Lab #3 Defining an Information Systems Security Policy Framework for an IT Infrastructure

Size: px
Start display at page:

Download "Lab #3 Defining an Information Systems Security Policy Framework for an IT Infrastructure"

Transcription

1 Lab #3 Defining an Information Systems Security Policy Framework for an IT Infrastructure Introduction In any company, a security policy helps to mitigate the risks and threats the business encounters. However, unless a company happens to be in the information security industry, the task of identifying, assessing, and categorizing the myriad of risks can be an overwhelming one. Thankfully, a company s IT infrastructure can be divided in a logical manner to more easily sort the risks. These divisions are the seven IT domains. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. In this lab, you will identify known risks, threats, and vulnerabilities, and you will determine which domain of a typical IT infrastructure is affected. You will then discuss security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. You will next determine which appropriate security policy definition will help mitigate the identified risk, threat, or vulnerability. You will organize your results into a framework that can become part of a layered security strategy. Learning Objectives Upon completing this lab, you will be able to: Identify risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Determine which domain is impacted by the risk, threat, or vulnerability. Determine security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. Select the appropriate policy definitions needed throughout the seven domains of a typical IT infrastructure to mitigate the identified risks, threats, and vulnerabilities. Organize the security policies in an overall framework as part of a layered security strategy for the seven domains of a typical IT infrastructure Deliverables Upon completion of this lab you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. Hands-On Steps Note: This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps.

2 3. Review the seven domains of a typical IT infrastructure (see Figure) 4. On your local computer, open a new Internet browser window. 5. In the address box of your Internet browser, type the URL and press Enter to open the Web site. 6. Review the information to determine the components of an information systems security policy. 7. In your Lab Report file, identify the major components of an information systems security policy. 8. In your Lab Report file, align each of the risks, threats, and vulnerabilities identified in the table in Lab 2 to the domain impacted (refer to Figure for the seven IT domains). 9. In your Lab Report file, explain how risks like these can be mitigated with an information systems security policy. 10. In the address box of your Internet browser, type the URL _Primer.pdf and press Enter to open the Web site. 11. Read the SANS Institute s document, A Short Primer for Developing Security Policies. 12. Visit the website for various information security policy templates and get yourself acquainted with these templates. 13. In your Lab Report file, define what a policy is according to the SANS Institute. Note:It is important to understand how and why a policy differs from a standard, a procedure, and a guideline. From the top down, the policy should not change or need modification unless a major shift in corporate values or business process occurs. On the contrary, guidelines should be reviewed, and possibly changed, often.

3 Similarly, even though a policy should be written clearly and concisely, it is a high-level document answering the why questions. Standards are also high-level, but instead should answer the what questions. Finally, the procedures and guidelines provide the how. 14. Using the SANS primer and the various policy templates (step 12), in your Report file, describe the basic requirements of policies, their benefits, the control factors, and policies every organization needs. 15. Review the identified risks, threats, and vulnerabilities in the table in step 8, and then select an appropriate policy definition that might help mitigate each of them. You can select one of the SANS policies or choose one from the following list: Policy Definition List Acceptable Use Policy Access Control Policy Definition Business Continuity Business Impact Analysis BIA) Policy Definition Business Continuity Disaster Recovery Policy Definition Data Classification Standard & Encryption Policy Definition Internet Ingress/Egress Traffic Policy Definition Mandated Security Awareness Training Policy Definition Production Data Backup Policy Definition Remote Access Policy Definition Vulnerability Management & Vulnerability Window Policy Definition Wide Area Network (WAN) Service Availability Policy Definition 16. In your Lab Report file, organize your security policies and the definitions you selected so that they can be used as part of an overall framework for a layered security strategy.

