Presentation is loading. Please wait.

Presentation is loading. Please wait.

Blackboard Security System

Published byRoxanne Harris Modified over 6 years ago

Similar presentations

Presentation on theme: "Blackboard Security System"— Presentation transcript:

1 Blackboard Security System
Abrar Mandura Mona AL-Umairi Amal Al-Zahrani Ghada Albinali

2 Introduction Blackboard System is implementing technological solutions and network innovations to control cost and to better serve Blackboard’s customers. For that, they should increase the exposure to security risks and potential security breaches. Blackboard has developed Information Security Policy and supporting standards and procedures

3 Purpose Protecting the internal network from external threats, vulnerabilities, and risk; Protecting information assets from unauthorized access, use, modification, copying, or destruction; Prohibiting unauthorized receipt or exchange of information assets via external networks; and Protecting the Blackboard System from charges of imprudence.

4 Guiding Principles Blackboard Management System is responsible for maintaining, communicating, and ensuring compliance with this Security Policy and for protecting Blackboard System’s assets. Maintenance of the highest level of security possible within all functional areas of Blackboard. Blackboard must take measures to protect these assets against disclosure (whether intentional or accidental), modification, or destruction. Information that is sensitive or confidential must be protected from unauthorized access or modification, whether accidental or intentional.

5 Security Policy Implementation
it is important to assess and follow the Security Policy within all functional areas of Blackboard System and at any other facility where information is stored, processed or transmitted. the following is a summary of the principles and responsibilities in different areas of the Blackboard ASP Enterprise. From a-k.

6 a) Organization The Manager, who is responsible for managing and directing the implementation of the Information Security Program. The Security Administration Team, who is responsible for providing access to network and computing resources. Managers and Team Leads who are responsible for communicating the importance of the Policy to their staff and for executing and enforcing the Security Policy within Blackboard.

7 b) Personnel An individual being hiring into Blackboard System will undergo a background check following a conditional offer of employment and may be denied employment based on the results of the background check. Violations of this Security Policy and/or its implementing policies and procedures will result in disciplinary action.

8 c) IDENTIFICATION, AUTHENTICATION, AND AUTHORIZATION
Establish procedures to determine who is allowed to use the information system and the need for access to the system. Develop procedures to ensure the confidentiality, integrity, and availability. Install mechanisms to ensure accountability, encryption, and access control. Establish a unique user identification code. Establish standards for the use and control of passwords. Establish controls to ensure access is limited to active users by requiring periodic recertification of all users. Develop guidelines to control expanded access for the system administration team as needed to perform their job functions.

9 d)Communications and network Services
Under the authority of the Vice President Blackboard System Services and the Director of Blackboard System Operations, The Sr. Manager, Blackboard System Technology and Security shall establish controls, where applicable to: Secure internal systems access and connectivity. Secure Internet access with properly implemented network service access and design procedures. Restrict and monitor file transfer protocol. Ensure the security of remote access to Blackboard systems. Protect Blackboard System’s information while granting Internet access. Secure the transmission of information via remote access. Protect data stored in and processed through remote facilities and vendors. Secure and support external access to internal Protect the electronic mail systems.

10 e)Physical security Blackboard System shall:
Define security measures to protect all computing facilities and equipment. Mandate logging of access to areas where processing is performed. These standards should be part of Blackboard System’s broader physical security program

11 f)Hardware and Software
Under the authority of the Vice President, Blackboard System Services and the Director, Blackboard System Operations, the Sr. Manager, Blackboard System Technology and Security shall develop procedures to: Identify ownership and proper use of equipment, including portable equipment. Control copyrights, licenses, and duplication of software. Establish controls for prevention, detection, of malicious activity.

12 g) Application Testing
Operations staff responsible for testing application upgrades or updates generally should not use actual customer data but should create test data. In situations where creating test data is not possible and actual customer data is used for testing, controls must be implemented to protect the data, at the same level as production.

13 h) Audit Trails and System Monitoring
The Information Security Function at Blackboard System shall assume responsibility, where applicable, to: Develop and maintain audit trails of all transactions. Establish procedures to monitor logging on the systems and to review and report suspected or known security violations. Monitor security escalation for resolution of violations. Establish a system of internal audits of the information management functions.

14 i) Backup and Recovery The Storage Team shall develop procedures and requirements for regular backup and safe recovery of information.

15 j) Security Awareness The Sr. Manager, Blackboard System Technology and Security and the Security Administration Team shall coordinate training for all Users to instill awareness of each User’s obligations and responsibilities and to implement the Security Policy.

16 k) ACCEPTABLE USE Blackboard System Technology and Security shall communicate and enforce Business Unit practices of acceptable use of Blackboard System network resources for various categories of personnel within the Blackboard Enterprise.

17 Financial Flexibility
The system provides fixed monthly cost, which includes: Routine maintenance of the server Security Database and application issues Connectivity Nightly backups Twenty-four hours a day Seven days a week monitoring 10-20 GB of total storage space Climate control

18 Operational Freedom The Blackboard Security System has specialized, professional, dedicated staff of developers and engineers who work twenty-four hours a day, seven days a week to maintain and take care of the client environment As designers and engineers of the Blackboard Learning System and Blackboard Community Portal System, the Blackboard Security System staff knows the software operations from implementation to upgrades and migration.

19 Reduced Risk Blackboard has reduced the level of risks with the following advantages: It monitors fully-dedicated server with comprehensive backup, RAID fault protection, power redundancy and continuous monitoring. Blackboard’s data center facilities offer secure and reliable access to the application.

20 Data Backup Policies and Process
Blackboard’s standard data retention window is 30 days If blackboard client want to restore lost data he need to contact Blackboard Support Blackboard Services can accept four restore requests per license year at no charge Beyond four restore requests, Blackboard System will charge the client a fee of approximately $800 per incident.

21 There are three levels of backups to implement in Blackboard policy and process:
First level is using the Snapshot utility that stores read- only versions of a file system and provides the ability to recover lost or deleted files without assistance or recovery from tape. The second level of backups utilizes a separate set of high-availability filers in a separate datacenter The third layer of backups uses a tape system. Each week, production file system and database backups are transferred to tape media and stored for 30 days.

22 Conclusion Blackboard’s securing servers helps you deliver your institution’s academic programs, and save both time and money. Blackboard staff will immediately establish your private area on Blackboard, with no delays caused by training or scheduling conflicts.

Download ppt "Blackboard Security System"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
General Awareness Training

General Awareness Training
Data and Database Administration

Data and Database Administration

Similar presentations

Ads by Google