SlideShare une entreprise Scribd logo

Community IT Webinar - Crafting IT Security Policy Apr 2015

Télécharger en tant que PPTX, PDF
Community IT Innovators
Community IT Innovators

The document summarizes a webinar about crafting IT security policy. It discusses how the threat landscape has changed in recent years with many high-profile data breaches. It introduces the CIA security framework of confidentiality, integrity and availability and how to assess risks to data based on these factors. It provides tips on inventorying organizational data and assigning risk levels. The presentation outlines how to develop IT policy by applying the CIA framework, including policies for IT departments, end users, passwords, and bring your own device. The goal is to have agreed upon security principles in writing to guide decision making and protocols.

Technologie
1  sur  45
Crafting IT Security Policy Community IT Innovators Webinar Series April 23, 2015
Crafting IT Security Policy Community IT Innovators Webinar Series April 23, 2015
Webinar Tips • Interact Ask questions via chat Connect on Twitter • Focus Avoid multitasking. You may just miss the best part of the presentation • Webinar PowerPoint & Recording PowerPoint and recording links will be shared after the webinar
About Community IT Our skilled and certified team of IT professionals serves the greater Washington nonprofit community, helping organizations of all sizes and capacities to… Advance mission through the effective use of technology. Invested Work exclusively with nonprofit organizations, serving over 900 since 1993. Strategic Help our clients make IT decisions that support mission. Collaborative Team of over 30 staff who empower you to make informed IT choices.
Presenter Johan Hammerstrom President jhammerstrom@communityit.com @hammerstromj
• IT Threat landscape in 2015 • CIA Security Framework • Security as IT Policy • IT Policy Guidelines Agenda
• Target & Home Depot • Celebrity iCloud hack • Sony Pictures, “Dark Hotel” • Heartbleed, Sandworm, Wirelurker • Superfish Record year for breaches
• Firewalls only protect the data that stays behind them • Passwords are no longer secure • Anyone can be a hacker Times have changed
Security Framework http://commons.wikimedia.org/wiki/File:Seattle_library_framework_inside.jpg
CIA Security Framework
• Who can read the data? • Controlling access to the data Risk: Disclosure of information Confidentiality LOW MODERATE HIGH Disclosure of information could be expected to have a limited adverse effect Disclosure of information could be expected to have a serious adverse effect Disclosure of information could be expected to have a severe or catastrophic effect
• Who can edit data? • Ensuring accuracy of the data Risk: Modification or destruction of data Integrity LOW MODERATE HIGH Modification or destruction of data could be expected to have a limited adverse effect Modification or destruction of data could be expected to have a serious adverse effect Modification or destruction of data could be expected to have a severe or catastrophic effect
• Is data accessible? • Ensuring access to the data when needed Risk: Disruption of access to information Availability LOW MODERATE HIGH Disruption of access to or use of information could be expected to have a limited adverse effect Disruption of access to or use of information could be expected to have a serious adverse effect Disruption of access to or use of information could be expected to have a severe or catastrophic effect
CIA Security Framework
Inventory Your Data http://commons.wikimedia.org/wiki/File:Modern_warehouse_with _pallet_rack_storage_system.jpg
• Exhaustive list of all organizational data • Analyze it from the 3 CIA Perspectives • Assign a Low, Moderate, High Risk Inventory your Data
• PDF of signed Annual Performance Review • Confidentiality: Limit to HR and Supervisor (this may be a regulatory issue) - HIGH • Integrity: Data should not change and must have utmost confidence file is not altered - HIGH • Availability: Needed only upon request, 2-3 days - LOW CIA analysis
• Accounting System • Confidentiality: Limit to Finance Department and President - MODERATE • Integrity: Constantly updated. Roll back last thirty days’ activity. Must have record of who changed what. - HIGH • Availability: Downtime 8 hrs acceptable. - MODERATE CIA analysis
CIA Inventory Confidentiality Integrity Availability Sensitive Data Medical Records High High High Donor Contacts Moderate High Moderate Financial System Moderate High Moderate HR Records High Moderate Low Less Sensitive Email Moderate High High Grant Proposals Low Moderate High Program Mgmt Low Moderate Moderate
Security as IT Policy http://commons.wikimedia.org/wiki/File:Stipula_fountain_pen.jpg
Agreed upon system of principles to guide IT decision making and achieve certain IT outcomes. Written as a Statement of intent implemented as IT procedure or protocol. IT Policy http://en.wikipedia.org/wiki/Policy
Organization agrees on decisions and outcomes related to IT Security. Agreement is documented in writing. IT Policy
IT Department Policy http://commons.wikimedia.org/wiki/File:Michael_Holley_Computer_1978_NWCN.jpg
Informs both Architecture and Process. Should include: • Identity and Access Management • Endpoint Management • Data Retention IT Department Policy
• Segregate data based on inventory • Restrict/remove remote access to sensitive data • Consider logging and monitoring Confidentiality Applied
• Maintain anti-virus & anti-malware • Restrict permissions as much as possible • “Harden” servers • Scan for vulnerabilities on a schedule • Lock doors and install fire alarms Integrity Applied
• Identify availability requirements • Invest appropriately • Backup rule: KISS! • Keep extra hardware on hand • Develop business continuity plan Availability Applied
End user Policy http://commons.wikimedia.org/wiki/File:The_Park_Northpoint_-_Open_Plan_Office_Space.jpg
• Security Culture & End-User Training • Password Policy • BYOD (and BYOA) Policy • written Appropriate Use Policy End User Policy
If Putin gave you a USB charger… http://www.worldcrunch.com/rss/default/m1c0s13958/#.VL_ExMaH044 would you use it?
• User awareness is best defense • How do we engage users? • Make it mandatory, but fun • Training should be ongoing • Must be embraced by all staff End-User Training
Password Policy http://commons.wikimedia.org/wiki/File:Master_lock_with_root_password.jpg
• Should passwords be changed regularly? • Can they be complex enough to be secure? • Where else are company passwords being used? Password Policy
• Password managers allow users to store many passwords conveniently • Best generate passwords and warn to change after breaches • Options: LastPass, 1Password Secret Server, AuthAnvil Password Management
• Adds physical security to password • Much easier to use and deploy than it was two years ago • Google Authenticator Dual Factor Authentication (2FA) http://commons.wikimedia.org/wiki/File:EToken_PASS.jpg
BYOD Policy
BYOD Security Risks “Bring Your Own Device” • Confidentiality – Data leakage • Integrity – “Vector” into the company • Availability – Malware, Targeted hacking
Legal Risks • Legislated law is thin • Case law is uncertain • Exempt staff working without compensation • Personal device and data could be subpoenaed
Financial Risks • Stipends might cost more • IT Support can become entangled • Exempt staff need to be paid • Mobile Device Management (MDM) can be expensive
BYOD policy questions • What level of access is provided? • What level of support is provided? And for which staff? • Should devices be managed and controlled? For which staff?
CIA Inventory Data Confidentiality Integrity Availability Policy Sensitive Medical Records High High High no BYOD, segment wifi Donor Contacts Mod High Mod Published App Financial System Mod High Mod Published App HR Records High Mod Low no BYOD Less Sensitive Email Mod Mod High BYOD Grant Proposals Low Mod High BYOD Program Mgmt Low Mod Mod BYOD
Write it Down http://commons.wikimedia.org/wiki/File:Stipula_fountain_pen.jpg
Upcoming Webinar Microsoft Ignite Recap Thursday May 21 4:00 – 5:00 PM EST Matthew Eshleman & Steve Longenecker
After the webinar Connect with us Provide feedback Short survey after you exit the webinar. Be sure to include any questions that were not answered. Missed anything? Link to slides & recording will be emailed to you.
Questions? Author: DuMont Television/Rosen Studios, New York-photographer, Uploaded by We hope at en.wikipedia http://commons.wikimedia.org/wiki/File:20_questions_1954.JPG

