We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byBrianna Williams
Modified over 3 years ago
© Caveon, 2006 Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon July 19, 2006
© Caveon, 2006 Got questions? Get the Card.
© Caveon, 2006 Are your tests out partying when you leave the office at night? Lets get out the #2 and change the answer key Yeah, then can see whats happening up the block. I hear they are having a party at the testing house tonight
© Caveon, 2006 Webinar focus: Understand the types of materials that need to be put under lock and key Determine who should have access rights to rooms, systems, & paper materials Describe policies to put in place to protect secure information Understand the cultural & attitudinal effects of maintaining physical security
© Caveon, 2006 Defining physical security Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism. www.searchsecurity.com
© Caveon, 2006 Three main components of physical security Obstacles Methods Surveillance
© Caveon, 2006 Like the Shoemakers children…
© Caveon, 2006 The problem with most testing programs Security is penetrable Materials too easily accessible Lack of formal process
© Caveon, 2006 Got Questions?
© Caveon, 2006 Putting materials under lock & key Test files Candidate records Candidate agreements Vendor agreements Discarded product Putting most secure content in most secure areas
© Caveon, 2006 Who has access? Determine a chain of responsibility Maintaining a list of who needs access to what materials Rules for sending confidential material to others Vendor physical security agreements Visitor access Training of staff Access is limited to need to know
© Caveon, 2006 Policy management Procedures appropriate to the context Policies for access to test items, test publication, test administration Processes for employees who leave the company Escalation plan when a breach does occur Back up and disaster recovery plans Use score card to evaluate how you are doing
© Caveon, 2006 Culture & attitude Higher success when individuals recognize the value of policies Employees and vendors more likely to comply, not get around Ongoing security training and awareness activities help
© Caveon, 2006 Conducting a physical security audit Objective, third-party auditors Explicit written standards, carefully developed, using available models: Transmission of secure materials Access to items banks Password change frequency Materials reviewed in advance
© Caveon, 2006 Conducting a physical security audit Individual and group interviews Physical examination of work area and procedures Distinguishing between formal policy and actual practice Written report with recommendations for improvement Follow-up after defined time interval
© Caveon, 2006 Sample recommendations Enhance building access controls: Require visitors to present ID before being admitted to the building Scan and post-incident records on internal system with limited, secure access to the files Secure files with combination locks for the file cabinets Maintain an entry/exit log for use of materials in the secure storage vault Make secure files difficult to get to
© Caveon, 2006 Got Questions?
© Caveon, 2006 Results of physical security audits Increased awareness and training among staff Installation of locks and locked access areas Reduced number of access points into the building Issuance of system password policies Move from physical to electronic files Moving most vulnerable stuff into most secure area
© Caveon, 2006 Points we hope you will take away What needs to be put under lock and key? Who needs access? What policies need to be put in place? What culture and behaviors need to be reinforced? Who can I bring in to evaluate my physical environment?
© Caveon, 2006 Thanks for attending! John Fremer, Ph.D. email@example.com (215) 805-3007 Jamie Mulkey, Ed.D. firstname.lastname@example.org 916 652-4017 phone 916 765-8838 mobile www.caveon.com Please contact us:
TOP TEST SECURITY RECOMMENDATIONS FOR SCHOOL DISTRICTS John Fremer, Ph.D. President Caveon Test Security October 25, 2006.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
Note1 (Admi1) Overview of administering security.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Protecting the Integrity of Tests Delhi, 20 November, 2015.
Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.
1 1 Horwath InternationalCopyright 2006 Crowe Chizek and Company LLC 1 IT Audits – Understanding the Standards Illinois Digital Government Summit September.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Physical Site Security. Personnel Hardware Programs Networks Data Protection from: Fire Natural disasters Burglary / Theft Vandalism.
Chapter 7: Physical & Environmental Security. 2 Objectives Define the concept of physical security and how it relates to information security Evaluate.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?
Wisconsin Knowledge & Concepts Examination (WKCE) Test Security Wisconsin Department of Public Instruction Office of Educational Accountability 06/26/2013.
Security Controls – What Works Southside Virginia Community College: Security Awareness.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
1 Introduction to Security Chapter 11 Information Technology (IT) Security.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
SECURITY AND ELECTRONIC COMMUNICATIONS WHAT YOU NEED TO KNOW FOR YOUR AUDIT.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.
NETWORKS By : Nicolas Pottier. Electronic security Establishing techniques that allow users to prove and protect their Identity from unauthorised personnel.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
CONFIDENTIALITY ASD Special Education Watch what you say Where you say it To whom you say it.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
MANAGING INCIDENT RESPONSE By: Ben Holmquist. 2 Outline Key Terms and Understanding Personnel and Plan Preparation Incident Detection Incident Response.
IT Summit November 4th, 2009 Presented by: IT Internal Audit Team Leroy Amos Sue Ann Lipinski Suzanne Lopez Janice Shelton.
FACTORS TO BE TAKEN INTO ACCOUNT WHEN DESIGNING ICT SECURITY POLICIES.
HIPAA Security. HIPAA Security Presentation Please review this presentation on HIPAA Security. When you are finished you will receive a sign-off sheet.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training.
General Awareness Training Security Awareness Module 2 What is a Security Incident? How Vulnerable am I?
Office of Inspector General (OIG) Internal Audit.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003.
Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Why Respect Privacy and Confidentiality? Access to Confidential Information (OP ) Protection and Security of Protected Health Information (OP.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
© 2017 SlidePlayer.com Inc. All rights reserved.