Using Six Sigma to Determine Risk Management Focus. Joyce Zerkich, CPHIMS, MBA, PMP Project Manager/Scrum Master, RelWare
|
|
- Jerome Wilkinson
- 5 years ago
- Views:
Transcription
1 Using Six Sigma to Determine Risk Management Focus Joyce Zerkich, CPHIMS, MBA, PMP Project Manager/Scrum Master, RelWare
2 It is difficult to obtain agreement at times to fund If
3 Topic Focus This session will present a brief overview of using Six Sigma to formulate a Risk Management Plan you can explain to others
4 Introduction of Speaker Joyce Zerkich, PMP, MBA, CPHIMS 20 years experience focused on improving enterprise information technology delivery by means of strategic planning, risk management, security, change management, website development, EMR development, and program/project management
5 Session Objectives Six Sigma and DMAIC Brief Overview Tools to Use Write the Recommendation
6 What is Six Sigma? The short-term sigma levels correspond to the following long-term values: One Sigma = 690,000 DPMO = 31% efficiency Two Sigma = 308,000 DPMO = 69.2% efficiency Three Sigma = 66,800 DPMO = 93.32% efficiency Four Sigma = 6,210 DPMO = % efficiency Five Sigma = 230 DPMO = % efficiency Six Sigma = 3.4 DPMO = % efficiency
7 What is DMAIC? Define: Know the Requirements Measure: Current State and Future State Analyze: Understand the Gap between Current & Future State Improve: Plan to bridge the gap Control: Govern what must be done to maintain future state
8 It is all about continuous improvement Define Measure Analyze Improve Control What are The risks? What is the cost if it occurs? Rank all by cost, time, etc Prioritize what steps to take next As time moves on, update the plan
9 Session Objectives Six Sigma and DMAIC Brief Overview Tools to Use Write the Recommendation
10 Jul-00 Aug-00 Sep-00 Oct-00 Nov-00 Dec-00 Jan-01 Feb-01 Mar-01 Apr-01 May-01 Jun-01 Jul-01 Aug-01 Sep-01 Oct-01 Nov-01 Dec-01 Jan-02 Feb-02 Mar-02 Apr-02 May-02 Jun-02 Jul-02 Aug-02 Sep-02 Oct-02 Nov-02 Dec-02 Run Time - Sec These may be Tools You already use Voice of the Customer (VOC) Process Map Run Chart FMEA METAPHASE PERFORMANCE Monthly Average "omfcl" Run Times - Sec PDCMP1 PDCMP3 CARMP1 U1MP01 G1MP01 PDCMP2 Target Performance improvements on PDCMP1 & PDCMP3 resulting from moves to new hardw are. Target: <
11 Voice of the Customer Define Measure Analyze Improve Control What intrusions Can be eliminated That cause network failure? Voice of the Customer
12 Voice of the Customer How did we get the requirement? Requirement Voice of the Stakeholder Measure CTQ? Director, Security Packet transfer into and out of the corporate firewall 2 Yes Director, Security Network Failures 1 Yes Regulation Requirement Analysis Director, Security 3 No
13 Voice of the Customer(s) 2
14 Run Charts Define Measure Analyze Improve Control Voice of the Customer What do things really look like? Run Charts
15 IT Security utilizes the run chart to Measure many Types of data Which of the following key data elements does your organization collect? Viruses detected in user files 92.3% Viruses detected in messages 92.3% Invalid logins (failed password) 84.6% Intrusion attempts 84.6% Spam detected/filtered 76.9% Unauthorized website access (content filtering) 69.2% Invalid logins (failed username) 69.2% Viruses detected on websites 61.5% Unauthorized access attempts (internal) 61.5% Admin violations (unauthorized changes) 61.5% Intrusion successes 53.8% Unauthorized information disclosures 38.5% Spam not detected (missed) 38.5% Spam false positives 30.8% Other 23.1%
16 Process Map Define Measure Analyze Improve Control Voice of the Customer Run Charts Is the Risk Acceptable, Transferable, or Reducible? Process Map
17 Process Maps Process Map #1: packets from the public Internet into the firewall, through the DMZ, to the mail servers, to client Process Map #2: packets from the client, to mail servers, to DMZ through the firewall, to the public Internet Process Map #3: packets from the client, to mail servers, to other clients
