Information Security Advisory Council Thursday, March 3rd 2014 Student Union, Calloway Peak (room 137 A)

Slides:



Advertisements
Similar presentations
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Advertisements

Auditing, Assurance and Governance in Local Government
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
David A. Brown Chief Information Security Officer State of Ohio
Pre-bid Conference Self-Pay & Third Party Collections Agenda Sign-in Introductions Alliance Overview Sourcing Event Overview Historically Underutilized.
Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk
Information Systems Security Officer
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
First Practice - Information Security Management System Implementation and ISO Certification.
SOX & ISO Protect your data and be ready to be audited!!!
The topics addressed in this briefing include:
Session 3 – Information Security Policies
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.
Internal Auditing and Outsourcing
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Legal Framework for BLM Planning. Objective Describe the major laws and regulations that guide and influence planning at BLM.
Better Regulation Program Service Provider Consumer Engagement Guideline Consumer Forum March 2013.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.
Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Code of Conduct University of New England. Employment at the University carries with it an obligation to act in the public interest. All staff members.
Quote for today “Sometimes the questions are complicated and the answers are simple” - ?? ????? “Sometimes the questions are complicated and the answers.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Roles and Responsibilities
GBA IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.
Presented by : Miss Vrindah Chaundee
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Information Systems Security Operational Control for Information Security.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
Placing Information Security within an Organization
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Information Security IBK3IBV01 College 3 Paul J. Cornelisse.
Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Information Technology Services Strategic Directions Approach and Proposal “Charting Our Course”
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Faculty Senate Meeting ITCC Report June 16, 2011.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
DCSS Information Security Office Partnership for a secure environment Lawrence “Buddy” Troxler Chief Information Security Officer February 13, 2011.
Information Security tools for records managers Frank Rankin.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Law Firm Data Security: What In-house Counsel Need to Know
Principles of Good Governance
Information Security Review Panel Report
Current ‘Hot Topics’ in Information Security Governance Auditing
I have many checklists: how do I get started with cyber security?
INFORMATION SYSTEMS SECURITY and CONTROL
Presentation transcript:

Information Security Advisory Council Thursday, March 3rd 2014 Student Union, Calloway Peak (room 137 A)

Meeting Agenda 1. Welcome from Office of CIO + Governance Overview. 2. Council Member Introductions. 3. Presentation - Information Security Overview. 4. Planning - Next Steps + Logistics. 2:00 - 2:05 2:05 - 2:10 2:20 - 2:50 2:50 - 3:00

Welcome From The Office of CIO Thank you for lending your support and assistance!

Welcome From The Office of CIO Transparency Engagement Broad Expertise Shared Ownership

Information Security Overview Information Is A Mission Critical Asset! We all depend on information that is: - Accessible - Accurate / Timely - Cost Effective as “The diffusion of technology and commodification of information transforms the role of information into a resource equal in importance to land, labor, and capital.” - Peter Drucker

Information Security Overview Scope of Personal Information Over 412,000 individuals have entrusted their personal information to AppState. Approximately about the same # of individuals living in Raleigh. (423,179 in 2012 Census)

Information Security Overview “A Tale of Two HigherEd Data Breaches” Average Recovery Cost $111 per individual impacted. Ponemon Institute

Information Security Overview ASU Information Is Subject To Risks Confidentiality Risks - Hacking, Accidental Data Exposures, Availability Risks - Natural Disasters, System Failures, Integrity Risks - Coding Errors, Data Input, Corrupted Backups

Information Security Overview Info. Security Is About Managing Risk Important Questions What are biggests risks to University? What about our community? What actions can we undertake help achieve a balance of risk and opportunity?

Information Security Overview Some Risks Feel Very Familiar - Data Loss - Equipment Theft / Loss - “Recreational” Hacking

Information Security Overview Some Risks Still Feel Relatively New - Mobile Device Threats - Hacktivism - Organized CyberCrime

Information Security Overview Risks are everywhere Assessing Risks but we don’t have to address every risk.

Information Security Overview We Are Subject Compliance Regulations The management of our data and associated practices is subject to compliance requirements. Higher Education often faces greater number regulations than commercial organizations.

