Information Security Officer Meeting

Slides:

Advertisements

Similar presentations

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

Advertisements

1 April 12, 2010 Information Security Officer Meeting.

David A. Brown Chief Information Security Officer State of Ohio

E-Security Background IT Infrastructure in Sikkim Current Status of Cyber Security& Cyber Crime in SIkkimCurrent Status of Cyber Security& Cyber Crime.

Introduction to Cyber Crime Investigation Course Conducted in English Institute for Information Industry Decision Group.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Security Controls – What Works

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

1 July 08, 2010 Information Security Officer Meeting.

Complying With The Federal Information Security Act (FISMA)

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

HSGP Funding for Security Efforts Presented by Michele Robinson.

Continuity of Operations Planning COOP Overview for Leadership (Date)

Information Technology Assessment Review Presented to the Board of the State Center Community College District.

Module 2.1 Finance and Administration Cabinet Organizational Changes and Agency Impact March

FY2010 PEMP Notable Outcomes October 15, FRA, LLC Board of Directors 10/15-16/2009 Office of Quality and Best Practices Performance Evaluation Management.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Engaging Contractors in the Environmental Management System (EMS) Department of Energy EMS Workshop: Implementation, Lessons Learned, and Best Practices.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

July 10, 2008www.infosecurity.ca.gov1 What’s New!.

C U S T O M E R D R I V E N. B U S I N E S S M I N D E D. Joint Provider/Surveyor Training September 13, 2011 update.

NAPHSIS REAL ID Overview June 6, 2007 In support of this key requirement,

Linn & Benton Counties Mid-Valley. Mid-Valley LEPC  Today's Presentation: Mid-Valley LEPC – who we are! Grants – Why apply? Emergency Plans – What are.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

FAPPO Meeting Ft. Lauderdale April 20, 2004 State Purchasing.

1 August 18, 2010 Disaster Recovery Coordinators’ Meeting.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

1 State Homeland Security: Priorities and Funding R. Chris McIlroy Homeland Security and Technology Division National Governors Association.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.

NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Chapter 8 Auditing in an E-commerce Environment

Information Technology Assessment Findings Presented to the colleges of the State Center Community College District.

Business Continuity Disaster Planning

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Information Security in Laurier Grant Li Wilfrid Laurier University.

Advanced Planning Brief to Industry Jerry L. Davis DAS, Office of Information Security June 9, 2011.

Today’s Topics DHS Audit Guide Financial Management Manual

Information Security Program

Iowa Communications Alliance

HSGP Funding for Security Efforts

State of Review and Discussion of Current and Proposed National Background Check Program (NBCP) Implementation Presentation to

Information Asset Classification Communications Forum

Securing Critical Assets: Arizona’s Security & Privacy Initiatives

STATE OF NEW MEXICO STATE PERSONNEL OFFICE (SPO)

IT Development Initiative: Status and Next Steps

AFRICAN UNION- 23RD-27TH July 2018 PRESENTER: Mr. Nawa J.T Samatebele

Cyber Security in New Jersey State Government

DiVs Title Slide Welcome.

NCHER Knowledge Symposium Federal Contractor/TPS Session

NERC Critical Infrastructure Protection Advisory Group (CIP AG)

Purchasing & IT Security Originally Presented at Fall ACCBO

State Purchasing & Trade Show May 17 & 18, 2006

HIPAA Security Standards Final Rule

Continuity of Operations Planning

National Information Assurance (NIA) Policy

Role of State Audit Bureau of Kuwait in promoting and audit of IT Security

Presentation transcript:

Information Security Officer Meeting July 08, 2010

Welcome

Meeting Agenda Topics:  OIS Management Changes Opening 10 minutes Topics:  OIS Management Changes  Cyber Exercises – Cyber Storm III  Legislation  2010 Federal Grants  DNSSEC – A technical discussion  ISO Basic Training – It’s for everyone, not just the newbie  Enterprise Information Security Awareness Web Application  Public Scorecard  Policy 90 minutes Q&A and Closing 20 minutes

OIS Management Changes

Cyber Exercises

California Cyber Exercise Cyber Exercises California Cyber Exercise August 12, 2010

