Guidelines for the security of information systems : Department of homeland security ohio : Department of homeland security intelligence.
Guidelines For The Security Of Information Systems
- (information system) data system: system consisting of the network of all communication channels used within an organization
- (information system) Interrelated components (e.g., people, hardware, software, databases, telecommunications, policies, and procedures) that input, process, output, and store data to provide an organization with useful information.
- Information Systems (IS) is a professional and academic discipline concerned with the strategic, managerial and operational activities involved in the gathering, processing, storing, distributing and use of information, and its associated technologies, in society and organizations.
- (guideline) road map: a detailed plan or explanation to guide you in setting standards or determining a course of action; "the president said he had a road map for normalizing relations with Vietnam"
- (guideline) guidepost: a rule or principle that provides guidance to appropriate behavior
- A general rule, principle, or piece of advice
- (guideline) a light line that is used in lettering to help align the letters
- The state of being free from danger or threat
- The safety of a state or organization against criminal activity such as terrorism, theft, or espionage
- Procedures followed or measures taken to ensure such safety
- the state of being free from danger or injury; "we support the armed services in the name of national security"
- defense against financial failure; financial independence; "his pension gave him security in his old age"; "insurance provided protection against loss of wages due to illness"
- freedom from anxiety or fear; "the watch dog gave her a feeling of security"
guidelines for the security of information systems - IT Investment
IT Investment in Developing Countries: An Assessment and Practical Guideline
The evaluation of information systems in developing countries has gained considerable interest among academics, consultants and practitioners. Despite this emerging interest, there is not much helpful literature on the evaluation of information systems in developing countries, and the many issues and criteria that should be carefully evaluated. Most existing literature attempts to use the experience of IT evaluation in developed nations to apply to the case of IT evaluation in developing nations.
IT Investment in Developing Countries: An Assessment and Practical Guideline offers an original approach to the assessment of the effectiveness of IT investment in developing countries. While others might have attempted to examine the possibility of quantifying IT investment expenditures and the problem of measuring the intangible benefits of IT, they have not addressed the total evaluation of IT in developing countries. However, this book offers standards for developing a process to evaluate the effectiveness of IT that will make a useful contribution for managers in their attempts to quantify new technology purchases in developing nations.
I was proud of these... re-post...
I decided to repost this up front, for the message below is what really matters... ________________________________________________________ I couldn’t help but smile when I came across these. I had a few hundred personal “business” cards made and handed them out every now and then to various people throughout my duties. I was proud of these cards and got a lot of positive feedback from many citizens. I truly believe in the statement on the back… Let me ask you this… What would you do if all of a sudden your police department changed its policy about reading suspects their rights? What if your police department came up with a loophole, so to speak, that allowed them to do away with your rights? I’m sure somewhere there would be some kind of complaint, lawsuits and a possible investigation of this police agency by federal authorities. Well, my last police department, the Kwajalein Police Department, did just this and is continuing to do this as part of a newly enacted policy that went into affect this year. Given the unique geographical location of the Kwajalein Police Department (Marshall Islands) and the fact that Kwajalein is a U.S. Army base, I was charged with enforcing many different laws: Hawaiian Revised Statutes (HRS), Marshall Islands Revised Code (MIRC), the Uniform Code of Military Justice (UCMJ), U.S. Federal statutes and, this last one is important here, U.S. Army Kwajalein Atoll (USAKA) regulations and policies. For example: if a U.S. Soldier were to be arrested he would be charged with UCMJ violations. An American civilian contractor would be charged with HRS violations and a Marshallese citizen would be charged with MIRC violations. If I were to arrest, or “apprehend” anyone there are certain guidelines police officers follow to ensure the safety of the suspect, fellow officers and to limit liability concerns. A portion of this process is the reading of a person’s Miranda rights. You all know what these are: you have the right to an attorney, anything you say can and will be used against you at any time, you have the right to request and speak to a lawyer…ect ect Well, one day I’m on duty and this adult Marshallese male in clear violation of “Public Intoxication” is observed by me causing a disturbance. Public Intoxication is - A person commits an offense when he or she is to the point of intoxication that they may pose a danger or threat to themselves or others in public places if no one intervenes to assist. Every civilized community on the face of this earth has a law against public intoxication. I as a police officer, in observance of this must act, for if I were to ignore this highly intoxicated individual and he or she went on to die or cause the death or injury of someone else - my department and I would be held liable. So I take into custody this Marshallese male and detain him for his own safety and the safety of others. It was policy to hold any one under the influence until they blew a 000 BRAC (Breath Alcohol Content) on the breathalyzer. The guy in question blew a 285. Once a 000 BRAC is obtained I as a police officer am allowed to begin the so called “interrogation” and take a sworn statement. The first thing I would do is read the guy his rights and ask him to sign a wavier saying that he didn’t want an attorney, understood his rights and was willing to discuss with me the circumstances leading up to his arrest. I put the MPR (Military Police Report) together and submitted it up the chain for approval. I get the report back the next day telling me to take out the Rights Waiver because we are no longer required to read an apprehended person their rights when arrested for certain crimes. At first I thought this was a joke so I picked up the phone and called my boss. My boss is not in agreement but says this is the way things are and that I am being ordered to follow these new policies. Yea right! I hang up and call my Captain. I liked my Captain - he was a cool guy. The Captain tells me that USAKA has a “policy” that prohibits anyone on USAKA property to be intoxicated in public places. He went on to say that since a “policy” is not a law we don’t have to follow certain “rules” like reading suspects their rights. My jaw hit my keyboard sending a few keys flying while he is telling me this. So I counter… I said, Captain, I can understand this and would agree with it if we as a police department were not entering an arrested person’s name, social security number, birth day and identifying marks into a CRIMINAL system charging them with a crime giving them a criminal record. I also brought up the liability issue but was shot down. I was told that was the new rule and to conform. I still read everyone their rights and followed the law even if I left certain pages out of the police report upon submittal. I kept these documents in a personal file for my own protection because I knew some day in the future this new way of handling things w