Information Security Overview Personal vs Univ. Information Security Concerns We want to keep our personal information safe. We want to personally avoid being victims to disruptive, damaging, and costly online fraud attempts attacks. We individually each want quick and reliable access to relevant and trustworthy information. Most of us want to be law abiding citizens in cyberspace. Individual Concerns

Information Security Overview Personal vs Univ. Information Security Concerns We want to keep our faculty, staff, and student information safe. We want to keep the University community from being subjected to disruptive, damaging, or costly attacks. We want to consistently provide quick and reliable access to trustworthy information. We want to help ensure the University honors legal, and contractual, ethical obligations. University Concerns

2. Information Security Overview We Face Unique Security Challenges! Shared Values Academic Freedom Foster Experimentation Openness / Free Flow Of Information Reasonable Expectation of Privacy Shared Needs Data Protection Standards Ability To Detect/Prevent Attacks Meet Records Requests

Information Security Overview Information Security Is An Organizational Issue And A Shared Responsibility.

Information Security Overview UNC Information Security Formalization University of North Carolina Information Technology Security Council ( ITSC) formed. 12/ ITSC recommends the adoption of ISO as the common security framework for the University of North Carolina system. 01/ The UNC CIO council accepted the recommendation from the UNC ITSC to use ISO

Information Security Overview UNC Information Security Formalization * 03/ Chancellors of all UNC system institutions submitted letters to UNC-GA indicating the adoption of ISO as the official security framework for their campus.

Information Security Overview ISO/IEC 27002:2013 Best Practices Recommendations

ISO/IEC 27002:2013 Collection of 114 Controls Information Security Overview Administrative Controls - Policies, Procedures, Guidelines, Standards of Practice. Technical Controls - Firewalls, Antivirus, Intrusion Detection, VPN. Physical Controls - Door Locks, Card Swipes, Security Cameras.

ISO/IEC 27002:2013 Structure Of The Standard Information Security Overview Security Policy Organization of Information Security Human Resources Security Asset Management Access Control Cryptography Physical And Environmental Security Operations security Communications Security Information Systems Acquisition, Development, Maintenance Supplier Relationships Incident management Aspects of Business Continuity Compliance

Two Important Things For Us To Consider. Information Security Overview Security Is a Process Not A Destination.

ISAC Role and Charge Our Council Web-Site

ISAC Charge (Distilled) Provide advisement, review, and endorsement of Information Security Plan including relevant policies, strategic initiatives, services. Ensure that this plan is aligned to the needs of the Univ community: Focused on education and awareness opportunities Driven to achieve reasonable, cost-effective, and holistic management of risks related to University information resources.

ISAC Scope of Authority Collaborative review, revision, and endorsement of the University Information Security Plan. Collaborative review, revision, and endorsement of University Information Security Policies. Identification of campus wide and role-specific security awareness and training needs. Review and advisement concerning information security issues, trends, and opportunities. Review and advisement concerning information security program service improvements. Authority to establish committees and workgroups to research or focus on specific areas. Publication of all non-confidential council work, project information and meeting minutes to council web site.

ISAC Deliverables The primary deliverables of the Information Security Advisory Council work includes the following: · A collaboratively developed Information Security Plan that defines strategic initiatives, objectives, and areas for continual improvement. · A collaboratively developed Security Awareness and Training Plan that addresses key issues, needs, and concerns. · A collaboratively developed set of proposed and/or ratified Information Security Policies that address the important information security needs of Appalachian State University.

Information Security Plan Annual Planning Cycle In alignment with University mission and needs: What Are Our Strategic Initiatives? What objectives and measurements do we make? How can we focus on continual improvement? Where should we spend our effort / resources?

Security Awareness Plan Annual Planning Cycle How can we help ensure that faculty and staff are aware of relevant security policies and standards? What topics/themes are most important for keeping our community safe online?

Information Security Policies Annual Review Are there any new policies that we need to establish to ensure the effective management of Information Security Risks? Are there revisions to policies that are needed based on changes?

We Don’t Have To Reinvent The Wheel! UNC ITSC

ITS-OIS Status Report ITS - Office of Information Security CISO - Jim Webb Security Analyst - Oscar Knight Security Analyst - Kevin Wilcox Web: Phone: ext 6277

ITS-OIS Status Report ITS - Office of Information Security Our Services Awareness Training Incident Management and Handling Projects / Consulting Policy Development Risk and Compliance Security Review

ITS-OIS Status Report ITS - Office of Information Security Current Major Projects and Partnerships Secure CC Transaction Solution. Student Security Awareness Initiative. Data Protection Toolkit

Thoughts? / Comments?/ Questions?

Next Steps How Often Should We Meet? Monthly? Next Meeting Agenda? Report on Our ISO Status? Addressing Major Items: Divide And Conquer? Security Policy GroupSecurity Awareness GroupIncident Response Group

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.