Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA AWARENESS TRAINING
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.
Chapter 7: Physical & Environmental Security
Women in Technology 2009 Mary Henthorn. Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security.
Khammar Mrabit Director Office of Nuclear Security
2009 Data Protection Seminar
Surveillance TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.
U.S. Department of Health and Human Services Information Security for Executives v1.0 1 MAY 2011.
SL21 Information Security Board Mission, Goals and Guiding Principles.
Colorado Cyber Security Program (CCSP) Risk Based Gap Analysis (RBGA) and Statewide Security Planning Update Rick Dakin, Security Strategist September.
Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Information Security Policies and Standards
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 July 08, 2010 Information Security Officer Meeting.
Information Systems Security Officer
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
PROJECT ON information system audit
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Information Security Training for Management Complying with the HIPAA Security Law.
Evolving IT Framework Standards (Compliance and IT)
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Information Systems Security Operational Control for Information Security.
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Eliza de Guzman HTM 520 Health Information Exchange.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
Note1 (Admi1) Overview of administering security.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Risk Assessment: Key to a successful risk management program Sixteenth National HIPAA Summit Timothy H Rearick, MBA, PMP August 22, 2008.
Working with HIT Systems
Enterprise Cybersecurity Strategy
Information Security: Model, Process and Outputs Presentation to PRIA WG November 10, 2006.
October 10, Better Together – The Road to Responsible Information Management Presented by Colleen Pedroza, State Information Security Officer.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Information Security Officer Meeting
Information Security Program
Information Security for Executives v1.0
IS4680 Security Auditing for Compliance
Information Security Board
Information Security based on International Standard ISO 27001
Information Security and Privacy
IS4550 Security Policies and Implementation Unit 5 User Policies
NCHER Knowledge Symposium Federal Contractor/TPS Session
Prepared By : Binay Tiwari
HIPAA Security Standards Final Rule
DATA LOSS PREVENTION Mr. Collins Oduor.
Anthem Data Breach Group 2: Jing Jiang, Dongjie Wang, Haitao Huang, Binju Gaire, Parneet Toor.
Presentation transcript:

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

2 [the Agency] Today  [the Agency’s]  [the Agency’s] mission and vision  The way we do business is changing  Increased reliance on systems and technology  Increased threats to information and systems

3 Attempts to Access Sensitive Information Industrial Espionage Malicious Acts Pranks Natural Disaster Sabotage User Error Threats Public, Partner, Legislativ e Trust Lost Critical Operations Halted Sensitive Data Disclosed Services & Benefits Interrupted Integrity of [ Agency ] [ Agency ] Data & Reports Corrupted Assets Lost Potential Damage [the Agency’s] [the Agency’s] Systems Enterprise Security Risks Failed CFO Audit

4 Natural Disaster Sabotage User Error Threats Public, Partner, Legislativ e Trust Lost Critical Operations Halted Sensitive Data Disclosed Services & Benefits Interrupted Integrity of [Agency] [Agency] Data & Reports Corrupted Assets Lost Potential Damage [the Agency’s] [the Agency’s] Systems Enterprise Security Risks Failed CFO Audit Unauthorized Access to Sensitive Information

5 Natural Disaster Sabotage User Error Threats Public, Partner, Legislativ e Trust Lost Critical Operations Halted Sensitive Data Disclosed Services & Benefits Interrupted Integrity of [Agency] [Agency] Data & Reports Corrupted Assets Lost Potential Damage [the Agency’s] [the Agency’s] Systems Enterprise Security Risks Failed CFO Audit Industrial Espionage

6 Attempts to Access Sensitive Information Industrial Espionage Malicious Acts Pranks Natural Disaster Sabotage User Error Threats Public, Partner, Legislativ e Trust Lost Critical Operations Halted Sensitive Data Disclosed Services & Benefits Interrupted Integrity of [Agency’ [Agency’ Data & Reports Corrupted Assets Lost Potential Damage [the Agency’s] [the Agency’s] Systems Enterprise Security Risks Failed CFO Audit

7 Attempts to Access Sensitive Information Industrial Espionage Malicious Acts Pranks Natural Disaster Sabotage User Error Threats Public, Partner, Legislativ e Trust Lost Critical Operations Halted Sensitive Data Disclosed Services & Benefits Interrupted Assets Lost Potential Damage [the Agency’s] [the Agency’s] Systems Enterprise Security Risks Failed CFO Audit

8 Why is Security Important to [the Agency’s] ?  Protect privacy information  Protect processes and corporate assets  Provide continuity of services  Provide accessibility of information It is a prudent business practice to reduce risks to [the Agency’s]

9 Why is Security Important to US? Each One Of Us Is Accountable!

10 Laws and Regulations  Computer Security Act of 1987  Privacy Act of 1974  Freedom of Information Act  Presidential Decision Directive (PDD) 63  OMB A-130, Appendix III, Revised  Health Insurance Portability and Accountability Act  FISMA of 2002

11 Audit’s Point of Weaknesses  General Accounting Office  Internal Revenue Service  Office of the Inspector General  Chief Financial Officer  Office of Information Services

[the Agency’s] Enterprise Security Program Policy, Training, Engineering, and Management Oversight for [the Agency’s] all [the Agency’s] employees, contractors, and agents

13 Security Program Elements  Personnel and Physical Security  Security Awareness, Training, & Education  Risk Management  Integrating Security into the SDLC  Security Determinations and Requirements  Security Plans & Certification  Systems Access Security  Acquisitions & Contracts  Remote Access Security  Audit Systems  Business Contingency Planning  Workstation Security  LAN Security  Security Incidents  & Facsimile Security  Internet / Intranet Security  Virus Prevention, Detection, & Reporting  Medicare Contractor Oversight

14 Current Enterprise Security Initiatives  GPRA Goal of Zero Material Weaknesses for the Year 2000 and Beyond  [the Agency’s] Enterprise Security Handbook  Information Technology Architecture  IT Council Security Committee  HIPAA Compliance

15 Immediate Next Steps  Designation of Information Systems Security Officers  Re-certification of User Access Privileges  Corrective Action Plans to Audit Findings  [the Agency’s]  [the Agency’s] Contractor Oversight  Security Awareness and Training

16 Summary  Recognize that security risks in [the Agency’s] environment impact [the Agency’s] Mission.  Security is a management responsibility.  Security is everybody’s business.

17 We ask you to:  Encourage and support [the Agency’s] security initiative activities!  Lead by example!  Be proactive!

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.