Manchester Metropolitan University Information Security Strategy
|
|
- Leslie Armstrong
- 5 years ago
- Views:
Transcription
1 Manchester Metropolitan University Information Security Strategy Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History Date Author Version Details 11/11/2016 Tom Stoddart 0.1 First draft 16/11/2016 Tom Stoddart 0.2 Additional content & amendments following stakeholder review 08/12/2016 Tom Stoddart 0.3 Comments and amendments following circulation to InfoSec Board 16/01/2017 Tom Stoddart 0.4 Formatting changes for UEG circulation 01/02/2017 Tom Stoddart 1.0 Approved version following UEG on 31/01/2017 1
2 Contents Purpose and scope of this strategy... 3 Value Proposition for Future State... 3 Strategic environment... 3 Current weaknesses... 3 Critical Success Factors (CSF) for Realisation of Future State... 4 Governance... 5 Strategic Priorities... 6 Timeline for key initiatives and activities
3 Purpose and scope of this strategy The purpose of this Information Security strategy is to ensure that commitment to (and investments in) information security at Manchester Metropolitan University support the strategic objectives of the University more broadly, as well as the legal requirements relevant to data controllers and processors. The scope of this strategy is all information used at Manchester Metropolitan University, in all formats, regardless of the specific departments and individuals that own and manage the information at a local level. This includes information owned or processed by other organisations but relevant their dealings with Manchester Metropolitan University. While the focus of information security capabilities is provided by the Information Security function, a number of additional departments including Legal and Registry include explicit information responsibilities and are therefore considered in the proposals laid out in this strategy. Value Proposition for Future State The Information Security function will provide and coordinate expertise to influence the information security approach of the University, helping it to achieve its strategic objectives by ensuring the availability, confidentiality and integrity of its information. By recognising the different types of information used, and the business requirements associated with each, we will deliver a secure framework within which we can provide flexibility to suit customer needs while maintaining compliance with legal obligations and sector-specific best practice. Strategic environment This strategy reflects the strategic environment in which the University is functioning, specifically: Staff and student expectations for flexible working (technology, location, time) The differing data requirements of research projects, and third party security requirements The increasing prevalence of malicious activity targeting the sector The emergence of Information Security as a strategic tool The forthcoming EU General Data Protection Regulation (GDPR), due in 2018 The Prevent guidance and its technical implications The increasing adoption of Cloud services (both institution-led and uncontrolled) Current weaknesses An ISO gap analysis highlighted areas on which to focus activity. These findings were added to the existing audit recommendations and identified risks to prioritise the work required to achieve the future state proposed by this strategy. 3
4 Critical Success Factors (CSF) for Realisation of Future State CSF 1: Establish an Information Security Management System to support pursuit of the University s strategic aims 1. Implementation of Information Security Management System aligned to ISO 27001:2013, verified by external gap analysis 2. Adoption of Governance model that provides required assurance to the Board and oversees prioritisation of and spend on InfoSec projects 3. Adoption of a consistent vocabulary for describing our system to internal and external stakeholders, including regulators and research partners CSF 2: Implement information asset lifecycle management, supporting risk management, control selection and compliance activity (prioritising personal data to support GDPR) 1. Implementation of asset register 2. Engagement of asset owners and business areas in asset management 3. Compliance with classification scheme and handling requirements 4. Information is easily identified for FOI and DPA (including Subject Access Requests) 5. Volume of information held decreases as retention and disposal schedule is applied 6. Transition to GDPR achieved on time and without significant risk CSF 3: Assess and manage information risk according to asset value and business impact, helping to prioritise resources and mitigation efforts 1. Risks are identified to enable timely preventative actions 2. Risk treatment decisions are informed by proportionate, quantitative risk assessments 3. Information risk management informs the corporate risk register, providing visibility to Board CSF 4: Ensure proportionate IT solutions contribute to the security of the information they process, and support the IS Strategy 1. Firewall reports on blocked threats vs issues 2. % of infrastructure meeting patching requirements 3. Internal vulnerability scanning gives increasing assurance 4. Consolidation of remote access methods 5. Mechanisms for secure data transfer and storage CSF 5: Ensure the University meets statutory and legal obligations and selected standards, including DPA, PCI-DSS and Prevent 1. Information Security Incident reporting 2. UNIAC audits give increasing assurance 3. External technical reviews give increasing assurance 4. PCI-DSS compliance maintained 5. Implementation of web filtering in line with Prevent guidance 4
5 CSF 6: Ensure students, staff and contractors have the skills, knowledge and guidance to enhance the security of information at Manchester Metropolitan University 1. InfoSec and DPA training completion rate 2. InfoSec awareness/training included in induction 3. Feedback on usability of new web resource 4. Increase in security consultancy offered to projects outside of ISDS Governance Strategic governance is essential for effective prioritisation and quality delivery of proposed initiatives. The details of Information Systems governance more broadly are in place, but Information Security will interact with existing governance structures as shown below. 5
