Security and rules for the use of it services at uio

Mobile financial services MFS are the products and services that a financial institution provides to its customers through mobile devices. A mobile device is a portable computing and communications device with information-storage capability.

The mobile channel The mobile channel refers to providing banking and other financial services through mobile devices. Although the risks from traditional delivery channels for financial services continue to apply to MFS, the risk management strategies may differ.

Gampaha badu contact numbers

As with other technology-related risks, management should identify, measure, mitigate, and monitor the risks involved and be familiar with technologies that enable MFS. This appendix focuses on risks associated with MFS and emphasizes an enterprise-wide risk management approach to the effective management and mitigation of those risks. This appendix also discusses the technologies used in the mobile channel and may be helpful to the board and management for the integration of MFS into the institution's risk management program.

The risks and controls addressed in this appendix, however, are not exhaustive. Additionally, this appendix contains a set of work program objectives to help the examiner determine the inherent risk and adequacy of controls at an institution or third party providing MFS.

MFS involve the use of a mobile device to conduct banking transactions and to initiate retail payments. Customers' mobile transactions often emulate those initiated on traditional desktop computers; however, MFS can provide more convenient transaction execution capabilities, such as the initiation or acceptance of mobile payments.

MFS can pose elevated risks related to device security, authentication, data security, application security, data transmission security, compliance, and third-party management. Customers are often less likely to activate security controls, virus protection, or personal firewall functionality on their mobile devices, and MFS often involve the use of third-party service providers. This appendix addresses the following:. SMS is a text messaging service component of phone, Web, or mobile communication systems.

SMS uses standardized communications protocols to allow devices to exchange short text messages. Messages are typically limited to characters and communicate either between mobile devices or between businesses and mobile devices e. Within the context of MFS, a customer uses SMS to provide financial transaction instructions to their financial institution. Financial institutions use SMS to provide information to customers, including account alerts or to communicate one-time passwords for Web site authentication.

A mobile device's browser allows customers to access a financial institution's Web site. Many financial institutions provide mobile-enabled Web sites, in addition to their regular Web site, which may improve the customer experience.

The mobile-enabled Web site is designed to detect the type of device the customer is using e. Mobile applications are downloadable software applications developed specifically for use on mobile devices. Mobile financial applications are developed by or for financial institutions to allow customers to perform account inquiries, retrieve information, or initiate financial transactions.

Security in Internet Governance and Networks: Analysing the Law (SIGNAL)

This technology leverages features and functions unique to each type of mobile device and often provides a more user-friendly interface than is possible or available with either SMS or Web-based mobile banking. Customers may use mobile technologies to initiate wireless payments at point-of-sale POS terminals, make person-to-person P2P payments, or make other types of wireless payments, such as parking meter and mass transit access payments.

Mobile wallets A mobile wallet is a front-end application that stores payment card information on the mobile device and allows payments to be made using a mobile device. The exchange of payment credentials and authorization between the mobile device and the payment recipient can use different core technologies.

Technologies that provide the ability to make wireless payments include the following:. With traditional retail payments channels serving as the backbone of mobile payments, users typically are required to provide verifiable financial institution account information or a credit, debit, or prepaid card to establish and fund a mobile payments service.

WiFi, The wireless network at UiO, eduroam

The traditional retail payments channels allow financial institution mobile payments providers to leverage existing banking relationships to verify identities, satisfy federal anti-money laundering requirements, and fund accounts. Management should identify the risks associated with the types of MFS being offered as part of the institution's strategic plan. Management should incorporate the identification of risks associated with mobile devices, products, services, and technologies into the financial institution's existing risk management process.

The complexity and depth of the MFS risk identification varies depending on the functionality provided through the mobile channel and the type of data in transit and at rest. The identification process should include risks at the institution and those associated with the use of mobile devices where the customer implements and manages the security settings. In providing customers with avenues for performing banking activities through mobile devices, an institution may transfer to the customer the ability to implement security settings.

This transfer increases dependence on the customer to manage the controls over sensitive financial data.This course addresses key regulatory questions regarding cybersecurity and cybercrime. The point of departure of the course is the increasing focus on cybersecurity not only as a technical issue, but also as a regulatory and policy concern.

Cybersecurity is now a top priority for governments, businesses and other policy-makers around the world. It is a prime concern for citizens too, as cyber threats also impact on their many everyday digital transactions and interactions. The course primarily studies cybersecurity norms in domestic, European and international law.

Accessdata 21 cfr

These rules focus on cybersecurity in a variety of regulatory contexts, including national security, protection of critical infrastructure, data privacy and international warfare. The course takes account of developments of cybersecurity norms in a global perspective with particular focus on the role of the ITU, OECD, WTO and other IGOsthe emergence of doctrines of cyber-sovereignty particularly important, for example, in Russia and Chinaand unfolding regulatory policy on use of cryptography with focus on legal rules governing the ability of law enforcement agencies to be given access to unencrypted or decrypted data.

