We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byBrianna Williams
Modified over 2 years ago
© Caveon, 2006 Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon July 19, 2006
© Caveon, 2006 Got questions? Get the Card.
© Caveon, 2006 Are your tests out partying when you leave the office at night? Lets get out the #2 and change the answer key Yeah, then can see whats happening up the block. I hear they are having a party at the testing house tonight
© Caveon, 2006 Webinar focus: Understand the types of materials that need to be put under lock and key Determine who should have access rights to rooms, systems, & paper materials Describe policies to put in place to protect secure information Understand the cultural & attitudinal effects of maintaining physical security
© Caveon, 2006 Defining physical security Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.
© Caveon, 2006 Three main components of physical security Obstacles Methods Surveillance
© Caveon, 2006 Like the Shoemakers children…
© Caveon, 2006 The problem with most testing programs Security is penetrable Materials too easily accessible Lack of formal process
© Caveon, 2006 Got Questions?
© Caveon, 2006 Putting materials under lock & key Test files Candidate records Candidate agreements Vendor agreements Discarded product Putting most secure content in most secure areas
© Caveon, 2006 Who has access? Determine a chain of responsibility Maintaining a list of who needs access to what materials Rules for sending confidential material to others Vendor physical security agreements Visitor access Training of staff Access is limited to need to know
© Caveon, 2006 Policy management Procedures appropriate to the context Policies for access to test items, test publication, test administration Processes for employees who leave the company Escalation plan when a breach does occur Back up and disaster recovery plans Use score card to evaluate how you are doing
© Caveon, 2006 Culture & attitude Higher success when individuals recognize the value of policies Employees and vendors more likely to comply, not get around Ongoing security training and awareness activities help
© Caveon, 2006 Conducting a physical security audit Objective, third-party auditors Explicit written standards, carefully developed, using available models: Transmission of secure materials Access to items banks Password change frequency Materials reviewed in advance
© Caveon, 2006 Conducting a physical security audit Individual and group interviews Physical examination of work area and procedures Distinguishing between formal policy and actual practice Written report with recommendations for improvement Follow-up after defined time interval
© Caveon, 2006 Sample recommendations Enhance building access controls: Require visitors to present ID before being admitted to the building Scan and post-incident records on internal system with limited, secure access to the files Secure files with combination locks for the file cabinets Maintain an entry/exit log for use of materials in the secure storage vault Make secure files difficult to get to
© Caveon, 2006 Got Questions?
© Caveon, 2006 Results of physical security audits Increased awareness and training among staff Installation of locks and locked access areas Reduced number of access points into the building Issuance of system password policies Move from physical to electronic files Moving most vulnerable stuff into most secure area
© Caveon, 2006 Points we hope you will take away What needs to be put under lock and key? Who needs access? What policies need to be put in place? What culture and behaviors need to be reinforced? Who can I bring in to evaluate my physical environment?
© Caveon, 2006 Thanks for attending! John Fremer, Ph.D. (215) Jamie Mulkey, Ed.D phone mobile Please contact us:
1 Gramm-Leach-Bliley Act (GLBA) Implementation of the Safeguards Rule Information Security Program University of Minnesota (Adapted from the Federal Trade.
IT Security Auditing. Topics Defining IT Audit Risk Analysis Internal Controls Steps of an IT Audit Preparing to be Audited Auditing IT Applications Who.
PCI Boot Camp Presented by the PCI Compliance Task Force.
HIPAA Security Awareness What You Need To Know. Training Overview This course will discuss the following subject areas: How this training relates to you.
Competency Area B: Managing the Work of Paraprofessionals.
COOP and Contingency Plans. Introduction to Emergency Preparedness Various processes are involved in ensuring business continuity. Listed below are some.
Information Security User Policy Training Business Applications Department October 2009.
MANAGING TRADE SECRETS IN A FRANCHISING ARRANGEMENT Guriqbal Singh Jaiya Director, SMEs Division, WIPO
SSEP PROGRAM DEVELOPMENT [NAME OF TRANSIT AGENCY] will implement the following process to develop and monitor the SSEP Program: STEP 1: Participate in.
Business Continuity Planning Is Your Company Prepared?
SECURITY AWARENESS. The Importance of Security Awareness Training Security Awareness Training provides the knowledge to protect information systems and.
1 Network Security Workshop BUSAN 2003 Rahmat Budiarto
HIPAA Training: Ensuring Privacy for our Patients Privacy Training for Harvard Medical Students.
Individuals with Developmental, Intellectual, and Mental Health Disabilities and Emergency Preparedness.
General Security Concepts Ali SHAYAN ZAKARIA 12.May.2010 Kish Island – CITELEX 2010 " The best way to predict the future is to invent it. Alan Kay 1General.
Privacy and Security: Creating a Culture of Compliance from Purchase to Production Catherine Gorman Klug RN, MSN Corporate Director Privacy and Data Security.
PCI-DSS Compliance and Payment Card Acceptance Cathy Freeman Cash and Treasury Services Phone:
Copyright Melissa Guenther, LLC. All rights reserved. Creating a Zero Incident Culture.
Logical IT Security By Prashant Mali.
4.04: Preparing for Preparing for a JCAHO Survey of a Hospital's HIPAA Privacy and Security Compliance Program Leslie C. Bender, Esq. General Counsel &
1 Information Security and Privacy Training for [the Agency] Information System Security Officers June 12 & 13, 2000.
John Clark COO, PCI Security and Compliance CCIA Fall Meeting – 7 th October 2011.
Learning Objectives 5.1 Define customer service and identify the managers role in customer service. 5.2 Describe the importance of each of the key components.
Training activities administration and logistical support.
1 Kaspersky CCleaner VerbAce WinRar. 2 About VerbAce 2008 Freeware VerbAce 2008 freeware is a translation software with a Arabic-English-Arabic dictionary.
NEBOSH International General Certificate Resource Pack Ian Harries CMIOSH © 2013 Ian Harries. All rights reserved. No part of this material may be reprinted.
Who Put “Instructional Monitoring” On My To Do List? Suggestions for Principals M. Ann Levett, Ed.D.
1 PCI Compliance Training University of Nevada, Reno Presented by The Controllers Office.
1 CHAPTER 9 INFORMATION SECURITY Management Information Systems, 9 th edition, By Raymond McLeod, Jr. and George P. Schell © 2004, Prentice Hall, Inc.
Managing Trade Secrets: New Challenges in the Digital Environment Guriqbal Singh Jaiya May 21, 2008 Genève,
© 2016 SlidePlayer.com Inc. All rights reserved.