Northwestern University Information Technology Information and Systems Security/Compliance February 2005.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

Vendor Management September 7 th 2007 James Mahan, Vice President Yankee Alliance.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security and Personnel
Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Security Controls – What Works
Business Crisis and Continuity Management (BCCM) Class Session
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Jim Seligman Chief Information Officer Welcome & Opening Remarks.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
ISS IT Assessment Framework
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information and Systems Security/Compliance UNITS 02 Feb 2006.
1 E-Discovery Changes to Federal Rules of Civil Procedure Concerning Discovery of Electronically Stored Information (ESI) Effective Date: 12/01/2006 October,
Northwestern University Information Technology Good Security is Good “Business” 08 April 2005.
Information Security for the Data Management Professional Micheline Casey Chief Data Officer Federal Reserve Board.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Service Design 118COM By Taran Saroya.
Guiding principles for the Federal acquisition system
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Information Technology Audit
Consultancy.
Information Security Training for Management Complying with the HIPAA Security Law.
Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.
Evolving IT Framework Standards (Compliance and IT)
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Outcomes of the 16 th Regional Disaster Managers Meeting held from 9 th – 11 th August 2010 Presentation to the Pacific Humanitarian Team Monday 6 th December.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
GRC - Governance, Risk MANAGEMENT, and Compliance
Challenges in Infosecurity Practices at IT Organizations
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
General Principles for the Procurement of Goods and Services Asst. Prof. Muhammad Abu Sadah.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
A Presentation to FMI January 2011 Betty-Anne Pratt, CA Provincial Comptroller Province of Manitoba.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
SecSDLC Chapter 2.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
DCSS Information Security Office Partnership for a secure environment Lawrence “Buddy” Troxler Chief Information Security Officer February 13, 2011.
“The Role of CPSB and CASB in the Transformation and Growth of Counties” By CS Peterson Mwangi.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Information and Systems Security/Compliance
Information Security Program
CPA Gilberto Rivera, VP Compliance and Operational Risk
Data Minimization Framework
Learn Your Information Security Management System
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
#IASACFO.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
MAZARS’ CONSULTING PRACTICE
GRC - A Strategic Approach
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
IT Management Services Infrastructure Services
Presentation transcript:

Northwestern University Information Technology Information and Systems Security/Compliance February 2005

Northwestern University Information Technology Dave Kovarik Office: (847) Sherman Ave., Evanston, Suite years in Information Security practice CISSP: Certified Info Systems Security Professional CISM: Certified Information Security Manager Information and Systems Security/Compliance

Northwestern University Information Technology Information and Systems Security/Compliance Office of the Vice President Mort Rahimi, VP & CTO Pat Todus, AVP & Deputy CIO Dave Kovarik Director Sharlene Mielke Disaster Recovery Roger Safian Information Security

Northwestern University Information Technology Purpose  Enable the University to conduct its business in a secure manner  Maintain that delicate balance between service and security Information and Systems Security/Compliance

Northwestern University Information Technology Primary Areas of Responsibility  Security – Information Protection Services  Disaster Recovery / Business Continuity  Compliance - Regulatory, University policy Information and Systems Security/Compliance

Northwestern University Information Technology Basic Tenets of Information Security - CIA  Confidentiality  Integrity  Availability/Accessibility …and a few more  Control (access)  Individual accountability  Audit trails (monitoring) Information and Systems Security/Compliance

Northwestern University Information Technology Provide direction  Plans: Strategic, Operational  Security Architecture - compatible with and complimentary of the System Architecture  Aligned with business plans Information and Systems Security/Compliance

Northwestern University Information Technology We want to be your Business Partner  Working together toward common goals  Design information protection solutions that support your business We have a Service & Support Orientation Information and Systems Security/Compliance

Northwestern University Information Technology Develop University policy and standards that address information assets  A collaborative effort, exercising sound judgment, across all lines Focused on Individual Responsibility and Accountability Information and Systems Security/Compliance

Northwestern University Information Technology Accommodates regulatory and legislative requirements (HIPAA, FERPA, GLBA, Sarbanes-Oxley, U.S. Patriot Act, DMCA, FTC, government-funded programs, et al) Employs business and industry “best practice” Ensures availability through recoverability Information and Systems Security/Compliance

Northwestern University Information Technology Innovative and flexible, focused on…  People (Largest Asset & Vulnerability)  Process  Technology Based on Risk  Protection commensurate with value Information and Systems Security/Compliance

Northwestern University Information Technology Risk Assessment  Recognize Threat conditions (now and foreseeable)  Establish our Vulnerability to threat conditions  Determine the Risk Risk Management  Control, minimize, eliminate, transfer or otherwise mitigate the risk Information and Systems Security/Compliance

Northwestern University Information Technology Forward-looking  Anticipating and responding to client needs  Requires early involvement Effective protection schemes  Efficient in terms of resources: cost, time, personnel and delivery  Provide a competitive advantage: “Client Confidence” factor Information and Systems Security/Compliance

Northwestern University Information Technology Security Awareness and Training  What’s in it for me?  Timely, Consistent, Persistent  “Tell ‘em, tell ‘em again, then tell ‘em one more time, just to be sure!” Communication  360 degrees Information and Systems Security/Compliance

Northwestern University Information Technology Dave Kovarik (847)  Sharlene Mielke (847)  Roger Safian (847)  Information and Systems Security/Compliance

Northwestern University Information Technology Thank You !!! Your Questions / Discussion are Welcome… Information and Systems Security/Compliance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.