Site Security Policy Case 01/19/2007 95-841: Information Assurance Policy Douglas Hines, Jr.

Slides:

Advertisements

Similar presentations

Confidentiality: What Is Our Responsibility?

Advertisements

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

Site Security Presentation

Chapter 7: Physical & Environmental Security

Personnel Background Investigations. Introduction The interests of the national security require that all persons privileged to be employed in the departments.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.

FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.

P.K.Y. School Safety & Emergency Preparedness. SAFETY starts with YOU !   YOU create the safe school environment   YOU model safety behaviors and.

Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Security Controls – What Works

General Security Principles and Practices Chapter 3.

Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Network security policy: best practices

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Incident Reporting Procedure

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Understanding Security Layers

Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

HIPAA PRIVACY AND SECURITY AWARENESS.

Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.

HOMELAND SECURITY ADVISORY SYSTEM. Established after the terrorist attacks on America September 11, 2001.

NDSU - VPFA Training NDSU Policy: Section 708: Campus Maintenance and Service Requests Request For Estimate Fill.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

1. Objectives  Describe the responsibilities and procedures for reporting and investigating ◦ incidents / near-miss incidents ◦ spills, releases, ◦ injuries,

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

Information Security Training for People who Supervise Computer Users.

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

Security Management Providing a Secure Environment.

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

Security fundamentals Topic 2 Establishing and maintaining baseline security.

Dr. Parag Gujarathi MUHS 28 Sept Security of what? - Assets of the hospital.

Development of a Clean Room/Highly Restricted Zone June 12, 2012 Thomas Garrubba - CVS Caremark; Manager, Technical Assessments Group ©2011 The Shared.

Indian Ridge Middle Safety and Emergency Plan

Sample Test Security Training February 11; 2016 Office of the State Superintendent of Education Assessment Team 1.

Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Management of Environment of Care. Overview Safety Fire Safety Security Management Hazardous Materials and Waste Management Emergency Preparedness Medical.

Physical Security Concerns for LAN Management By: Derek McQuillen.

Access Control Jeff Wicklund Computer Security Fall 2013.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.

Draft for Discussion & Policy Purposes Only Money Room Security Assessment June 29, 2016.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.

HR SECURITY  EGBERT PESHA  ALLOCIOUS RUZIWA  AUTHER MAKUVAZA  SAKARIA IINOLOMBO

Unit 1: Protecting the Facility (Virtual Machines)

Module 5: Designing Physical Security for Network Resources

Information Systems Security

Securing Network Servers

Port of Stockton Access Policy

Understanding Security Layers

Red Flags Rule An Introduction County College of Morris

County HIPAA Review All Rights Reserved 2002.

Security of Data

Physical Security.

Managing the IT Function

FOOD DEFENSE TRAINING Brigiotta’s Farmland Produce & Garden Center, Inc.

SECURITY TRAINING AND THREAT AWARENESS

Presentation transcript:

Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.

Overview  Goals  What do we need to protect  What are the risks and threats  Develop Policy

Goals  Site Selection  Handling of visitors  How buildings or facilities are accessed  Review physical access points to the network  Review what hardware and media can enter or exit the facility  How communication will occur

What do we need to protect  Access to secure areas Private meetings Voting stations  The building itself  Critical personnel  Communications

Control Volume of Facility IN OUT Employees Local Organizers Contractors Venue owners National Organization Sponsors Media Cameras Law enforcement Malicious people Information (CD, network, memory sticks) Vehicles Weather (snow, sleet, ice) Sensitive information from meetings, Equipment, People, Buildings, Hardware, Information- on paper, Network, Servers Employees Local Organizers Contractors Venue owners National Organization Sponsors Media Cameras Law enforcement Malicious people Information (CD, network, memory sticks) Vehicles

Risks  Information Leaks  Loss of privacy to key people  Violent Protestors  Extreme Weather (Fire, Floods, Earthquakes)

Site Selection  Needs a committee that should consist of Event Planners City officials Security Professionals  Site must meet certain standards  The external threats should be limited

Site Selection  “To ensure that the site used for the Event fits the functionality and needed security criteria, the Selection Committee decides on an appropriate location for the Event.”  “Members of the Selection Committee must include a member of the Event planning committee, a city official, and a security professional.”

Access to facility  People must be registered with the Event’s system  The access should be authenticated by keycard without any way for people to tailgate  Attempts should be logged

Access to individual rooms Rooms that need to be private - Private meeting rooms - Voting rooms - Computer rooms - Data Center

Access to individual rooms “Upon registering with the Event, you will receive a badge and a note showing which rooms you have access to. The badge will grant access to those rooms listed only. All entry attempts will be logged.” - Real World Example - “At a minimum, computer facilities should be designated as a controlled area. A computer facility shall be designated as a restricted area in which access into the facility is limited to personnel who are assigned there or who are authorized access by the facility manager.” (US Department of Commerce)

ID Badges  Identifies people who should have access to facilities and rooms  Distinguishes between the types of parties involved  Allows guards to remove those who don’t have certain privileges  Another layer in site security  What happens when a badge is lost

ID Badges  “The ID Badge allows access to the main entrance of the site. Any employer, contractor, or associate of The Event with access into the site, with the exception of law enforcement, must wear the appropriate Event badge around the neck while on the site. People not wearing the badge won’t be allowed on the site or removed if on the site previously. This is to spot and remove people who have entered the facility without having the necessary privileges. The badge also provides access into the facility and designated rooms.”  “The badges are color coded based on the type of party the user is identified with. Red represents media. Blue represents the contractors and vendors. Yellow represents the National Organization...”  “Each person within a departmental facility, regardless of position, shall be subject to challenge by another employee, security guard or any law enforcement officer, and shall display appropriate identification when challenged. Failure to do so may result in removal from the facility or other administrative action.”

Missing Badge?  “Personnel should immediately report missing badges to the issuing office. The servicing security officer should conduct a security evaluation to determine if it is necessary to disable or activate certain badges.”

Devices allowed/denied  In the case of private meetings, we don’t want people to have the ability to record what is going on. Will cause loss of privacy.  People checked before entering these certain private meetings.  “To maintain the privacy of the meetings in the Event, no recording device shall be allowed to enter the private meeting rooms. Security guards at the entrance of these rooms will conduct a screening with a metal detector for any person seeking entry. If any recording device is found, the person may not enter the room.”

Visitors  There should be no need for visitors through the duration of The Event  All parties that use the facility should fall under a certain category and should be in the system  “No visitors in the facility are permitted”

Communication - Security staff or law enforcement needs to be updated of known threats - Minimize circulation of information regarding activities - Critical information secured inside facility

Communication  Uncertainty “Personnel should report to security guards if any staff witnesses suspicious activity in the facility ”  Security breach “In the event of a security breach, managers must notify top-level management.”

Conclusion  Site Policy compliments physical security  1 st layer of protection  Questions?