...Senior member of the security team: Keith Kristy How large is Ryerson in geographical, terms of student? - 38 000 undergraduate - 1700 support staff - 780 faculty - intermingle streets • Crew security reports to the security manager • 168 Occupational health and safety ‘ • Brand new position: IT , own firewall and backbone to protect confidential information • Everyone reports to the assistant director manager • Everyone reports to the VP of finance: this is what it comes down to What is the purpose of having a security department: - formulate risk management - protection of people, property and information What is the purpose of the heads of the different heads: - The whole cycle has evolved - Harassment and violence free - Manage the people, place and money, timing for work (for having managers and supervisors) How do you determine the amount of employees should be deployed - deployed during the bussiest time - they have a formula (square footage formula) bases the amount of security that is required - have to look at budgets also affect how to deploy employees What kind of reports are done on the daily - they write about 5000 repors / year - ORCA report writing system - What ever happens there always has to be a report that is written - Daily briefs for any inncidents, basically gives a synopsus on what they did Formal reports that get sent to external agencies - PCR (provision of care reports) medical...
Words: 745 - Pages: 3
...that an internal system was conducting a man-in-the-middle attack by spoofing an internal Internet Protocol address, whereby all traffic that was sent to a specific location was involuntarily sent to another system. The culprit was lack of access controls, central reporting systems, authentication controls, and a lack of host based intrusion prevention systems. These controls and systems would have prevented this type or at minimal detected this type of attack and could have saved the company many hours of labor costs. -Identify who needs to be notified based on the type and severity of the incident: In incidents such as this, Management must be notified and kept abreast of the situation each step of the way as they will ultimately be held responsible if fault is identified on their end. The Computer Emergency Response Team or the Emergency Management Team should be notified. They are experts at dealing with similar situations and know the proper processes and procedures required in identifying the cause, the...
Words: 2798 - Pages: 12
...attacks per week in 2010 was only around 50. More than 78 percent of the annual cybercrime can be labeled as denial of service, malicious code, malevolent insiders, and stolen or hijacked devices. Businesses have no choice but to spend an increasing amount of money, time, and energy in order to protect themselves against these cyber-attacks that seem to be reaching unsustainable levels. Even though some companies are finding ways to lower the cost of security measures, the cost of time and energy spent cannot be eased. No matter what the solution is, it will always take time to incorporate any security and energy to maintain those securities. Additional key findings include: * Information theft and business disruption continue to represent the highest external costs. On an annual basis, information theft accounts for 44 percent of total external costs, up 4 percent from 2011. Disruption to business or lost productivity accounted for 30 percent of external costs, up 1 percent from 2011. * Deploying advanced security intelligence solutions can mitigate the...
Words: 1928 - Pages: 8
...consultants, temporary employees, and other workers at Healthcare, including all personnel affiliated with third parties. It applies to all equipment that is owned or leased by Healthcare. Incident Reporting All computer security incidents, including suspicious events, shall be reported immediately either orally or via e-mail to the department IT manager and/or department supervisor by the employee who witnessed or identified the breach. Escalation The department IT manager and/or department supervisor needs to determine the criticality of the incident. The department IT manager and/or department supervisor will refer to their IT emergency contact list for both management personnel and incident response members to be contacted. If the incident is something that will have serious impact, the Chief Information Officer of Healthcare will be notified and briefed on the incident. The Information Security Incident Team Manager will log all communications including: a) The name of the caller. b) Time of the call. c) Contact information about the caller. The CIO or his/her designee will determine if other agencies, departments, or personnel need to become involved in the reporting and resolution of the incident. Containment: Any system, network, or security administrator who observes an intruder on the Healthcare network or system shall take appropriate action to...
