Governance, Risk, and Compliance Systems in Higher Education

Slides:

Advertisements

Similar presentations

Developing a Risk-Based Information Security Program

Advertisements

G R C The Science of Compliance ® ®. Craig Isaacs CEO, Unified Compliance Framework The world's largest and most reviewed legal framework. 2.

Neighborhood Watch: University Compliance Developments related to Research Susan Rafferty, Interim Director Office of Institutional Compliance.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Measuring Compliance with Tenable Security Center Joe Zurba | HUIT IT Summit May 23, 2013.

Bill McClanahan – Principal Business Consultant LPS Integration.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Security Controls – What Works

Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics Peter T. Davis Principal Peter Davis+Associates.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Author:Prof.Dr.Tomas Ganiron Jr1 CHAPTER 7 PROJECT EXECUTION, MONITOR & CONTROL PROCESS 7-1 Project Executing process 7-2What is Project monitor & control.

Brian Markham Director, DIT Compliance and Risk Services May 1, 2014

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

TELLEFSEN AND COMPANY, L.L.C. SEC Regulation SCI and Automation Review Policy Compliance March 2013 Proprietary and Confidential.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

The Scales of Justice Balancing Policy and Law Against Expectations in Real-Life Computer Abuse Cases.

Staff Structure Support HCCA Special Interest Group New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.

Information Security Update CTC 18 March 2015 Julianne Tolson.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

GRC - Governance, Risk MANAGEMENT, and Compliance

Measuring Compliance with Tenable Security Center

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Challenges in Infosecurity Practices at IT Organizations

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

ICTF Conference – Workshop – 2010 Sarah Lawson – IT Coordinator, NPEU

Privacy Project Framework & Structure HIPAA Summit Brent Saunders

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

PAYMENT CARD INDUSTRY REMEDIATION PROJECT Cheryl Wenezenki-Yolland, PCI Project Owner Nicholas Krischanowsky, PCI Project Director Public Sector Payment.

1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.

Compliance August 18, Agenda Outline Status Draft of Answers.

October 10, Better Together – The Road to Responsible Information Management Presented by Colleen Pedroza, State Information Security Officer.

2012 NPMA Fall Conference Value Through Professional Asset Management Research Administrators and Property Managers: Where do we intersect? Jennifer Cory,

DCSS Information Security Office Partnership for a secure environment Lawrence “Buddy” Troxler Chief Information Security Officer February 13, 2011.

OTech CalCloud Security General 1  Meets the operational and compliance requirements of the State  SAM/SIMM  NIST  FedRAMP v2  Other necessary regulatory.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Security – 2015’s Biggest Threat to Client Confidentiality A Panel Discussion Joseph Abrenio, VP of Cyber Advisory Services & General Counsel Delta Risk.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.

Integration of Financial Operations and IT Cybersecurity Controls Integration of Financial Operations and IT Cybersecurity Controls March 18, 2016 Mr.

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)

Vendor Management by Banks: How Law Firms Are Affected Peter Swire Huang Professor of Law and Ethics Scheller College of Business Georgia Institute of.

MARTA’s Road to PCI Compliance

An Information Security Management System

Building an Information and IT Compliance Program

Strategies in the Game of

Information Security Program

Office 365 Security Assessment Workshop

Regulatory Compliance

IS4680 Security Auditing for Compliance

CMGT 582 STUDY Education for Service--cmgt582study.com.

COUNCIL MEETING 2014.

Institutional Privacy Challenges

IT RISK MANAGEMENT ITS All Staff Meeting Jason Pufahl, CISO

Service & Vendor Provider Oversight

MARTA’s Road to PCI Compliance

Information Technology Policy Institutional Data Policy

Privacy Project Framework & Structure

The USE of country systems = capacity and accountability

Perspectives on Defense Cyber Issues

Timothy B. Cleary, Esq. Meredith Manning, Esq.

How To Identify and Reduce Business Risk

The value of the metrics standards within our compliance frameworks

GRC - A Strategic Approach

Presentation transcript:

Governance, Risk, and Compliance Systems in Higher Education Sarah D. Morrow, Moderator Chief Privacy Officer, The Pennsylvania State University Merri Beth Lavagnino Chief Privacy Officer and Compliance Coordinator, Indiana University Jennifer A. Stewart Privacy Coordinator, The Pennsylvania State University Cheryl Washington Chief Information Security and Privacy Officer, University of California Office of the President

What is a Governance, Risk, and Compliance (GRC) system? An integrated application that helps automate: managing the policy development, dissemination and attestation process; tracking requirements of law, regulations, standards, and frameworks such as ISO and NIST; monitoring and ensuring compliance obligations are met, such as those required by PCI DSS, GLBA, and HIPAA; issuing surveys to business units to check themselves against those requirements to find gaps; doing risk assessment exercises and treating risk factors, especially against the gaps found; tracking mitigation activities taken to reduce those risks; automating incident or issue tracking to ensure each is logged, tracked, routed to the right person, completed, etc.; and often much, much more!

Panel Discussion Institutional Sponsor Vendor Search Process Pre-purchase Considerations Functionality Essentials Planning Phase Production Roll-out

Contact Information Sarah D. Morrow sdm24@psu.edu | 814-863-3049 …………………………………… Merri Beth Lavagnino mbl@iu.edu | 317-274-3739 Jennifer A. Stewart jas72@psu.edu | 814-863-7820 Cheryl Washington cheryl.washington@ucop.edu

THANK YOU