Information Security for the Data Management Professional Micheline Casey Chief Data Officer Federal Reserve Board.

Slides:

Advertisements

Similar presentations

Auditing Governance Functions

Advertisements

Cloud computing security related works in ITU-T SG17

What Business People Need to Know About Data Management and Data Governance Micheline Casey Principal CDO,

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Enterprise Architecture. 2 Agenda What is Enterprise Architecture (EA)? Roles in EA? Why is EA Important? Tangible Benefits from EA? What Do We Need to.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.

Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul

Information Systems Controls for System Reliability -Information Security-

1 Governance in Identity Management Federations Clair Goldsmith, Ph.D. The University of Texas System Administration.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Information Technology Audit

DATA GOVERNANCE: Managing Access Jeremy Singer Suneetha Vaitheswaran.

Code of Conduct University of New England. Employment at the University carries with it an obligation to act in the public interest. All staff members.

Corporate Governance: Basel II and Beyond Corporate Governance Program for Bank Directors of Indian Banks Mumbai December 14, 2005.

Institutional Research Compliance Juliann Tenney, JD Research Compliance and Privacy Officer Director, Institutional Research Compliance Program.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Roles and Responsibilities

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

IT PMB: Executive Oversight and Decision Authority for Application and Infrastructure Projects at NASA Larry Sweet Chair, IT PMB JSC CIO August 2010.

Compliance with IOSCO requirements AMEDA Leadership Forum Alexandria Egypt Monday 27 th April 2009 by Dr. Ashraf EL Sharkawy Senior Advisor to the CMA.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

General Principles for the Procurement of Goods and Services Asst. Prof. Muhammad Abu Sadah.

© Securities Commission, Malaysia 1 What the Audit Oversight Board will do ICAA-MICPA Audit Forum 3 August 2010.

Building Capability.  In order to successfully operate an architecture function within an enterprise, it is necessary to put in place appropriate organization.

Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.

1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.

G:\99Q3\9220\PD\AJD2.PPT 1 Harriet P. Pearson Chief Privacy Officer IBM February 7, 2003 IBM.

DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.

Enterprise Cybersecurity Strategy

Placing Information Security within an Organization

1 PARCC Data Privacy & Security Policy December 2013.

Information Security IBK3IBV01 College 3 Paul J. Cornelisse.

1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.

Chief Compliance Officer

Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.

Government and Industry IT: one vision, one community Vice Chairs April Meeting Agenda Welcome and Introductions GAPs welcome meeting with ACT Board (John.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.

The NIST Special Publications for Security Management By: Waylon Coulter.

Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.

Internal Control Process at Geneseo. Objectives Understand the objectives of effective internal controls Describe Geneseo’s internal control program Accurately.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

ForrTel: IT Governance Frameworks

“The Role of CPSB and CASB in the Transformation and Growth of Counties” By CS Peterson Mwangi.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Building an Effective Paperless Records Management Governance Structure BADM 559 Enterprise IT Governance Professor Michael Shaw By Moh’d A. Obeidat 12/15/2008.

EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.

Board Roles & Responsibilities

Information Security Review Panel Report

Trust, Accountability and Integrity: Board Responsibility for

LEGAL & ETHICAL ISSUES InsurTech & Health Insurance Providers

Information Technology Policy Institutional Data Policy

HOW A SAM ENGAGEMENT WORKS Final recommendations

Outline What is governance and what does it comprise?

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

MAZARS’ CONSULTING PRACTICE

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Managing IT Risk in a digital Transformation AGE

Kenya Mann Faulkner Chief Ethics & Compliance Officer April 2019

Presentation transcript:

Information Security for the Data Management Professional Micheline Casey Chief Data Officer Federal Reserve Board

Agenda Governance, Privacy, and Data Security Balance of Power: Enabling while Protecting Data Security Management Data and Security Organizational Alignment New Areas of Focus in Data Security

Why Should You Care?  Explosion of data and analytical possibilities  Really, really smart bad guys  Increasing pressures to share data across ecosystem  Regulatory compliance -Confusion over what is allowable -Conflicting laws and rules  Requirement to minimize business risk  Increasing privacy and ethics requirements (esp. around big data uses)  Complexity in technology environment - cloud, BYOD, big data The data security governance rules are business rules that security and technology professionals help us implement!

Can We Predict if We Don’t Have all the Information?

Governance, Privacy, and Data Security  Governance is the exercise of authority, control and shared planning over the management of data assets. -Decision making rights, responsibilities, accountabilities, stewardship  Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. -Many laws that govern and protect -Use-control oriented  Data security management is the planning, development, and execution of security policies and procedures to provide proper authentication, authorization, access, and auditing of data and information assets. -Business rules drive the planning and development of policies and procedures -Technology controls execute those policies and procedures

Balance of Power: Enabling While Protecting  As data management professionals and business leaders, you still need to support organizational mission: -Programmatic and business unit goals -Policy and decisioning goals -Risk management and compliance goals  Ensure the authorized act appropriately - privacy*  Keep the unauthorized out - security* *Decentralized Information Group - DIG is part of the Computer Science & Artificial Intelligence Lab at the Massachusetts Institute of Technology.

Data Security Management Text Source: Data Management Association International, DM-BOK 2009

Inputs: Understanding Your Environment  What are the business goals?  What are the business requirements?  What are the business rules?  What is the regulatory environment? - binds what you can and can’t do with data  Understanding the organizational risk landscape -All risks are not created equal; can be costly to assume so -Internal, across business partners, at rest, in movement Finally: Ethics is important as well - just because you can doesn’t mean you should!

Data Management Lifecycle - Supports Usage

Systems Development Lifecycle Control Points - Supports Design Inventory of PII

Outputs and Deliverables: Enabling and Protecting Your Environment

Data and Security Touchpoints: Organizational Alignment Business and data governance council coordinate policy and process CPOs and Legal provide insight and oversight on data privacy legal and regulatory requirements CIOs and CISOs implement technology control points IT Legal Business Body of Policies and Processes

New Areas of Focus in Data Security  Policy and Process -Support common data management and data governance frameworks to improve data quality, data integration, information sharing -Big need in alignment and coordination of federal and state laws and policies -Organizations need consistency in data sharing agreements  Technology Research -Data element level work necessary -Meta level tagging will be increasingly important -Real-time consent will be increasingly important and can leverage ICAM and mobile technologies -How can technology support the governance and policy aspects?

Information Accountability “When information has been used, it should to possible to determine what happened, and to pinpoint use that is inappropriate.” “ Information Accountability,” Weitzner, D. J., Abelson, H., Berners-Lee, T., et al. Communications of the ACM (Jun. 2008),

Thank You! Micheline