Recommandé

Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?Community IT Innovators
 
501 Talks Tech presents "Enter the Intranet: What Confluence Can Do for your ...
501 Talks Tech presents "Enter the Intranet: What Confluence Can Do for your ...501 Talks Tech presents "Enter the Intranet: What Confluence Can Do for your ...
501 Talks Tech presents "Enter the Intranet: What Confluence Can Do for your ...Lucinda Stroud
 
Community IT Innovators Technology Trends Round Table 2019
Community IT Innovators Technology Trends Round Table 2019Community IT Innovators Technology Trends Round Table 2019
Community IT Innovators Technology Trends Round Table 2019Community IT Innovators
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
IT Governance
IT GovernanceIT Governance
IT GovernanceSoheil Sam Farajian
 
Gigaom-Intralinks Webcast on %22Harnessing the tyranny of autonomy%22
Gigaom-Intralinks Webcast on %22Harnessing the tyranny of autonomy%22Gigaom-Intralinks Webcast on %22Harnessing the tyranny of autonomy%22
Gigaom-Intralinks Webcast on %22Harnessing the tyranny of autonomy%22Sri Chilukuri
 
CollabDays BeNeLux Sensitivity labels: what's new
CollabDays BeNeLux Sensitivity labels: what's newCollabDays BeNeLux Sensitivity labels: what's new
CollabDays BeNeLux Sensitivity labels: what's newAlbert Hoitingh
 
Accellion Infographic: The Effects of Mobile on the Enterprise
Accellion Infographic: The Effects of Mobile on the EnterpriseAccellion Infographic: The Effects of Mobile on the Enterprise
Accellion Infographic: The Effects of Mobile on the EnterpriseProofpoint
 

Recommandé

Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?Community IT Innovators
 
501 Talks Tech presents "Enter the Intranet: What Confluence Can Do for your ...
501 Talks Tech presents "Enter the Intranet: What Confluence Can Do for your ...501 Talks Tech presents "Enter the Intranet: What Confluence Can Do for your ...
501 Talks Tech presents "Enter the Intranet: What Confluence Can Do for your ...Lucinda Stroud
 
