Presentation to the COIT Architecture Sub-Committee

Slides:

Advertisements

Similar presentations

Department of Information Technology Trusted Network Initiation Certification Request Dave Dikitolia, Andrew Griego

Advertisements

David A. Brown Chief Information Security Officer State of Ohio

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.

Business Continuity Planning State of the Process Report May 12, 2008.

Controls for Information Security

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,

Information Security Training for Management Complying with the HIPAA Security Law.

Software Engineering Chapter 15 Construction Leads to Initial Operational Capability Fall 2001.

FNSSP Presentation Sioux Lookout February 3, 2010.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Homeland Security Grant Program 2015 Process Michelle Hanneken Illinois Emergency Management Agency.

August Mr. Mike Finley, CISSP Senior Security Engineer Computer Science Corporation.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

FY Budget Presentation to Board of Finance March 17, 2014 Government Center Kevin Murray, Operations Manager Parks & Facilities.

Campus Safety Update September Area’s of Focus – Fall 2008 Implementation of Multi-Modal Personal Mass Notification Recruitment of Emergency & Security.

Presentation to the Portfolio Committee on the Social Security Agency February 2005.

San Diego Regional Comprehensive Plan Presentation to Senate Transportation and Housing Committee February 8, 2005.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Management Performance Assessment Tool (MPAT) Briefing the Portfolio Committee 05 November 2014.

Shared Services Initiative Summary of Findings and Next Steps.

Redmond Police Functional Plan Update Council Study Session January 14, 2014.

Tools of the Trade: Edition No. 2 (July 2011) Implementing the Near-Miss Program.

Budget Study Sessions Strategic Support Proposed Operating Budget OUTCOMES: - A High Performing Workforce that is Committed to Exceeding.

EMerge Status Report COIT September 18, Description Deploy a Human Resources Information System using a secure and robust technical platform for.

CCSF – Citywide IT Plan Current State Assessment December 18 th, 2008 Craig Holt, Consulting Director.

PROGRESS IN IMPLEMENTING e-GOVERNANCE

Project eMerge Status Update

Functional & Games wide

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

Team 1 – Incident Response

Project Overview – Phase 1

4.4 Monitor and Control Project Work

Agenda Control systems defined

THE SELECT COMMITTEE ON LOCAL GOVERNMENT AND ADMINISTRATION

Hazard Mitigation Planning VII

BRANCH: CORPORATE SERVICES Deputy Director-General

Detection and Analysis of Threats to the Energy Sector (DATES)

Ryan Cox, Mitigation Planning Supervisor, NC Risk Management

Presentation to the Portfolio Committee on the Social Security Agency

The Biodiversity and Protected Areas Management (BIOPAMA) Programme

“The Link” - Continuity of Operations and Emergency Management

Implementing and Auditing the Critical Controls

Larry Bugh ECAR Standard Drafting Team Chair January 2005

Organization Audit, Risk and Compliance (ARC)

Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 21 March 2018.

Larry Bugh ECAR Standard Drafting Team Chair January 2005

IS4680 Security Auditing for Compliance

Oman Experience on Telecommunications Emergency Plan

Information Security Forum to an Information Security Plan

IS4550 Security Policies and Implementation

GENERAL SERVICES DEPARTMENT Facilities Management Division PROOF –NM (Process Reengineering & Optimization of O&M Functions for New Mexico) Phase II.

Status on the implementation of the National Development Plan

Response to Report on Local Government new risk management and internal audit framework for NSW councils.

Fiscal Year Budget Plan

IT Development Initiative: Status & Next Steps

Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005

SmartMeterTM Steering Committee Update – July 2012

Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 26 September 2018.

Agenda Purpose for Project Goals & Objectives Project Process & Status Common Themes Outcomes & Deliverables Next steps.

Scranton School District School Safety Update

XRN June 19 Release - Status Update

Part 1 Security Action Plan Template.

Supervisory Organization Structure

MSD I Review February 22, 2008 (9:00 AM) Room

Presentation transcript:

Presentation to the COIT Architecture Sub-Committee Security Update March 2009 Jeana L. Pieralde, CISSP DT Security and Engineering Manager

Overall Information Security Plan Created a draft 5 Year Business Plan New Draft has been submitted for review New plan combines DT Engineering and Security Services Identified key positions for a City-Wide Information Security Group Actively pursuing the hiring new Security Positions Identified Core Services Risk Assessment Completed Penetration and Vulnerability assessments on 4 Departments Created a DT Computer Incident Response Team (CIRT) Network Security Installed Intrusion Prevention capabilities and actively monitoring network perimeter City-Wide Policies Reviewing CCISDA Framework and ISO 17799 best practices Create review Policy Review committee

Information Security Working Group Information Security Contact Form 14 Departments responded to initial inquiry Re-canvassing the Departments to get a broader response Next Steps Compiling a list of all departmental contacts Create the Security Working group

Risk Assessments City-Wide and for each Department Current Efforts – 3 Phases Phase 1 -Vulnerability and Penetration testing of DT and Financial departments - Completed Phase 2 - Vulnerability and Penetration testing of Public Safety Departments – Seeking funding Phase 3 – Determining need to test remaining departments Resources required for Risk Mitigation can not be identified until assessments are completed

Create City-Wide Security Policies City-Wide Policies and the Security Working Group Executive Order 07-09 places policy creation and initial approval with the Security Working Group CCISDA Framework and Best Practices Adopted as a framework in February, 2008

CCISDA Framework Current Status In the process of creating the Info Sec Working Group Waiting to compile complete list of contacts Reviewing the Best Practices and Policies manuals Highlighting Changes that need to be made to reflect the unique operations of the City and County of San Francisco Mapping Policies to existing City Policies Reviewing standard template for Policies

Progress Inhibitors Resources Budget Facilities Unable to fill needed and key Security Positions Existing resources need Security Training Budget Key programs do not have funding Or Out of funding Supplemental funding efforts have been only marginally successful Facilities Lack of Data Center space and power slowing system implementation