1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

Slides:



Advertisements
Similar presentations
NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
Advertisements

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
Security Controls – What Works
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Systems Security Officer
Risk Management Framework
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Federal IT Security Professional - Manager FITSP-M Module 1.
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Complying With The Federal Information Security Act (FISMA)
1 New Emergency Transportation Operations Resources Nancy Houston Booz Allen Hamilton.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.
1 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Federal Government Perspectives on Secure Information Sharing Technology Leadership Series August 14,
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
NIST Special Publication Revision 1
Federal IT Security Professional - Auditor
Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.
Dan Steinberg Senior Consultant Booz Allen Hamilton Presentation for HIPAA Summit X Baltimore, MD April 7, 2005 The HIPAA Security Rule: Theory and Practice.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Risk in New Computing Paradigms Applying FISMA Standards and Guidelines to Cloud Computing Workshop.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Working with HIT Systems
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
1 PARCC Data Privacy & Security Policy December 2013.
Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Information Security IBK3IBV01 College 3 Paul J. Cornelisse.
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Risk Management Process Frame = context, strategies Assess = determine.
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.
Chapter 1: Security Governance Through Principles and Policies
Florida Operational Level Hazardous Materials Training Program Florida Operational Level Hazardous Materials Training Module 1 Plans and Response Levels.
Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3.
The NIST Special Publications for Security Management By: Waylon Coulter.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.
NIST SP800 53R4 WMISACA Conferance April 2016 By Dean E Brown CISSP, ISSMP, CSSLP, MCSD Owner – ITSecurityAxioms.com 262 Barrington Cir Lansing, MI
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Principles of Good Governance
Presenter: Mohammed Jalaluddin
Introduction to the Federal Defense Acquisition Regulation
Final HIPAA Security Rule
An Urgent National Imperative
Cybersecurity ATD technical
Geospatial-Intelligence Standards: The Basics Introduction
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

2 Current models of the relationship between privacy and security are misleading or are altogether inaccurate. “You can have security without privacy, but you can’t have privacy without security.” Fair Information Principles: Notice Access Choice Redress Security

3 A better view of the relationship between privacy and security acknowledges that there are a large number of topics that are both privacy and security issues. Individual Notice Access Redress Choice PRIVACY Safeguarding a individual’s personally identifiable information SECURITY Intellectual Property National Security Physical Assets and Resources Trade Secrets Ways of Doing Business Institution

4 Risk Management is fundamental to information privacy and security. The six steps in the Risk Management Framework FIGURE 2-2: RISK MANAGEMENT FRAMEWORK Step 1 CATEGORIZE Information System Step 2 SELECT Security Controls Step 3 IMPLEMENT Security Controls Step 6 MONITOR Security Controls Step 5 AUTHORIZE Information System Step 4 ASSESS Security Controls RISK MANAGEMENT FRAMEWORK PROCESS OVERVIEW Starting point ARCHITECTURE DESCRIPTION Architecture Reference Models Segment and Solution Architectures Mission and Business Processes Information System Boundaries ORGANIZATIONAL INPUTS Laws, Directives, Policy Guidance Strategic Goals and Objectives Priorities and Resource Availability Supply Chain Considerations Adapted from NIST Special Publication , Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems.

5 Some, but not all, components of a robust security program:  Risk Analysis  Policies and Procedures  Training and Awareness  Information Access Management  Identity Management  Privacy Controls  Incident Procedures  Contingency Planning  Physical Controls  Transmission Security  Integrity Controls  Disposal Controls  Evaluation

6 Dan Steinberg Lead Associate JD, CIPP/G, PMP Booz | Allen | Hamilton Tel (301)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.