CYBER SECURITY FOR EDUCATIONAL LEADERS: A
Download
Report
Transcript CYBER SECURITY FOR EDUCATIONAL LEADERS: A
CYBER SECURITY FOR
EDUCATIONAL LEADERS:
A GUIDE TO UNDERSTANDING AND
IMPLEMENTING TECHNOLOGY
POLICIES
Chapter 11
Cyber Risk Assessment
Instruments
© Routledge
Richard Phillips and Rayton R. Sianjina
TABLE OF CONTENTS
Risk Assessment Profile Checklist
Acceptable use policy
Authentication policy
Internet-use policy
Access policy
Auditing policy
Physical policy
Analysis policy
Privacy policy
© Routledge
ACCEPTABLE USE POLICY
Employee signed acceptable use policy
Acceptable use policy (reviewed by attorney)
© Routledge
INTERNET-USE POLICY
Internet-use policies utilizing filters
Download rule
Explicit materials rule
Video and media streaming rule
Pop-ups and advertising rule
Music rule
Games rule
Dating rule
Email rule
Other organizational rules
© Routledge
AUTHENTICATION POLICY
Authentication policy for SSL, ciphers, and
encryption
Site certificate
© Routledge
ACCESS POLICY
Password and logon requirements and
complexities
Monitoring and auditing network access logons
Logon limit hours and locations
Rights and privileges
two or more open network ports
Unattended idle configuration
Wireless access
Wireless access tools
Remote access
Are workstations frozen with Deepfreeze or Clean
Slate
Biometrics
© Routledge
AUDITING POLICY
Data protection
© Routledge
PHYSICAL POLICY
Is there a secure physical access to network
equipment?
Is there secure network data?
Are individual computers locked?
Do computers leave the premises? (laptops,
notebooks)
© Routledge
ANALYSIS POLICY
TCP packet analysis
OS hardening
Router security
Firewall systems (access control list)
Encryption (IP security)(Point-to-Point Tunneling
Protocol)
Network address translation
Intrusion detection/prevention systems
Virus, Malware, Worm, Spyware, Backdoor, spam,
and pop-up protection
Disaster recovery plan on or off site
© Routledge
Privacy policy
______Privacy statement
PRIVACY POLICY
Privacy statement
© Routledge
Privacy policy
______Privacy statement
QUESTIONS YOU SHOULD BE ABLE TO
ANSWER
Who is the ISP?
Does your organization utilize an intranet or extranet?
How many users are there?
Does your company have a computer inventory list or technology
inventory?
Are files and folders shared on the network (permissions)?
Are there scheduled audits?
When and how often does your company back up the system?
Are there regular scheduled software and system updates?
What percentage of technology does your company outsource? Please list.
CONCLUSION
The Cyber Risk Assessment Profile and
Questionnaire is a vital tool for organizations,
businesses, and educational institutions for
finding risk management solutions and a
structured way of safeguarding client‘s critical
electronic assets.
© Routledge