The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

Slides:



Advertisements
Similar presentations
Implementing Information Security and Compliance Four Questions and a Roadmap to Guide the Way Copyright University of Texas System, This work is.
Advertisements

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
SL21 Information Security Board Mission, Goals and Guiding Principles.
Contractor Safety Management
Data Ownership Responsibilities & Procedures
VITA [Virginia Information Technologies Agency]
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Systems Security Officer
Office of Inspector General (OIG) Internal Audit
Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
Control environment and control activities. Day II Session III and IV.
Complying With The Federal Information Security Act (FISMA)
Peer Information Security Policies: A Sampling Summer 2015.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Component 2: The Culture of Health Care Unit 3: Health Care Settings— The Places Where Care Is Delivered Lecture 3 This material was developed by Oregon.
1 Internal Controls. 2 Example Internal Control Manual  Focused Assessment Exhibit 4A  /trade/trade_programs/audits/focused.
FY2010 PEMP Notable Outcomes October 15, FRA, LLC Board of Directors 10/15-16/2009 Office of Quality and Best Practices Performance Evaluation Management.
HIPAA COMPLIANCE WITH DELL
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Roles and Responsibilities
Risk Management, Assessment and Planning Committee III-4.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Agency Risk Management & Internal Control Standards (ARMICS)
30 April 2012 Information Security Management System.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
NESTOA September 20, 2011 Safeguards Program Briefing.
Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Kingsley Karunaratne, Department of Accounting, University of Sri Jayewardenepura Colombo – Sri Lanka, Practice Management Quality.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Chapter 3-Auditing Computer-based Information Systems.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security tools for records managers Frank Rankin.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Federal Information Security Management Act (F.I.S.M.A.) [ Justin Killian ]
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Data Security and Privacy Overview: NJDOE’s Approach to Cybersecurity
Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration.
Information Security Board
CIS 349 Competitive Success/snaptutorial.com
CIS 349 Education for Service/snaptutorial.com
CIS 349 Teaching Effectively-- snaptutorial.com
IT Development Initiative: Status and Next Steps
Move this to online module slides 11-56
Red Flags Rule An Introduction County College of Morris
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Security Policies and Implementation Issues
Presentation transcript:

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer

The Office of Information Technology Where it Comes From… UT System Administration Policy Library -- Policy UTS165 UT System Information Resources Use and Security Policy

The Office of Information Technology POLICY STATEMENT It is the policy of The University of Texas System (UT System) to:  1. Protect Information Resources based on risk against accidental or unauthorized access, disclosure, modification, or destruction and assure the availability, confidentiality, and integrity of Data;  2. Appropriately reduce the collection, use or disclosure of social security numbers contained in any medium, including paper records;  3. Apply appropriate physical and technical safeguards without creating unjustified obstacles to the conduct of the business and Research of the UT System and the provision of services to its many constituencies in compliance with applicable state and federal laws.

The Office of Information Technology Information Security Officer (partial job description)  Provides information security for all Information Systems and computer equipment maintained in both central and decentralized areas.  Develops a full-scale Entity Information Security Program.  Ensures an annual information security risk assessment is performed by each Owner of Mission Critical Information Resources.  Requires each Owner of Mission Critical Information Resources to designate an Information Security Administrator (ISA).  Establishes an Entity Information Security Working Group composed of ISAs and holds meetings at least quarterly.  Specifies and requires use of appropriate security software such as anti-virus, firewall, configuration management, and other security related software on computing devices owned, leased, or under the custodianship of any department, operating unit, or an individual who is serving in the role as an employee of the Entity as deemed necessary by the ISO to provide appropriate information security across the whole of the Entity.  Ensures that ISAs and Data Owners are properly trained on information security requirements.  Reports, at least annually, to the Chief Administrative Officer or his or her designated representative(s) and copies to the Entity’s Chief Information Officer and Compliance Officer, and the System-wide Chief Information Security Officer on the status and effectiveness of information resources security controls for the whole Entity.

The Office of Information Technology Information Security Administrator  Implements and complies with all information technology policies and procedures relating to assigned systems.  Assists Owners in performing annual information security risk assessment for Mission Critical Resources.  Reports general computing and Security Incidents to the Entity ISO.  Assists, as member of the ISA Work Group, the ISO in developing, implementing, and monitoring the Information Security Program.  Establishes reporting guidance, metrics, and timelines for ISOs to monitor effectiveness of security strategies implemented in both the central and decentralized areas.  Reports at least annually to the ISO about the status and effectiveness of information resources security controls.

The Office of Information Technology Security Task Force  Recommendation, as approved by the CMO, will require the creation of the “Data Owners Group” (name to be changed) to protect sensitive data  The process of creating that group is underway, and the first meetings will start in late June  In UTS165, you could equate this group somewhat with the “Custodian of Mission Critical Information Resources “ role

The Office of Information Technology Custodian of Mission Critical Information Resources  Implements approved mitigation strategies and adhere to information security policies and procedures to manage risk levels for information resources under their care.  Implements monitoring techniques and procedures for detecting, reporting, and investigating incidents.

The Office of Information Technology Next Steps …  We are working to get a new ISO on board  Creating the group of “data owners” or “custodians of mission critical data”  Ensuring that we have ISA’s that can cover all of the mission critical areas  More formalization of the ISA group, and getting more interaction between the ISO and the ISA’s

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.