|
Child pages:
- - - - - - - -
General
Interest:
VPHS
HUBNET
UBIT
DCC
UB
UB Wings
UBEDirectory
UBWired (software)
| |
IT Security 
IT security is an increasingly important topic in today's electronically
connected world. This page will serve as a resource link to security best
practices and resources on the WEB. In general the topic of IT Security
ranges far and wide, covering topics which include both technical and
organizational/procedural approaches to protecting electronic information.
Technical approaches can include issues of authentication and authorization,
access controls, audit trails, physical security of equipment, control external
network links, active and passive monitoring, encryption, system backup and
disaster recovery procedures, and system security assessments.
Organizational approaches can include policies regarding information uses and
flow, security policies, confidentiality policies, efforts to identify sensitive
information, release of information policies, established mechanisms for
responding to defined security breaches, structures for determining and
granting/revoking access privileges, education and training.
Security resources - UB
 | Security working group (link should appear here
shortly) |
| action@acsu.buffalo.edu - an
Email link where security violations requiring action by CIT can be
reported. |
Security resources - Healthcare
| HCFA Internet security policy (dated
11/24/98) http://www.hcfa.gov/security/isecplcy.htm |
| HIPPA
 | 10/13/1998 Notice of Proposed Rule Making for Security
and Electronic Signature Standards (HIPAA regulations published
in the Federal Register here) |
| FAQ on HIPAA security regulations / electronic signature (here) |
| National Academy of Sciences congressional testimony (here) |
|
| "For the Record Protecting Electronic Health
Information", Committee on Maintaining Privacy and Security in Health
Care Applications of the National Information Infrastructure; Computer
Science and Telecommunications Board Commission on Physical Sciences,
Mathematics, and Applications of the National Research Council; National
Academy Press, Washington DC (c) 1997 [ISBN 0-309-05697-7; Library of
Congress Catalog Card Number 97-65240; copies available from http://www.nap.edu
National Academy Press] |
Security resources - General
These resources are not exhaustive, but are excellent sources of additional
information on a wide variety of security issues, including best practices for
NT administrators, current and archived security alerts for a variety of
operating systems, and information relevant to fixing security holes in
operating systems and critical components such as Email.
| Family Policy Compliance
Office - The mission of the Family Policy Compliance Office (FPCO) is to
meet the needs of the Department's primary customers--learners of all
ages--by effectively implementing two laws that seek to ensure student and
parental rights in education: the Family Educational Rights and Privacy Act
(FERPA) and the Protection of Pupil Rights Amendment (PPRA). |
| CERT - The CERT Coordination Center is
part of the Survivable
Systems Initiative at the Software
Engineering Institute, a federally funded research and development
center at Carnegie Mellon University. We
were started by DARPA (the Defense Applied Research Projects Agency, part of
the U.S. Department of Defense) in December 1988 after the Morris Worm
incident crippled approximately 10% of all computers connected to the
Internet. Originally, our work was almost exclusively incident
response. Since then, we have worked to help start other incident response
teams, coordinate the efforts of teams when responding to large-scale
incidents, provide training to incident response professionals, and research
the causes of security vulnerabilities, prevention of vulnerabilities,
system security improvement, and survivability of large-scale networks.
|
| CIAC - Computer Incident Advisory
Capability is the computer security incident response team for the U.S.
Department of Energy run by the Department of Energy
|
Security resources - US Government
| FedCIRC - FedCIRC is the Federal
Civilian Incident Response Capability, an organization that provides
incident response and security-related services to Federal civilian
agencies. FedCIRC is managed by the General Services Administration (GSA). |
| The U.S. Department of
Justice Computer Crime and Intellectual Property Section (CCIPS) - This
site provides information about topics related to computer crime, including
sample cases, intellectual property rights, encryption and computer crime,
privacy and speech issues, international aspects of computer crime, law
enforcement coordination for high-tech crimes, and more. |
| The FBI Computer Crime
Squad - The FBI's National Computer Crime Squad (NCCS) investigates
violations of the Federal Computer Fraud and Abuse Act of 1986. Their web
page includes contact information for the squad. |
| The National Infrastructure
Protection Center - The mission of the NIPC is both a national security
and law enforcement effort to detect, deter, assess, warn of, respond to,
and investigate computer intrusions and unlawful acts, both physical and
"cyber," that threaten or target our critical infrastructures. |
| Orange
Book - The Orange Book is also known as the U.S. Department of Defense
Trusted Computer System Evaluation Criteria, part of the
Rainbow Series. |
Security resources - Vendors
| Microsoft
|
|
