About  |  Contact Us  |  Register for Benefits  |  Login  |  View/Edit Your Profile  |  Consulting  |  Principal & Founder  |  Sponsorships  |  Legal & Privacy

  Home      Blog      Job Board      Community      Contribute      Vendor Listings      Search Site
  Employment  |  More With Less  |  Potpourri  |  Records  |  Reporting  |  Research  |  Revenue  |  Samples  | Systems  |  Web Sightings
 
  Security. Systems
Security Home | Problems and Risk Assessment | Sources of Attacks | Stopping Attacks | Summary
SecurityTraining

Most users are woefully untrained in security and yet many are given full administrative rights not only to their local machines, but in some cases servers and can make changes in configuration of these machines.

Most understand that virus protection software needs to be turned on, but on the other hand will not check to see if they have the most current patch.

Emails should be sent out to instruct users to check their virus patches and make sure they are updated, make sure the automatic updates are turned on, the fact that they should install the automatic updates, warnings on current viruses, spoof emails and any other security issues.

There should be periodic workshops on security where policies and procedures are re-iterated and reviewed.

To a large extent, systems can be locked down, but users present the greatest single area of vulnerability.

Best Practices

To summarize, follow a best practices incident response checklist.
  • Security by design.
  • Security in depth.
  • Least privileges.
  • Learn from your mistakes.
  • Maintain security levels.
  • Make users aware.
  • Develop and test.
  • Enforced security and IT policies.
  • Protect evidence.
  • Notify external authorities.

Security:
   Supportingadvancement.com
Computer Security InstituteSecurity
 
Supportingadvancement.com FIRST - Forum of Incident Response and Security Teams
 
Supportingadvancement.com Industry Canada - Online Security and Privacy Guide
 
Supportingadvancement.com Microsoft - Baseline Security Analysis Tool, newsletters and other tools. Free seminars.
 
Supportingadvancement.com National Cyber Security Partnership - Public private partnership to make cyberspace more secure.
 
Supportingadvancement.com PC Magazine Utilities - A number of free tools such as spyware detectors.
 
Supportingadvancement.com Software Engineering Institute - Papers
 
Supportingadvancement.com Threats and Countermeasures - From Microsoft. A free 900+ page document on improving web security.

Sites with privacy legislation, policies and procedures:
   Supportingadvancement.com AFP Toronto ChapterSecurity
 
Supportingadvancement.com AFP Canadian Public Policy on Privacy
 
Supportingadvancement.com Australian Government Privacy Office
 
Supportingadvancement.com CASE - Foundation Independence and Donor Privacy
 
Supportingadvancement.com Canadian Department of Justice Policy on Access to Information and Privacy
  Supportingadvancement.com Direct Marketing Association. Privacy policy generator.
 
Supportingadvancement.com Information and Privacy Commissioner of Ontario (IPC) Web site
 
Supportingadvancement.com Ontario's Consultation on Privacy Protection
 
Supportingadvancement.com Privacy Commissioner of British Columbia
 
Supportingadvancement.com Privacy Commissioner of Canada
 
Supportingadvancement.com PrivacyInfo.ca
 
Supportingadvancement.com Privacy is Your Business from CIO
 
Supportingadvancement.com Privacy Rights Clearinghouse

On this site:
 
Data Backup and Recovery Strategies
 
Democracy and Responsibility. Additional security considerations given break-ins and compromises of higher ed data.
 
Employment Pages. Confidentiality agreements.
 
Privacy Architecture
 
Privacy Audit Questionnaire
 
Privacy Policy Statement
 
Privacy Principles
 
Privacy Recommendations
 
Releasing Alumni Information
 
Security Survey
 
Shadow Databases

 
  ↑  Top of Page  |  Samples Page  |  Sample Forms  |  Favorite Reports  |  Frequently Asked Questions  |  Glossary of Terms