FOLLOW-UP REVIEW OF RISK MANAGEMENT ETC RISK MANAGEMENT FRAMEWORK
|
|
- Mabel Bailey
- 5 years ago
- Views:
Transcription
1 2017 FOLLOW-UP REVIEW OF RISK MANAGEMENT ETC RISK MANAGEMENT FRAMEWORK MA. LUISA JASA-LOQUE IMAAN HIGHER COLLEGE OF TECHNOLOGY Educational Technology Center
2 DISTRIBUTION LIST ETC QA CORDINATOR Report Distribution List Ms. Rehana Al Ameer, ETC-HoC Ms. Zayana Al Sinawi, HoS-CSS Ms. Nawal Al Dhanki, HoS-ESS Ms. Najiya Al Omrani, HoS-LSS
3 of Contents DISTRIBUTION LIST... 1 ETC QA CORDINATOR... 1 Report Distribution List... 1 EXECUTIVE SUMMARY Background Objectives Audit Assurance... 3 RISK PRIORITIZATION... 4 Priority 1 : High Risks... 4 Priority 2 : Significant Risks... 4 Priority 3 : Moderate Risks... 4 Priority 4 : Low Risks... 4 ACTION PLAN... 0
4 EXECUTIVE SUMMARY 1. Background 1.1 This document follows up the development made towards implementing Risk Action Plan written and discussed from the ETC Risk Framework completed and submitted to HCT QAU on May This documents made some recommendations as per team s risk assessment in order to improve controls. 2. Objectives The objectives of this follow up document are: To determine if the recommendations of the Risk Coordinator have been implemented. To evaluate the effect of any changes in the organization since the ETC Risk Framework established in the department. To formulate a view on the appropriateness and usefulness of the current risk management framework. To create a guide in embedding risk management framework within the organization 3. Audit Assurance The ETC Risk Framework is adequate in following developments that have been introduced last October 2015 and will benefit from further improvements to make sure it endures to improve in a constructive way.
5 RISK PRIORITIZATION The recommendations are prioritized according to the level of priority as follows: Priority 1 : High Risks High risks requires detailed research and management planning required at senior levels Priority 2 : Significant Risks Significant risks requires senior management attention Priority 3 : Moderate Risks Moderate risks requires management responsibility Priority 4 : Low Risks Low or minor risks, not critical and requires routine procedures
6 ACTION PLAN Ref. Original Recommendation Priority Agreed Action Follow Up Finding Further Recommendations and To ensure that the HCTv is up and running, a follow up on the submitted proposal of equipment upgrade must be done to the department level down to the Finance department To avoid network failure across the college, the spare parts for network devices and peripherals must always be available Maintain contracts for network devices/equipment maintenance The network team should coordinate to data center team as to determine the availability of the Disaster Recovery. All request and/or discussion should be through to ensure an audit trail. Coordinate with the Maintenance department to maintain the air ventilation basic standard requirement in communication room Regular follow up with the ETC Coordinator and Finance Department for the approval of the equipment upgrade The ETC presented and discussed the importance and benefits of purchasing the network devices to the Deanship The network team and data center team collaboratively working to provide smooth access on HCT e-services The network team will constantly monitor the air Not The ETC and Finance Department prioritized important projects Based on the output of the presentation and discussion with the Deanship, was to revised the proposal and quotation to suit the available budget The Data Center Team provided access to the network team and provide logs in order to provide smooth access of the HCT e- Services. In 4 communication rooms, the ACs were alternately used but Further Recommendations Distribute and implement HCTv via LAN : Agreed The ETC review the revised proposal to ensure to treat the risk. : ETC management allowed overtime work to the staff in charge to provide stable access of HCT e-services :
7 Review and implement the security controls (i.e. firewall, antivirus and network monitoring tools) and upgrade in a timely manner. Ensure all policies and procedures are properly maintained and followed by HCT students and staff. Maintain all network components at appropriate levels and closely monitor the network signals. ventilation in the communication room Constant monitoring of logs Training and awareness is required annually to all network team Conduct monthly and annual reviews on the usage of wireless in 2 other communication rooms, its constantly monitored Network security administrator ensure that the switches, wireless controller and Fortinet are secured and protected from any virus attack. Network team to upgrade the policies and procedures Network technician to monitor the network components and network signals. Network team must conduct annual review of the policies and Allowing network security administrator to work during weekend to ensure the security of switches, wireless and controllers Annual review of policies and procedures Annual training to all network staff Annual review of policies and procedures
