Keeping you Running Part II Developing Your Own Local Government Cyber Security Plans Stan France & Mary Ball

Slides:

Advertisements

Similar presentations

Session 6 Outline Overview of program requirements. Defining your program. Program components. Overview of BMPs. Maintenance inspection. Employee education.

Advertisements

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

Data Quality And Stewardship. PROVIDED BY THE IDAHO STATE DEPARTMENT OF EDUCATION.

Administrative Council Retreat – “Campus Safety and Security” August 13, 2007 Administrative & Information Services Greg Burris.

Data Ownership Responsibilities & Procedures

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

“Who’s In Charge?” “THE COMMAND SECTION”. The Incident/Unified Commander Incident/Unified Commander(s) provides direction and guidance through:  Key.

Information Security Policies and Standards

Guide to Network Defense and Countermeasures Second Edition

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Instructions and forms

Pre Incident Planning and Related Loss Reduction Strategies

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

1 Records Inventory & Data Classification Workshop Data Classification Project Note: This is an example of one agency’s approach to meeting the state records.

HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.

Training Module 4 Special thanks to the Michigan Association of Conservation Districts for assisting in the development of this training module.

Training Module 4. What You’ll Learn In This Module What the characteristics are of a successful Director? What the duties are of District Directors?

Keeping you Running Part I Experiences in Helping Local Governments Develop Cyber Security and Continuity Plans and Procedures Stan France & Mary Ball.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Developing a Disaster Recovery Plan Bb World ’06 San Diego, Calif. Poster Session Presented by Crystal Nielsen, M.A. Instructional Technologist Northwest.

PRIVACY AND INFORMATION SECURITY ESSENTIALS Information Security Policy Essentials Melissa Short, IT Specialist Office of Cyber Security- Policy.

Roles and Responsibilities Of the library trustee NJLTA New Jersey Library Association.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

1 Recent Accomplishments and Opportunities for 2007 ~WEROC~ Kelly Hubbard WEROC Emergency Manager Municipal Water District of Orange County WACO, January.

Cyber Security & Fraud – The impact on small businesses.

Cyber Security Training Assessment for Indian Army Cyber security for Social Networking 18 February 2015 Command HQ complex, Delhi Cantt.

Departmental Disaster Readiness By John Hardcastle Emergency Services Coordinator Palm Springs Fire Department.

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.

Note1 (Admi1) Overview of administering security.

Training Case Studies John Burke

AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Slide 1 Mike Trigg Group Money Laundering Reporting Officer.

Unit 3: Identifying and Safeguarding Vital Records Unit Introduction and Overview Unit objective:  Describe the elements of an effective vital records.

TOP TEST SECURITY RECOMMENDATIONS FOR SCHOOL DISTRICTS John Fremer, Ph.D. President Caveon Test Security October 25, 2006.

Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.

Web 2.0 Melanie Hartgraves Director of New Media Governor David. A. Paterson Jessica Harrison Social Media Coordinator New York State Department of Labor.

Pro-active Security Measures

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Environmental Officer Course Introduction Fort Wainwright, Alaska Environmental Officer Course 2011 Name//office/phone/ address UNCLASSIFIED 12/24/2015.

Roles and Responsibilities Explain the roles and responsibilities for health and safety of key personnel in selected workplace.

Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.

Describe the potential of IT to improve internal and external communications By Jim Green.

Personal data protection in research projects

ITACS L.L.P. Policy And Procedures Group 1. Objective: To establish companywide policy with regards to personal device usage both on and off of the company.

Sorting out IT Policy at Poly U. Ron Heasley Will Krause Tim Logan Mary Schoeler.

Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,

Visual 5.1 General Staff Functions Unit 5: Unified Command.

Business Continuity Disaster Planning

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Harris County Case Study.  Aligning plans with emergency support functions (ESFs) can facilitate an efficient and effective response to emergencies.

Introduction to the Emergency Operations Center City of Santa Cruz 2011 EOC Training and Exercise.

Ron Enger Southern Oregon Educational Service District Medford, Oregon Cliff Ehlinger Grant Wood Area Education Agency Cedar Rapids, Iowa December, 2006.

Business Continuity Planning 101

Module 18 National Preparedness. Postmaster, Levels Module 18Slide - 2 Facility, Personal & Vehicle Security Workroom Floor Access Keys Arrow Keys.

Technology and Business Continuity

NISF Objectives Conceptual structure for guiding IS activities

Corporate Learning Course

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

County HIPAA Review All Rights Reserved 2002.

Business Continuity Planning

Developing and testing the Plan

HQ Expectations of DOE Site IRBs

Presentation transcript:

Keeping you Running Part II Developing Your Own Local Government Cyber Security Plans Stan France & Mary Ball

Outline Working with municipal boards Working with municipal staff and officials Policies and procedures Gathering information Turning information into plans Initiating changes for continuity and security

Working with Municipal Boards Initial Buy in Talking Points Continuity Cases of fire, oil spills, floods Citizen needs Cyber security Information protection – (State Comptroller, E-Ticket) –Personal identity information disclosure law Public embarrassment Loss of work time Cost to repair

Working with Municipal Boards Need for Policy and Procedures Establish roles when a response is needed Identify impact of changes on operations –Different personnel –Different operations Make clear government resource usage

Working With Municipal Staff and Officials Establish what needs to be accomplished –Continuity –Cyber security Establish roles for the process –Utilize existing strengths –Coordination –Information gathering

Policies and Procedures Model Continuity of Operations Policy Model Continuity of Operations Plan Model Cyber Security Policy Model Acceptable Use Policy

Gathering Information Basic information gathering form Remote operations requirements form Continuity of Operations by Function form

Turning Information Into Continuity Policy and Plans Model continuity of operations policy –Purpose –Scope –Policy Model Continuity of operations Plan –Overall responsibility –Priorities –Plans and procedures by function

Model Cyber Security Policy Responsible person Physical protection Access control Information protection Incident reporting Training Media Disposal Acceptable use policy Policy review

Initiating Changes Information Security Officer (ISO) role Regular security software updates Regular back-up and offsite storage Annual review