A second strand of the course focuses on cybercrime both its substantive and procedural elementsalong with digital forensics. Read more about profiles. Students who are admitted to study programmes at UiO must each semester register which courses and exams they wish to sign up for by registering a study plan in StudentWeb.

You may register for this course if you have admission to a Master of Law-programme at UiO, the faculty's exchange-programme or have admission to Law-electives at masters-level.

All applicants must fill the formal prerequisites. International applicants, if you are not already enrolled as a student at UiO, please see our information about admission requirements and procedures for international applicants. Three years of law studies. In addition, it is recommended that students have a general understanding of information and communications technology ICT law. It is recommended that students combine this course with other courses focusing on ICT law.

Language of teaching for this course is English.

security and rules for the use of it services at uio

A student who has completed compulsory instruction and coursework and has had these approved, is not entitled to repeat that instruction and coursework. A student who has been admitted to a course, but who has not completed compulsory instruction and coursework or had these approved, is entitled to repeat that instruction and coursework, depending on available capacity.

A draft should be handed in in the middle of the semester, maximum words. Delivery of the draft is mandatory.

Using IT when travelling

Students are awarded either a passing or a failing grade on the draft. UiO uses a plagiarism checking tool as one of several instruments for detecting suspicion of cheating and attempted cheating. Read more about the grading system. It is possible to take this exam up to 3 times. If you withdraw from the exam after the deadline or during the exam, this will be counted as an examination attempt. There are special rules for resitting a passed examination in the master's programme in Law.

Application form, deadline and requirements for special examination arrangements. The course is subject to continuous evaluation.The information on this page is offered as resources for research and informational purposes. It may not reflect all of the requirements or guidance in this area and should not be construed as requirements except as noted. The NCUA does not endorse any vendor, service, or product.

The primary goal is to ensure the overall safety and soundness of the credit union system via a risk-focused examination and supervision program. Chapter 6 provides guidance on information systems and technology. The updated IT questionnaire workbook consists of two tiers: Tier I questionnaires focuses on the highest priority review areas, including electronic banking, while Tier II questionnaires are designed to address more technical network, security, and related technology issues.

The new IT questionnaires now include a second workbook with two questionnaires for generalist examiners to review credit union information security programs, electronic banking security, and website compliance. Please note that most questions include comments to provide additional context or terminology for better comprehension. The NCUA expects credit unions to have the appropriate procedures in place to anticipate, identify, and mitigate cybersecurity risks.

Credit unions may choose whatever approach they feel appropriate to conduct their individual assessments, but the assessment tool would still be a useful guide. FFIEC has posted frequently asked questions about the assessment tool here. The FFIEC has released a new tool to help credit unions better evaluate their level of cybersecurity preparedness. Special Publications in the series present documents of general interest to the computer security community.

security and rules for the use of it services at uio

The Special Publication series was established in to provide a separate identity for information technology security publications. This Special Publication series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.

That directive - later updated by 's Homeland Security Presidential Directive 7 - mandated that the public and private sectors share information about physical and cybersecurity threats and vulnerabilities to help protect the U.

US-CERT strives to be a trusted global leader in cybersecurity — collaborative, agile, and responsive in a dynamic and complex environment. InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.

They address significant changes in the financial institution technology since They incorporate changes in technology-related risks and controls and follow a risk-based approach to evaluating risk management practices.Working or studying at UiO sometimes means travelling. On these travels, you should take some precautions, both concerning physical safety, but also when it comes to using IT tools and equipment. These precautions are important, to make sure that information is not lost or compromised.

This document talks about using IT equipment. For advice on physical safety, see travel information at sikresiden. Bring only the equipment that serves the actual purpose of the journey.

Make sure it does not contain data or files that are not relevant. Pay special heed to routine for classifying data and information and the storage guidethat tell you what kinds of data you are allowed to keep on which units or services.

Portable computers must have an encrypted harddrive. You must make sure that the one you plan to use, actually has this. Contact your local IT support if you need help with this. Smaller USB-units for storage drives and memory sticks should in general not be brought with you, unless you have particular reasons for doing so.

If you really need to bring them, they should be encrypted, with a good password. Make sure that your mobile phone and tablet is using a good password or a good pattern that must be verified before it can be used. Do not connect the unit to unknown chargers or computers. Contact your local IT department if you need help preparing your compute r, mobile phone or tablet before travelling abroad. Your regular IT equipment laptop, mobile phone, tablet and so on should in general not join you on such travels.

Which countries this applies to will vary over time. Pay heed to the current media reports and advice from the Norwegian Foreign Office. Units or departments at UiO whose students or employees travel a lot are advised to keep a small stack of equipment laptops and cellphones available for lending. In some countries, VPN may be banned or illegal, and using it may cause penalty or legal action from the authorities. Pay heed to the fact that the airport personnel in some countries have wide authorities.

University of Oslo P. Box Blindern Oslo. Web editor USIT. Main navigation jump Main content jump Theme navigation jump Contact information jump. For employees Norwegian website. Search our webpages Search. Menu Search. Photo: Jacqueline Macou Pixabay. Published Oct. E-mail this page Share on Facebook Share on Twitter. Services to the public.A presentation based on this document can be found here. The local machine can be a server, your UiO office machine, or your home machine. For windows PuTTY is a popular and free ssh client with a graphical user interface.

