Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community.

Slides:



Advertisements
Similar presentations
Governance, Risk Management and Compliance: Summary of Basic Concepts & Program Goals Bob Kotic Chief Financial Officer University of Sydney.
Advertisements

Risk Management at Harvard – Panel Discussion Harvard IT Summit
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
Security Controls – What Works
MyMAPP ® Mapping Academic Performance through ePortfolios Cultural Shift from Teaching to Learning through e- Portfolios Steve Bullock Professor, Political.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Risk Assessment Frameworks
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Alba Project Partners Introduction Presentation. Typically what people say … We have too many projects –no real priorities We used to know what was going.
Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.
From the IT Assessment to the IT Roadmap ( )
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.
April 3-5, 2005Security Professionals Conference Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring.
Fiscal Compliance for Department Heads & Directors Daniel Adams Audit Services.
Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.
Information Technology Audit
UBC Senate: Supporting an integrated approach to enhancing the mental health and wellbeing of students in the academic environment Lindsey Kovacevic Academic.
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
Corporate Support Richard Brown, Business Director.
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
The Chicken or the Egg: A study of Risk Management and Strategic Planning Presented by Raven Henderson Raven Lane, LLC.
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Privacy Project Framework & Structure HIPAA Summit Brent Saunders
Maricopa Priorities Update Spring Agenda Overview Strategic Directions Implementation process Categorized Recommendations Preliminary Timeline.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
© Dr. John T. Whiting All Rights Reserved Slide 1 Achieving Compliance with GBLA & Other Laws and Regulations Impacting.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Children - Pourquoi? Lack of voice or consideration for the rights of children, particularly girls, orphans and other vulnerable children within communities.
EPA Geospatial Segment United States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program Segment Architecture.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
HARRIET Hazard, Assessment, Risk Review Identification and Evaluation Tool.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
IT Controls Global Technology Auditing Guide 1.
Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,
DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.
Information Security IBK3IBV01 College 3 Paul J. Cornelisse.
1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
2/20/2016 Leveraging IT Governance and COBIT Chip Council, PhD, CGEIT, CISM, CISA Matt Schmidt, MS, CISSP, CISA Adjunct Professors, University of Minnesota.
Implementation of Insurance Core Principles and FSAP Evaluations The Portuguese FSAP experience Gabriel Bernardino Instituto de Seguros de Portugal.
OCTAVE By Matt White. OCTAVE  OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a risk-based strategic assessment and planning.
Lawrie Phipps. Leadership in context Changing the learning landscape Small projects based on issues identified by institutional leaders working at Pro.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
JMFIP Financial Management Conference
Project Human Resource Management
Chapter 9 Control, security and audit
The Strategic Information Technology Formulation
Privacy Project Framework & Structure
2017 Administration and Finance Conference
Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.
IS Risk Management Framework Overview
Presentation transcript:

Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community Colleges Carol A. Myers, CISSP Director College Technology

Paradise Valley Community College Maricopa Integrated Risk Assessment (MIRA) Enterprise Risk Management –Integrated risk framework –Not just “insurable” risks –Collaboratively identify, asses, manage future risks and opportunities individually and across the organization

Paradise Valley Community College Charge From the Chancellor Multi-year implementation plan Identified specific outcomes –Increased overall effectiveness and accountability –Sound business process; greater assurance of business continuity –Clear demonstrated compliance with applicable laws & regulations –Enhanced employee empowerment & pride –Reinforcement of the strong MCCCD cultural identity –Enhanced competitive advantage

Paradise Valley Community College Why OCTAVE? Institutionally inclusive (Organizational View) –Assets –Threats –Organization (not just IT) vulnerabilities –Current security requirements

Paradise Valley Community College Why OCTAVE? It’s the technology too –Current inventory –OS level current patch methodology, tracking, auditing services enabled – disabled why –Application level –Security tools

Paradise Valley Community College Why OCTAVE? Strategize and Plan –Manage risks and Opportunities –Protect and Review plans –Mitigation strategies now and for the Future It’s never just about the technology

Paradise Valley Community College So, how’d it work? Maricopa-wide risk initiative (MIRA) –OCTAVE adapts best with enterprise risk management methodology, senior level buy-in and support IT Security RA work done through subgroup of MIRA committee –Auditor, faculty member, college administrative dean, general counsel, HR director, risk manager and IT security director

Paradise Valley Community College Why Not Just Use OCTAVE As Is? Narrowed focus primarily to operational risks and security practices –MIRA methodology supports chief-level buy-in Technology examined only in relation to good security practices (catalog) Protection decisions based on confidentiality, integrity and availability (for IT staff)

Paradise Valley Community College Four Simple Phases System infrastructure analysis and documentation (IT staff) Risk and opportunity identification (IT staff) Mitigation strategies and costs, with management Asset cost analysis, with management

Paradise Valley Community College Stop the Babble Primarily forms driven –Checkboxes –Short answer Maricopa forms are heavily OCTAVEFIED –OCTAVE forms make sense –OCTAVE forms are initially easy to understand and fill out

Paradise Valley Community College Now What? System-wide adoption of pilot –Can easily adapt to another college’s needs given the narrowed focus –Supports and reinforces the MIRA model –Encourages risk awareness

Paradise Valley Community College Contact Information Carol Myers Paradise Valley Community College N. 32 nd Street Phoenix, AZ

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.