Community IT Innovators Technology Trends Round Table 2019
Community IT Innovators Technology Trends Round Table 2019Community IT Innovators Technology Trends Round Table 2019
Community IT Innovators Technology Trends Round Table 2019Community IT Innovators
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
IT Governance
IT GovernanceIT Governance
IT GovernanceSoheil Sam Farajian
 
Gigaom-Intralinks Webcast on %22Harnessing the tyranny of autonomy%22
Gigaom-Intralinks Webcast on %22Harnessing the tyranny of autonomy%22Gigaom-Intralinks Webcast on %22Harnessing the tyranny of autonomy%22
Gigaom-Intralinks Webcast on %22Harnessing the tyranny of autonomy%22Sri Chilukuri
 
CollabDays BeNeLux Sensitivity labels: what's new
CollabDays BeNeLux Sensitivity labels: what's newCollabDays BeNeLux Sensitivity labels: what's new
CollabDays BeNeLux Sensitivity labels: what's newAlbert Hoitingh
 
Accellion Infographic: The Effects of Mobile on the Enterprise
Accellion Infographic: The Effects of Mobile on the EnterpriseAccellion Infographic: The Effects of Mobile on the Enterprise
Accellion Infographic: The Effects of Mobile on the EnterpriseProofpoint
 
Reinforce business continuity - Securely share files online with Ideolve
Reinforce business continuity - Securely share files online with IdeolveReinforce business continuity - Securely share files online with Ideolve
Reinforce business continuity - Securely share files online with IdeolveMithi Software Technologies Pvt Ltd
 
Effective data management for nonprofits
Effective data management for nonprofitsEffective data management for nonprofits
Effective data management for nonprofitsAlexander Green
 
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...David J Rosenthal
 
The New Collaboration Model and the Future of Workflow
The New Collaboration Model and the Future of WorkflowThe New Collaboration Model and the Future of Workflow
The New Collaboration Model and the Future of WorkflowNuxeo
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Christian Buckley
 
Trusted Edge Ice For Microsoft Share Point 2009
Trusted Edge Ice For Microsoft Share Point 2009Trusted Edge Ice For Microsoft Share Point 2009
Trusted Edge Ice For Microsoft Share Point 2009Alexis Brown
 
16NTC Session - Beyond the File Server
16NTC Session - Beyond the File Server16NTC Session - Beyond the File Server
16NTC Session - Beyond the File ServerCommunity IT Innovators
 
Webinar: Best Strategies to Get the Most Out of Office 365
Webinar: Best Strategies to Get the Most Out of Office 365Webinar: Best Strategies to Get the Most Out of Office 365
Webinar: Best Strategies to Get the Most Out of Office 365Alexandra Sasha Tchulkova
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
Making sense of your Microsoft Cloud licenses part 2
Making sense of your Microsoft Cloud licenses part 2 Making sense of your Microsoft Cloud licenses part 2
Making sense of your Microsoft Cloud licenses part 2 TechSoup
 
Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365Ravikumar Sathyamurthy
 
From Managing Devices to Apps to Data
From Managing Devices to Apps to DataFrom Managing Devices to Apps to Data
From Managing Devices to Apps to Datakidozen
 
Managing Potential Supporters
Managing Potential SupportersManaging Potential Supporters
Managing Potential Supporters501 Commons
 
SPUnite17 SharePoint and Data Loss Prevention
SPUnite17 SharePoint and Data Loss PreventionSPUnite17 SharePoint and Data Loss Prevention
SPUnite17 SharePoint and Data Loss PreventionNCCOMMS
 
Making Mobile Manageable
Making Mobile Manageable Making Mobile Manageable
Making Mobile Manageable Spiceworks Ziff Davis
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaSDrew Koenig
 
Blog benefits
Blog benefitsBlog benefits
Blog benefitsLC TECH VIETNAM
 
The Future of Business Process With Nintex
The Future of Business Process With NintexThe Future of Business Process With Nintex
The Future of Business Process With NintexDavid J Rosenthal
 
Zero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce ProductivityZero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce ProductivityOneLogin
 
HR Auditor - Search and eDiscovery for Microsoft Lync - LCSLog
HR Auditor - Search and eDiscovery for Microsoft Lync - LCSLogHR Auditor - Search and eDiscovery for Microsoft Lync - LCSLog
HR Auditor - Search and eDiscovery for Microsoft Lync - LCSLogsales_instant
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHanaysha
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & ControlAdetula Bunmi
 

Contenu connexe

Tendances

Reinforce business continuity - Securely share files online with Ideolve
Reinforce business continuity - Securely share files online with IdeolveReinforce business continuity - Securely share files online with Ideolve
Reinforce business continuity - Securely share files online with IdeolveMithi Software Technologies Pvt Ltd
 
