Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Board Governance Monitoring to determine the effectiveness of the Board of Directors Francie Mathes.
Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.
1 6 - Outsourcing Outsourcing. © Robert G Parker – UW-CISA 2010 Dealing with issues when a portion or all of the provision of technology services is performed.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Security Controls – What Works
The Importance of Food Safety Media Training 2 nd Oman Food Safety Conference By Mobisher Rabbani.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
DATA LIFECYCLE & DATA MANAGEMENT PLANNING ……………………………………………………………………………………………………………………………….…………………………….. ……………………………………………………………......…... RESEARCH DATA.
Security Certification
Session 3 – Information Security Policies
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Securing Information in the Higher Education Office.
Overview of Systems Audit
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
What is it? Why it is so important?
Tom Clarke VP, Research & Technology National Center for State Courts.
Public Employees Retirement System October 31, 2007 Eric Sokol, CSD Administrator Jeffrey Marecic, ISD Administrator Senate Bill 583 Implementation.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.
Roles and Responsibilities
Keeping you Running Part II Developing Your Own Local Government Cyber Security Plans Stan France & Mary Ball
Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.
OPTIONS FOR ACTION – BLUEPRINT FOR ACTION. Executive (CEO) Engagement MAKING THE BUSINESS CASE Legal mandates Liability Employee engagement Corporate.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Cyber Security & Fraud – The impact on small businesses.
Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.
Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.
DISTRIBUTION IMPLEMENTATION EXAMPLES AND TOOLS David Sandidge Director, Responsible Care American Chemistry Council June 1, 2011.
Social and Professional Issues in IT Roshan Chitrakar.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Technology New York State Learning Standards for Grades 7 & 8.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.
Human Resource Security ISO/IEC 27001:2013
Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.
Langara College PCI Awareness Training
Managing a “Data Spill”
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
1 Procurement Operations Division (POD) Guidance for Telework and Work Schedules February 2016.
WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.
Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.
Performing Risk Analysis and Testing: Outsource or In-house
Information Security Program
Presenter: Mohammed Jalaluddin
Security Methods and Practice CET4884
Information Technology Standards at the University of Illinois
Michigan Department of Education
Introduction to the Federal Defense Acquisition Regulation
LAND RECORDS INFORMATION SYSTEMS DIVISION
San Francisco IIA Fall Seminar

Regions for Economic Change: Networking for Results Migrants and the City: Towards Successful Integration Anna Ludwinek European Foundation 05/12/2018.
County HIPAA Review All Rights Reserved 2002.
IS Risk Management Framework Overview
National Information Assurance (NIA) Policy
IT and Audit Building a Security Aware Culture
Protecting Knowledge Assets – Case & Method for New CISO Portfolio
Presentation transcript:

Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551

Implementing IA and Cybersecurity Secure System

Implementing IA and Cybersecurity Secure System

Policies Policies drive security solutions Range from standards to guidelines; general to procedural Controls derive from policies Consequences tied to policies

Role for Procedures: When We Trust Controls…. Assumes: Design implements policies Sum total of controls implement all policies Implementation is correct Installation/administration are correct

CISO Procedure Dashboard Employee termination checklist Employee provisioning checklist Data backup Emergency contacts Change management procedure Instant messaging procedures PCI data security standard PCI self-assessment checklist Credit card handling procedure Data breach response procedure Procedure for request/access to personnel files Procedure for outside request for information Data classification procedure Media disposal procedure Privacy procedure

CISO Procedure Dashboard (cont’d.) Cyber incident response procedure Procedure on disposal of media/memory PKI management Appropriate use procedure Top 10 list Security manual Metrics ISO17799, ISO27001 VPN procedure Outsourcing security requirements/contract terms Contractor security requirements /contract terms

Context Evolution Agricultural Age Industrial Age Information Age

Labor Force Composition Source: K. Lauden & Lauden

Attribute Agricultural Age Industrial AgeInformation Age Wealth LandCapitalKnowledge Advancement ConquestInventionParadigm Shifts Time Sun/SeasonsFactory WhistleTime Zones Workplace FarmCapital equipment Networks Organization Structure FamilyCorporationCollaborations Tools PlowMachinesComputers Problem-solving SelfDelegationIntegration Knowledge GeneralizedSpecializedInterdisciplinary Learning Self-taughtClassroomOnline

Technology Individual Community State Economics Politics & Law Culture Education At the heart… IMPACTS

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.