18 Int/E xt Process Name: Prepared by: Document No: Customer Approved by: Revision Date: Location: Approved by: Supercedes: Area: R eq't ID C ustom er C ritical to Q uality Requirements (CTQ 's) Approved by: Measurement Method Sample Size Frequency W ho M easures W here R ecorded P age: D ecision R ule/ C orrective Action S O P R eference Im plem entation S igm a V alue D P M O FMEA Define Measure Analyze Improve Control Voice of the Customer Run Charts Process Map How are actions prioritized? FMEA Control Plan for Process Capability CTQ 's
19 FMEA
20 FMEA
21 Session Objectives Six Sigma and DMAIC Brief Overview Tools to Use Write the Recommendation
22 Int/E xt Process Name: Prepared by: Document No: Customer Approved by: Revision Date: Location: Approved by: Supercedes: Area: R eq't ID C ustom er C ritical to Q uality Requirements (CTQ 's) Approved by: Measurement Method Sample Size Frequency W ho M easures W here R ecorded P age: D ecision R ule/ C orrective Action S O P R eference Im plem entation S igm a V alue D P M O Plan with Measures Define Measure Analyze Improve Control Voice of the Customer Run Charts Process Map FMEA Control Plan for Process Capability CTQ 's
23 Recommendation SAMPLE RISK ASSESSMENT OUTPUT REPORT: Scope: Eliminate intrusion into the system that has caused network failures Process: Transfer of packets into and out of the corporate firewall Out of Scope: Regulation requirement analysis Major threat to: Availability Possible threats: unauthorized internal access, unauthorized external access, "back door" access, computer virus, servers unavailable, WAN unavailable, no disaster recovery plan, no backups, lack of restoration backups, out-of-date backups, unattended workstations, or lack of user security awareness
24 Recommendation Impact rankings: High = system down for more than 5 minutes during EST business hours; loss of > $10M or more Medium = network down for 2-5 minutes during non-est business hours; loss of $5M Low = network down for 1 minute to 2 hours OR after working hours; loss of $1M or less Probability rankings: High = 50% or greater during the year Medium = 25% to 49% during the year Low = 1% to 24% during the year Process detailed: flowchart detailing packet transfers packets from the public Internet into the firewall, through the DMZ, to the mail servers, to client packets from the client, to mail servers, to other clients packets from the client, to mail servers, to DMZ through the firewall, to the public Internet
25 Recommendation Calculated Prioritized Mitigation Plans Costs (per 100 employees): Mitigation Next Steps Cost #1 Anti-virus Purchase etrust Intrusion/detection software $12,396 license fees $10,000 reporting software $ 9, HP Server $ 3,197.4 Norton ($159 per 5) Purchase lock-out software (web surfing prevention) $ 5,650 SurfControl Web 3-yrs High/High $41, hrs to load and test
26 Recommendation Mitigation Next Steps Cost #2 Policy Establish approved user responsibility policy 40 hours Purchase survey software and begin call center surveys $3,300 WebSurveyor, (2 lic. W annual $2,300 fee), 40 hours annually High/High $ hrs #3 Training Develop & Launch security awareness program with a 100 hours to develop, 50 hours to train "home & work" focus for all employees Develop & Launch soft skills training for all call-center employees HP care web training w 200 courses; $1057 per employee, $10,570 for 10 licenses High/High $10, hrs 20 hours per employee annually #4 Back-up data Develop and test data storage $285.7 (10 pkgs w 10 tapes), $2, Sony Tape Drive, 5 hrs weekly/2 High/Low $ hrs #5 Access Control Develop and test separation-of duties policies for all departments 80 hours to develop, 80 hours to launch, 40 hours to test/audit annually High/Low 200 hrs) #6 Recovery Plan Develop and test plan for IT Security 40 hours to develop/launch, 100 hrs to develop/launch, Medium/Low 170 hrs) launch to rest of the business, 30 hrs annually to test/audit #7 Network Metrics Purchase data collection and reporting $508 Crystal Business Objects software to analyze future issues for netw Medium/Low $ hrs 40 hrs to set up reports & learn #8 Phone Metrics Purchase data collection and reporting metrics 120 hours develop utilizing Microsoft Access since only 10 employees Low/Low 120 hrs #9 Project Management require administrative assistance documentation, meetings, etc. ½ admin head count Require: $35,000
