1 expect the best www.vita.virginia.gov Jeff Deason Chief Information Security Officer Virginia Information Technologies Agency Joint Commission on Technology.

Slides:



Advertisements
Similar presentations
1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,
Advertisements

UCSB Audit and Advisory Services Internal Audit Plan – Highlights Contracts and Grants Liaison Meeting May 16, 2012.
Transit Security: An Overview of Activities Since 9/11 Eva Lerner-Lam President Palisades Consulting Group, Inc. ITE 2003 Annual Meeting August 24-27,
Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
David A. Brown Chief Information Security Officer State of Ohio
1 Evolving the Cyber Security Program Michael Watson Chief Information Security Officer ISACA 3/12/
Click to add a subtitle 1 expect the best VITA Integration & Transformation Highlights Lemuel C. Stewart, Jr. CIO of the Commonwealth.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 July 08, 2010 Information Security Officer Meeting.
Federal Transit Administration Office of Safety and Security FTA BUS SAFETY & SECURITY PROGRAM 18 th NATIONAL CONFERENCE ON RURAL PUBLIC AND INTERCITY.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
0 United States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program December 2007 EA Working Group Session.
1 Operational Plan to Address IT Governance Lem Stewart / Peggy Feldmann CIO, VEAP Director April 17, Lem Stewart (CIO) Peggy Feldmann (CAO) April.
Click to add a subtitle 1 expect the best Lemuel C. Stewart, Jr. Chief Information Officer of the Commonwealth Joint Commission on.
Food and Agriculture Sector Coordinating Councils John L. Williams, DVM U.S. Department of Agriculture AFDO Annual Conference Kansas City, MO June 7, 2005.
Auditor of Public Accounts1 How Safe is Your State’s Data? Virginia’s Common-Sense approach to Assessing Security.
IT Project Management in Virginia IT Project Management Audits in Virginia _____________________________________ NSAA IT Conference.
The Virginia Health Care Workforce Implementation Grant.
1 expect the best Finance Officers Briefing July 14, 2006 VITA – Northrop Grumman Transition/Transformation.
Information Sharing: Challenges, Tools, Resources Mark Perbix Justice Information Systems Specialist, SEARCH.
1 expect the best Diane Horvath Manager, Legal and Legislative Services Virginia Information Technologies Agency Joint Commission.
Partnerships in Promoting Innovation and Managing Risk Scientific and Financial Innovation in AIDS Vaccines International AIDS Vaccine Initiative Labeeb.
Creating a New Vision for Kentucky’s Youth Kentucky Youth Policy Assessment How can we Improve Services for Kentucky’s Youth? September 2005.
Click to add a subtitle 1 expect the best Lemuel C. Stewart, Jr. Chief Information Officer of the Commonwealth House Appropriations.
ARH & ASSOC. HUMAN RESOURCES CONSULTANTS. RISK ASSESSMENT EMPLOYERS ARE REQUIRED TO CONDUCT A RISK ASSESSMENT TO DETERMINE THE RISKS OF WORKPLACE VIOLENCE.
1 Luke Klein-Berndt Command, Control and Interoperability Science and Technology Directorate November 8, 2007 Interoperability Tools & Resources 9th Annual.
Security and Privacy At The Human Resources Advisory Meeting Marcos Vieyra Chief Information Security Officer Division of Information Security Sarah Morrow.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
1 expect the best Cheryl F. Clark Deputy Chief Information Officer of the Commonwealth McIntire School of Commerce, University of.
Critical Infrastructure Protection: Program Overview
Public-Private Education Facilities and Infrastructure Act 2002 (PPEA) Joe Damico.
1 E-911 Services Board Meeting General Business Meeting September 8,
1 VITA in Review Lemuel C. Stewart Jr. CIO of the Commonwealth Information Technology Investment Board January 15,
1 IT Security in the Commonwealth Sam A. Nixon Jr. Chief Information Officer of the Commonwealth Michael Watson Commonwealth Chief Information Security.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Click to add a subtitle 1 expect the best Lemuel C. Stewart, Jr. CIO of the Commonwealth June 9, 2004 Large Agency Transition Team.
Standards for Better Health – Draft declaration for Standards for Better Health Topic Group 25 th February 2008.
Calendar & events 1 Jerry Simonoff, VITA Communications Exchange Meeting August 26, 2008.
1 VITA Status Report Implementation of the Comprehensive Infrastructure Agreement with Northrop Grumman Lemuel C. Stewart Jr. CIO.
Calendar & events 1 Jerry Simonoff, VITA Communications Exchange Meeting June 24, 2008.
1 Colorado Department of Transportation Presentation to the Joint Budget Committee November 16th 2009.
Click to add a subtitle 1 expect the best Briefing to the ITIB April 7, 2004 The VITA Process for the Management and Governance.
1 expect the best Improving How We Do Business in IT: VITA’s SWAM Initiative & Procurement Reform Lemuel C. Stewart Chief Information.
The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.
IBM State and Local Government Team Strategic Vision to Transform Government in Arizona – December 20, Presentation to Society for Information Management.
Enterprise Cybersecurity Strategy
Confidential 1 HIPAA Compliance at Blue Cross Blue Shield of Minnesota: A Case Study Tim Wittenburg Director of Corporate Architecture & Data Management.
October 10, Better Together – The Road to Responsible Information Management Presented by Colleen Pedroza, State Information Security Officer.
1 expect the best Lemuel C. Stewart, Jr. Chief Information Officer of the Commonwealth Information Technology Investment Board September.
1 VITA in Review Lemuel C. Stewart Jr. CIO of the Commonwealth Senate Finance Committee General Government/Technology Subcommittee.
1 expect the best Lemuel C. Stewart, Jr. CIO of the Commonwealth Information Technology Investment Board February 9, 2006 CIO Status.
1 expect the best Lemuel C. Stewart, Jr. CIO of the Commonwealth Information Technology Investment Board April 13, 2005 CIO Status.
1 expect the best Public Private Education Facilities and Infrastructure Act (PPEA) Proposals Briefing to Governor Warner.
Click to add a subtitle 1 expect the best Presentation to the ITIB October 15, 2003 Commonwealth of Virginia Priority Technology.
Safe Communities Business Plan Hampton City Council October 28, 2009.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Information Security Officer Meeting
Information Security Review Panel Report
Enterprise Architecture Data Collection Initiative
Securing Critical Assets: Arizona’s Security & Privacy Initiatives
Evolving the Cyber Security Program
The Methods and Art of Innovative Bureaucracy
General Counsel and Chief Privacy Officer
OPERATIONS SAFETY Donna Johnson, CSE,TSSP-RAIL/BUS
Theppatorn Rhujittawiwat
Presentation transcript:

1 expect the best Jeff Deason Chief Information Security Officer Virginia Information Technologies Agency Joint Commission on Technology and Science Advisory Committee on Privacy June 23, 2005 State Agency Database Security in the Commonwealth

2 expect the best Today’s Topics Security Services Mission VITA’s Security Transition to Governance Mature Enterprise Security Program Where are we today? What are we doing? State Database Audits Senate Bill 1252 Questions

3 expect the best Mission Provide comprehensive information security services that allow state agencies to accomplish their respective missions in a safe and secure technology environment.

4 expect the best Transition from Operations to Governance FY04 Operations FY05 Operations/ Governance FY06 Governance VITA Enterprise VITA / Enterprise

5 expect the best Mature Enterprise Security Program Incident Management Secure Infrastructure VITA Critical Infrastructure and Business Continuity Incident Management Secure Infrastructure VITA Critical Infrastructure and Business Continuity Security Policies, Standards and Procedures Risk Management Information Security Training and Awareness

6 expect the best Where are we today? As noted by the APA, current Commonwealth information security and protection is inadequate. Inconsistent security tools and programs. The enterprise information security program which we are now implementing will address these inadequacies.

7 expect the best What are we doing? Constructing a new internal service fund: –$1.53 million for incident management. –$1.74 million for database risk assessments. Pursuing state homeland security grants: –$950,000 for incident management. Developing database audit standards. Will leverage this large, necessary investment through public-private partnerships.

8 expect the best State Database Audits Current Code language provides needed flexibility for database audits based on: –Sensitivity and Criticality of information. –Exposure to risk. There are approximately 1685 applications in VITA customer agencies. –These applications access an unknown number of databases. –Determining the number of databases is a major challenge.

9 expect the best Senate Bill 1252 As introduced: –Would have required semi-annual database audits. It is difficult to justify the cost of auditing every database twice each year. As amended: –Would have required annual database audits and increased reporting. Annual audits are more easily cost-justified than semi- annual audits. Reporting requirements are a positive step as they increase the visibility of the audits. Including incident reports in annual audit reports provides a fuller view of actual risks.

10 expect the best Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.