Effective data management for nonprofits
Effective data management for nonprofitsEffective data management for nonprofits
Effective data management for nonprofitsAlexander Green
 
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...David J Rosenthal
 
The New Collaboration Model and the Future of Workflow
The New Collaboration Model and the Future of WorkflowThe New Collaboration Model and the Future of Workflow
The New Collaboration Model and the Future of WorkflowNuxeo
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Christian Buckley
 
Trusted Edge Ice For Microsoft Share Point 2009
Trusted Edge Ice For Microsoft Share Point 2009Trusted Edge Ice For Microsoft Share Point 2009
Trusted Edge Ice For Microsoft Share Point 2009Alexis Brown
 
Webinar: Best Strategies to Get the Most Out of Office 365
Webinar: Best Strategies to Get the Most Out of Office 365Webinar: Best Strategies to Get the Most Out of Office 365
Webinar: Best Strategies to Get the Most Out of Office 365Alexandra Sasha Tchulkova
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
Making sense of your Microsoft Cloud licenses part 2
Making sense of your Microsoft Cloud licenses part 2 Making sense of your Microsoft Cloud licenses part 2
Making sense of your Microsoft Cloud licenses part 2 TechSoup
 
From Managing Devices to Apps to Data
From Managing Devices to Apps to DataFrom Managing Devices to Apps to Data
From Managing Devices to Apps to Datakidozen
 
Managing Potential Supporters
Managing Potential SupportersManaging Potential Supporters
Managing Potential Supporters501 Commons
 
SPUnite17 SharePoint and Data Loss Prevention
SPUnite17 SharePoint and Data Loss PreventionSPUnite17 SharePoint and Data Loss Prevention
SPUnite17 SharePoint and Data Loss PreventionNCCOMMS
 
The Future of Business Process With Nintex
The Future of Business Process With NintexThe Future of Business Process With Nintex
The Future of Business Process With NintexDavid J Rosenthal
 
Zero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce ProductivityZero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce ProductivityOneLogin
 
HR Auditor - Search and eDiscovery for Microsoft Lync - LCSLog
HR Auditor - Search and eDiscovery for Microsoft Lync - LCSLogHR Auditor - Search and eDiscovery for Microsoft Lync - LCSLog
HR Auditor - Search and eDiscovery for Microsoft Lync - LCSLogsales_instant
 

Tendances (20)

Reinforce business continuity - Securely share files online with Ideolve
Reinforce business continuity - Securely share files online with IdeolveReinforce business continuity - Securely share files online with Ideolve
Reinforce business continuity - Securely share files online with Ideolve
 
Effective data management for nonprofits
Effective data management for nonprofitsEffective data management for nonprofits
Effective data management for nonprofits
 
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
 
The New Collaboration Model and the Future of Workflow
The New Collaboration Model and the Future of WorkflowThe New Collaboration Model and the Future of Workflow
The New Collaboration Model and the Future of Workflow
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
 
Trusted Edge Ice For Microsoft Share Point 2009
Trusted Edge Ice For Microsoft Share Point 2009Trusted Edge Ice For Microsoft Share Point 2009
Trusted Edge Ice For Microsoft Share Point 2009
 
16NTC Session - Beyond the File Server
16NTC Session - Beyond the File Server16NTC Session - Beyond the File Server
16NTC Session - Beyond the File Server
 
Webinar: Best Strategies to Get the Most Out of Office 365
Webinar: Best Strategies to Get the Most Out of Office 365Webinar: Best Strategies to Get the Most Out of Office 365
Webinar: Best Strategies to Get the Most Out of Office 365
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
Making sense of your Microsoft Cloud licenses part 2
Making sense of your Microsoft Cloud licenses part 2 Making sense of your Microsoft Cloud licenses part 2
Making sense of your Microsoft Cloud licenses part 2
 
Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365
 
From Managing Devices to Apps to Data
From Managing Devices to Apps to DataFrom Managing Devices to Apps to Data
From Managing Devices to Apps to Data
 
Managing Potential Supporters
Managing Potential SupportersManaging Potential Supporters
Managing Potential Supporters
 
SPUnite17 SharePoint and Data Loss Prevention
SPUnite17 SharePoint and Data Loss PreventionSPUnite17 SharePoint and Data Loss Prevention
SPUnite17 SharePoint and Data Loss Prevention
 
Making Mobile Manageable
Making Mobile Manageable Making Mobile Manageable
Making Mobile Manageable
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaS
 
Blog benefits
Blog benefitsBlog benefits
Blog benefits
 
The Future of Business Process With Nintex
The Future of Business Process With NintexThe Future of Business Process With Nintex
The Future of Business Process With Nintex
 
Zero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce ProductivityZero-compromise IDaaS: Achieve Both Security and Workforce Productivity
Zero-compromise IDaaS: Achieve Both Security and Workforce Productivity
 