27 Recommendation Proposed Project Implementation to mitigate risk: Launch prioritized mitigation plans 1-3 in first quarter, 4-6 in second quarter, and 7-8 in third quarter. Test Access control and recovery plan in fourth quarter annually. Review Network and phone metrics quarterly in year two and going forward along with any recommended changes. One year cycle plan with costs:
28 Closing Thoughts Follow DMAIC Use the Tools Write a human readable recommendation
29 More Information See the HIMSS MEPI Web Page for the tool kit:
30 More Information Burton Group, Burton Group, splay=full#19765 Burton Group, "Security Metrics: Horses for Courses", Fred Cohen, June 2005, splay=full#19736 ISO 17799:2005(E), page 5, Sections 4.1 and Overall Methodology
31 Questions For further information, please contact: Joyce Zerkich,
ACM Retreat - Today s Topics:
ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationCertified Cyber Security Specialist
Certified Cyber Security Specialist Page 1 of 7 Why Attend This course will provide participants with in-depth knowledge and practical skills to plan, deliver and monitor IT/cyber security to internal
More informationCouncil, 26 March Information Technology Report. Executive summary and recommendations. Introduction
Council, 26 March 2014 Information Technology Report Executive summary and recommendations Introduction This report sets out the main activities of the Information Technology Department since the last
More informatione-sens Nordic & Baltic Area Meeting Stockholm April 23rd 2013
e-sens Nordic & Baltic Area Meeting Stockholm April 23rd 2013 Objectives of the afternoon parallel tracks sessions 2 Meeting objectives High level: Identification of shared interests with emphasis on those
More informationJordan Levesque Making sure your business is PCI compliant
Jordan Levesque Making sure your business is PCI compliant Brief overview of PCIDSS What's new in PCI DSS 3.2 Why is PCI important? Dive in! Simple things you can do to be secure Tomorrows session: What
More informationOctober Broward County Government Human Services Department. Community Partnerships Division FY2015 Provider Information
October 2014 Broward County Government Human Services Department Community Partnerships Division FY2015 Provider Information TOPICS Provider Resources Invoicing Quarterly Reports Other Required Reports
More informationCouncil, 8 February 2017 Information Technology Report Executive summary and recommendations
Council, 8 February 2017 Information Technology Report Executive summary and recommendations Introduction This report provides the Council with an update into the work of the Information Technology Directorate
More informationDefending Against Known & Unknown Threats
Defending Against Known & Unknown Threats Jack Walsh, New Initiatives & Mobility Programs Manager Copyright 2016 ICSA Labs Introducing ICSA Labs About ICSA Labs We re known for Providing independent 3
More informationDan Lobb CRISC Lisa Gable CISM Katie Friebus
Dan Lobb CRISC Lisa Gable CISM Katie Friebus AGENDA Meet the speakers Compliance between QSA visits - Dan Lobb Transitioning from PCI DSS 3.1-3.2 - Katie Friebus Tips for Managing a PCI Compliance Program
More informationGet BitDefender Client Security 2 Years 30 PCs software suite ]
Get BitDefender Client Security 2 Years 30 PCs software suite ] Description: The foundation of business security The security requirements for any new or existing company no matter how large or small -
More informationMHBE Compliance Program SECOND QUARTER FY 2019 REPORT. TO MHBE BOARD OF TRUSTEES January 22, 2019
MHBE Compliance Program SECOND QUARTER FY 2019 REPORT TO MHBE BOARD OF TRUSTEES January 22, 2019 Presented by: Caterina Pañgilinan Audit Status Report Total Audit Findings Open Findings (3) SMART PY17
More informationPTS Customer Protection Agreement
PTS Customer Protection Agreement Revised: July 26, 2017 Thank you for choosing as your IT provider. Customer s Network environments with the most success have an in-house Network Administrator or someone
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationJune 2012 First Data PCI RAPID COMPLY SM Solution