6 Strategic Priorities Priority 1: Development of an Information Security Management Framework Implement an Information Security Management framework aligned to ISO 27001:2013 to support the University s strategic aims and compliance activities, and enhance the understanding of staff and students. This framework will provide an outline to-be state, and the programme of supporting work to reach that state will be aligned to the key requirements and technical controls of the ISO 27001:2013 standard. This will enable us to discuss information security and controls using the same concepts and language as other modern organisations, benefitting our relationships with suppliers, research partners and other stakeholders. Conduct a gap analysis against the ISO27001:2013 standard Establish governance & develop a suitably resourced information security team Review and supplement existing policies & internal compliance activity Implement incident management procedures Develop a training & awareness programme for staff and students Develop a programme of internal & external audit/assurance Priority 2: Information Asset Management Implement full information asset lifecycle management, supporting risk management, IT controls and compliance activity by identifying, valuing and managing information assets Develop an information asset register, allocating asset ownership Develop proportionate asset classification and handling requirements Implement asset retention & disposal Develop and document an approach to information risk management Produce and maintain guidance on system usage Priority 3: Communications Security Strengthen and consolidate existing perimeter and network controls, ensuring a consistent and best-practice approach that supports the University s strategic aims and compliance activities Enhanced perimeter security including web filtering Implement network controls to support remote & mobile access and bring your own device Priority 4: Operations Security Strengthen and consolidate existing operations procedures, ensuring consistency and proportionality in support of the University s strategic aims and compliance activities Ensure that patching & updates are scheduled Ensure that servers and clients are suitably hardened by default Develop security standards for website deployments Review user access management, including for admin, new and departing staff Document and standardise the collection of log files for audit and intrusion detection Business continuity & disaster recovery 6
7 Timeline for key initiatives and activities The high-level timeline depicts the key initiatives that must be delivered in order to achieve the overall strategy and the future state for Information Security. Note that significant work remains to define a number of these initiatives, including the specific projects and deliverables that will be included within each. This planning work, including resource estimates, will be taken through the governance model described above. While much of the information lifecycle management activity is required for GDPR compliance and these elements will be prioritised according to a time line governed by the GDPR Working Group from an Information Security perspective the work goes further than personal data and seeks to manage all information. 7
Cyber Review Sample report
IT Governance Cyber Review Sample report Protect Comply Thrive Cyber Review Report Prepared for Evelyn Murphy, Chief Information Officer, Baratheon PLC HLCR Sample Report Copyright IT Governance Ltd 2017
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services
TECHNICAL REPORT ISO/IEC TR 27015 First edition 2012-12-01 Information technology Security techniques Information security management guidelines for financial services Technologies de l'information Techniques
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationInformation Security Policy
Document title: [ Information Security Policy May 2017 ] Approval date: [ May 2017 ] Purpose of document: [ To define AUC s information security program main pillars and components] Office/department responsible:
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationFOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY
FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationPREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.
PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness
More informationDATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:
DATA PROTECTION SELF-ASSESSMENT TOOL Protecture: 0203 691 5731 Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should
More informationPolicy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy
Policy Title: Binder Association: Author: Review Date: Pomeroy Security Principles PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy Joseph Shreve September of each year or as required Purpose:...
More informationNHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationINFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK
INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended
More informationFRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.
FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013 Visit us online at Flank.org to learn more. HITRUST CSF v9 Framework ISO 27001/27002:2013 Framework FLANK ISO 27001/27002:2013 Documentation from
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationPolicy. Business Resilience MB2010.P.119
MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationSYSTEMKARAN ADVISER & INFORMATION CENTER. Information technology- security techniques information security management systems-requirement
SYSTEM KARAN ADVISER & INFORMATION CENTER Information technology- security techniques information security management systems-requirement ISO/IEC27001:2013 WWW.SYSTEMKARAN.ORG 1 www.systemkaran.org Foreword...
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationIT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)
DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationSecurity and Architecture SUZANNE GRAHAM
Security and Architecture SUZANNE GRAHAM Why What How When Why Information Security Information Assurance has been more involved with assessing the overall risk of an organisation's technology and working
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationROLE DESCRIPTION IT SPECIALIST
ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More informationSRM Service Guide. Smart Security. Smart Compliance. Service Guide
SRM Service Guide Smart Security. Smart Compliance. Service Guide Copyright Security Risk Management Limited Smart Security. Smart Compliance. Introduction Security Risk Management s (SRM) specialists
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationEmbedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant
More informationSWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ
SWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ 1 SWIFT Customer Security Controls Framework Why has SWIFT launched new security
More informationCISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.
