January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.

Slides:



Advertisements
Similar presentations
Conducting your own Data Life Cycle Audit
Advertisements

June 27, 2005 Preparing your Implementation Plan.
National Prevention Strategy
Advanced Piloting Cruise Plot.
REQ Enrollment in Demand Response Programs Process Flow Engineering Firm Retail Customer Demand Response Service Provider (DRSP) Distribution Company.
Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Document #07-2I RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.
1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
The Managing Authority –Keystone of the Control System
European Union Cohesion Policy
“Train the trainers” seminar
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
GOALS FOR TODAY Understand how to write a HACCP Plan
1 NORTH CAROLINA COUNCIL OF INTERNAL AUDITING October 31, 2007.
HIPAA AWARENESS TRAINING
606 CMR 14.00: Background Record Checks What you need to know!
Welcome To SPARROW Website URL
Presenter:Dr. Maureen White Developer: Dr. Chuck Wiseley 12/9/10 1.
Gaining Senior Leadership Support for Continuity of Operations
1 SLIDE Insurance Company Regulation Division Insurance Market Regulation Division Medical Professional Liability Insurance Claim Reports Online Claim.
Shared Work Employer Representative Orientation 1.
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Lessons Learned from Financial Management Reviews May 15, 2008 Bruce Robinson FTA Office of Research, Demonstration and Innovation.
Washington State Auditors Office Troy Kelley Independence Respect Integrity Regulatory Reform: Improving Permit Timeliness Joint Legislative Audit and.
P-Card User Guide Standard Profile July RCNJ-BOA Purchasing Card User Guide – Standard Profile Ramapo College and Bank of America VISA Procurement.
EMS Checklist (ISO model)
MAKERERE UNIVERSITY DIRECTORATE OF INTERNAL AUDIT ACCOUNTABILITY SYSTEMS AND PROCESSES RIDAR HOTEL SEETA 16 TH – 18 TH JUNE 2011 Presented by SAMUEL NATWALUMA.
Quality Assurance/Quality Control Plan Evaluation February 16, 2005.
A Roadmap to Successful Implementation Management Plans.
Managing Government Records Directive ACERA Meeting November 6, 2012 Don Rosen Director of Policy, Analysis and Enforcement Office of the Chief Records.
1 Quality Indicators for Device Demonstrations April 21, 2009 Lisa Kosh Diana Carl.
1 Service Level Agreement Service Level Agreement Based on Lines of Business Payroll Processing EmpowHR Pay Tech DPRS CLER.
ABC Technology Project
6/26/ Virtual Town Hall Meeting June 26, 2013 Announcements & Updates to Policy Changes Karen Wong, Director Public Safety Communications Office.
AERA Symposium A Stakeholder Process for District-Wide Systemic Transformation Charles M. Reigeluth, Indiana University Roberto Joseph, Purdue University.
VOORBLAD.
Checking & Corrective Action
1 Regulation of Sponsors and Independent Financial Advisers Joint HKEx / SFC Press Conference 19 October 2004.
Environmental Management Systems Refresher
Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
25 seconds left…...
RTI Implementer Webinar Series: Establishing a Screening Process
BY-LAWS COMMITTEE PRESENTATION MARCH 2007 PRESIDENTS CONFERENCE.
Visual 3.1 Delegation of Authority & Management by Objectives Unit 3: Delegation of Authority & Management by Objectives.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
© 2004 Dechert LLP FORM N-CSR, CERTIFICATIONS AND DISCLOSURE CONTROLS AND PROCEDURES James F. DesMarais, Esq. MFS Investment Management Brian S. Vargo,
Internal Control and Control Risk
California Department of Public Health WIC Program.
We will resume in: 25 Minutes.
AB 86: Adult Education Consortia Planning Webinar Series
1 Phase III: Planning Action Developing Improvement Plans.
2 Breakout Session # 504 Michael P. Fischetti, Director, Office of Procurement and Assistance Policy Department of Energy Date April 15, 2008 Time10:45.
1 Office of New Teacher Induction Introducing NTIMS New Teacher Induction Mentoring System A Tool for Documenting School Based Mentoring Mentors’ Guide.
We will start momentarily…
Basics of OHSAS Occupational Health & Safety Management System
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
July 10, 2008www.infosecurity.ca.gov1 What’s New!.
Fiscal Monitoring and Oversight Tecumseh Local School District January 8, 2013 Roger Hardin, Assistant Director Finance Program Services (614)
The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.
January 8, 2009www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.
November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.
January 10, 2008www.infosecurity.ca.gov/1 Office Updates ORP-COOP/COG Alignment SAM/SIMM Restructure New/Revised SIMM Forms and Instructions Presented.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Presentation transcript:

January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security Officer

January 10, 2008www.infosecurity.ca.gov/2 Effective January 1, 2008, the California State Information Security Office joined forces with the California Office of Privacy Protection, creating the new Office of Information Security and Privacy Protection. The new Office reports to the State and Consumer Services Agency. For more details, see Senate Bill 90.Senate Bill 90 Overview

January 10, 2008www.infosecurity.ca.gov/3 Office Overview Office of Privacy Protection Executive Officer Office of Information Security Consumer Focused Consumer Assistance Information & Education Best Practice Recommendations Government Focused Policy, Standards, Guidance Assistance & Advice Education & Awareness Compliance Monitoring State and Consumer Services Agency

January 10, 2008www.infosecurity.ca.gov/4 Immediate Changes There are some exciting new changes Name Change - Office of Information Security Newly Designed Web Site - Public Address - Physical address and phone numbers will remain the same for now