4 Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Identify risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. [25%] 2. Determine security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. [25%] 3. Select the appropriate policy definitions needed throughout the seven domains of a typical IT infrastructure to mitigate the identified risks, threats, and vulnerabilities. [25%]. 4. Organize the security policies in an overall framework as part of a layered security strategy for the seven domains of a typical IT infrastructure. [25%]

5 Lab #3 - Assessment Worksheet Defining an Information Systems Security Policy Framework for an IT Infrastructure Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you identified known risks, threats, and vulnerabilities, and you determined which domain of a typical IT infrastructure was affected. You then discussed security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. You next determined which appropriate security policy definition helped mitigate the identified risk, threat, or vulnerability. You organized your results into a framework that could become part of a layered security strategy. Lab Assessment Questions 1. What is the purpose of defining a framework for IT security policies? 2. What are the major components of an information systems security policy? 3. What is the definition of a policy? 4. What are the benefits of a policy? 5. What policy definition in the SANS primer or in the list provided in the lab is required to restrict and prevent unauthorized access to organization-owned IT systems and applications? 6. What policy definition in the SANS primer or in the list provided in the lab can help remind employees in the User Domain about ongoing acceptable use and unacceptable use? 7. Why should an organization have a remote access policy even if it already has an acceptable use policy (AUP) for employees? 8. What security controls can be implemented on your mail system to help prevent rogue or malicious software disguised as URL links or attachments from attacking the Workstation Domain? What kind of policy definition should you use? 9. Why should an organization have annual security awareness training that includes an overview of the organization s policies?

Lab #3 Defining the Scope and Structure for an IT

Lab #3 Defining the Scope and Structure for an IT Lab #3 Defining the Scope and Structure for an IT Risk Management Plan Introduction Every company needs to take risks to thrive, but not too much risk which could be catastrophic. Finding the balanced

More information

Lab #1 Creating an IT Infrastructure Asset List and. Identifying Where Privacy Data Resides

Lab #1 Creating an IT Infrastructure Asset List and. Identifying Where Privacy Data Resides Lab #1 Creating an IT Infrastructure Asset List and Identifying Where Privacy Data Resides Introduction Privacy is of growing concern, especially that of individual personal information. Between businesses

More information

ACM Retreat - Today s Topics:

ACM Retreat - Today s Topics: ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party

More information

Vulnerability Management Policy

Vulnerability Management Policy Vulnerability Management Policy Document Type: Policy (PLCY) Endorsed By: Information Technology Policy Committee Date: 4/29/2011 Promulgated By: Chancellor Herzog Date: 6/16/2011 I. Introduction IT resources

More information

Information System Security. Nguyen Ho Minh Duc, M.Sc

Information System Security. Nguyen Ho Minh Duc, M.Sc Information System Security Nguyen Ho Minh Duc, M.Sc Contact 2 Nguyen Ho Minh Duc Phone: 0935 662211 E-mail: duc.nhm@gmail.com Web:http://nhmduc.wordpress.com 3 Lecture 01 INTRODUCTION Topics 4 What information

More information

COMPUTER AND NETWORK SUPPORT TECHNICIAN PROGRAM

COMPUTER AND NETWORK SUPPORT TECHNICIAN PROGRAM Network + Networking NH5200 Fundamentals COURSE TITLE: Network+ Networking Fundamentals 104 Total Hours 66 Theory Hours 38 Laboratory Hours COURSE OVERVIEW: After completing this course, students will

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

An ICS Whitepaper Choosing the Right Security Assessment

An ICS Whitepaper Choosing the Right Security Assessment Security Assessment Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available

More information

Choosing the Right Security Assessment

Choosing the Right Security Assessment A Red Team Whitepaper Choosing the Right Security Navigating the various types of Security s and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding

More information

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

CCNA Semester 2 - Skills Based Final Exam - Student Training Instructor Guidelines - Exam Overview and Administration

CCNA Semester 2 - Skills Based Final Exam - Student Training Instructor Guidelines - Exam Overview and Administration CCNA Semester 2 - Skills Based Final Exam - Student Training Instructor Guidelines - Exam Overview and Administration This exam is for use with regular CCNA classes taught by local academies to high school