HR Auditor - Search and eDiscovery for Microsoft Lync - LCSLog
HR Auditor - Search and eDiscovery for Microsoft Lync - LCSLogHR Auditor - Search and eDiscovery for Microsoft Lync - LCSLog
HR Auditor - Search and eDiscovery for Microsoft Lync - LCSLog
 

En vedette

How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHanaysha
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & ControlAdetula Bunmi
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
052215 - FAX TO DELNER THOMAS & BENNIE THOMPSON (Polish)
052215 - FAX TO DELNER THOMAS & BENNIE THOMPSON (Polish)052215 - FAX TO DELNER THOMAS & BENNIE THOMPSON (Polish)
052215 - FAX TO DELNER THOMAS & BENNIE THOMPSON (Polish)VogelDenise
 
RAYMOND MABUS (Secretary of Navy) - Wikipedia Information - EMPLOYEE of Baker...
RAYMOND MABUS (Secretary of Navy) - Wikipedia Information - EMPLOYEE of Baker...RAYMOND MABUS (Secretary of Navy) - Wikipedia Information - EMPLOYEE of Baker...
RAYMOND MABUS (Secretary of Navy) - Wikipedia Information - EMPLOYEE of Baker...VogelDenise
 
EMAILS - KENTUCKY COMMISSION ON HUMAN RIGHTS (russian)
EMAILS - KENTUCKY COMMISSION ON HUMAN RIGHTS (russian)EMAILS - KENTUCKY COMMISSION ON HUMAN RIGHTS (russian)
EMAILS - KENTUCKY COMMISSION ON HUMAN RIGHTS (russian)VogelDenise
 
Manning bradley (wikipedia information)
Manning bradley (wikipedia information)Manning bradley (wikipedia information)
Manning bradley (wikipedia information)VogelDenise
 
021013 adecco email (finnish)
021013 adecco email (finnish)021013 adecco email (finnish)
021013 adecco email (finnish)VogelDenise
 
021013 adecco email (gujarati)
021013 adecco email (gujarati)021013 adecco email (gujarati)
021013 adecco email (gujarati)VogelDenise
 
CIPR Pride Awards Yorkshire and Lincolnshire
CIPR Pride Awards Yorkshire and LincolnshireCIPR Pride Awards Yorkshire and Lincolnshire
CIPR Pride Awards Yorkshire and LincolnshirePrecise Brand Insight
 
Nuremberg crimes against humanity-peace (tamil)
Nuremberg crimes against humanity-peace (tamil)Nuremberg crimes against humanity-peace (tamil)
Nuremberg crimes against humanity-peace (tamil)VogelDenise
 
06/25/13 - DRAFT OF HOME PAGE INFORMATION FOR WEBSITE (www.vogeldenisenewsome...
06/25/13 - DRAFT OF HOME PAGE INFORMATION FOR WEBSITE (www.vogeldenisenewsome...06/25/13 - DRAFT OF HOME PAGE INFORMATION FOR WEBSITE (www.vogeldenisenewsome...
06/25/13 - DRAFT OF HOME PAGE INFORMATION FOR WEBSITE (www.vogeldenisenewsome...VogelDenise
 
031816 - WORLD NEWS RELEASE (Aremenian)
031816 - WORLD NEWS RELEASE (Aremenian)031816 - WORLD NEWS RELEASE (Aremenian)
031816 - WORLD NEWS RELEASE (Aremenian)VogelDenise
 
Wiles josiah visual resume final draft
Wiles josiah visual resume final draftWiles josiah visual resume final draft
Wiles josiah visual resume final draftjowiles
 

En vedette (20)

How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq Hanaysha
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Operating system security
Operating system securityOperating system security
Operating system security
 
¿Son vertedoiros os montes galegos?
¿Son vertedoiros os montes galegos?¿Son vertedoiros os montes galegos?
¿Son vertedoiros os montes galegos?
 
052215 - FAX TO DELNER THOMAS & BENNIE THOMPSON (Polish)
052215 - FAX TO DELNER THOMAS & BENNIE THOMPSON (Polish)052215 - FAX TO DELNER THOMAS & BENNIE THOMPSON (Polish)
052215 - FAX TO DELNER THOMAS & BENNIE THOMPSON (Polish)
 
RAYMOND MABUS (Secretary of Navy) - Wikipedia Information - EMPLOYEE of Baker...
RAYMOND MABUS (Secretary of Navy) - Wikipedia Information - EMPLOYEE of Baker...RAYMOND MABUS (Secretary of Navy) - Wikipedia Information - EMPLOYEE of Baker...
RAYMOND MABUS (Secretary of Navy) - Wikipedia Information - EMPLOYEE of Baker...
 