January 10, 2008www.infosecurity.ca.gov/5 Web Site

January 10, 2008www.infosecurity.ca.gov/6 Statewide Information Management Manual (SIMM) Documents –SIMM 65/70 series, 145 will remain with us –Other SIMM products will go to OCIO Policy Communication Channel –Management Memos will release new policies –Budget Letters to remain at Finance Document Ownership

January 10, 2008www.infosecurity.ca.gov/7 What Will Our Office Do? This will be accomplished through a number of efforts, which include: Issuing security and privacy policies and standards Providing guidance and assistance to state agencies Providing training and awareness tools to ensure the state workforce understands its responsibility for good security and privacy habits Conducting or directing compliance reviews, assessments and audits to ensure state agencies are diligent in achieving compliance with laws, policies, and best practice standards Continue to provide leadership and guidance to state government to ensure the confidentiality, integrity and availability of state information assets.

January 10, 2008www.infosecurity.ca.gov/8 Governance Our Office will be: Establishing an ongoing process for developing, vetting, and approving statewide security and privacy policies Establishing a policy committee involving key stakeholders, such as: –SCIO, Agency IOs, CHP, DGS, CalOHI, Legal, DTS, DPA, Finance, and department representation Envision –Policy adoption will occur at the Cabinet level –Agencies would develop a similar governance structure for their departments

January 10, 2008www.infosecurity.ca.gov/ Year of Compliance Certification Filings –Designation Letter (SIMM 70A) –Risk Management and Privacy Program Compliance (SIMM 70C) Due January 31 st of each year or when changes occur Operational Recovery Plan/Certification (SIMM 70B) –ORP Transmittal Letter (SIMM 70D) – New! See Schedule Submission Agency Security Incident Report (SIMM 65A) Due within 10 business days following the incident

January 10, 2008www.infosecurity.ca.gov/10 Review/Assessment What we look for- Are forms complete and properly signed? Designation Letter –Updates distribution and emergency contact lists Program Compliance Certifications –Has agency certified programs/plans are in place? –If not, is remediation plan provided and acceptable (activities, timeline, etc.)? –If yes, schedule for compliance review ORPs –Accompanied by Agency Transmittal Letter (new) –Are there inter-agency dependencies and have these been addressed? –Does it meet the SIMM 65A requirements? –Is a cross reference map included? Incident Reports –Have costs and corrective actions been identified? –Do costs and corrective actions seem reasonable?

January 10, 2008www.infosecurity.ca.gov/11 Follow-up Process If an agency hasnt submitted forms/plan or asked for extension: 1.Reminder to department ISO and CIO 2.Notification to department director and copy to ISO and CIO 3.Notification to departments Agency and copies to ISO, CIO, director and SCIO

January 10, 2008www.infosecurity.ca.gov/12 Requirements for State Agencies Pursuant to Government Code all must comply with policies and filing requirements issued by OISPP

January 10, 2008www.infosecurity.ca.gov/13 Compliance Authority & Monitoring We are required to notify the SCIO when an agency is not in compliance We may conduct compliance reviews We may conduct or require an independent security assessment at the agencys expense We may require an audit at the agencys expense

January 10, 2008www.infosecurity.ca.gov/14 Consequences May impact agencys: –IT Projects or IT Project funding Denial, suspension, or termination –Delegated IT Procurement Cost Thresholds Reduction or elimination

January 10, 2008www.infosecurity.ca.gov/15 Happy New Year! A new year A new office Many new opportunities or many new challenges Its all how we choose to look at it!

January 10, 2008www.infosecurity.ca.gov/16 Questions?

January 10, 2008www.infosecurity.ca.gov/17 Office Updates ORP-COOP/COG Alignment Update SAM/SIMM Restructure New/Revised SIMM Forms and Instructions Presented by Rosa Umbach

January 10, 2008www.infosecurity.ca.gov/18 ORP-COOP/COG Alignment Publication of Workgroup Products –Revised SIMM 65A Instructions –New SIMM 70D –Definitions –Internal Checklist (coming soon) Pending –Working with OES COOP/COG definitions Updating of the COOP/COG Instructions

January 10, 2008www.infosecurity.ca.gov/19 SAM/SIMM Restructure Phase I – Restructure SAM –Working with DGS to publish in SAM –Developing Management Memo for releasing new structure Phase II – Perform Policy Gap Analysis Phase III – Prioritize and begin establishing new policy

January 10, 2008www.infosecurity.ca.gov/20 SAM Restructure

January 10, 2008www.infosecurity.ca.gov/21 SAM Restructure (Continued)

January 10, 2008www.infosecurity.ca.gov/22 Revised SIMM Forms Agency Designation Letter (SIMM 70A) –Director can identify individual to sign as designee Agency Operational Recovery Plan Certification (SIMM 70B) –New Office Name Agency Risk Management and Privacy Program Compliance Certification (SIMM 70C) –Certifies full Risk Management Program is in place or the Agency provides remediation plan to become compliant.

January 10, 2008www.infosecurity.ca.gov/23 SIMM 70A

January 10, 2008www.infosecurity.ca.gov/24 SIMM 70C

January 10, 2008www.infosecurity.ca.gov/25 Risk Management Certification Remediation Plan should include: –List of activities which the agency is not yet compliant with –Timeline for completing each activity –Method for validation of completion –Method of verification of compliance –Contact for remediation plan

January 10, 2008www.infosecurity.ca.gov/26 NEW SIMM Form Agency Operational Recovery Plan Transmittal Letter (SIMM 70D)

January 10, 2008www.infosecurity.ca.gov/27 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.