTERRA CERTIFICATION PROTOCOL V2.2 PROTERRA CERTIFICATION PROTOCOL V2.2 TABLE OF CONTENTS 1. Introduction 2. Scope of this document 3. Definitions and Abbreviations 4. Approval procedure for Certification Bodies 5. Certification Requirements

More information

General Framework for Secure IoT Systems

General Framework for Secure IoT Systems General Framework for Secure IoT Systems National center of Incident readiness and Strategy for Cybersecurity (NISC) Government of Japan August 26, 2016 1. General Framework Objective Internet of Things

More information

Gujarat Forensic Sciences University

Gujarat Forensic Sciences University Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat

More information

Purpose of establishment and main functions. Greeting. Busan IT Industry Promotion Agency. (BIPA) is a leading IT CT industry in Busan.

Purpose of establishment and main functions. Greeting. Busan IT Industry Promotion Agency. (BIPA) is a leading IT CT industry in Busan. Centum Venture Town (BIPA) 41 Centumdong-ro (1475 U-dong), Haeundae-gu, Busan, Korea TEL : +82-51-749-6660 FAX : +82-51-731-6664 Busan Cultural Contents Complex 140 Suyeonggangbyeon-daero (1466-1 U-dong),

More information

How To Reduce the IT Budget and Still Keep the Lights On

How To Reduce the IT Budget and Still Keep the Lights On How To Reduce the IT Budget and Still Keep the Lights On By Charles Williams and John Carnegie CIOs are now more challenged than ever to demonstrate mature financial management disciplines, greater transparency,

More information

Business Continuity. Policies. Promotion Framework

Business Continuity. Policies. Promotion Framework Business Continuity For many years NEC has been involved in the construction of social infrastructure through information and communications technologies. Social infrastructures, such as communication

More information

APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION. PT. TÜV NORD Indonesia PS - TNI 001 Rev.05

APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION. PT. TÜV NORD Indonesia PS - TNI 001 Rev.05 APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION PT. TÜV NORD Indonesia PS - TNI 001 Rev.05 Created : 20-06-2016 Checked: 20-06-2016 Approved : 20-06-2016 Indah Lestari Karlina

More information

A company built on security

A company built on security Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for

More information

Independent Assurance Statement

Independent Assurance Statement Independent Assurance Statement Scope and Objectives DNV GL Business Assurance USA, Inc. (DNV GL) was commissioned by Lockheed Martin Corporation (Lockheed Martin) to conduct independent assurance of its

More information

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017 Cyber Concerns of Local Government and What Does It Mean to Transportation Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017 Transportation and Infrastructure

More information

Ⅰ Introduction 1. Ⅱ Information Security Infrastructure and Environment 2. Ⅲ Information Security Incident Prevention 8

Ⅰ Introduction 1. Ⅱ Information Security Infrastructure and Environment 2. Ⅲ Information Security Incident Prevention 8 Ⅰ Introduction 1 Ⅱ Information Security Infrastructure and Environment 2 1. Information Security Policy 2 A. Information (Personal Information) Security Policy 2 B. Information Security Policy 3 C. Personal

More information

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable? Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011

More information

Kyocera Corporation Financial Presentation

Kyocera Corporation Financial Presentation Kyocera Corporation Financial Presentation (Year Ended March 31, 2007) May 7, 2007 Kyocera Corporation ForwardLooking Statements Certain of the statements made in this document are forwardlooking statements

More information

Information Security and Cyber Security

Information Security and Cyber Security Information Security and Cyber Security Policy NEC recognizes that it is our duty to protect the information assets entrusted to us by our customers and business partners as well as our own information

More information

Threat and Vulnerability Assessment Tool

Threat and Vulnerability Assessment Tool TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...

More information

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

itexamdump 최고이자최신인 IT 인증시험덤프  일년무료업데이트서비스제공 itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and

More information

Demystifying GRC. Abstract

Demystifying GRC. Abstract White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over

More information

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF

More information