EMAILS - KENTUCKY COMMISSION ON HUMAN RIGHTS (russian)
EMAILS - KENTUCKY COMMISSION ON HUMAN RIGHTS (russian)EMAILS - KENTUCKY COMMISSION ON HUMAN RIGHTS (russian)
EMAILS - KENTUCKY COMMISSION ON HUMAN RIGHTS (russian)
 
Manning bradley (wikipedia information)
Manning bradley (wikipedia information)Manning bradley (wikipedia information)
Manning bradley (wikipedia information)
 
021013 adecco email (finnish)
021013 adecco email (finnish)021013 adecco email (finnish)
021013 adecco email (finnish)
 
Swahili 040412
Swahili 040412Swahili 040412
Swahili 040412
 
021013 adecco email (gujarati)
021013 adecco email (gujarati)021013 adecco email (gujarati)
021013 adecco email (gujarati)
 
CIPR Pride Awards Yorkshire and Lincolnshire
CIPR Pride Awards Yorkshire and LincolnshireCIPR Pride Awards Yorkshire and Lincolnshire
CIPR Pride Awards Yorkshire and Lincolnshire
 
Nuremberg crimes against humanity-peace (tamil)
Nuremberg crimes against humanity-peace (tamil)Nuremberg crimes against humanity-peace (tamil)
Nuremberg crimes against humanity-peace (tamil)
 
06/25/13 - DRAFT OF HOME PAGE INFORMATION FOR WEBSITE (www.vogeldenisenewsome...
06/25/13 - DRAFT OF HOME PAGE INFORMATION FOR WEBSITE (www.vogeldenisenewsome...06/25/13 - DRAFT OF HOME PAGE INFORMATION FOR WEBSITE (www.vogeldenisenewsome...
06/25/13 - DRAFT OF HOME PAGE INFORMATION FOR WEBSITE (www.vogeldenisenewsome...
 
Presentación foto denuncia
Presentación foto denunciaPresentación foto denuncia
Presentación foto denuncia
 
Macedonian
MacedonianMacedonian
Macedonian
 
031816 - WORLD NEWS RELEASE (Aremenian)
031816 - WORLD NEWS RELEASE (Aremenian)031816 - WORLD NEWS RELEASE (Aremenian)
031816 - WORLD NEWS RELEASE (Aremenian)
 
Wiles josiah visual resume final draft
Wiles josiah visual resume final draftWiles josiah visual resume final draft
Wiles josiah visual resume final draft
 

Similaire à Community IT Webinar - Crafting IT Security Policy Apr 2015

Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Innovators
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber SecurityMisha Hanin
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital Worlditnewsafrica
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionNicholas Davis
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfJenna Murray
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarConcept Searching, Inc
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernanceCloudera, Inc.
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarConcept Searching, Inc
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 

Similaire à Community IT Webinar - Crafting IT Security Policy Apr 2015 (20)

Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for Nonprofits
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber Security
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital World
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data Governance
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 Webinar
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 

Plus de Community IT Innovators

2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...Community IT Innovators
 
Nonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsNonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsCommunity IT Innovators
 
Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?Community IT Innovators
 
2020 Nonprofit Technology Trends Roundtable
2020 Nonprofit Technology Trends Roundtable2020 Nonprofit Technology Trends Roundtable
2020 Nonprofit Technology Trends RoundtableCommunity IT Innovators
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and MoreCommunity IT Innovators
 
How Data Quality Defines Your Organization Webinar November 2019
How Data Quality Defines Your Organization Webinar November 2019How Data Quality Defines Your Organization Webinar November 2019
How Data Quality Defines Your Organization Webinar November 2019Community IT Innovators
 
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators WebinarNonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators WebinarCommunity IT Innovators
 
5 Steps to Create an Information Strategy for Your Organization
5 Steps to Create an Information Strategy for Your Organization5 Steps to Create an Information Strategy for Your Organization
5 Steps to Create an Information Strategy for Your OrganizationCommunity IT Innovators
 
Server 2008 and Windows 7 End of Life: 3 Things You Need to Know
Server 2008 and Windows 7 End of Life: 3 Things You Need to KnowServer 2008 and Windows 7 End of Life: 3 Things You Need to Know
Server 2008 and Windows 7 End of Life: 3 Things You Need to KnowCommunity IT Innovators
 
What Makes Nonprofit Tech Projects Succeed?
What Makes Nonprofit Tech Projects Succeed?What Makes Nonprofit Tech Projects Succeed?
What Makes Nonprofit Tech Projects Succeed?Community IT Innovators
 
Community IT Webinar: Working with an Outsourced IT Manager
Community IT Webinar: Working with an Outsourced IT ManagerCommunity IT Webinar: Working with an Outsourced IT Manager
Community IT Webinar: Working with an Outsourced IT ManagerCommunity IT Innovators
 
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...Community IT Innovators
 
Selecting Nonprofit Software: Technology Comes Last
Selecting Nonprofit Software: Technology Comes LastSelecting Nonprofit Software: Technology Comes Last
Selecting Nonprofit Software: Technology Comes LastCommunity IT Innovators
 
IT Security Incident Response for Nonprofits
IT Security Incident Response for NonprofitsIT Security Incident Response for Nonprofits
IT Security Incident Response for NonprofitsCommunity IT Innovators
 

Plus de Community IT Innovators (20)

2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
 
Cybersecurity Training for Nonprofits
Cybersecurity Training for NonprofitsCybersecurity Training for Nonprofits
Cybersecurity Training for Nonprofits
 
SharePoint Online for Nonprofits
SharePoint Online for NonprofitsSharePoint Online for Nonprofits
SharePoint Online for Nonprofits
 
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
 
Nonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsNonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment Basics
 
Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?
 
