Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

LittleOrange Internet Security an Endpoint Security Appliance.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

Session 3 – Information Security Policies

©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.

Network security policy: best practices

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Information Security Information Technology and Computing Services Information Technology and Computing Services

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Chapter 6 of the Executive Guide manual Technology.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

Information Systems Security

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Chapter 2 Securing Network Server and User Workstations.

Small Business Security Keith Slagle April 24, 2007.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Introduction to Information Security

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Computer Security By Duncan Hall.

Security and Ethics Safeguards and Codes of Conduct.

CPT 123 Internet Skills Class Notes Internet Security Session B.

Role Of Network IDS in Network Perimeter Defense.

Security Issues and Ethics in Education Chapter 8 Brooke Blanscet, Morgan Chatman, Lynsey Turner, Bryan Howerton.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Computer Security Sample security policy Dr Alexei Vernitski.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

Information Technology Acceptable Use An Overview CSTMC All Staff Meeting February 10, 2014.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Information Technology Acceptable Use An Overview

Securing Network Servers

BEST CLOUD COMPUTING PLATFORM Skype : mukesh.k.bansal.

Critical Security Controls

CHAPTER FOUR OVERVIEW SECTION ETHICS

Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

IS4550 Security Policies and Implementation

INFORMATION SYSTEMS SECURITY and CONTROL

CHAPTER FOUR OVERVIEW SECTION ETHICS

What is Information Security?

IS4680 Security Auditing for Compliance

PLANNING A SECURE BASELINE INSTALLATION

Presentation transcript:

Presented by Manager, MIS

 GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s established culture of openness, trust and integrity. GRIDCo is committed to protecting GRIDCo's employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.

 Defines minimum and maximum length of passwords, password complexity, how often it must be changed.  All employees that have access to organizational computer systems must adhere to the password policies in order to protect the security of the network, protect data integrity, and protect computer systems

 Remote access policy is designed to prevent damage to the organizational network or computer systems and to prevent compromise or loss of data.  Remote access policy defines standards for connecting to the organizational network and security standards for computers that are allowed to connect to the organizational network. This remote access policy specifies how remote users can connect to the main organizational network and the requirements for each of their systems before they are allowed to connect.

 Internet connection policy has components of a user compliance policy and an internal IT policy. The user compliance section specifies how users are allowed to connect to the internet and provides for the IT department approval of all connections to the internet or other private network  This internet connection policy requires users to use the internet for business only and requires users to avoid going to malicious web sites which could compromise security

 All employees that have access to organizational computer systems must adhere to the approved application policy in order to protect the security of the network, protect data integrity, and protect computer systems.  This policy is designed to protect the organizational resources on the network by requiring all network users to only run or install application programs deemed safe by the MIS.

 The asset control policy will not only enable organizational assets to be tracked concerning their location and who is using them but it will also protect any data being stored on those assets. This asset policy also covers disposal of assets.  This policy defines what must be done when a piece of property is moved from one building to another or one location to another  This policy will provides for an asset tracking database that is updated so the location of all computer equipment is known.

 This policy provides a guideline for the purchase of IT equipment when the equipment supports organizational identified critical services. This policy names critical services and provide guidelines for purchasing technologies that are failure tolerant.  The purpose of this policy is to ensure that critical services are not interrupted by a single common failure.

 This policy is an internal IT policy which defines anti-virus policy on every computer including how often a virus scan is done, how often updates are done, what programs will be used to detect, prevent, and remove malware programs. It defines what types of files attachments are blocked at the mail server and what anti-virus program will be run on the mail server

 The user privilege policy defines the privileges various users on the organizational network are allowed to have, specifically defining what groups of users have privileges to install computer programs on their own or other systems. This policy defines the users who have access to and control of sensitive or regulated data.

 The process that mobile computers must meet to leave the corporate network. Both the device and any sensitive data should be password protected.  How mobile computers and devices will be protected while outside the organizational network.  The process that mobile computers must meet to enter the corporate network when being brought into a building owned by the organization.

 This policy provides policies to establish intrusion detection and security monitoring to protect resources and data on the organizational network. It provides guidelines about intrusion detection implementation of the organizational networks and hosts along with associated roles and responsibilities.

 This policy defines the backup policy for computers within the organization which are expected to have their data backed up. These systems are typically servers but are not necessarily limited to servers. Servers expected to be backed up include the file server, the mail server etc.  This policy applies to all equipment and data owned and operated by the organization

 This server monitoring policy is an internal IT policy and defines the monitoring of servers in the organization for both security and performance issues.  This policy is designed both to protect the organization against loss of service by providing minimum requirements for monitoring servers. It provides for monitoring servers for file space and performance issues to prevent system failure or loss of service

 This policy is an internal IT policy which defines how often computer system updates are done and under what conditions they are done.  This policy establishes a minimum process for protecting the organizational computers on the network from security vulnerabilities. This policy determines how updates are done for both servers and workstations, and who is responsible for performing the updates along with specifying the tools used to perform system updates.