Words: 673 - Pages: 3
...Personal Information Notice to Readers Acknowledgments Introduction Incident Response Plan Incident Response Team Incident Response Team Members Incident Response Team Roles and Responsibilities Incident Response Team Notification Types of Incidents Breach of Personal Information – Overview Definitions of a Security Breach Requirements Data Owner Responsibilities Location Manager Responsibilities When Notification Is Required Incident Response – Breach of Personal Information Information Technology Operations Center Chief Information Security Officer Customer Database Owners Online Sales Department Credit Payment Systems Legal Human Resources Network Architecture Public Relations Location Manager Appendix A MasterCard Specific Steps Visa U.S.A. Specific Steps Discover Card Specific Steps American Express Specific Steps Appendix B California Civil Code 1798.82 (Senate Bill 1386) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Gramm-Leach-Bliley Act (GLBA) Appendix C Escalation Members (VP Level of Management) Auxiliary Members (as needed) External Contacts (as needed) Notification Order Escalation Member Notification List Notice to Readers Incident Response Plan – Template for Breach of Personal Information does not represent an official position of the American Institute of Certified Public Accountants, and it is distributed with...
Words: 8476 - Pages: 34
...the organizations networks and reputation. Controlling who knows of the incident will prevent an attacker from being tipped off to your recovery and detection efforts. All communication will be coordinated with Legal and Communication Representative. BMF will develop a comprehensive communication plan that will separately address each of the three audiences and continue to develop and update the intrusion response plan as the situation evolves. 2.1. Who do you call and when do you call them? The communication to the CSIRT is immediate; this includes the appropriate IT Staff member for the system that is compromised. The rest of the communication and timelines are determined by regulatory guidance, Legal, Communication and Senior Management. The Gramm-Leach-Bliley Act, Federal Trade Commission Act, and the Fair Credit Reporting Act provides that breaches involving less than 500 personnel need to be reported on an annual basis but generally all breaches must notify the Federal Government and personnel who’s information was compromised within 60 days of breach discovery. The only delayed notification is for law enforcement in the preservation of a criminal investigation. The insurance carrier needs to be contacted. The IRP will have a risk assessment gap coverage that is provided by an insurance company. To prevent the insurmountable damage, notification of the insurance company early and documenting all the losses and response costs are necessary. 2.2. How do you identify...
Words: 1373 - Pages: 6
...Incident Response Plan Gurleen Kaur Sandhu Master of Information Systems Security and Management Concordia University of Edmonton 7128 Ada Boulevard Edmonton, AB gksandhu@student.concordia.ab.ca Abstract— In business oriented organizations, disasters can occur anytime if information security is jeopardized at some point of business operations. Whenever unplanned events happen, incident response plans are must for reducing the extremity and increasing the chances of quick resolution with minimal damage. An incident response plan is an integral part for an enterprise for reducing negative publicity and increasing the confidence of corporate staff.This paper provides steps constituting and utilizing Incident Response Plan. INTRODUCTION As said by an American lawyer Robert Mueller “There are only two types of companies:those that have been hacked and those that will be.” When an organization depends on technology based systems to remain practical,information security and risk management become an unavoidable part of the economic basis for making dicisions in a firm. In this challenging environment of increasing technology,data breaches are also increasing that require enterprises to protect proprietary data and implementing effective measures to prevent a data insecurity. Threats and vulnerabilities, in one form or another, will always affect information technology. Incident is an adverse event that negatively impacts the confidentiality, integrity and availability of...
Words: 1541 - Pages: 7
...unit 8 Lab1 Craft a security or computer incident Response policy – CIRT Response team 3. Why is it a good idea to include human resource on the incident Response Management Team? Most organizations realize that there is no one solution or panacea for securing systems and data instead a multi-layered security strategy is required. 4. Why is it a good idea to include legal or general counsel in on the Incident Response Team? An incident response must be decisive and executed quickly. Because there is little room for error, it is critical that practice emergencies are staged and response times measured. 5. How does an incident response plan and team help reduce the risk to the organization? While preventing such attacks would be the ideal course of action for organizations, not all computer security incidents can be prevented. 6. If you are reacting to a malicious software attack such as a virus its spreading, during which step in the incident response process are you attempting to minimize its spreading? In most areas of life, prevention is better than cure, and security is no exception. Wherever possible, you will want to prevent security incidents from happening in the first place. However, it is impossible to prevent all security incidents. When a security incident does happen, you will need to ensure that its impact is minimized. To minimize the number and impact of security incidents. 7. If you cannot cease the spreading, what should you do to protect...
