Information governance and information security

Slides:

Advertisements

Similar presentations

IT Security Policy Framework

Advertisements

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Security Controls – What Works

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

First Practice - Information Security Management System Implementation and ISO Certification.

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or

© ITGI, ISACA - not for commercial use. John R. Robles Guidance for Information.

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.

Information Security Framework & Standards

Information Security Update CTC 18 March 2015 Julianne Tolson.

Cybersecurity nexus (CSX)

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

GRC - Governance, Risk MANAGEMENT, and Compliance

OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP YAP YONG TECK TAN YUAN JUE TAY QIU JIE GROUP MEMBER:

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

Training of Information Security for Common Users Dr. Francisco Eduardo Rivera FAA SALT Conference, February 18, 2004.

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

Frontline Enterprise Security

Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Krysti Cox Dustin Hamilton Angela Pagenstecher Jeff Pike.

CYBER SECURITY PRACTICES: AN EXPERT PANEL DISCUSSION February 12, 2015 Harvard Business School Association of Boston.

Chapter 1: Security Governance Through Principles and Policies

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

ISACA: 2016 AND BEYOND MATT LOEB (CGEIT, CAE) ISACA CHIEF EXECUTIVE OFFICER.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Best Cyber Security Practices for Counties An introduction to cybersecurity framework.

CyberLaw. Assignment Review Cyber LawCyberLaw 6/23/2016 CyberLaw 3 Securing an Organization  This Chat: CyberLaw and Compliance –Forensics –Privacy.

Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.

Annual CISO Update Ken Runyon, CISO

MS in IT Auditing, Cyber Security, and Risk Assessment

Law Firm Data Security: What In-house Counsel Need to Know

An Information Security Management System

Dr. Yeffry Handoko Putra, M.T

Strategies in the Game of

IS4680 Security Auditing for Compliance

Regulatory Compliance

Security Risk Profiles – Tips and Tricks

The Internal Audit Role in assessing Cybersecurity

GDPR Awareness and Training Workshop

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

How to Successfully Leverage Professional Associations

GDPR Security: How to do IT? IT reediness for competitive advantage

Information Security: Risk Management or Business Enablement?

I have many checklists: how do I get started with cyber security?

GDPR Workshop G.LEFTHERIOTIS /

XAHIVE International LLC Ottawa • New York

Frameworks, Standards, Guidelines, and Best Practices

Privacy and EU GDPR Ayilur Ramnath

مبانی ممیزی فناوری اطلاعات

Cybersecurity compliance for attorneys

Cyber Risk & Cyber Insurance - Overview

ComplyCORE: Why didn’t I think of that?

Compliance in the Cloud

IT and Audit Building a Security Aware Culture

Security Policies and Implementation Issues

What is Cybersecurity Office of Information Technology

Presentation transcript:

Information governance and information security

Information governance

Where InfoSec is coming from today Where InfoSec is coming from How InfoGov can work with InfoSec What Records Managers need to learn

The players Risk Audit Compliance Information Security Privacy IT Operations Legal

Information security CIA: Confidentiality, Integrity, Availability Prevent breaches of information Train and educate end users Patching Put in place CONTROLS Respond to Security Audits Access Controls Cyber Insurance Information security

Information security controls DLP or Data Loss Prevention NAC Network Access Controls Policies Procedures Access Controls Multi-Factor Authentication

Protecting Information PII Personally Identifiable Information PHI Personal Healthcare Information PCI Credit Card Information Attorney Client Privilege Trade Secrets

Information security Know what we have (PII or PHI) Know where it is Know how it is being used = Controls easily implemented

Information security alignment Standards & FRAMEWORKS Regulations HIPAA GDPR NACHA ISO NIST COBIT SOC2 ETSI CISQ NERC ISA/IEC 62443 IASME To build your Information Security Management System ISMS

The two professions 1995 1955 ARMA has been around since 1955 The first CISO was named in 1995

Information governance We know our organization’s information We know where the gaps are We know the players We have a good understanding of the playing field We know the end users We understand the process of getting information policies and processes pushed through

Information governance tasks Learn the language Learn Know the technology Know Understand the controls Understand See the priorities See

Organizations and certifications ISACA – Knowledge and practices for Information Systems https://www.isaca.org/Pages/default.aspx ISSA -- International Systems Security Association https://www.issa.org/ ISC Squared - Cybersecurity and IT Security Professional Organization https://www.isc2.org/ IAPP -- International Association of Privacy Professionals https://iapp.org/ IIA – Institute of Internal Auditors https://na.theiia.org/Pages/IIAHome.aspx CISA® validates skills and experience in auditing, control information security and cybersecurity. CRISC™… risk, information systems control and cybersecurity. CISM®… information security management and cybersecurity. CGEIT®… enterprise IT governance.

Remove duplicate efforts goals Pool resources Remove duplicate efforts Leverage controls Translate

You know your information landscape

THANK YOU! Jeff Lewis jlewisrecords@yahoo.com