Apart from ssh, there is also scp and sftp for transferring files. Also, ssh can be used as a transport mechanism for a number of network services. The examples in this text is from using ssh on a Linux-type client.

With PuTTY you will find the same functionality in menus and checkboxes, etc. There is also a good introduction to key management with putty here. To get started, fire up a terminal window and use the following command don't type the dollar sign :.

You can also put this in the config file. In most cases you only need to confirm the connection type yesand you will not be asked again for this hostname.

Cute boyfriend imagines masterlist

See also the discussion below. You will then be prompted for your password. Type it and press Enter, and you will be greeted by the remote machine's shell prompt:. The data you send over the net with ssh is encrypted. Even if someone could tap the wire or wifithey can't listen in on the communication, or impersonate you. In many cases you will benefit from compressing the data going over the ssh connection.

Use the -C switch:.

security and rules for the use of it services at uio

X11 forwarding will sometimes fail for various reasons. Debugging X11 problems is beyond the scope of this article. If you wish to use X11, x2go is suggested. Compression adds some CPU load and latency, and is not very useful for interactive use.This privacy policy describes how the University of Oslo Library collects and uses personal data.

Spartan 01 halo

This privacy policy describes how UiO collects and uses personal data in the Affluences booking system. Please note that by using this service you are accepting the Affluences Privacy Statement.

Provide services to students for booking group study rooms in the HumSam Library, Georg Sverdrups hus. All data will automatically be deleted after 12 months. Affluences does not share data with a third party. The use of BrowZine is voluntary. The University Library does not collect personal data about you when you use this service. DUO is based on the open source platform DSpace.

Certain actions searches, facet selections, search function, etc. Only system administrators need to log in to DUO. Administrators are authenticated via either LDAP or as local users. User information for administrators is held in a secure database inside the application. EZproxy uses UiOs own authentication solution Webloginand stores the following data about your web traffic for 6 months before it is deleted, in accordance with general rules for system and security logging at UiO:.

The publication service FRITT stores peer-reviewed articles for researchers and the academic environment at UiO and some personal data is also stored. Various actions search, search function, etc. This is done in such a way that no data can be traced back to each individual user.

Of personal information, only author names are shared. Users are authenticated as local users. Administrator user information is stored in a closed database internally in the application. This privacy policy describes how UiO collects and uses personal data in Juridika.

The University Library use Mailchimp and Sympa to send out e-mail newsletters and other bulk mailings. Receiving newsletters from us is voluntary and you can always unsubscribe. Read more about how we handle personal information in connection with newsletters. This privacy policy describes how UiO collects and uses personal data in Oria. The University Library makes Perma. The use of Perma. This privacy policy describes how UiO collects and uses personal data in Pindena.

To provide services to students and staff for signing up for courses and events organized by UiO. Various actions are aggregated and recorded in order to be utilized for statistical purposes, but in such a way that no data can be traced back to each individual user.

The use of SimplyBookMe is voluntary. The University of Oslo Library reserves the right to make changes to the privacy policy at any time. Any such changes will apply from the moment the updated privacy policy is published on this website. Web editorial group at the University Library. Main navigation jump Main content jump Theme navigation jump Contact information jump. For employees Norwegian website. Search our webpages Search.Nettskjema shall not be used for long-term storage of data.

When a form no longer receives new data, the form must be deleted from Nettskjema. If they are to be kept, the data collected must be downloaded and stored in an appropriate location. All data must be deleted no later than six months after submission of the last response.

Why is IT Support Important? Business IT, Digital Data Security & IT Tech Support With Scott Wilson

In case of failure to do so, all data will be cleared from the form. All processing of personal data related to the use of web-based forms must comply with the provisions in the Personal Data Act see the guidelines for responsible data collection and use of web-based forms. If you have any questions concerning the handling of personal data go to Data protection at UiO. All users of Nettskjema are responsible for staying updated with regard to amendments to data protection regulations and terms of use.

Amendments to the terms will be announced through the message service for Nettskjema. Forms with a login or direct link from an email store the email address, name, user name and time of submission. Anonymized forms store only information on whether a person has responded to a form or not. In this case, the person cannot be linked to the submitted form.

See Annotated edition of Data protection regulations and terms of use for Nettskjema. University of Oslo P. Box Blindern Oslo. Web editor USIT. Main navigation jump Main content jump Theme navigation jump Contact information jump. For employees Norwegian website. Search our webpages Search. Menu Search. Information on the respondent to a form: Forms with a login or direct link from an email store the email address, name, user name and time of submission.

Information posted by the respondent might contain personal information.

User name, password and user administration

Published Sep. E-mail this page Share on Facebook Share on Twitter. Services to the public. Contact us Contact UiO. Address University of Oslo P.


thoughts on “Security and rules for the use of it services at uio

Leave a Reply

Your email address will not be published. Required fields are marked *