Annual CISO Update Ken Runyon, CISO

Slides:



Advertisements
Similar presentations
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Advertisements

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise.
Security Controls – What Works
Empowering Staff Through Institute Planning (ESTIP) Executive Workshop Institute Name: XXXXXX Presenter: XXXXXX Date: XXXXXX.
1 July 08, 2010 Information Security Officer Meeting.
Environmental Management Systems Refresher
By: Ashwin Vignesh Madhu
12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.
1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Control environment and control activities. Day II Session III and IV.
User Group 2015 Security Best Practices. Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations.
PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME 1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal.
Information Security Update CTC 18 March 2015 Julianne Tolson.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
PCI Compliance Update Presented by: Jeff Gassaway, Information Security Officer – CISSP Lucas Walker, Information Security Analyst – GSEC 1.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Enterprise Service Management (ESM) An Approach for Adopting and Adapting Best Practice Programs to Manage, Secure and Improve an Organizations Information.
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
Security Training and Awareness Brad Reed, IT Security Analyst OIT – Information Security Office Securing the University – ITSS 2015.
RTW Self Assessment using the 5 Steps
Introduction to CASSC. CASSC An acronym that stands for College Academic and Student Support Council and Campus Academic and Student Support Council.
OTech CalCloud Security General 1  Meets the operational and compliance requirements of the State  SAM/SIMM  NIST  FedRAMP v2  Other necessary regulatory.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Middle Managers Workshop 2: Measuring Progress. An opportunity for middle managers… Two linked workshops exploring what it means to implement the Act.
Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
Study Group 1 Quality Assurance for Language Programs BILC Conference, Riga, May 2016.
Online Testing Infrastructure Readiness Checklist and Infrastructure Trial.
Information Security Officer Meeting
Pipeline Safety Management Systems
Managing Compliance for All Departments
Performing Risk Analysis and Testing: Outsource or In-house
Cyber Risk Presentation to the Board of Directors
Capabilities Matrix Access and Authentication
Capacity Building Project for Argentina’s Voluntary Peer Review
Introduction to the Federal Defense Acquisition Regulation
HLC
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Training Appendix for Adult Protective Services and Employment Supports June 2018.
IT Development Initiative: Status and Next Steps
Information governance and information security
USAID/Peru Risk Assessment In-Briefing
Software Assurance Maturity Model
NC Performance Framework: Past, Present, and Future
Academic Capabilities
Technology in care homes -
Cyber security Policy development and implementation
Cyber Security Trends in Higher Education
Suffolk County Community College
DSC Contract Management Committee Meeting
Employee Security Awareness
Introduction to the PACS Security
IT and Audit Building a Security Aware Culture
Awareness and Auditor training kit
DSC Contract Management Committee Meeting
HUD’s Coordinated Entry Data & Management Guide
Peer Cybersecurity Assessments: For and by Higher Education
SUNY FACULTY DEVELOPMENT COMMUNITY OF PRACTICE
Run of Show Goals of RESEA EvalTA (Cycles of Learning and Doing) 0:51
From Baby Boomers to Millennials
Presentation transcript:

Annual CISO Update Ken Runyon, CISO

Session Outline: 1.Introduction 2.Annual Training Requirements 3.SANS Securing the Human 4.SAQ 2015 Review 5.Q&A

Annual Training and Assessment

ISO Training Requirements: NYS-S  ISO or designated security representatives for State Entities  Minimum of 37.5 CPE credits annually User Training Requirements: SUNY 6608 NYS P PCI-DSS

SANS Securing the Human

SANS Training: Expected Outcomes  Provide standards based information security awareness training  All system users (faculty or staff) should participate  May be augmented with face to face training (Executives)  Does not replace specific PCI or HIPAA required compliance training Current Situation  24 SUNY entities (campuses and other) participate in group program  4 have conducted training, running out of time for cycle

SAQ 2015 Review

ISEC Program Observations: Security Projects remain a top indicator to success Management/Executive are necessary Establishing Policies based on established standards is a requirement  Cyber Security Framework v1.0  NIST  ISO 27001/27002  COBIT

State Operated ISEC Program Scores

Community College ISEC Program Scores

State Operated ISEC Program Percentages

Community College ISEC Program Percentages

ISEC Controls Observations: IT has addressed the basics as can be seen in the scores Intrusion Prevention remains a stretch goal 1/3 of the campuses do not conduct vulnerability scans Content based filtering (i.e. DLP) is not being done

State Operated IT Controls Scores

Community College IT Controls Scores

State Operated IT Controls Percentages

Community College IT Controls Percentages

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.