June 2012 First Data PCI RAPID COMPLY SM Solution You don t have to be a security expert to be compliant. Developer: 06 Rev: 05/03/2012 V: 1.0 Agenda Research Background Product Overview Steps to becoming
More informationFor Official Use Only
Born of Necessity Federal agencies with authority governing the safety of products imported into the United States acknowledge the need to share information about the safety of those products In response
More informationSymantec Hosted Services. Eugenio Correnti / Senior Pre-Sales Consultant EMEA 1
Symantec Hosted Services Eugenio Correnti / Senior Pre-Sales Consultant EMEA 1 Agenda What is SaaS The SaaS Shift SaaS Key Objections Symantec Hosted Services Portfolio SaaS as an SLA Insurance service
More informationBringing Cybersecurity to the Boardroom Bret Arsenault
SESSION ID: CXO-T11 Bringing Cybersecurity to the Boardroom Bret Arsenault Corporate Vice President & CISO Microsoft Security has Transcended from to a an 3 How Microsoft Approaches Security Reinventproductivity
More informationsoftware.sci.utah.edu (Select Visitors)
software.sci.utah.edu (Select Visitors) Web Log Analysis Yearly Report 2002 Report Range: 02/01/2002 00:00:0-12/31/2002 23:59:59 www.webtrends.com Table of Contents Top Visitors...3 Top Visitors Over Time...5
More informationOFFICE OF INTERNAL AUDIT Information Technology (IT) Audit Plan
2017 Information Technology (IT) Audit Plan Priority IT Audit Hours Start Duration 1 IT Vendors Selection (Procurement) 250 Apr 5-7 Weeks 2 Application Audit HUB (itslearning) 250 Apr 6 8 Weeks 3 Disaster
More informationAccess Control and Physical Security Management. Contents are subject to change. For the latest updates visit
Access Control and Physical Security Management Page 1 of 6 Why Attend Today s security landscape requires individuals and businesses to take the threat to safety and security seriously. Safe and secure
More informationVMware vcloud Air SOC 1 Control Matrix
VMware vcloud Air SOC 1 Control Objectives/Activities Matrix VMware vcloud Air goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationAutomatic Renewal Using DIY Technology to Create an Improved Patron Experience
Using DIY Technology to Create an Improved Patron Experience Samantha Jekot-Graham, Patron Experience Lead Phil Feilmeyer, System Integration What is automatic renewal? A service that automatically renews
More informationWelcome To The. Broward County Human Services Department. Community Partnerships Division FY2016 Provider Information Workshop
Welcome To The Broward County Human Services Department Community Partnerships Division FY2016 Provider Information Workshop Topics Of Discussion Provider Resources Invoicing Quarterly Reports Other Required
More informationCompliance Enforcement Initiative
Compliance Enforcement Initiative Filing and Status Update November 2, 2011 Rebecca Michael Status of the Filings NERC filed several components of the Compliance Enforcement Initiative on September 30,
More informationIT Updates. Maryland Health Benefit Exchange Board Meeting April 15, Presented by: Isabel FitzGerald Secretary, DoIT
IT Updates Maryland Health Benefit Exchange Board Meeting April 15, 2014 Presented by: Isabel FitzGerald Secretary, DoIT A service of Maryland Health Benefit Exchange Agenda Overview of process for CT
More informationBroadband Rate Design for Public Benefit
Broadband Rate Design for Public Benefit The transition from service-based rates to loop rates on Chelan PUD s Broadband Network Dec.19, 2016 No action required today Today s Presentation Loop Rates Final
More informationPrevious Intranet Initial intranet created in 2002 Created solely by Information Systems Very utilitarian i Created to permit people to access forms r
ACHIEVA Cafe Steve McDonell Previous Intranet Initial intranet created in 2002 Created solely by Information Systems Very utilitarian i Created to permit people to access forms remotely Not much content
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationAsks for clarification of whether a GOP must communicate to a TOP that a generator is in manual mode (no AVR) during start up or shut down.