Words: 507 - Pages: 3
...Act, enacted in 1997 and the Federal Information Security Management Act of 2002. The No Electronic Theft Act protects copyright owners against infringement. According to Indiana University it makes copyrighted material “federal crime to reproduce, distribute, or share copies of electronic copyrighted works such as songs, movies, games, or software programs, even if the person copying or distributing the material acts without commercial purpose and/or receives no private financial gain.” (What is the No Electronic Theft Act 2014) This came from the progression that the internet made. The internet made is so easy to share information or download songs. It was a necessary act in my opinion. With blogs being such a big thing it also protected against someone claiming information as their own. The next very interesting act is the Federal Information Management Security Act of 2002. The act states that; “The Department of Homeland Security activities will include (but will not be limited to): overseeing the government-wide and agency-specific implementation of and reporting on cyber security policies and guidance; overseeing and assisting government-wide and agency-specific efforts to provide adequate, risk-based and cost-effective cyber security overseeing the agencies' compliance with FISMA and developing analyses for OMB to assist in the development of the FISMA annual report; overseeing the agencies' cyber security operations and incident response and providing...
Words: 481 - Pages: 2
...During the last hundred years mankind has witnessed and been part of a dynamic evolution. Changes, modifications, and inventions that have occurred have been part of what has enabled humans to communicate in a more immediate manner, this has been particularly ideal in our work environment . Information technology has been an essential part of this process. As there are huge benefits obtained from technology there have also been issues that have derived from it, such as ethical ones. Several acts have been established in order to have the ability to control those pitfalls identified. Mankind has acknowledged that technology is an ideal part of our work lives as well as our personal lives and has been able to identify and establish boundaries within these to ensure the overall protection of one. CHANGE There was a time in which in order to send another person a memo or a letter it was sent by transporting it with a carriage and horse, patiently one would await a response from the other party which could at times take weeks or months depending on how far the other party was. That changed when motorized vehicles were invented, it was now faster to send and receive those responses, and one would still patiently await the other’s response. We then had airplanes a much faster method of transporting our said information. Nowadays, there is no such thing as waiting patiently for a response! We have electronic mail! With which as soon as we hit the “send” button we expect...
Words: 821 - Pages: 4
...know that their personal data may have been compromised”. (Kirk, 2009) After tons of emails sent out the customers asking for their personal email, Aetna was finally alerted that something was going wrong. This would be a 2nd data lost incident, after an employee laptop was stolen back in 2006. According to About.com Business Security, “Although the data theft took place between June 2004 and October 2007, On May 1, 2009, LexisNexis disclosed a data breach to 32,000 customers”. (Kirk, 2009) As many scammers seem to do the thefts set up fake post office boxes, causing an investigation for the USPS. Scammers are usually smart and seem to find a great way to get around the system and began to hack, as far as Aetna case the scammers retrieved the customer’s emails from the website. Could the breach been prevented? After a hack or scam has been done, everyone wants to point a finger at two of the people or person to blame, but in cases like this who can you really blame? Well According to The federal information Security Management Act (FISMA); which is the Federal Information Security Management Act of...
