About  |  Contact Us  |  Register for Benefits  |  Login  |  View/Edit Your Profile  |  Consulting  |  Principal & Founder  |  Sponsorships  |  Legal & Privacy

  Home      Blog      Job Board      Community      Contribute      Vendor Listings      Search Site
  Employment  |  More With Less  |  Potpourri  |  Records  |  Reporting  |  Research  |  Revenue  |  Samples  | Systems  |  Web Sightings
  Security. Systems
Security Home | Problems and Risk Assessment | Sources of Attacks | Stopping Attacks | Summary

Most users are woefully untrained in security and yet many are given full administrative rights not only to their local machines, but in some cases servers and can make changes in configuration of these machines.

Most understand that virus protection software needs to be turned on, but on the other hand will not check to see if they have the most current patch.

Emails should be sent out to instruct users to check their virus patches and make sure they are updated, make sure the automatic updates are turned on, the fact that they should install the automatic updates, warnings on current viruses, spoof emails and any other security issues.

There should be periodic workshops on security where policies and procedures are re-iterated and reviewed.

To a large extent, systems can be locked down, but users present the greatest single area of vulnerability.

Best Practices

To summarize, follow a best practices incident response checklist.
  • Security by design.
  • Security in depth.
  • Least privileges.
  • Learn from your mistakes.
  • Maintain security levels.
  • Make users aware.
  • Develop and test.
  • Enforced security and IT policies.
  • Protect evidence.
  • Notify external authorities.

Computer Security InstituteSecurity
Supportingadvancement.com FIRST - Forum of Incident Response and Security Teams
Supportingadvancement.com Industry Canada - Online Security and Privacy Guide
Supportingadvancement.com Microsoft - Baseline Security Analysis Tool, newsletters and other tools. Free seminars.
Supportingadvancement.com National Cyber Security Partnership - Public private partnership to make cyberspace more secure.
Supportingadvancement.com PC Magazine Utilities - A number of free tools such as spyware detectors.
Supportingadvancement.com Software Engineering Institute - Papers
Supportingadvancement.com Threats and Countermeasures - From Microsoft. A free 900+ page document on improving web security.

Sites with privacy legislation, policies and procedures:
   Supportingadvancement.com AFP Toronto ChapterSecurity
Supportingadvancement.com AFP Canadian Public Policy on Privacy
Supportingadvancement.com Australian Government Privacy Office
Supportingadvancement.com CASE - Foundation Independence and Donor Privacy
Supportingadvancement.com Canadian Department of Justice Policy on Access to Information and Privacy
  Supportingadvancement.com Direct Marketing Association. Privacy policy generator.
Supportingadvancement.com Information and Privacy Commissioner of Ontario (IPC) Web site
Supportingadvancement.com Ontario's Consultation on Privacy Protection
Supportingadvancement.com Privacy Commissioner of British Columbia
Supportingadvancement.com Privacy Commissioner of Canada
Supportingadvancement.com PrivacyInfo.ca
Supportingadvancement.com Privacy is Your Business from CIO
Supportingadvancement.com Privacy Rights Clearinghouse

On this site:
Data Backup and Recovery Strategies
Democracy and Responsibility. Additional security considerations given break-ins and compromises of higher ed data.
Employment Pages. Confidentiality agreements.
Privacy Architecture
Privacy Audit Questionnaire
Privacy Policy Statement
Privacy Principles
Privacy Recommendations
Releasing Alumni Information
Security Survey
Shadow Databases

  ↑  Top of Page  |  Samples Page  |  Sample Forms  |  Favorite Reports  |  Frequently Asked Questions  |  Glossary of Terms