M ISSION : The mission of the information security office is to assist in building a security aware university culture through education and technical.

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

David A. Brown Chief Information Security Officer State of Ohio

Agenda COBIT 5 Product Family Information Security COBIT 5 content

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

NCHRP (48) 2014 TRB ANNUAL MEETING Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents Dave Fletcher, Co-PI.

Security Controls – What Works

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

National Cybersecurity Management System

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Update CTC 18 March 2015 Julianne Tolson.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

Chapter Three IT Risks and Controls.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

Idaho Cybersecurity Task Force Department of Administration 16 Sep 2015.

2 ictQATAR “ Information and Communication Technology (ICT) improves how we live and work in countless ways.”  The Ministry of Information Communication.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Working with HIT Systems

Designing Services for Security: Information Security Management throughout the Service Lifecycle Sarah Irwin & Craig Haynal 2015 Penn State Security Conference,

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

October 10, Better Together – The Road to Responsible Information Management Presented by Colleen Pedroza, State Information Security Officer.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,

Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester.

H UMAN R ESOURCES M ANAGEMENT August 18, O UTLINE Key Results Ensure all stakeholders are well informed of cybersecurity and its financial impact.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Information Security Program

Information Technology Sector

Capabilities Matrix Access and Authentication

Cybersecurity Policies & Procedures ICA

Introduction to the Federal Defense Acquisition Regulation

GDPR Awareness and Training Workshop

Cyber Risk & Cyber Insurance - Overview

Cyber Security Culture

Cybersecurity ATD technical

NATIONAL AND INTERNATIONAL MEASURES OF CYBERSECURITY

Cyber Security in a Risk Management Framework

Presentation transcript:

M ISSION : The mission of the information security office is to assist in building a security aware university culture through education and technical assistance to all university stakeholders and to promote the safe and secure use of information technology resources.

G OAL – C YBER R ESILIENT U NIVERSITY  SIG – Information Risk Management  ISO – Broad Operational Security  COBIT - Governance  STIX – Threat Intelligence  NIST – Topical Standards Guidance

W HAT W E D O : Assist in the development of processes, procedures, and policies for the protection of confidential information, the protection of individuals privacy, and the protection of university information resources Assist in the identification and mitigation of information security risks Assist with defining security requirements Assist university units in achieving their compliance requirements based on applicable laws, regulations, and best practices Provide assistance to users and departments regarding information security issues and the resolution of information security issues Improve campus awareness of information security through communication, open dialogue, and training activities

E VOLUTION OF I NFORMATION S ECURITY IT Security Information Security IT Risk Management Information Risk Management ????

EDUCATIONAL INSTITUTIONS ARE AMONG THE MOST VULNERABLE BECAUSE THEY HOLD TREASURE TROVES OF PERSONAL INFORMATION - San Francisco Business Times -

F ORCES ON I NFORMATION S ECURITY

A WARENESS USL Program – Reboot Awareness & Training

I NFORMATION S ECURITY R ISK M ANAGEMENT P ROGRAM :  Enterprise Risk Assessment  Threat Assessment  Unit Based Risk Assessment  Individual Project/Proposal Risk Assessment  Risk & Threat Mitigation Strategies  Coordination with Internal Audit

Policies Procedures Guidelines & Standards M ASTER D ATA A CCESS P LAN : Master Data Access Plan

C YBER E VENT R ESPONSE : IT Cyber Event Response Plan The University IT Cyber Event Response Plan (i.e., IT-CERT Plan) includes the following tasks: Ι. Detection – Identification and Reporting ΙΙ. Containment ΙΙΙ. Eradication IV. Recovery V. Follow-up

E VENT C LASSIFICATIONS : Event (or Cyber Event) Potential Event Non-Event Response Event Incident Potential Breach Breach

T HE S ECURITY J OURNEY Ad Hoc Business Aligned Risk Based Intelligence Driven Threat Based Compliance Based Infrastructure Based

F INAL T HOUGHTS Many exciting things are happening We are always here to help We can’t do this alone, Information Security requires everyone Contact Information: Kevin Crouse: (309)

Q UESTIONS ?