# Name Duration 1 Project 2011-INT-02 Interpretation of VAR-002 for Constellation Power Gen 185 days Jan Feb Mar Apr May Jun Jul Aug Sep O 2012 2 Start Date for this Plan 0 days 3 A - ASSEMBLE SDT 6 days
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationCountermeasures against Mobile spam
8 July, 2004 Countermeasures against Mobile spam ~ Legislation and Self-regulation ~ Toshihiko SHIBUYA, Deputy Director Telecommunications Consumer Policy Division, Telecommunications Bureau, Ministry
More informationUK Link Committee Meeting. Xoserve Report Pack. Meeting Date: 12 th January 2017 Reporting Month: December 2016
UK Link Committee Meeting Xoserve Report Pack Meeting Date: 12 th January 2017 Reporting Month: December 2016 Authors (for this version): Amjad Hussain Version: V1.0 Date: 10 th January 2017 Xoserve Reports
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationICT OPERATING SYSTEM SECURITY CONTROLS POLICY
ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationCOURSE LISTING. Courses Listed. with Governance, Risk and Compliance (GRC) SAP BusinessObjects. 19 February 2018 (15:13 GMT) GRC100 -
with Governance, Risk and Compliance (GRC) SAP BusinessObjects Courses Listed GRC100 - GRC300-10.0 C_GRCAC_10 - SAP Certified Application Associate - SAP BusinessObjects Access Control 10.0 Page 1 of 12
More informationIIA Academy YOUR PARTNER IN PROFESSIONAL DEVELOPMENT
www.iia.org.sg IIA Academy YOUR PARTNER IN PROFESSIONAL DEVELOPMENT IIA Academy Professional Development To support you in your career progression as an internal auditor, we have adopted the IIA Global
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationYOUR QUALITY PARTNER FOR SOFTWARE SOLUTIONS TMA SOLUTIONS
YOUR QUALITY PARTNER FOR SOFTWARE SOLUTIONS TMA SOLUTIONS Security & Intellectual Property Protection Overview Certified ISO 27001:2013 Meet security requirements from global clients Passed all security
More informationCurrent procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH
Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH International Workshop on Criminal Justice Statistics on Cybercrime and Electronic Evidence
More informationREFINING YOUR E-DISCOVERY REPORTING. How to cut through the noise and produce relevant reporting
REFINING YOUR E-DISCOVERY REPORTING How to cut through the noise and produce relevant reporting INTRODUCTIONS Scott M. Cohen Daniel Meyers Scott Reents David Smith James A. Sherer Director, ediscovery
More informationCertificate in Security Management
Certificate in Security Management Page 1 of 6 Why Attend This course will provide participants with an insight into the fundamentals of managing modern and effective security operations. It will address
More informationFaster, Better, and Cheaper? Building the SD-WAN Business Case
Faster, Better, and Cheaper? Building the SD-WAN Business Case John Burke CIO & Principal Research Analyst Nemertes Research john@nemertes.com @burkejohne #FutureWAN Agenda ±About Nemertes ±The Current
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationICT PROFESSIONAL MICROSOFT OFFICE SCHEDULE MIDRAND
ICT PROFESSIONAL MICROSOFT OFFICE SCHEDULE MIDRAND BYTES PEOPLE SOLUTIONS Bytes Business Park 241 3rd Road Halfway Gardens Midrand Tel: +27 (11) 205-7000 Fax: +27 (11) 205-7110 Email: gauteng.sales@bytes.co.za
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationWeb Cash Fraud Prevention Best Practices
Web Cash Fraud Prevention Best Practices Tips on what you can do to prevent Online fraud. This document provides best practices to avoid or reduce exposure to fraud. You can use it to educate your Web
More informationNew Concept for Article 36 Networking and Management of the List
New Concept for Article 36 Networking and Management of the List Kerstin Gross-Helmert, AFSCO 28 th Meeting of the Focal Point Network EFSA, MTG SEAT 00/M08-09 THE PRESENTATION Why a new concept? What
More informationPayment Card Industry Internal Security Assessor: Quick Reference V1.0
PCI SSC by formed by: 1. AMEX 2. Discover 3. JCB 4. MasterCard 5. Visa Inc. PCI SSC consists of: 1. PCI DSS Standards 2. PA DSS Standards 3. P2PE - Standards 4. PTS (P01,HSM and PIN) Standards 5. PCI Card
More informationCompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ]
s@lm@n CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ] Topic break down Topic No. of Questions Topic 1: Volume A 117 Topic 2: Volume B 122 Topic
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationERS IT Portfolio Report
Administration and Operations Committee ERS IT Portfolio Report January 21 st, 2014 1 Agenda Information Technology Projects Summary 2013 End of Year Metrics Project Management Office CMERS Website Applications
More informationGateway Transportation Collaboration Forum. 21/01/2015 Gateway Transportation Collaboration Forum 1
Gateway Transportation Collaboration Forum 21/01/2015 Gateway Transportation Collaboration Forum 1 21/01/2015 Gateway Transportation Collaboration Forum 2 BACKGROUND AND CONTEXT 2006 Asia-Pacific Gateway
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationHMIS Security Training 2017 Training Purpose All HMIS users are required to attend the security training annually, to maintain their HMIS license. The Coalition for the Homeless (CFTH) takes this very
More informationWeb Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates
Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates A test commissioned by McAfee, Inc. and performed by AV-Test GmbH Date of the report: December 7 th, 2010 (last
More informationITD SERVER MANAGEMENT PROCEDURE
ITD SERVER MANAGEMENT PROCEDURE PURPOSE This procedure ensures the operation and maintenance of all ITD servers in a safe and effective fashion. This is achieved by the routine monitoring and timely update
More informationINSPIRE. User Screen Guide: MST, Administrative
INSPIRE User Screen Guide: MST, Administrative The EPISCenter is a project of the Prevention Research Center, College of Health and Human Development, Penn State University, and is funded by the Pennsylvania
More informationSFC strengthens internet trading regulatory controls
SFC strengthens internet trading regulatory controls November 2017 Internet trading What needs to be done now? For many investors, online and mobile internet trading is now an everyday interaction with
More informationFREQUENTLY ASKED QUESTIONS
DISTRICT 7030 WEBSITE FREQUENTLY ASKED QUESTIONS NB: THIS WILL BE REGULARLY UPDATED FOR YOUR INFORMATION. 1. This website works better with the following browsers: Internet Explorer (IE) and Google Chrome.