Words: 623 - Pages: 3
...Migrating to a Standardized ERP System in a Cloud Computing Environment at ABC Corporation Barbara Ferneyhough Managerial Applications of Information Technology – IS535 (ON) Section B DeVry University, Keller Graduate School of Management December 11, 2011 Course Project Example used with permission from student Migrating to a Standardized ERP System in a Cloud Computing Environment at ABC Corporation Proposal Topic This proposal discusses the use of multiple financial systems throughout ABC Corporation (ABC), the impact that this has upon effective corporate operations and proposes a solution. ABC maintains four different ERP systems (BaaN, PeopleSoft, SAP and Deltek) and a financial consolidation system (Hyperion) across all of its divisions leading to increased IT costs as individual systems must be procured, maintained, and manipulated to provide financial data in a format that is meaningful to the home office for reporting and strategic management purposes. Not only is this a potentially inefficient use of technology, the use of a non-standardized system impacts the ability of management to obtain, manipulate and interpret critical data elements for strategic planning purposes and regular performance monitoring. Problem The business problem to be solved is how to improve operational efficiencies, reduce IT costs, and improve insight into the financial management aspects of the company for improved strategic planning and performance monitoring. Approach ...
Words: 7227 - Pages: 29
...Riordan Raw Material and Final Product ERP System Gerald Anderson, Henry Perkins, Kenneth Nelson CIS\207 May 18, 2015 Pat Sullivan Riordan Raw Material and Final Product ERP System It has been requested by Riordan to create an Enterprise Resource Planning (ERP) system to track raw materials and finished products across all their plants. Riordan has previously implemented a standard set of procedures to ensure each plant is managing the resources and products inventories appropriately. Currently their raw materials and finished products are manually entered by an inventory clerk into systems at each plant. The new ERP would integrate with the current inventory systems or replace the current inventory systems to provide a global view of resources and finished products. This would allow Riordan to have a global view of resources and product completion without manually requesting information from each individual plant. If a system replacement is selected, it should provide the ability to enter resources, sub assembly products, final products, customer orders and billing information. Whether integration or a replacement solution is selected, it would need to provide the ability to produce analytical reports to assist Riordan with raw material usage, final product completion and sales analysis. To accomplish these needs, the system will need to have the ability to tie raw materials to products and sales. This will require each system to have a key unique element to accomplish...
Words: 1639 - Pages: 7
...growth and expansion now. Their director of information technology has searched for commercial off-the shelf package to support the administrative information system, and selected OMD. The OMD system supports meter-based billing, and has Web-based interface. However, it is not built with relational database, which makes the ad hoc difficult. Sales tools of Bandon Group such as sales prospecting still have many problems to be solved. The current information systems still lack integration and create duplication. Date inconsistencies can also be seen in the current systems. Moreover, there are troubles with migrating data, and the central IT staff of Bandon Group is too small to solve these problems. Therefore, Bandon Group is seeking for an ERP solution to complete its information...
Words: 5108 - Pages: 21
...Introduction In 1980s, as everything went global and economic activities became more complicated, past management accounting programmes such as Material requirements planning (MRP) and Manufacturing resource planning (MRP II), being unable to keep pace with times, were no longer to be relevant because they were not quite useful for decision-making and control purposes in such a competitive environment. Without replacing these elements, Enterprise resource planning (ERP) came to represent “a larger scope that reflected the evolution of application integration beyond manufacturing” (Sheilds and Mureell, 2005). According to Anurag (2009), MRP evolved into ERP as managers noticed that ‘routings’ and capacity planning activity had become essential parts of the software architecture. ERP was firstly introduced by Gartner Group Inc in 1990s, generally defined as a process by which a company manages and integrates different parts or areas of its business, for instance, purchasing, inventory, sales, marketing, finance, human resources and so on. In this essay, we will firstly, illustrate the origin and development of ERP and then, investigate how and why it emerged and diffused in 1990s. After that, intended and unintended effects of ERP will be evaluated. Finally, the conclusion will be drawn and recommendation of future research will be given. The main objective of this essay is to learn ERP in all aspects and put efforts to evaluate it. In order to lower total costs in the entire supply...
Words: 3554 - Pages: 15