1 July 9, 2009 Information Security Officer Meeting.

Slides:

Advertisements

Similar presentations

Organizational Governance

Advertisements

CDCs 21 Goals. CDC Strategic Imperatives 1. Health impact focus: Align CDCs people, strategies, goals, investments & performance to maximize our impact.

1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.

Raising the Standard for Improved Flood Risk Management in the Midwest Raising the Standard for Improved Flood Risk Management in the Midwest Interagency.

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

State Portal Advisory Committee Kick-Off meeting 12 August 2010 Prepared by: Ivy Hoffman and George Bakolia.

California Child Welfare Co-Investment Partnership Children’s Conference Monterey, California May 29, 2008.

National Infrastructure Protection Plan

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Information Security Policies Larry Conrad September 29, 2009.

Security Controls – What Works

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

Office of the State CIO IT Capital Plan. Training Agenda New IT Capital Plan process How the IT Capital Plan works How to develop the IT Capital Plan.

Active Directory Production Pilot Project Department of Administration Enterprise Technology Services (ETS) ETS is a customer based team that provides.

Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.

NOT FOR PUBLIC DISTRIBUTION State of Minnesota Technology Summary February 24, 2011.

IT Governance and Management

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

ITSC Report From The CIO: Network Program Update 25 September 2014.

The topics addressed in this briefing include:

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

IT Professional Perspectives, Discussions, and Recommendations Steven K. Wall IT7833 IT Strategy, Policy and Governance.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Navigating the Maze How to sell to the public sector Adrian Farley Chief Deputy CIO State of California

Sanbolic Enabling the Always-On Enterprise Company Overview.

COMPREHENSIVE ECONOMIC DEVELOPMENT STRATEGY DEVELOPING A STRATEGY FOR REGION 6 Region 6 Planning Commission 903 East Main Street Marshalltown, IA

84th Legislative Session TECHNOLOGY BILL HIGHLIGHTS

Shared Services Workshop Break-out Session Summaries July 7, 2015.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Lessons Learned in Smart Grid Cyber Security

Cloud Computing Zach Ciccone Claudia Rodriguez Annia Aleman Xiaoying Tu Nov 14, 2013.

The Reality of Measuring Small Business Environmental Compliance Assistance Kenya Stump.

IASE National Conference Towards a Comprehensive Employment Strategy for People with Disabilities Dermot Mulligan Head of Labour Force Development Division,

Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.

Improving Meeting Management for Your IT Department (Concurrency Corporation)

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Commonwealth IT Consolidation Background and Basic Talking Points (Update Title as Needed) Committee or Person Presenting Date MM/DD/YYYY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

December 14, 2011/Office of the NIH CIO Operational Analysis – What Does It Mean To The Project Manager? NIH Project Management Community of Excellence.

Critical Infrastructure Protection: Program Overview

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Implementing Strategies: Marketing, Finance/Accounting, R&D, and MIS Issues Chapter 6.

U.S. Department of Agriculture eGovernment Program Design Approach for usda.gov April 2003.

Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.

Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 What is Solution Assessment & Validation?

Deloitte Consulting LLP Commonwealth of Massachusetts IT Consolidation Initiative IT Governance Target State Update Briefing for Statewide Working Group.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.

1 Proposed Information Technology Plan for 2004 February 24, 2004 Presented by Patrick Groff Chief Information Officer County of Sacramento.

1 Strategic Plan Review. 2 Process Planning and Evaluation Committee will be discussing 2 directions per meeting. October meeting- Finance and Governance.

Corporate Services Restructuring 31 March Introduction  The AG completed the restructuring of Corporate Services in November 2005  The restructuring.

Robert Mahowald August 26, 2015 VP, Cloud Software, IDC

Commission 1: Landscape challenges Chairperson: Aslam Raffee Issues in the current environment : – Lack of sponsorship and accountability – No coordination.

Commonwealth IT Consolidation Background and Basic Talking Points Date MM/DD/YYYY.

Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.

IS3220 Information Technology Infrastructure Security

The Federal Telework Program U.S. Office of Personnel Management.

IANA Stewardship Transition & Enhancing ICANN Accountability Panel and Audience discussion | WSIS Forum | 5 May 2016.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Advanced Planning Brief to Industry Jerry L. Davis DAS, Office of Information Security June 9, 2011.