More information

SC27 WG4 Mission. Security controls and services

SC27 WG4 Mission. Security controls and services copyright ISO/IEC JTC 1/SC 27, 2012. This is an SC27 public document and is distributed as is for the sole purpose of awareness and promotion of SC 27 standards and so the text is not to be used for commercial

More information

Cyber Hygiene: A Baseline Set of Practices

Cyber Hygiene: A Baseline Set of Practices [DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright

More information

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government

More information

Checklist: Credit Union Information Security and Privacy Policies

Checklist: Credit Union Information Security and Privacy Policies Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC

More information

Client Computing Security Standard (CCSS)

Client Computing Security Standard (CCSS) Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices

More information

Cyber Security Program

Cyber Security Program Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by

More information

MAKING SECURITY AWARENESS HAPPEN: APPENDICES

MAKING SECURITY AWARENESS HAPPEN: APPENDICES 82-01-04 DATA SECURITY MANAGEMENT MAKING SECURITY AWARENESS HAPPEN: APPENDICES Susan Hansche, CISSP INSIDE Instructional Strategies (Training Delivery Methods); Suggested IT System Security Training Courses

More information

Network Access Control and VoIP. Ben Hostetler Senior Information Security Advisor

Network Access Control and VoIP. Ben Hostetler Senior Information Security Advisor Network Access Control and VoIP Ben Hostetler Senior Information Security Advisor Objectives/Discussion Points Network Access Control Terms & Definitions Certificate Based 802.1X MAC Authentication Bypass

More information

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager 2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National

More information

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017 Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017 ITD 3443 Network Security Students will provide Cyber Defense while understanding Cyber Threats. Their attack types

More information

Guidelines for Data Protection

Guidelines for Data Protection Guidelines for Data Protection Doug Markiewicz Policy and Compliance Coordinator Information Security Office www.cmu.edu/iso Background Information Security Policy Published in December 2008 Motivations

More information

HIPAA Compliance Assessment Module

HIPAA Compliance Assessment Module Quick Start Guide HIPAA Compliance Assessment Module Instructions to Perform a HIPAA Compliance Assessment Performing a HIPAA Compliance Assessment 2 HIPAA Compliance Assessment Overview 2 What You Will

More information

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Seven Habits of Cyber Security for SMEs Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Security Policy is an important

More information

CompTIA Security+ Study Guide (SY0-501)

CompTIA Security+ Study Guide (SY0-501) CompTIA Security+ Study Guide (SY0-501) Syllabus Session 1 At the end of this session, students will understand what risk is and the basics of what it means to have security in an organization. This includes

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

Disaster Recovery and Business Continuity Planning (Mile2)

Disaster Recovery and Business Continuity Planning (Mile2) Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity

More information

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each. Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard

More information

QuickBooks Online Security White Paper July 2017

QuickBooks Online Security White Paper July 2017 QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a

More information

EXHIBIT A. - HIPAA Security Assessment Template -

EXHIBIT A. - HIPAA Security Assessment Template - Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,

More information

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The

More information

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our

More information

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology

More information

This course includes 14 lessons and 5 Course Activities. Each lesson contains one or more Lesson Activities. The lessons cover the following topics:

This course includes 14 lessons and 5 Course Activities. Each lesson contains one or more Lesson Activities. The lessons cover the following topics: Syllabus Computer Science 1B Overview This one-semester course is intended as a practical, hands-on guide to help you understand various phases of the Software Development Life Cycle (SDLC). This course

More information

Introduction to Business continuity Planning

Introduction to Business continuity Planning Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources

More information

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

existing customer base (commercial and guidance and directives and all Federal regulations as federal) ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of

More information

Securing an IT. Governance, Risk. Management, and Audit

Securing an IT. Governance, Risk. Management, and Audit Securing an IT Organization through Governance, Risk Management, and Audit Ken Sigler Dr. James L. Rainey, III CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint cf the

