Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Slides:



Advertisements
Similar presentations
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Advertisements

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
David A. Brown Chief Information Security Officer State of Ohio
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.
Managing the Information Technology Resource Jerry N. Luftman
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Information Technology Assessment Review Presented to the Board of the State Center Community College District.
A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’
Continual Service Improvement Process
FY2010 PEMP Notable Outcomes October 15, FRA, LLC Board of Directors 10/15-16/2009 Office of Quality and Best Practices Performance Evaluation Management.
Implementing and Auditing Ethics Programs
N-Wave Shareholders Meeting May 23, 2012 N-Wave Security Update Lisa
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
Industrial Engineering Roles In Industry
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Roles and Responsibilities
1 The Auditor’s Perspective Division of Sponsored Research Research Administration Training Series Presented by: Joe Cannella Audit Manager,
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
December 14, 2011/Office of the NIH CIO Operational Analysis – What Does It Mean To The Project Manager? NIH Project Management Community of Excellence.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
GTA’s Business Plan May Georgia Technology Authority Agenda Why Change? Why Now?Why Change? Why Now? Where We Are GoingWhere We Are Going Next StepsNext.
Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
© Dr. John T. Whiting All Rights Reserved Slide 1 Achieving Compliance with GBLA & Other Laws and Regulations Impacting.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.
Using OMB Section 508 reporting in addressing your agency's program maturity. How to Measure Your Agency's 508 Program.
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
SecSDLC Chapter 2.
Chapter 8 Auditing in an E-commerce Environment
State of Georgia Release Management Training
Information Technology Assessment Findings Presented to the colleges of the State Center Community College District.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
New Paradigms for Capital Planning in IT Security Sandy Washington Federal Railroad Administration July 22, 2008.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security tools for records managers Frank Rankin.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
ISO 9001 Quality Management System implementation experience in the Agency on Statistics of the Republic of Kazakhstan (ASRK) Zhasser Jarkinbayev, ASRK.
OMB Status 03/31/05 Monday, June 6, 2005 OMB Progress 03/31/05 Vicki Novak Tom Luedtke Gwen SykesPat DunningtonGwen Sykes Best in Government! Steps to.
Developing an Audit Program By Rodney Kocot President Systems Control and Security Incorporated Copyright © 2005 Rodney Kocot.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
Advanced Planning Brief to Industry Jerry L. Davis DAS, Office of Information Security June 9, 2011.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Information Security Program
Cybersecurity - What’s Next? June 2017
Team 1 – Incident Response
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
League for Innovations Conference March 2018
Presentation to Project Certification Committee, DoIT August 24, 2008
Presentation transcript:

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO

Security Program (Agency Name) mission is to provide constituent internet interface for the sale of state logo widgets This security program has been developed to support business processes and communications to support business goals

Security Program Governance Complies with Federal, Industry and State statutes and requirements such as HIPAA, PCI and the Georgia Enterprise Policies, Standards and Guidelines

Security Program Governance Key Components of Governance –Planning Strategic Security Plan –Governance structures State CIO Council Information Security Officer Council Agency Risk Management Board Agency IT Leadership

Security Program Governance Key Components of Governance –Policy Georgia Enterprise Policy (Agency Policy) Industry Practices Federal Policies –Monitoring Self-assessments Third Party assessments Georgia Dept of Audits

Security Program Governance Challenges and Keys to Success –Challenges Resources New Threats –Keys to Success Resources to achieve goals –Meditation of shortfalls –Certification of assurance Education –Executive –Employee

Security Program System Development Life Cycle Four cycle as prescribed by OPB for IT equipment In the third year of the current planning cycle –25% IT equipment refresh budgeted –Security device refresh scheduled

Security Program Awareness and Training Awareness and Training program based on federal model User Awareness training completed –120/125 employee participation –96% ‘pass’ for Annual Awareness Training –Remedial training identified and scheduled Training program underway for technical staff –Act-Online.net –Strategic Training Alliance Executive training underway –Act-Online.net

Security Program Capital Planning Security Priorities and Funding –Top Five Security Priorities Third Party assessment to (1) High system Refresh firewall pair (7 years old) Refresh Intrusion system (5 years old) SIEM acquisition Training (ISO skills - administrative training) – Total FY 2009 Funding request $125K –Allowed FY 2009 Funding:$77K Third Party assessment Refresh firewall pair

Security Program Interconnecting Systems PeopleSoft – State Accounting Office Enterprise Active Directory/Exchange - GTA GBA Physical Access Control System PCI vendor – XYZ Corporation

Security Program Performance Measures Annual Agency Information Security Report –Due 30 June –Reporting to GTA –Reporting items as prescribed by Enterprise Standard

Security Program Security Planning Approach for security planning is performed by examining each system Security Program is based upon aggregating plans, assessments and audits –Current plans are attached to the Security Program document

Security Program Contingency Planning No formal agency Business Continuity Plan has been developed IT has rudimentary planning underway –Several meetings with system owners –IT staff has begun requirements collection

Security Program Risk Management Agency has a Risk Management Board that meets monthly Structure and scope aligns with NIST Risk Management Security heavily involved

Security Program Security Assessments Self-Assess with current IT staff –Performed quarterly Third party assessments once a year Georgia Dept of Audit every third year

Security Program Security Products and Accquisition Conduct research and consult with GTA Office of Information Security Current focus –Application firewall –Intrusion systems –Content filtering

Security Program Incident Response Escalation procedures include security hand-off decision points Procedures are periodically tested Security personnel have been trained: –Cyber First Responder –Forensic Investigations (National White Collar Crime Center)

Security Program Configuration Management Configuration management is given high importance to maintain the integrity of the network and IT assets. Agency has a Configuration Management Board (CMB) that meets weekly The CMB coordinates with GTA’s CMB as it may impact enterprise operations

Security Program Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.