C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 7 Auditing Policy © Routledge Richard.

Slides:



Advertisements
Similar presentations
EMS Checklist (ISO model)
Advertisements

Medicaid Division of Medicaid and Long-Term Care Department of Health and Human Services Managed Long-Term Services and Supports.
Pursuing Effective Governance in Canada’s National Sport Community June 2011.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
C HAPTER 3 A CCEPTABLE U SE P OLICY C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES © Routledge.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 10 Privacy Policy © Routledge Richard.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 12 Electronic Bullying © Routledge.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 6 Access Policy © Routledge Richard.
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
Security Controls – What Works
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
The Information Systems Audit Process
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Corporate Ethics Compliance *
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Practicing the Art of Leadership: A Problem Based Approach to Implementing the ISLLC Standards, 4e © 2013, 2009, 2005, 2001 Pearson Education, Inc. All.
Control environment and control activities. Day II Session III and IV.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 2 Total Cost of Ownership © Routledge.
Internal Auditing and Outsourcing
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
2014 E DUCATIONAL T ECHNOLOGY P LAN P ROJECT K ICKOFF.
Chapter 3 Internal Controls.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 13 Electronic Sexual Harassment.
IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.
1 DOE IMPLEMENTATION WORKSHOP ASSESSING MY EMS Steven R. Woodbury
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
C HAPTER 4 A UTHENTICATION POLICY C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES © Routledge.
SECTION 1 THE PROJECT MANAGEMENT FRAMEWORK
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 9 Analysis Policy © Routledge Richard.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 1: Introduction © Routledge Richard.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 8 Physical Policy © Routledge Richard.
Resource Management Resource Management 3.03 Understand support services.
RBM at an Agency Level Cedric Saldanha Melbourne (613)
Guidance Training (F520) §483.75(o) Quality Assessment and Assurance.
ICP 8 – Risk Management and Internal Controls Ekrem Sarper Vice Chair, Implementation Committee San Jose, Costa Rica.
Information Security IBK3IBV01 College 1 Paul J. Cornelisse / George Pluimakers.
1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.
ISO CONCEPTS Is a management standard, it is not performance or product standard. The underlying purpose of ISO 1400 is that companies will improve.
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
Documentation Requirements for Hospital Accreditation -By Global Manager Group.
BIMILACI 2007 Partners for Quality Infrastructure: The FIDIC Vision Washington, May 10, 2007 Dr. Jorge Díaz Padilla FIDIC President.
Federal Information Security Management Act (F.I.S.M.A.) [ Justin Killian ]
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Business Continuity Planning 101
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
RISK MANAGEMENT SYSTEM
Quality Improvement.
June Gallup, RN, MS, HCS-D, COS-C, BCHH-C
Getting to Know Internal Auditing
Getting to Know Internal Auditing
Chapter 9 Control, security and audit
Resource Management 3.03 Understand support services
Getting to Know Internal Auditing
Resource Management 3.03 Understand support services
Resource Management 3.03 Understand support services
Resource Management 3.03 Understand support services
Resource Management 3.03 Understand support services
Resource Management 3.03 Understand support services
Resource Management 3.03 Understand support services
Resource Management 3.03 Understand support services
Resource Management 3.03 Understand support services
Resource Management 3.03 Understand support services
Resource Management 3.03 Understand support services
Presentation transcript:

C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 7 Auditing Policy © Routledge Richard Phillips and Rayton R. Sianjina

A UDITING P OLICY Data protection Security policies are as necessary for state and local organizations as they are for large organizations and government agencies (Conrad, 2010). © Routledge

Local educational agencies must comply with various regulatory compliance and security requirements that safeguard unauthorized access to sensitive data from outsiders as well as staff members of the organization who do not have a “need to know.” © Routledge A UDITING POLICY

Data auditing is somewhat complex but understanding best practices and utilizing a “data auditing framework” allows educational leaders, according to Jones and Ball (2008), “a mechanism for collecting such information through its audit methodology.” There are benefits to this methodology such as data risk management, data asset identification, and planning. Since this is a policy unique to the organizational culture, “the Data Audit Framework is a first step in this process, assisting organizations to collect such information so they can develop policies and processes appropriate to their needs” (p. 113). © Routledge A UDITING POLICY

Comprehensive technology plans include many aspects of technology. Schools that effectively use technology have a carefully designed technology plan that is a part of the overall school-improvement plan. A technology plan that is not integral to the overall improvement plan is likely to be short-lived (Cradler, 1996). © Routledge A UDITING POLICY

Modern technologists like those that developed the Missouri Department of Education (2011) plans from best practices believe in forming a technology planning committee with members reflecting all the stakeholders. These modern designers plan in steps: 1. Select a well-rounded technology committee. 2. Develop a technology mission statement. 3. Collect and evaluate technology raw data. 4. Develop technology goals and objectives. 5. Develop and implement an action plan and timelines. 6. Disseminate, monitor, and evaluate the technology plan. © Routledge A UDITING POLICY

C ONCLUSION Safeguarding the technology developed or purchased by the organization should be included in the district’s auditing policy and procedure. © Routledge