More information

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical

More information

Heavy Vehicle Cyber Security Bulletin

Heavy Vehicle Cyber Security Bulletin Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin

More information

Administering a SQL Database Infrastructure

Administering a SQL Database Infrastructure Administering a SQL Database Infrastructure 20764B; 5 Days; Instructor-led Course Description This five-day instructor-led course provides students who administer and maintain SQL Server databases with

More information

Objectives of the Security Policy Project for the University of Cyprus

Objectives of the Security Policy Project for the University of Cyprus Objectives of the Security Policy Project for the University of Cyprus 1. Introduction 1.1. Objective The University of Cyprus intends to upgrade its Internet/Intranet security architecture. The University

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being

More information

CND Exam Blueprint v2.0

CND Exam Blueprint v2.0 EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding

More information

CYBER SECURITY AND MITIGATING RISKS

CYBER SECURITY AND MITIGATING RISKS CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY

More information

Network Security

Network Security 44-555 Network Security Instructor: Scott Bell Office: 2220 Colden Hall Email: sbell@nwmissouri.edu Phone: (660) 562-1699 Description: An introduction to the fundamentals of network security, including

More information

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy Policy Title: Binder Association: Author: Review Date: Pomeroy Security Principles PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy Joseph Shreve September of each year or as required Purpose:...

More information

A company built on security

A company built on security Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for

More information

Required Textbook and Materials. Course Objectives. Course Outline

Required Textbook and Materials. Course Objectives. Course Outline Information Technology Security (ITSY 1342) Credit: 3 semester credit hours (2 hours lecture, 4 hours lab) Prerequisite/Co-requisite: None Course Description Instruction in security for network hardware,

More information

Developing a Model for Cyber Security Maturity Assessment

Developing a Model for Cyber Security Maturity Assessment Developing a Model for Cyber Security Maturity Assessment Tariq Al-idrissi, Associate Vice President IT, Trent University Ian Thomson, Information Security Officer, Trent University June 20 th, 2018 (8:45am

More information

Cybersecurity for Health Care Providers

Cybersecurity for Health Care Providers Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact

More information

NEN The Education Network

NEN The Education Network NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected

More information

Juniper Vendor Security Requirements

Juniper Vendor Security Requirements Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks

More information

2788 : Designing High Availability Database Solutions Using Microsoft SQL Server 2005

2788 : Designing High Availability Database Solutions Using Microsoft SQL Server 2005 2788 : Designing High Availability Database Solutions Using Microsoft SQL Server 2005 Introduction Elements of this syllabus are subject to change. This three-day instructor-led course provides students

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other

More information

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber

More information

The Challenge of Cloud Security

The Challenge of Cloud Security The Challenge of Cloud Security Dr. Ray Klump Chair, Mathematics & Computer Science Director, MS in Information Security Lewis University Poll Question #1: What type of cloud service are you

More information

Procurement Language for Supply Chain Cyber Assurance

Procurement Language for Supply Chain Cyber Assurance Procurement Language for Supply Chain Cyber Assurance Procurement Language for Supply Chain Cyber Assurance Introduction For optimal viewing of this PDF, please view in Adobe Acrobat. This document serves

More information

HIPAA Security and Privacy Policies & Procedures

HIPAA Security and Privacy Policies & Procedures Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400

More information

Cloud Computing Lectures. Cloud Security

Cloud Computing Lectures. Cloud Security Cloud Computing Lectures Cloud Security 1/17/2012 Why security is important for cloud computing? Multi Tenancy, that is same infrastructure, platform, Service is shared among vendors. It is accessed over

More information

Position Description IT Auditor

Position Description IT Auditor Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership

More information

ABOUT US SECURITY. A Legacy of Providing Solutions. Protecting Your Data

ABOUT US SECURITY. A Legacy of Providing Solutions. Protecting Your Data RnD Consulting LLC 957 Route 33 PMB 143 Hamilton Square, NJ 08690 Tel. (800) 949-8215 Fax. (609) 586-1712 mike@rndconsultingnj.com josh@rndconsultingnj.com ABOUT US A Legacy of Providing Solutions With

More information

How to Conduct a Business Impact Analysis and Risk Assessment

How to Conduct a Business Impact Analysis and Risk Assessment How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda

More information

Symantec Business Continuity Solutions for Operational Risk Management

Symantec Business Continuity Solutions for Operational Risk Management Symantec Business Continuity Solutions for Operational Risk Management Manage key elements of operational risk across your enterprise to keep critical processes running and your business moving forward.

More information

"Charting the Course... MOC C: Administering an SQL Database Infrastructure. Course Summary

Charting the Course... MOC C: Administering an SQL Database Infrastructure. Course Summary Description Course Summary This five-day instructor-led course provides students who administer and maintain SQL databases with the knowledge and skills to administer a SQL server database infrastructure.

More information

ISO27001 Preparing your business with Snare

ISO27001 Preparing your business with Snare WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security

More information

Security analysis and assessment of threats in European signalling systems?

Security analysis and assessment of threats in European signalling systems? Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide

More information

IT 204 Final Project Guidelines and Rubric Database Proposal and Implementation Plan Report

IT 204 Final Project Guidelines and Rubric Database Proposal and Implementation Plan Report IT 204 Final Project Guidelines and Rubric Database Proposal and Implementation Plan Report Overview The final project for this course is the creation of a database proposal and implementation plan report

More information

Clinical Information Security Pre-Purchase Security Assessment Vendor Packet Instructions

Clinical Information Security Pre-Purchase Security Assessment Vendor Packet Instructions Clinical Information Security Pre-Purchase Security Assessment Vendor Packet Instructions Executive Summary Mayo Clinic s primary value is The needs of the patient come first. It is built into our daily

More information

The Honest Advantage

The Honest Advantage The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents

More information

Guide to cyber security/cip specifications and requirements for suppliers. September 2016

Guide to cyber security/cip specifications and requirements for suppliers. September 2016 Guide to cyber security/cip specifications and requirements for suppliers September 2016 Introduction and context The AltaLink cyber security/cip specification and requirements for suppliers (the standard)

More information

Microsoft Administering a SQL Database Infrastructure

Microsoft Administering a SQL Database Infrastructure 1800 ULEARN (853 276) www.ddls.com.au Microsoft 20764 - Administering a SQL Database Infrastructure Length 5 days Price $4290.00 (inc GST) Version C Overview This five-day instructor-led course provides

More information

Business Continuity Management

Business Continuity Management University of Oslo INF3510 Information Security Autumn 2018 Workshop Questions and s Lecture 8: Risk Management and Business Continuity Management Question 1: Risk factors A possible definition of information

More information

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks

More information

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended

More information

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness: PREPARE BEFORE AN INCIDENT HAPPENS 2 Digital Forensics Readiness The idea that all networks can be compromised

More information

Modelling Cyber Security Risk Across the Organization Hierarchy

Modelling Cyber Security Risk Across the Organization Hierarchy Modelling Cyber Security Risk Across the Organization Hierarchy Security issues have different causes and effects at different layers within the organization one size most definitely does not fit all.

More information

10/12/2017 WHAT IS NIST SP & WHY SHOULD I CARE ABOUT IT? OVERVIEW SO, WHAT IS NIST?