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

IT Development Initiative: Status and Next Steps

ISO/IEC 27001:2005 A brief introduction Kaushik Majumder

AT&T/Cisco Partnership…Enabling Customer Success

Presentation transcript:

1 July 9, 2009 Information Security Officer Meeting

2 Katrina Yang Reaching Us… No change to mailing address No change to phone numbers Change to addresses Office closures due to mandated furloughs

3 Mark Weatherford OCIO/OIS Organizational Update GRP Transition OIS Vacancies and recruitment efforts Impact on OIS’ ability to meet prior service level expectations Also on the move…

4 Rosa Umbach ITPL 09-02, Security Segment Security Survey

5 Michele Robinson Incident Management FSR Project Update Grant funded feasibility study Stakeholder (owner and user) interviews were conducted Information security regulations, policies, standards, and guidelines were researched Market research was performed

6 Michele Robinson Problem and needs were validated Alternatives were identified Based on overall cost/benefit a proposed alternative was selected FSR is close to completion (August 2009 )

7 Michele Robinson Alternatives Leverage Existing Remedy Service Desk Software Acquire a Custom-off-the-Shelf (COTS) Solution Partner with CalEMA RIMS (Response Information Mgmt System) Replacement Project

8 Michele Robinson Benefits of Partnership with CalEMA Establishes a unified and coordinated approach between COIS, CHP, and CalEMA Consolidation of separate existing (and conceptual) systems into a single system Scalable and can be extended to local governments Greater security of data Implementation is expedited by leveraging an approved FSR Less costly

9 Michele Robinson Benefits of Partnership with CalEMA Alignment with: National strategy “The government, working with key stakeholders, should design an effective mechanism to achieve a true common operating picture that integrates information from the government and private sector and serves as the basis for informed and prioritized vulnerability mitigation efforts and incident response decisions.” – Cyberspace Policy Review Key objectives derived from: Cyberspace Policy Review National Strategy to Secure Cyberspace National Strategy for the Physical Protection of CI/KR

10 Michele Robinson Benefits of Partnership with CalEMA Alignment with: State IT Strategic Plan: –“Information technology support for the Executive Branch of California State Government will operate as a seamless enterprise, delivering consistent, cost-effective, reliable, accessible and secure services that satisfy the needs of its diverse public and private customers, including the People of California, its business communities and its public sector agencies.” - California State Information Technology 2006 Strategic Plan, pg 5 State IT Capital Plan: –“Facilitate improvements in internal business processes and financial management through IT investments and enhance and promote enterprise data sharing through IT investments.“ – 2009 ITCP Overview

11 Michele Robinson Telework Policy and Security Standards Update DGS Telework Policy –DGS Telework Advisory Group (TAG) OIS Telework Security Standards –DPA will facilitate meet and confer with labor

12 Michele Robinson Twitter Vulnerabilities Month long campaign/project entitled the “Month of Twitter Bugs” or “MoTB” Began July 1, 2009 Focus on ways to utilize the Twitter website and third-party Twitter applications to distribute malicious code. Malicious code may be used to exploit other third-party programs with a similar codebase as Twitter May result in automated programs being written to take advantage these known vulnerabilities.

13 Michele Robinson Twitter Vulnerabilities Month of Twitter Bugs: Aviv Rafi (Creator of "Month of Twitter Bugs" blog): Bugs.aspx Bugs.aspx

14 Michele Robinson Recommendations: Have a policy on the appropriate use of social networking sites Ensure users are trained on the appropriate use of social networking sites, including: –Enabling the privacy features and disabling of "Auto-Feeds" that are not approved by your organization. –Not visiting un-trusted websites or follow links provided by unknown or un-trusted sources. –Understanding the threats posed by hypertext links, especially from un-trusted sources. –Following your organization's policies for incident reporting.

15 Michele Robinson Recommendations: Ensure that all anti-virus software is up-to- date with the latest signatures. Ensure that the most recent vendor patches are applied on all desktops, laptops, mobile devices and servers as soon as possible. Deploy network intrusion detection systems to monitor network traffic for malicious activity.

16 Michele Robinson State Direction on Departmental Use of Social Networking Media Agency use versus all employee use Argument for advantages of employee access Security must help business to achieve the objectives of the directive

17 Mark Weatherford Strategic Plan and Policy Refresh Project Update

18 Mark Weatherford ITPL Agency Information Officer and Department Chief Information Officer Responsibilities

19 Mark Weatherford ITPL Questions Q: Does this mean that all ISOs in an IT classification must report to CIO? A: Yes, that is the intent. Q: What does this mean to ISO’s in non-IT classifications? A: This is currently under consideration.

20 Mark Weatherford What are the ISO Concerns? In Addition to Known ITPL Concerns Reporting to the CIO is a conflict of interest. Security and risk issues will not get raised to my agency head as needed and expected.

21 Mark Weatherford Closing Please complete the feedback survey. Thank you for your attendance and participation.