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationPassMark S O F T W A R E
PassMark S O F T W A R E Antivirus, Internet Security and Total Security Products Performance Benchmarking (2009) Vista/Dual Core Hardware March 2009 Document: Antivirus, Internet Security and Total Security
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationHow do I request a new user name or delete the account of an existing user?
FAQs Accessing the Application How do I request a new user name or delete the account of an existing user? Please complete the user access form that was sent as an email. If you need additional users to
More informationSophos Central for partners and customers: overview and new features. Jonathan Shaw Senior Product Manager, Sophos Central
Sophos Central for partners and customers: overview and new features Jonathan Shaw Senior Product Manager, Sophos Central What is Sophos Central? Partner Dashboard Admin Self Service Allows Partners to
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More information2018 CALENDAR OF ACTIVITIES
2018 CALENDAR OF ACTIVITIES WHO WE ARE AND WHAT WE OFFER Ý Public Trainings Technical Sessions Reviews GMM Other Chapter Activities Conferences Professionals Night ISACA was incorporated by individuals
More informationDAS LRS Monthly Service Report
DAS LRS Monthly Service Report Customer Service Manager : Diploma Aggregation Service : Daniel Ward Project/document reference : DAS LRS 2010-12 Issue : 1.0 Issue date : 17 th January 2011 Reporting Period
More informationInfocomm Professional Development Forum 2011
Infocomm Professional Development Forum 2011 1 Agenda Brief Introduction to CITBCM Certification Business & Technology Impact Analysis (BTIA) Workshop 2 Integrated end-to-end approach in increasing resilience
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationJordan Levesque - Keeping your Business Secure
Jordan Levesque - Keeping your Business Secure Review of PCI Benefits of hosting with RCS File Integrity Monitoring Two Factor Log Aggregation Vulnerability Scanning Configuration Management and Continuous
More informationEpicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017)
Epicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017) GENERAL TERMS & INFORMATION A. GENERAL TERMS & DEFINITIONS 1. This Services Specification
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationNERC Monitoring and Situational Awareness Conference: Loss of Control Center Procedures and Testing Practices
NERC Monitoring and Situational Awareness Conference: Loss of Control Center Procedures and Testing Practices Ed Batalla Director of Technology Florida Power & Light Company September 19, 2013 Florida
More informationNorth American Portability Management, LLC LNPA Transition Contingency Rollback. Industry Working Session January 16 th, 2018
North American Portability Management, LLC LNPA Transition Contingency Rollback Industry Working Session January 16 th, 2018 Agenda Resubmission Aid Issue 2 Refinements and updated plan Decision Process
More informationCloud Affinity Water Peter Rowland - CIO
Cloud Computing @ Affinity Water Peter Rowland - CIO 1 Copyright 2015 Tata Consultancy Services Limited Intro The global technology revolution presents our business with the opportunity to: Be more innovative.more
More informationHow to Derive Value from Business Continuity Planning
How to Derive Value from Continuity Planning Presented by Randall J. Till, Principal Till Continuity Group Spring World 2011 Disaster Recovery Journal March 28, 2011 1 BCM Challenges BCM funding is limited
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationThe Scenes of Cyber Crime
Organizer: BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES The Scenes of Cyber Crime 5 July 2011 Toralv Dirro EMEA Security Strategist, McAfee Labs Low Risk + High Profit -> Crime 500,000 Cyber