10/12/2017 WHAT IS NIST SP & WHY SHOULD I CARE ABOUT IT? OVERVIEW SO, WHAT IS NIST? WHAT IS NIST SP 800-53 & WHY SHOULD I CARE ABOUT IT? CHRIS JACKSON, STATE OF OHIO, OBM IT AUDIT MANAGER DANIEL MILKS, STATE OF OHIO, OBM SENIOR IT AUDITOR OVERVIEW Background & Understanding Importance

More information

Course Outline. Core Solutions of Microsoft Exchange Server 2013 Course 20341A: 5 days Instructor Led

Course Outline. Core Solutions of Microsoft Exchange Server 2013 Course 20341A: 5 days Instructor Led Core Solutions of Microsoft Exchange Server 2013 Course 20341A: 5 days Instructor Led About this Course In this course, students will learn to configure and manage a Microsoft Exchange Server 2013 messaging

More information

BCM Program Development

BCM Program Development BCM Program Development Course Description: The BCM Program Development course provides you with knowledge to develop an auditable and actionable business continuity program for your organization. This

More information

1) Are employees required to sign an Acceptable Use Policy (AUP)?

1) Are employees required to sign an Acceptable Use Policy (AUP)? Business ebanking Risk Assessment & Controls Evaluation As a business owner, you want to be sure you have a strong process in place for monitoring and managing who has access to your Business ebanking

More information

WORKSHARE SECURITY OVERVIEW

WORKSHARE SECURITY OVERVIEW WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625

More information

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,

More information

Threat and Vulnerability Assessment Tool

Threat and Vulnerability Assessment Tool TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.

More information

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HEALTHCARE ORGANIZATIONS ARE UNDER INTENSE SCRUTINY BY THE US FEDERAL GOVERNMENT TO ENSURE PATIENT DATA IS PROTECTED Within

More information

Administering a SQL Database Infrastructure (20764)

Administering a SQL Database Infrastructure (20764) Administering a SQL Database Infrastructure (20764) Formato do curso: Presencial e Live Training Preço: 1630 Nível: Avançado Duração: 35 horas This five-day instructor-led course provides students who

More information

Annual Report on the Status of the Information Security Program

Annual Report on the Status of the Information Security Program October 2, 2014 San Bernardino County Employees Retirement Association 348 W. Hospitality Lane, Third Floor San Bernardino, CA 92415-0014 1 Table of Contents I. Executive Summary... 3 A. Overview... 3

More information

Data Security and Privacy Principles IBM Cloud Services

Data Security and Privacy Principles IBM Cloud Services Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer

More information

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project

More information

CompTIA Mobility+ Certification

CompTIA Mobility+ Certification CompTIA Mobility+ Certification Duration: 5 days Price: $4000 Certifications: CompTIA Mobility+ Exams: MB0-001 Course Overview The mobile age is upon us. More and more people are using tablets, smartphones,

More information

emarketeer Information Security Policy

emarketeer Information Security Policy emarketeer Information Security Policy Version Date 1.1 2018-05-03 emarketeer Information Security Policy emarketeer AB hereafter called emarketeer is a leading actor within the development of SaaS-service

More information

IoT & SCADA Cyber Security Services

IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au

More information

20764C: Administering a SQL Database Infrastructure

20764C: Administering a SQL Database Infrastructure 20764C: Administering a SQL Database Infrastructure Course Details Course Code: Duration: Notes: 20764C 5 days This course syllabus should be used to determine whether the course is appropriate for the

More information

Writing Information Security Policy for SMEs

Writing Information Security Policy for SMEs Writing Information Security Policy for SMEs SANS Information Security Webcast 21 Feb 2012 Geneva, Switzerland version 1d Jim Herbeck Managing Partner, Nouvel Strategies JHerbeck@NouvelStrategies.com Member

More information

IT INFRASTRUCTURE PROJECT PHASE II INSTRUCTIONS

IT INFRASTRUCTURE PROJECT PHASE II INSTRUCTIONS Prjoect Overview IT INFRASTRUCTURE PROJECT PHASE II INSTRUCTIONS Phase II of the project will pick up where the IT Infrastructure Project Phase I left off. In this project, you will see how a network administrator

More information

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations EXCERPT NIST Special Publication 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations An Excerpt Listing All: Security Requirement Families & Controls Security

More information