2020 Nonprofit Technology Trends Roundtable
2020 Nonprofit Technology Trends Roundtable2020 Nonprofit Technology Trends Roundtable
2020 Nonprofit Technology Trends Roundtable
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
 
How Data Quality Defines Your Organization Webinar November 2019
How Data Quality Defines Your Organization Webinar November 2019How Data Quality Defines Your Organization Webinar November 2019
How Data Quality Defines Your Organization Webinar November 2019
 
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators WebinarNonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
 
5 Steps to Create an Information Strategy for Your Organization
5 Steps to Create an Information Strategy for Your Organization5 Steps to Create an Information Strategy for Your Organization
5 Steps to Create an Information Strategy for Your Organization
 
Server 2008 and Windows 7 End of Life: 3 Things You Need to Know
Server 2008 and Windows 7 End of Life: 3 Things You Need to KnowServer 2008 and Windows 7 End of Life: 3 Things You Need to Know
Server 2008 and Windows 7 End of Life: 3 Things You Need to Know
 
What Makes Nonprofit Tech Projects Succeed?
What Makes Nonprofit Tech Projects Succeed?What Makes Nonprofit Tech Projects Succeed?
What Makes Nonprofit Tech Projects Succeed?
 
Community IT Webinar: Working with an Outsourced IT Manager
Community IT Webinar: Working with an Outsourced IT ManagerCommunity IT Webinar: Working with an Outsourced IT Manager
Community IT Webinar: Working with an Outsourced IT Manager
 
Nonprofit Cybersecurity Incident Report
Nonprofit Cybersecurity Incident ReportNonprofit Cybersecurity Incident Report
Nonprofit Cybersecurity Incident Report
 
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...
 
Selecting Nonprofit Software: Technology Comes Last
Selecting Nonprofit Software: Technology Comes LastSelecting Nonprofit Software: Technology Comes Last
Selecting Nonprofit Software: Technology Comes Last
 
IT Security Incident Response for Nonprofits
IT Security Incident Response for NonprofitsIT Security Incident Response for Nonprofits
IT Security Incident Response for Nonprofits
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best Practices
 
Nonprofit Development, Meet Accounting!
Nonprofit Development, Meet Accounting!Nonprofit Development, Meet Accounting!
Nonprofit Development, Meet Accounting!
 

Dernier

AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 

Dernier (20)

AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Community IT Webinar - Crafting IT Security Policy Apr 2015