8 17 Monitor the access of the communication room in new bldg. and the server rooms in other location within HCT to secure areas of network equipment Ensure that policy and procedures related to physical access are properly implemented. Review the access granted to the staff in a timely manner to make sure that there is no unauthorized access on the communication room and server room in other location across the college procedures on the wireless usage. Network team must conduct annual review of the policies and procedures on the of communication room and server room in other location across the college. Annual review of policies and procedures related to physical security of communication room and server room in other location across the college , 48 Implement the training need analysis Coordinate the training and development required in each staff to the Staff Development Coordinator to enhance the knowledge and skills of the staff. As a server owner, you have to do the best practices in securing your server such as: o Server Hygiene o Server Patching o Access Control Have a clear policies and procedures on what are the Do s and Don ts of a server owner and it must be coordinated with the Data Center 1 Agreed There must be clear segregation of duties between the Web Administrator and System Administrator under Data Center Team must Delegation of responsibility in assigning server ownership must be clear Team Leader to coordinate the performance of the staff to the HoS. Team Leader to review the policies and procedures, job responsibilities and segregation of duties Conducted TNA the cross training program
9 20 21 Ensure that the policies and procedure on hosting a server must be clearly discussed and agreed both by the Web Administrator and the Data Center Team. Technical control of your server is your responsibility as a server owner. A self-diagnostic tool must be established to assess the capabilities your server and to identify any opportunities for improvement Perform Database Auditing and Intrusion Detection Review and implement the security controls and upgrade in a timely manner. to determine who is in charge in overseeing a specific server 1 Agreed Periodically audit your database. Protect access to database Ensure that Data Security Risk and Compliance Life Cycle is being followed and implemented. 1 Agreed Constant monitoring of logs Check regularly the server maintenance. Ensure all standard, procedures and policies are maintained and followed Application developer and E- Learning Administrator to provide auditing and monitoring report Web administrator to send notification to the data center regarding any virus threat/attack and coordinate on the treatment.
10 22, 37 Coordinate with the Maintenance department to meet the required standard of high availability power system in HCT. Determine the power outage of each servers and the duration of each outage Each member of data center team to report and coordinate with Maintenance department any power fluctuation Coordinate with the Maintenance department to meet the required standard cooling system require in a data center environment. The system admin must: o Ensure that backup is complete. Have a good copy of the environment Ensure all standard, procedures and policies are maintained and followed. Regular monitoring of the temperature of the cooling system in the data center Backups should be validated that all are working properly Check regularly the server maintenance. Ensure that the Anti- Virus/Anti Spyware software definitions are up to date Each member of data center team to report and coordinate with Maintenance department regarding the monitoring the cooling system in data center System administrator to do periodic back up to avoid any mishaps. System administrator to send notification to the technical team to run the antivirus software in each assigned IT labs NA
11 Ensure that the account management policy is properly implemented Conduct a storage capacity planning to ensure that ETC keeps up with growth of the users in the college. With the help storage capacity planning, ETC helps predict future storage growth. To ensure adequate performance and efficiency of the server, the Team Leader in coordination with the HoS and HoC must make decision to change or upgrade hardware (servers) which are 4 years older. Use Virtualization and server hardware improvements to extend server life Delete user account (student and staff) who are no longer working and connected with HCT. Conduct a storage assessment to help the data center to understand how to reduce the time and effort required in managing storage capacity Cost-Benefit Analysis must be planned in order to determine System administrator to: Regularly review the active directory user accounts Adds, moves, changes and account removals System administrator to provide storage capacity planning and storage assessment to the Team Leader and HoS. Cost-Benefit Analysis Report must be presented to HoS/HoC
