H UMAN R ESOURCES M ANAGEMENT August 18, 2009. O UTLINE Key Results Ensure all stakeholders are well informed of cybersecurity and its financial impact.

Slides:

Advertisements

Similar presentations

North Carolina Community College System Conference October 10, 2006 Succession Planning Dr. Donald W. Cameron, President, GTCC Jackie Greenlee, Director,

Advertisements

Role of Senior Management

[Organisation’s Title] Environmental Management System

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

IT Governance Infocom India Presentation December 6, 2006.

NORTHERN TERRITORY TREASURY Performance Development Framework (PDF) Review 2003 Original Treasury PDF Implemented 2009 November reviewed.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies and Standards

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

Chapter 12 Strategies for Managing the Technology Infrastructure.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Factors to be taken into account when designing ICT Security Policies

Stephen S. Yau CSE , Fall Security Strategies.

Emergency Response & Continuity of Operations Planning Stephen A. Morash Daniel R. Wieland Emergency Response Planning Boston University.

Creating Policies and Procedures that Build Performance Michigan Association of Conservation Districts © Copyright 2011, NorthSky Nonprofit Network All.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

Session 3 – Information Security Policies

Company LOGO Leading, Connecting, Transforming UNC… …Through Its People Human Capital Management.

Charting a course PROCESS.

Introduction to Network Defense

Control environment and control activities. Day II Session III and IV.

Incident Response Updated 03/20/2015

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

1 Safety Training for Supervisors. What We’ll Cover Safety program objectives The importance strong leadership The responsibility of management The role.

Deloitte Consulting LLP Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative June 22, 2009 DRAFT – FOR DISCUSSION PURPOSES.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Maureen B. Higgins Assistant Director, Agency Support & Technical Assistance Office of Personnel Management December 8, 2010.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.

FORESEC Academy FORESEC Academy Security Essentials (II)

Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.

ISA 562 Internet Security Theory & Practice

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.

KOUKAMMA MUNICIPALITY INTERVENTION STATUS REPORT PRESENTED TO SELECT COMMITTEE 19 OCTOBER 2010 PARLIAMENT – CAPE TOWN.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Governance: Challenges & Possible Solutions Audit and Risk Indaba 28 October 2011.

H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.

How to bridge the gap: Culture Communication Key Talent Identification & Retention Employee Knowledge The Leadership Key.

Strategies for Knowledge Management Success SCP Best Practices Showcase March 18, 2004.

AUTHORIZED ECONOMIC OPERATORS

A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,

Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

SIERRA LEONE AGRICULTURAL RESEARCH INSTITUTE ( SLARI) IMPLEMENTING AND CASCADING PERFORMANCE MANAGEMENT SYSTEM PRESENTATION BY USMAN C. CONTEH DIRECTOR,

1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.

FIRMA 2010 Larry J. Kallembach April 1, MB Financial Headquarters - September 2008 Chicago is a Lakefront city…….

WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.

The NIST Special Publications for Security Management By: Waylon Coulter.

Department of Defense Voluntary Protection Programs Center of Excellence Development, Validation, Implementation and Enhancement for a Voluntary Protection.

Safe roads, Reliable journeys, Informed travellers “how the HA is addressing the needs of safety in future maintenance and construction within the design.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

DoD Lead Agent: Office of the Assistant Secretary of the Army (Installations and Environment) Department of Defense Voluntary Protection Programs Center.

The WCO SAFE Framework of Standards Larry Burton Senior Technical Officer World Customs Organization.

“D ESIGN AN HR ARCHITECTURE FOR THE DIFFERENTIATED WORKFORCE ” 1.

Development, Validation, Implementation and Enhancement for a Voluntary Protection Programs Center of Excellence (VPP CX) Capability for the Department.

Cybersecurity Policies & Procedures ICA

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

I have many checklists: how do I get started with cyber security?

Cybersecurity ATD technical

Cyber Security in a Risk Management Framework

IT Management Services Infrastructure Services

Presentation transcript:

H UMAN R ESOURCES M ANAGEMENT August 18, 2009

O UTLINE Key Results Ensure all stakeholders are well informed of cybersecurity and its financial impact to the organization Commit to clear and consistent cyber security procedures Establish reinforcing infrastructure and talent support systems I. Importance of the human capital element A. New section for Phase II B. Incorporates all stakeholders C. Critical to both pre-emptive and defensive activities II. Questions III. Considerations for answering questions A. Creating a cyber secure culture B. Leadership and talent C. Organizational structure D. Standard operating procedures Account management policy and procedure Network access and administration Layered defense Disciplinary process E. System integrity Backup and recovery process F. Training and communication Regular schedule for employees Intervention at all levels of engagement (intake, periodic and termination) General communications G. Reinforcing infrastructure Stakeholder identification and leadership responsibilities Performance management and incentives Investigative process and follow-through IV. Charts and graphs A. Stakeholder roles and responsibilities B. Training effectiveness chart

Q UESTIONS 6.1How do we attract, develop and retain critical cyber security technical and leadership talent, including those in functional areas requiring cyber security savvy? 6.2Does our organizational structure support key functional integration to ensure threat mitigation and rapid crisis response? 6.3How does our cyber security communications plan address and measure the effectiveness of threat awareness and training for all network stakeholders? 6.4What is our monitoring and auditing operating procedure for online activity? Updated password and account management policies Stakeholder compliance audits Layered defense against remote attacks 6.5How does our SOP address elevated access possessed by system administrators and privileged users? 6.6Have we assessed the need for protection of our social networking and share center sites? 6.7How do we routinely audit network access throughout the network stakeholder lifecycle, especially at termination or out-processing? 6.8Does our progressive discipline policy address our need for threat investigations involving any network stakeholder for suspicious or disruptive behavior? 6.9How do we ensure integrity and continued operations of our employee database and related systems like recruiting, benefits, travel and payroll? 6.10Do our performance management and compensation strategies provide adequate support for our cyber security mission?

S CHEDULE DateMeetingObjective August 7 th Initial mtgEstablish schedule; R&R August 13 th Outline due August 14 th Weekly statusClarify R&R; update outline August 18 th ISA/ANSI Mtg August 21 st Weekly statusWorking draft August 28 th Weekly statusDraft Update September 4 th RescheduleDraft Update September 11 th Weekly statusDraft Update September 17 th Weekly statusDraft Update September 24 th Weekly statusSubcomm Review October 1 st Weekly status Final review October 8 th Weekly statusSubmittal Weekly schedule – Friday at 8am Sept 4 th meeting TBD due to holiday Will update calendar based on ISA/ANSI schedule

C RISIS M ANAGEMENT Backup and recovery process Investigations Stakeholder identification and leadership responsibilities Investigative process and follow- through Disciplinary process Communications