  • 1. Crafting IT Security Policy Community IT Innovators Webinar Series April 23, 2015
  • 2. Crafting IT Security Policy Community IT Innovators Webinar Series April 23, 2015
  • 3. Webinar Tips • Interact Ask questions via chat Connect on Twitter • Focus Avoid multitasking. You may just miss the best part of the presentation • Webinar PowerPoint & Recording PowerPoint and recording links will be shared after the webinar
  • 4. About Community IT Our skilled and certified team of IT professionals serves the greater Washington nonprofit community, helping organizations of all sizes and capacities to… Advance mission through the effective use of technology. Invested Work exclusively with nonprofit organizations, serving over 900 since 1993. Strategic Help our clients make IT decisions that support mission. Collaborative Team of over 30 staff who empower you to make informed IT choices.
  • 6. • IT Threat landscape in 2015 • CIA Security Framework • Security as IT Policy • IT Policy Guidelines Agenda
  • 7. • Target & Home Depot • Celebrity iCloud hack • Sony Pictures, “Dark Hotel” • Heartbleed, Sandworm, Wirelurker • Superfish Record year for breaches
  • 8. • Firewalls only protect the data that stays behind them • Passwords are no longer secure • Anyone can be a hacker Times have changed
  • 11. • Who can read the data? • Controlling access to the data Risk: Disclosure of information Confidentiality LOW MODERATE HIGH Disclosure of information could be expected to have a limited adverse effect Disclosure of information could be expected to have a serious adverse effect Disclosure of information could be expected to have a severe or catastrophic effect
  • 12. • Who can edit data? • Ensuring accuracy of the data Risk: Modification or destruction of data Integrity LOW MODERATE HIGH Modification or destruction of data could be expected to have a limited adverse effect Modification or destruction of data could be expected to have a serious adverse effect Modification or destruction of data could be expected to have a severe or catastrophic effect
  • 13. • Is data accessible? • Ensuring access to the data when needed Risk: Disruption of access to information Availability LOW MODERATE HIGH Disruption of access to or use of information could be expected to have a limited adverse effect Disruption of access to or use of information could be expected to have a serious adverse effect Disruption of access to or use of information could be expected to have a severe or catastrophic effect
  • 16. • Exhaustive list of all organizational data • Analyze it from the 3 CIA Perspectives • Assign a Low, Moderate, High Risk Inventory your Data
  • 17. • PDF of signed Annual Performance Review • Confidentiality: Limit to HR and Supervisor (this may be a regulatory issue) - HIGH • Integrity: Data should not change and must have utmost confidence file is not altered - HIGH • Availability: Needed only upon request, 2-3 days - LOW CIA analysis
  • 18. • Accounting System • Confidentiality: Limit to Finance Department and President - MODERATE • Integrity: Constantly updated. Roll back last thirty days’ activity. Must have record of who changed what. - HIGH • Availability: Downtime 8 hrs acceptable. - MODERATE CIA analysis
  • 19. CIA Inventory Confidentiality Integrity Availability Sensitive Data Medical Records High High High Donor Contacts Moderate High Moderate Financial System Moderate High Moderate HR Records High Moderate Low Less Sensitive Email Moderate High High Grant Proposals Low Moderate High Program Mgmt Low Moderate Moderate
  • 20. Security as IT Policy http://commons.wikimedia.org/wiki/File:Stipula_fountain_pen.jpg
  • 21. Agreed upon system of principles to guide IT decision making and achieve certain IT outcomes. Written as a Statement of intent implemented as IT procedure or protocol. IT Policy http://en.wikipedia.org/wiki/Policy
  • 22. Organization agrees on decisions and outcomes related to IT Security. Agreement is documented in writing. IT Policy
  • 24. Informs both Architecture and Process. Should include: • Identity and Access Management • Endpoint Management • Data Retention IT Department Policy
  • 25. • Segregate data based on inventory • Restrict/remove remote access to sensitive data • Consider logging and monitoring Confidentiality Applied
  • 26. • Maintain anti-virus & anti-malware • Restrict permissions as much as possible • “Harden” servers • Scan for vulnerabilities on a schedule • Lock doors and install fire alarms Integrity Applied
  • 27. • Identify availability requirements • Invest appropriately • Backup rule: KISS! • Keep extra hardware on hand • Develop business continuity plan Availability Applied
  • 29. • Security Culture & End-User Training • Password Policy • BYOD (and BYOA) Policy • written Appropriate Use Policy End User Policy
  • 30. If Putin gave you a USB charger… http://www.worldcrunch.com/rss/default/m1c0s13958/#.VL_ExMaH044 would you use it?
  • 31. • User awareness is best defense • How do we engage users? • Make it mandatory, but fun • Training should be ongoing • Must be embraced by all staff End-User Training
  • 33. • Should passwords be changed regularly? • Can they be complex enough to be secure? • Where else are company passwords being used? Password Policy
  • 34. • Password managers allow users to store many passwords conveniently • Best generate passwords and warn to change after breaches • Options: LastPass, 1Password Secret Server, AuthAnvil Password Management
  • 35. • Adds physical security to password • Much easier to use and deploy than it was two years ago • Google Authenticator Dual Factor Authentication (2FA) http://commons.wikimedia.org/wiki/File:EToken_PASS.jpg
  • 37. BYOD Security Risks “Bring Your Own Device” • Confidentiality – Data leakage • Integrity – “Vector” into the company • Availability – Malware, Targeted hacking
  • 38. Legal Risks • Legislated law is thin • Case law is uncertain • Exempt staff working without compensation • Personal device and data could be subpoenaed
  • 39. Financial Risks • Stipends might cost more • IT Support can become entangled • Exempt staff need to be paid • Mobile Device Management (MDM) can be expensive
  • 40. BYOD policy questions • What level of access is provided? • What level of support is provided? And for which staff? • Should devices be managed and controlled? For which staff?
  • 41. CIA Inventory Data Confidentiality Integrity Availability Policy Sensitive Medical Records High High High no BYOD, segment wifi Donor Contacts Mod High Mod Published App Financial System Mod High Mod Published App HR Records High Mod Low no BYOD Less Sensitive Email Mod Mod High BYOD Grant Proposals Low Mod High BYOD Program Mgmt Low Mod Mod BYOD
  • 43. Upcoming Webinar Microsoft Ignite Recap Thursday May 21 4:00 – 5:00 PM EST Matthew Eshleman & Steve Longenecker
  • 44. After the webinar Connect with us Provide feedback Short survey after you exit the webinar. Be sure to include any questions that were not answered. Missed anything? Link to slides & recording will be emailed to you.
  • 45. Questions? Author: DuMont Television/Rosen Studios, New York-photographer, Uploaded by We hope at en.wikipedia http://commons.wikimedia.org/wiki/File:20_questions_1954.JPG

Notes de l'éditeur

  1. GTM starts recording after the first slide advance, so hit record and then advance to the second copy of the title slide.
  2. Matt’s
  3. Matt’s
  4. Johan
  5. Johan
  6. Johan.