BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Slides:



Advertisements
Similar presentations
SL21 Information Security Board Mission, Goals and Guiding Principles.
Advertisements

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Website Hardening HUIT IT Security | Sep
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Dell Connected Security Solutions Simplify & unify.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Security considerations for mobile devices in GoRTT
Chapter 6 of the Executive Guide manual Technology.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Appendix C: Designing an Operations Framework to Manage Security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Chapter 2 Securing Network Server and User Workstations.
Development of a Clean Room/Highly Restricted Zone June 12, 2012 Thomas Garrubba - CVS Caremark; Manager, Technical Assessments Group ©2011 The Shared.
Chapter 8 Auditing in an E-commerce Environment
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Information Security tools for records managers Frank Rankin.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Managed IT Services JND Consulting Group LLC
September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.
Cloud Faxing for Law Firms
EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY
Securing Network Servers
Presenter: Mohammed Jalaluddin
Cybersecurity - What’s Next? June 2017
Demystifying cybersecurity: Best practices to help strengthen your program Chris Candela Senior Consultant Business Consulting Services Charles Schwab.
Working at a Small-to-Medium Business or ISP – Chapter 8
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
VIRTUALIZATION & CLOUD COMPUTING
Active Cyber Security, OnDemand
Business Continuity Plan Training
Leverage What’s Out There
Intelligent Buildings and Cybersecurity
Cybersecurity Policies & Procedures ICA
Information Technology (IT) Department
Privacy and Security in the Employment Relationship
Paul Woods Chair, MITIGATION: Ensuring we procure cloud services taking into account of the risks involved Paul Woods Chair, ISNorthEast.
Business Risks of Insecure Networks
Joe, Larry, Josh, Susan, Mary, & Ken
Information Security Board
DETAILED Global CYBERSECURITY SURVEY Summary RESULTS
I have many checklists: how do I get started with cyber security?
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
County HIPAA Review All Rights Reserved 2002.
Cybersecurity compliance for attorneys
12 STEPS TO A GDPR AWARE NETWORK
Information Security Awareness
IS4680 Security Auditing for Compliance
Privacy and Cyber Security for Payroll Pros: A Global Perspective
PLANNING A SECURE BASELINE INSTALLATION
Cyber Security: What the Head & Board Need to Know
Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.
Microsoft Data Insights Summit
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
What is Cybersecurity Office of Information Technology
Cloud Computing for Wireless Networks
Presentation transcript:

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT Raf Portnoy SVP, Technology Steve Sheinberg General Counsel SVP, Privacy & Security BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

THINKING ABOUT DATA GOVERNANCE Create employee policies and build a culture that recognizes that employees are the main threat vector. Teach employees, especially about social engineering. Talk to the CIO. Get your board onboard. Get good agreements with vendors and key employees. Plan well and strive for Cyber Resiliency. Update software, install patches, remove non-approved software and hardware. Follow the principle of least privilege. Use two-factor authentication. Ensure that your physical security is sufficient. Encrypt all data, period. Segregate differing data onto separate networks. Monitor network traffic. {Most of this is policy, not tech, driven} Sheinberg and Portnoy

Asking: who is storing what information and where… GOVERN follow information governance best practices DETERMINE which data you need to protect IDENTIFY the data you have Asking: who is storing what information and where… Consider the risk of loss: Political, Ethical, Social, Legal How will you protect your data going forward?

Mission Mission: The mission of the Information Security and Privacy Program is to provide exceptional, secure infrastructure support and innovation in the delivery of information technology security products and services to Your Organization staff and clients. Improve cyber security awareness and data asset management. Protect information and systems to ensure that the confidentiality, integrity, and availability of all information is consistent with mission needs, internal and external threats, information value, and industry compliance.

Information Security Needs The number and complexity of information security threats are increasing. Advanced Persistent Threats (APTs) have penetrated environments that were previously thought to have been adequately secured and can remain unnoticed for extended periods of time. Data system growth is compounding the need for increased security attention. Additionally, mobile security, cloud security, big data security, and social media security are now “today’s problems.”

Information Security Needs How do we know this is enough? We are employing cybersecurity best practices We are following the recommendations made by our IT auditors. We are following recommendations by our Security Compliance consultants.

Information Security Program Confidentiality – Client, Employee and Organizational information Integrity – Consistent and accurate data Availability - Easily and safely accessible information Integrity Availability Confidentiality Identity & Access Management Security Strategy & Communication Security Policy & Procedures Security Culture & Awareness

Information Security Program Confidentiality Integrity Availability Identity & Access Management Security Strategy & Communication Security Policy & Procedures Security Culture & Awareness Traditional Cyber Security Triangle Confidentially Integrity Availability Cybersecurity Framework core: Identify Protect Detect Recover Restore

Information Security Measures Network Vulnerability Assessment Annual independent analysis that identifies and quantifies security vulnerabilities on network systems IT Systems Disaster Recovery Well-defined, documented policies and procedures on how to establish access to IT services in case of the disaster Network access and files monitoring Real-time email alerts and logs upon changes to confidential folders, or user accounts E-Mail Encryption Secure messages and information Mobile Device Management Manage mobile devices ensuring secure data on mobile devices Private Printing Secure printing to most network printers Single Sign-On Access multiple application with one credential Secure Remote Access Secure and seamless remote access Desktop and Server Management Patch and update desktops and servers Software deployment and configuration management Restricted Access to Client Management Systems (CMS) Access restricted to within the organization’s network Cybersecurity Awareness Program Training and Communiques

Thank you! Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.