Information Security Update CTC 18 March 2015 Julianne Tolson.

Slides:



Advertisements
Similar presentations
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Advertisements

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Security Controls – What Works
Information Security Policies and Standards
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
System and Network Security Practices COEN 351 E-Commerce Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,
Information Security Technological Security Implementation and Privacy Protection.
Information Systems Security Computer System Life Cycle Security.
HIPAA COMPLIANCE WITH DELL
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Working with HIT Systems
Chapter 2 Securing Network Server and User Workstations.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Frontline Enterprise Security
1 PARCC Data Privacy & Security Policy December 2013.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Understand Audit Policies LESSON Security Fundamentals.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
OTech CalCloud Security General 1  Meets the operational and compliance requirements of the State  SAM/SIMM  NIST  FedRAMP v2  Other necessary regulatory.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Information Security tools for records managers Frank Rankin.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Securing Information Systems
Data Security and Privacy Overview: NJDOE’s Approach to Cybersecurity
Security Standard: “reasonable security”
Capabilities Matrix Access and Authentication
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
I have many checklists: how do I get started with cyber security?
ISMS Information Security Management System
IS4680 Security Auditing for Compliance
Mitigation Principles PROPOSAL OICA/CLEPA
Identity & Access Management
Drew Hunt Network Security Analyst Valley Medical Center
IS4680 Security Auditing for Compliance
Session 1 – Introduction to Information Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Presentation transcript:

Information Security Update CTC 18 March 2015 Julianne Tolson

2 What is Information Security? ” Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). ” information Wikipedia:

3 CSU Information Security Policy It is the collective responsibility of all users to ensure: Confidentiality of information which the CSU must protect from unauthorized access Integrity and availability of information stored on or processed by CSU information systems Compliance with applicable laws, regulations, and CSU/campus policies governing information security and privacy protection ICSUAM

4 Information Security Standards ISO 27000,27001,27002, NIST Cyber Security Framework (NIST CSF)

5 How is Information Security Achieved? A strategic partnership between stakeholders that includes: Risk management Controls Access control

6 Risk Management / Assessment Establish context Risk assessment Physical / Logical Threats Vulnerabilities Risk mitigation Reduce, retain, avoid, transfer Monitor and control

7 Risk Management examples Business continuity planning Offsite back-ups Patching and updates Qualys Vulnerability scans Web application scans Browsercheck (Bus. Ed.)

8 Qualys Browsercheck Business Ed. Demo 1.Sign-up 2.Configure 3.Distribute link 4.Monitor Users will be prompted to take action when vulnerabilities are detected

9 Controls Administrative: policies and procedures, background checks, FERPA, PCI, HIPAA Logical: intrusion detection, firewalls, encryption, principle of least privilege Physical: environment, separation of duties

10 Controls examples Responsible use policy Identity Finder Intrusion detection: PAN and Fireeye Information Security Awareness Discussion topic: How to get the word out?

11 Access control Identification Assurance Authorization Mandatory Access Control Discretionary Access Control Authentication Multi-factor authentication

12 Access control example Multi-factor authentication DuoSecurity pilot Action Item: Review any discretionary access control you have granted

13 Security Incident Response Assessing current process Incident categorization Response by incident category Server, Account, Endpoint Forensic tools Event logs & analysis

14 Questions?