Hasankeyf, Turkey 2007
Hasankeyf is one of the most charming and historical places in Turkey but its existence is threatened by a proposed dam. Its history goes back 10,000 years and covers 9 civilizations. It will be a shame if the dam goes ahead. The following text is from the Kurdish Human Rights Project and highlights the issues at stake: T H E I L I S U D A M - A H U M A N R I G H T S D I S A S T E R I N T H E M A K I N G A report on the implications of the Ilisu hydro-electric power project, Batman province, south east Turkey, following a fact-finding mission to the region, 20th - 25th September 1999. The proposed Ilisu dam, part of Turkey's South-eastern Anatolian Project (GAP), which has spread a network of dams and power plants across the Kurdish regions of south east Turkey, threatens more Kurdish homes and livelihoods. The Ilisu hydro-electric power project is to be situated on the Tigris river, 65 km upstream from the border with Syria and Iraq. With a planned capacity of 1,200 MW, it will be the largest hydro-electric project in Turkey. The project, costing an estimated $2 billion, will be built by an international consortium, led by Swiss company Sulzer Hydro. Companies in the consortium include Balfour Beatty (UK), Impregilo (Italy) and Skanska (Sweden). With the World Bank declining to become involved in GAP projects, the financing is to be arranged by the Union Bank of Switzerland, with the Export Credit Agencies of Austria, Germany, Italy, Japan, Portugal, Sweden, Switzerland, the United Kingdom and the USA currently considering whether to provide financial support for the project. Turkish and international NGOs have expressed serious concerns about the Ilisu project. A 1997 Environmental Impact Assessment commissioned by Sulzer Hydro has not been released to the public, despite numerous requests. Neither have two further reports on Ilisu, prepared in 1999 at the request of the UK government, apparently as a result of major deficiencies in the original Assessment. A report by the Swiss based Berne Declaration in 1998 highlighted major political, social, environmental and archaeological problems with the proposal. The report concluded that the project violated numerous internationally-recognised benchmarks for the funding and implementation of infrastructure and development projects, abrogating five World Bank policy guidelines on 18 counts, in addition to the OECD's Development Assistance Committee's guidelines on projects involving involuntary resettlement. The Berne Declaration also warned that the project contravenes core provisions of a UN convention aimed at preventing wars between states that share water resources. In the light of this, a Kurdish Human Rights Project delegation visited the Ilisu area in September 1999. Concluding that support for the Ilisu project could precipitate a major human rights disaster, the report of the delegation's findings identifies the following major areas of concern: Water wars Downstream states Syria and Iraq rely heavily on water from the Tigris and Euphrates. Those interviewed by the delegation suggested that the flow of the Tigris has been reduced to one sixth of its original level due to the construction of several dams upstream. There are concerns that the dam will be used to block the flow of water to downstream states. The project developers claim that minimum rates of discharge have now been agreed for the critical impounding period. The details of the agreement have yet to be released, however. It is therefore impossible to evaluate how far they meet Syria's and Iraq's concerns over the project. Syria has protested to Britain over its involvement in the dam. The flooding of the ancient city of Hasankeyf Hasankeyf, a town full of historical treasures including cave churches, ornate mosques and Islamic tombs, whose history goes back 10,000 years, will be submerged by the reservoir of the Ilisu dam. Spanning nine civilisations, the site is of such archaeological and religious significance that it would clearly warrant designation as a world heritage site by UNESCO. The town is of particular cultural significance to the Kurdish people: the delegation found a widespread perception that the GAP project, and Ilisu in particular, is motivated primarily by a desire to destroy the Kurds as an ethnic group by destroying their most important cultural sites. Failure to consult the local population While the threat of the dam has occupied the minds of local people for many years, none of the local government officials interviewed by the delegation had access to official information about the project. Local officials were unaware that the dam had been officially approved by the government. Recent media reports have revealed widespread opposition to the project, but the atmosphere of fear which pervades southeast Turkey renders any suggestion of independent debate about the issue laughable. Likelihood of effective resettlement of local people Th
guidelines for the security of information systems
Praise for Auditor's Guide to Information Systems Auditing
"Auditor's Guide to Information Systems Auditing is the most comprehensive book about auditing that I have ever seen. There is something in this book for everyone. New auditors will find this book to be their bible-reading it will enable them to learn what the role of auditors really is and will convey to them what they must know, understand, and look for when performing audits. For experiencedauditors, this book will serve as a reality check to determine whether they are examining the right issues and whether they are being sufficiently comprehensive in their focus. Richard Cascarino has done a superb job."
—E. Eugene Schultz, PhD, CISSP, CISM Chief Technology Officer and Chief Information Security Officer, High Tower Software
A step-by-step guide tosuccessful implementation and control of information systems
More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Auditor's Guide to Information Systems Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.
As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. With a complimentary student'sversion of the IDEA Data Analysis Software CD, Auditor's Guide to Information Systems Auditing empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.