CyberStorm III Cyber Exercises “The last major cybersecurity exercise conducted by DHS was held in 2008. Cyberstorm III is slated to include a number of international computer emergency readiness teams (CERTS), including representatives from Australia, New Zealand, Canada and the United Kingdom. Officials from Japan and nine European nations have also been invited to participate. Previous Cyberstorm exercises focused on attacks attempting to take down the Internet or spread malicious software on high priority government systems. Cyberstorm III is expected to test the processes and roles in place while simulating a cyberattack against the underlying control systems of country's critical infrastructure – power grids, dams and systems that protect energy facilities.” -- 15 Jun 2010 | SearchSecurity.com

Legislation

Pending Legislation AB 1899 Transparency. State agencies to post specific audit information. OCIO and DGS to post specific summary information regarding contracts awarded to the state. Governor's Office to post specific financial information.

Pending Legislation AB 2091 Public Records Act (PRA) exemption. Information Security records that would reveal vulnerabilities or would increase the potential for an attack on an information system. A very limited and targeted exemption.

Pending Legislation AB 2408 Governor’s Reorganization Plan clean-up bill Codifies Executive Order S-10-03 Name change – OCIO to California Technology Agency Extends the OCIO’s sunset set date from 2013 to 2015

Pending Legislation AB 1055 State Chief Information Officer - fingerprints and criminal history checks. OCIO employees and contractors that have access to sensitive or confidential information. Conviction of crimes related to dishonesty, fraud, or deceit and is substantially related to the duties of the person. There is an appeals process.

2010 Federal Grants OIS Grant Requests (Proposed) OIS Grant Requests Threat Vulnerability Management Program Enterprise Vulnerability Assessment Service Statewide PCI Compliance CA Information Sharing and Analysis Center State and Local Government Training Content Learning Management System

2010 Federal Grants Online Incident Management System (Proposed) Online Incident Management System Enterprise Certificate Authority Enterprise Disaster Recovery Forensics Lab Enterprise Security Operations Center Endorsement Letter for OIS Grant Request and Commitment for Joint Participation on Awarded Projects

SecureDNS - DNSSEC

SecureDNS - DNSSEC

SecureDNS - DNSSEC

SecureDNS - DNSSEC

… ca.gov … state.ca.us SecureDNS - DNSSEC The DNSSEC project is an 18+ month, $1.353 million, federally funded project that will advance the integrity and availability for California’s Internet capabilities. All entities that use one of the zones named above for either world wide web or email addressing will need to stay informed and involved.

SecureDNS - DNSSEC End-State: A functional DNS governance program and oversight committee. California DNS infrastructure that is capable of signing DNS requests. The sub-domains with “ca.gov” and “state.ca.us” will all have been vetted for appropriateness and only those approved and fully documented will remain active.

SecureDNS - DNSSEC End-State (continued): All State of California entities that host internal DNS services will have the necessary technology to support DNSSEC. A comprehensive DNS management process, complete with procedures and standards, will be operational.

SecureDNS - DNSSEC What will the project need from departments? A point of contact at your department. Where necessary, hardware refresh. Software to manage DNS signing keys. Time to test and test, then test some more. Commitment.

SecureDNS - DNSSEC This is not only a technology project, it is also an enterprise governance project. This project will impact not only state entities, it will require commitment of time from counties and cities. Testing will be the most important phase of the SDLC. Service interruptions are unacceptable.

ISO Basic Training Six to seven hours of in-person training on OIS’ expectations for all ISOs and Agency ISOs. Required for all new ISOs. Required for all current ISOs in management or supervisor classifications. The first class will be held July 15th at 1325 J Street. This class will help establish future curriculum. There will be an annual refresher course (also required).

Enterprise Information Security Awareness Web Application

Public Scorecard

Public Scorecard http://www.cio.ca.gov/OIS/Government/activities_schedule.asp

Public Scorecard There will be no surprises. You and your management will be fully aware of the scores before publication. First Scorecard will be published on our website in late July 2010.

Future Policies Security Reporting Scorecard Policy Letter Infrastructure Consolidation Scorecard Cloud Computing Privacy

Questions