12 29, 30 Operational policies, procedures and standard must be properly implemented. Coordinate with the operational policies, procedures and standard Team member under the data center to check the server connection, logs and server configuration. Incident report must be submitted to Team Leader/HoS Create operational policies and procedures and conduct an awareness on the implementation of those policies and procedures To avoid any conflict of interest ETC must establish an organizational control framework which handles the following: Organizational Structure Job Description Segregation of Duties Work Restructuring to ensure greater job satisfaction from the employee Awareness about malware threats Each member of data center must be responsible for the strict implementation of the procedures and internal controls of the data center Avoid giving critical task to the staff who are involved in different committees outside ETC Use the result of staff performance in work restructuring to determine what tasks to be assigned to a specific staff Coordinate with the Network Team to enable the firewall protection. Team member to notify the team leader if any violations are done in the internal control procedures in the data center. Team leader to review and update the job responsibilities of each team member. Team leader do the work restructuring in coordination with the HoS. The assigned system administrator to Audit trail and incident report must be submitted to HoS Annual review of job responsibilities and evaluation of staff performance Annual review of job responsibilities and evaluation of staff performance
13 Implementation of operational policies and procedures to avoid malware threats Ensure that project requirements and other details are clearly discussed with the vendor If in case there are any delays, the data center must know how to communicate, negotiate and decide in order to complete the project Ensure that TNA and Job Rotation is strictly followed and implemented Conduct Cost-Benefit Analysis on license software. Consistent follow ups with the vendor must be done Work shadowing among the Data Center Team Coordinate with the vendor if possible to provide free license for academic purposes. work closely with the technical team in running the antivirus software in IT Labs Project timetable and sign off be submitted to HoS/HoC Cross Training is being implemented Coordinate with Academic Department on the software to be used on the IT Labs. Established physical resources team Reviewed the TNA Established physical resources team Coordinate with ELC on the proposal to upgrade the computers in ELC-IT Labs Coordinate with the ESS any issues concerning lamp problems in projector 1 Agreed Coordinate with the ELC on the computer which are having incompatible issue with the OS Monitoring the projector in all IT Labs regularly Monitoring the PCs in the IT Labs in ELC Area The assigned technical staff has to provide incident report to the ERAM
14 Constant coordination with the Data Center Constant coordination with the staffin-charge in Zero-Client Free Access Lab and the assigned technical staff. Coordinate with the Network Team any intermittent connection in the labs. Coordinate with the Maintenance department. Coordinate with the Data Center on any virus alert received in the IT Labs Regular monitoring of the logs and provide incident report Monitoring the zero-client free access lab regularly Regular monitoring of all the IT Labs in the Engineering Area and provide incident report with audit trail for any intermittent connection in the labs Submit request letter for the replacement of all broken chairs in all IT Labs Regularly updates the logs and ensure that the checklist is updated Team for any lamp problems in projector Checking the IT Labs regularly Monitoring and checking the zeroclient free access lab Monitoring of the network connection regularly Reported all the broken chair and handed it over to the maintenance department Scan all the PC in all the IT Labs Assigned Ensure that the task were accomplished by reviewing the task plan of the technical staff
IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationTRAINING NEEDS ANALYSIS AND RISK PROFILES
TRAINING NEEDS ANALYSIS AND RISK PROFILES Educational Technology Center As part of the Risk Management for Educational Technology Center (ETC), a training need analysis is conducted to ensure that the
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationIBM Security Intelligence on Cloud
Service Description IBM Security Intelligence on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients
More informationSenior Manager Information Technology (India) Duration of job
Role Profile Job Title Senior Manager Information Technology (India) Directorate or Region South Asia Department/Country Business Support Services, India Location of post Gurgaon Pay Band 6 / Grade G Assistant
More informationACM Retreat - Today s Topics:
ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party
More informationHow do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?
Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationRequest for Proposal Technology Services, Maintenance and Support
Maintenance and Support April 26 th, 2018 Request for Proposal Technology Services, Maintenance and Support Celerity Schools Louisiana Inc. is seeking an IT consulting firm to manage Maintenance of our
More informationIntroduction To IS Auditing
Introduction To IS Auditing Instructor: Bryan McAtee, ASA, CISA Bryan McAtee & Associates - Brisbane, Australia * Course, Presenter and Delegate Introductions * Definition of Information Technology (IT)
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationWeb Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012
Web Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012 Table of Contents 1 General Overview... 2 2 Service Description... 2 2.1 Service Scope... 2 2.1.1 Eligibility Requirements... 2 2.1.2
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationUCLA AUDIT & ADVISORY SERVICES
UCLA AUDIT & ADVISORY SERVICES Edwin D. Pierce, CPA, CFE Director September 4, 2015 10920 Wilshire Boulevard, Suite 700 Los Angeles, California 90024-1366 310 794-6110 Fax: 310 794-8536 SENIOR VICE PRESIDENT/CHIEF
More informationObjectives of the Security Policy Project for the University of Cyprus
Objectives of the Security Policy Project for the University of Cyprus 1. Introduction 1.1. Objective The University of Cyprus intends to upgrade its Internet/Intranet security architecture. The University
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationNetwork Security Policy
Network Security Policy Date: January 2016 Policy Title Network Security Policy Policy Number: POL 030 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationNetwork Performance, Security and Reliability Assessment
Network Performance, Security and Reliability Assessment Presented to: CLIENT NAME OMITTED Drafted by: Verteks Consulting, Inc. 2102 SW 20 th Place, Suite 602 Ocala, Fl 34474 352-401-0909 ASSESSMENT SCORECARD
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationCITY OF MONTEBELLO SYSTEMS MANAGER
CITY OF MONTEBELLO 109A DEFINITION Under general administrative direction of the City Administrator, provides advanced professional support to departments with very complex computer systems, programs and
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationTable of Contents. Policy Patch Management Version Control
Table of Contents Patch Management Version Control Policy... 2 The Patch Management Version Control Process... 2 Policy... 2 Vendor Updates... 3 Concepts... 3 Responsibility... 3 Organizational Roles...
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More information1 Data Center Requirements
1 Data Center Requirements The following are MassDOT s standard Data Center requirements. 1.1 Data Center General Requirements 1.1.1 The CSC Operator shall furnish, or contract with a third-party provider
More informationMarine Institute Job Description
Marine Institute Job Description Position Contract Service Group Location Temporary Systems Administrator Team Leader Temporary Specified Purpose contract for a duration of up to 3 years Ocean Science
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationsecurity FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.
security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. Security for Your Business Mitigating risk is a daily reality for business owners, but you don t have
More informationPTS Customer Protection Agreement
PTS Customer Protection Agreement Revised: July 26, 2017 Thank you for choosing as your IT provider. Customer s Network environments with the most success have an in-house Network Administrator or someone
More informationLakeshore Technical College Official Policy
Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationINFORMATION TECHNOLOGY NETWORK ADMINISTRATOR ANALYST Series Specification Information Technology Network Administrator Analyst II
Adopted: July 2000 Revised : April 2004; August 2009; June 2014; February 2018 INFORMATION TECHNOLOGY NETWORK ADMINISTRATOR ANALYST Series Specification Information Technology Network Administrator Analyst
More informationWindows Server Security Best Practices
University Information Technology Services Windows Server Security Best Practices Page 1 of 13 Initial Document Created by: 2009 Windows Server Security Best Practices Committee Document Creation Date:
More informationInformation Technology University Budget Hearing. April 5, 2018
Information Technology University Budget Hearing 2018 2019 April 5, 2018 Description Funding Received Results Data Architect (Data Intelligence Analyst) $129,787 Hiring underway STEM/A&S Embedded College
More informationNetwork Infrastructure, Desktop, and Server Support Service Level Agreement
Network Infrastructure, Desktop, and Server Support Service Level Agreement INTRODUCTION This service level agreement ( SLA ) describes the core services provided to customers by Micro- Management Systems,
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationManaged Security Services - Endpoint Managed Security on Cloud
Services Description Managed Security Services - Endpoint Managed Security on Cloud The services described herein are governed by the terms and conditions of the agreement specified in the Order Document
More information<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager. https://www.2passeasy.