Course Outline CISM - Certified Information Security Manager 20 Nov 2017 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More informationPractitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0
Practitioner Certificate in Business Continuity Management (PCBCM) Course Description 10 th December, 2015 Version 2.0 Course The Practitioner Certificate in Business Continuity Management (PCBCM) course
More informationEmbedding GDPR into the SDLC
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Toreon 2 Who is Who? Sebastien Deleersnyder Siebe De Roovere 5 years developer experience 15+ years information security experience
More informationAn Overview of ISO/IEC family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More informationt a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.
e info@ Mr. James Kavanagh Chief Security Advisor Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 19 August 2015 Microsoft CRM Online IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,
More informationConsolidation Committee Final Report
Committee Details Date: November 14, 2015 Committee Name: 36.6 : Information Security Program Committee Co- Chairs: Ren Flot; Whitfield Samuel Functional Area: IT Functional Area Coordinator: Phil Ventimiglia
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationITG. Information Security Management System Manual
ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005
More informationLevel Access Information Security Policy
Level Access Information Security Policy INFOSEC@LEVELACCESS.COM Table of Contents Version Control... 3 Policy... 3 Commitment... 3 Scope... 4 Information Security Objectives... 4 + 1.800.889.9659 INFOSEC@LEVELACCESS.COM
More informationAUDIT OF ICT STRATEGY IMPLEMENTATION
APPENDIX A 2 1. Background AUDIT OF ICT STRATEGY IMPLEMENTATION 1.1. This report summarises the findings from the audit of ICT Strategy Implementation. This was a planned audit assignment which was undertaken
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationThe Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA
The Experience of Generali Group in Implementing COBIT 5 Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA Generali Group at a glance Let me introduce myself Marco Salvato CISA, CISM, CGEIT,
More informationInformation Security Controls Policy
Information Security Controls Policy Version 1 Version: 1 Dated: 21 May 2018 Document Owner: Head of IT Security and Compliance Document History and Reviews Version Date Revision Author Summary of Changes
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationCyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET
DATASHEET Gavin, Technical Director Ensures Penetration Testing Quality CyberSecurity Penetration Testing CHESS CYBERSECURITY CREST-ACCREDITED PEN TESTS PROVIDE A COMPREHENSIVE REVIEW OF YOUR ORGANISATION
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationSecurity Controls in Service Management
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Security
More informationNational Policing Community Security Policy
Document Name File Name National Policing Community Security Policy Community_Security_Policy_FINAL v4_3.doc Authorisation Information Management Business Area Signed version held by National Police Information
More informationWhat every IT professional needs to know about penetration tests
What every IT professional needs to know about penetration tests 24 th April, 2014 Geraint Williams IT Governance Ltd www.itgovernance.co.uk Overview So what do IT Professionals need to know about penetration
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationHow to Underpin Security Transformation With Complete Visibility of Your Attack Surface
How to Underpin Security Transformation With Complete Visibility of Your Attack Surface YOU CAN T SECURE WHAT YOU CAN T SEE There are many reasons why you may be considering or engaged in a security transformation
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES
ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES SERVICE, SUPPORT AND EXPERT GUIDANCE FOR THE MIGRATION AND IMPLEMENTATION OF YOUR ORACLE APPLICATIONS ON ORACLE INFRASTRUCTURE
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationPROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION
PROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION INSIGHTS The EU s new data protection regulation, known as the GDPR (General Data Protection Regulation), can impact your
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationCISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar
Course Outline CISM - Certified Information Security Manager 22 Mar 2019 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More informationIT Audit Process Prof. Liang Yao Week Six IT Audit Planning
Week Six IT Audit Planning IT Audit Planning Process Institute of Internal Audit Standards - Section 2010: Planning The chief audit executive must establish a risk-based plan to determine the priorities
More informationPOSITION DESCRIPTION
UNCLASSIFIED IT Security Certification Assessor POSITION DESCRIPTION Unit, Directorate: Location: IT & Physical Security, Protective Security Wellington Salary range: H $77,711 - $116,567 Purpose of position:
More information_isms_27001_fnd_en_sample_set01_v2, Group A
1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More informationISO & ISO & ISO Cloud Documentation Toolkit
ISO & ISO 27017 & ISO 27018 Cloud ation Toolkit Note: The documentation should preferably be implemented order in which it is listed here. The order of implementation of documentation related to Annex
More informationCorporate Information Security Policy
Overview Sets out the high-level controls that the BBC will put in place to protect BBC staff, audiences and information. Audience Anyone who has access to BBC Information Systems however they are employed
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More information