SPIA Web Application Introduction.

Slides:

Advertisements

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

Advertisements

Intermediate Access: Center for Teaching Advancement and Assessment Research On Creating a Database from Scratch.

5/30/2012. Provides a method for finding services/data on the Exchange Network – discover data. Supports User Friendly Tools Can automatically collect.

Request Material Information Use Case Item as created in Optiva. Supplier information request(s) can happen at any time. The same process works for Optiva.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

Nu Project Management Office A web based tool to Manage Projects.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide 1- 1.

1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.

Information Systems Controls for System Reliability -Information Security-

Computerised Maintenance Management Systems

PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME 1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal.

New Products for ©  2009 ANGEL Learning, Inc. Proprietary and Confidential, 2 Update Summary Enrich teaching and learning Meet accountability needs.

Introduction to IT Governance Support System (ITGSS)

Benefits of Online Testing: How Online Testing Can Simplify the Your Selection Process Copyright © 2007 Ramsay Corporation. All rights reserved.

© 2008 IBM Corporation ® IBM Cognos Business Viewpoint Miguel Garcia - Solutions Architect.

Ashley Hawley. Project Description Business Need User Profiles Development Technology Testing Plan Deliverables Demonstration Conclusion.

Audit Planning Process

15 1 Chapter 15 Database Administration Database Systems: Design, Implementation, & Management, 6 th Edition, Rob & Coronel Learning Objectives.

1 The New York State Education Department New York State’s Student Data Collection and Reporting System.

Virtualization Infrastructure Administration Other Jakub Yaghob.

Chapter 10: Rights, User, and Group Administration.

Windows Role-Based Access Control Longhorn Update

© 2009 On the CUSP: STOP BSI Data We Can Count On.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

6 November 2013 Created for IEA Conference Presented by: M. Cristina Ferrari NAVFAC SW Environmental Program Manager Naval Facilities Engineering Command.

Improving your Audit Process Through Technology Christopher McDonald Director of Field Loss Prevention, Babies R’ Us Inc.

Creating Custom Reports

November 17, 2008Pebble Project Agency Meetings Pebble Project Data Management Data Management Responsibilities Ensure complete and accurate field and.

Computerised Maintenance Management Systems

Oracle 11g: SQL Chapter 7 User Creation and Management.

IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.

Social Impacts of Data Mining 2004/12/30. Outline Is data mining a hype or a persistent growing business? Is data mining merely managers’ business or.

E-Rate and District Technology Plan By Gwen Davis.

Data Protection and Enabling Psi Re-use EVPSI & LAPSI Final Meeting

SharePoint 101 – An Overview of SharePoint 2010, 2013 and Office 365

Stony Brook University Data Strategy

Mirjana Boshnjak Skopje, 20 to 22 September 2017

Software Project Configuration Management

IS4550 Security Policies and Implementation

Welcome and Namaste Human Resource Information System (HRIS or HRMS) for Managing Human Capital More Intelligently.

Information Assurance Policy and Management

Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,

7.00 Understand marketing and business management.

Data Architecture World Class Operations - Impact Workshop.

Project Integration Management

Electronic Records Management Program

7.00 Understand marketing and business management.

7.00 Understand marketing and business management

Striving to be a Vibrant Club

CIS 207 Competitive Success-- snaptutorial.com

CIS 207 Education for Service-- snaptutorial.com

CIS 207 Teaching Effectively-- snaptutorial.com

USAID/Peru Risk Assessment In-Briefing

7.00 Understand marketing and business management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

Electronic Data Collection at Statistics Canada

Introduction to Information Systems

Two-Year Budgeting Workshop

Overview of Oracle Site Hub

IS4680 Security Auditing for Compliance

HP Quality Center 10.0 The Test Plan Module

Implementing and Managing Group and Computer Accounts

Privacy Management and Control

How should Disclosure Reports work in the future?

GSBPM AND ISO AS QUALITY MANAGEMENT SYSTEM TOOLS: AZERBAIJAN EXPERIENCE Yusif Yusifov, Deputy Chairman of the State Statistical Committee of the Republic.

How should Disclosure Reports work in the future?

Presentation transcript:

SPIA Web Application Introduction

Privacy Impact Assessment What is SPIA? Security and Annual risk assessment program conducted at School/Center level to identify privacy and security risks in databases and applications

Why SPIA is Important? Helps ensure information entrusted to Penn is properly protected Need to understand: What data Penn has on its systems What risks exist in our environment How those risks can be reduced or even eliminated Trustees recognize the need to create data inventories in order to assess risks to Penn data

SPIA 2.0 – Goals Simplify the SPIA program Create one tool for inventory and risk assessment Provide ability to view data inventories Make risk assessment simpler, more flexible Raise awareness of controls/safeguards Make updates easier year-to-year Areas for improvement with the program

SPIA 2.0 - Web Application Automated assessments - no more spreadsheets/emails Role-based access controls allow for delegation of inventory creation Flexible approach to assessing controls and risk Populates selected information into an Executive Summary Data rolled over annually for easier updates Data will be stored in database to enable reporting

Administration “Asset” represents the item being assessed. “Inventory” represents a collection of related assets. “Departments/Units” represent subgroups within a School/Center created for the purpose of organizing data inventories.

Roles & Responsibilities Inventory Managers Create and edit inventories and assets within their Unit Multiple users available at this level View only those inventories and assets within their Department/Unit Assess/review all Department/Unit level assets for inclusion in an Executive Summary School/Center Administrator All of the above plus… Create Departments/Units Assign Inventory Managers Create an Executive Summary Push an Executive Summary and Final Inventory to InfoSec/Privacy A snapshot of the “Final” inventory will be taken annually at the time the School/Center submits it to InfoSec/Privacy.

Roles & Responsibilities InfoSec/Privacy Manage controls list Manage School/Center Administrators View all School/Center Inventories/Executive Summaries Provide Responses to Submissions Create Reports

Organizational Structure

Process Submit Inventories and Executive Summary to InfoSec/Privacy Create and Assess Inventories of Assets Create Executive Summary Submit Inventories and Executive Summary to InfoSec/Privacy

Questions