Exam Questions CISM Certified Information Security Manager https://www.2passeasy.com/dumps/cism/ 1.Senior management commitment and support for information security can BEST be obtained through presentations
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationNetwork Detective. Prepared For: Your Customer / Prospect Prepared By: Your Company Name
Network Detective Prepared For: Your Customer / Prospect Prepared By: Your Company Name Agenda Environment Risk and Issue Score Issue Review Next Steps Environment - Overview Domain Domain Controllers
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationHISPOL The United States House of Representatives Internet/ Intranet Security Policy. CATEGORY: Telecommunications Security
HISPOL 003.0 The United States House of Representatives Internet/ Intranet Security Policy CATEGORY: Telecommunications Security ISSUE DATE: February 4, 1998 REVISION DATE: August 23, 2000 The United States
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationPlenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.
Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every
More informationDisaster Recovery Self-Audit
Disaster Recovery Self-Audit Disaster Recovery Audit There are 3 steps to this process: 1. Identify all data and IT-related functions (like credit card processing, documents on your file server, member
More informationICT Security Policy. ~ 1 od 21 ~
ICT Security Policy ~ 1 od 21 ~ Index 1 INTRODUCTION... 3 2 ELEMENTS OF SECURITY CONTROL... 4 2.1 INFORMATION MEDIA MANAGEMENT... 4 2.2 PHYSICAL PROTECTION... 6 2.3 COMMUNICATION AND PRODUCTION MANAGEMENT...
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationTECHNOLOGY SUPPORT SERVICE LEVEL AGREEMENT
TECHNOLOGY SUPPORT SERVICE LEVEL AGREEMENT Statement of Intent The Information Technology Center (MVECA) and school district mutually agree that this Service Level Agreement (SLA) documents school technology
More informationSTRATEGIC PLAN
STRATEGIC PLAN 2013-2018 In an era of growing demand for IT services, it is imperative that strong guiding principles are followed that will allow for the fulfillment of the Division of Information Technology
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationAltius IT Policy Collection
Altius IT Policy Collection Complete set of cyber and network security policies Over 100 Policies, Plans, and Forms Fully customizable - fully customizable IT security policies in Microsoft Word No software
More informationSENIOR SYSTEMS ANALYST
PERSONNEL COMMISSION Class Code: 5120 Salary Range: 45 (C1) SENIOR SYSTEMS ANALYST JOB SUMMARY Under general direction, analyze work procedures of application systems and coordinate the work of project
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationManager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre
IDENTIFICATION Department Position Title Infrastructure Manager, Infrastructure Services Position Number Community Division/Region 32-11488 Yellowknife Technology Service Centre PURPOSE OF THE POSITION
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationCybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls
Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1 About
More informationROLE DESCRIPTION IT SPECIALIST
ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationMark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services
Mark Littlejohn June 23, 2016 DON T GO IT ALONE Achieving Cyber Security using Managed Services Speaker: Mark Littlejohn 1 Mark is an industrial technology professional with over 30 years of experience
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationVirginia State University Policies Manual. Title: Change/Configuration Management Policy: 6810 A. Purpose
A. Purpose Virginia State University (VSU) management in an effort to preserve the integrity and stability of its systems and infrastructure has established a change management policy that will govern
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationIBM Case Manager on Cloud
Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients of the
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationIT Service Level Agreement
The Glasgow School of Art IT Service Level Agreement September 2016 Policy Control Title IT Service Level Agreement Date Approved Sep 2016 Approving Bodies Executive Group Implementation Date September
More informationGDPR Draft: Data Access Control and Password Policy
wea.org.uk GDPR Draft: Data Access Control and Password Policy Version Number Date of Issue Department Owner 1.2 21/01/2018 ICT Mark Latham-Hall Version 1.2 last updated 27/04/2018 Page 1 Contents GDPR
More informationSecurity Audit What Why
What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,
More informationINFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK
INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More information