More informationCIMA Asia. Interactive Timetable Live Online
CIMA Asia Interactive Timetable 2017 2018 Live Online Version 1 Information last updated 09 October 2017 Please note: Information and dates in this timetable are subject to change. CIMA Cert BA Course
More informationNorth American Portability Management, LLC Transition Oversight Manager. TOEP Webcast November 7, 2017
North American Portability Management, LLC Transition Oversight Manager TOEP Webcast November 7, 2017 Welcome to today s webcast Submit Questions for Q&A Webcast Issues Click the Q&A widget at the bottom
More informationSF Current Cumulative PTF Package. I B M i P R E V E N T I V E S E R V I C E P L A N N I N G I N F O R M A T I O N
SF98710 Current Cumulative PTF Package I B M i P R E V E N T I V E S E R V I C E P L A N N I N G I N F O R M A T I O N Copyright IBM Corporation 1993, 2017 - The information in this document was last updated:
More informationBANGLADESH UNIVERSITY OF PROFESSIONALS ACADEMIC CALENDAR FOR MPhil AND PHD PROGRAM 2014 (4 TH BATCH) PART I (COURSE WORK)
BANGLADESH UNIVERSITY OF PROFESSIONALS ACADEMIC CALENDAR FOR MPhil AND PHD PROGRAM 2014 (4 TH BATCH) DAY Soci-Economic and Political History of Bangladesh PART I (COURSE WORK) 1 ST SEMESTER 2 ND SEMESTER
More informationThis report is based on sampled data. Jun 1 Jul 6 Aug 10 Sep 14 Oct 19 Nov 23 Dec 28 Feb 1 Mar 8 Apr 12 May 17 Ju
0 - Total Traffic Content View Query This report is based on sampled data. Jun 1, 2009 - Jun 25, 2010 Comparing to: Site 300 Unique Pageviews 300 150 150 0 0 Jun 1 Jul 6 Aug 10 Sep 14 Oct 19 Nov 23 Dec
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationCustomer Forum. Access to Data. Author, Department. 26 April 2018
Customer Forum Access to Data Author, Department 26 April 2018 Context Today, more data is being generated, with more interest in it, and more applications for it AusNet Services aims to be a provider
More informationIT Service Level Agreement
The Glasgow School of Art IT Service Level Agreement September 2016 Policy Control Title IT Service Level Agreement Date Approved Sep 2016 Approving Bodies Executive Group Implementation Date September
More informationMaher Duessel Not for Profit Training July Agenda
Maher Duessel Not for Profit Training July 2018 Agenda Review of ITGCs Review of IT Checklist Other Security Issues Questions 2 1 Review of General Computer Controls 3 ITGC What is that? Information Technology
More informationWEB 2.0 & EAST ASIAN LIBRARIANS JIANG, SHUYONG
WEB 2.0 & EAST ASIAN LIBRARIANS JIANG, SHUYONG ALA-AAMES June 27, 2010 Washington D.C. East Asian Librarian Survey on Using Web 2.0 Tools It is to know how and what web 2.0 tools are used in promoting
More informationIT Management Excellence. Contents are subject to change. For the latest updates visit Page 1 of 7
IT Management Excellence Page 1 of 7 Why Attend Managing an IT function is very different from developing or supporting technical IT solutions. General management skills are helpful to the IT manager,
More informationSF Current Cumulative PTF Package. I B M i P R E V E N T I V E S E R V I C E P L A N N I N G I N F O R M A T I O N
SF98730 Current Cumulative PTF Package I B M i P R E V E N T I V E S E R V I C E P L A N N I N G I N F O R M A T I O N Copyright IBM Corporation 1993, 2018 - The information in this document was last updated:
More informationPeak Season Metrics Summary
Peak Season Metrics Summary Week Ending Week Ending Number Date Number Date 1 6-Jan-18 27 7-Jul-18 Current 2 13-Jan-18 28 14-Jul-18 3 2-Jan-18 29 21-Jul-18 4 27-Jan-18 3 28-Jul-18 5 3-Feb-18 Thursday,
More informationAdvancing the Art of Internet Edge Outage Detection
Advancing the Art of Internet Edge Outage Detection ACM Internet Measurement Conference 2018 Philipp Richter MIT / Akamai Ramakrishna Padmanabhan University of Maryland Neil Spring University of Maryland
More information