November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Agricultural Research, Extension and Education Reform Act (AREERA) Program and Administrative Update May 25, 2011.

David A. Brown Chief Information Security Officer State of Ohio

1. All pages of the completed Internet Recharter must be submitted for processing. If they are not submitted with the package your charter will be held.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Head of IS Branch Assistant Director Business Operations Crime Input Unit Occupation Checks Unit Property & Logistics Information Governance Information.

OMB A-123 Update CRT April 20, 2015 Mike Wetklow

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

ERSEA Training April 17, /17/2015

DES Providers Webinar DES Guideline Changes 3.00 PM Tuesday 14 January 2014.

1-1 Create and Enforce Sell-Side Contracts with Oracle Sales Contracts.

Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum 21 CFR Part 11 Considerations November 14, 2002.

Incident Response Updated 03/20/2015

Westminster City Council and Westminster Primary Care Trust Voluntary Sector Funding 2009/10 Voluntary Sector Funding Eligibility, Application Form Funding,

Session 71 National Incident Management Systems Session 7 Slide Deck.

National Incident Management System. Homeland Security Presidential Directive – 5 Directed the development of the National Incident Management System.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

Monthly APCD User Workgroup Webinar January 28, 2014.

WELCOME 2014 AmeriCorps Program Director Training Saratoga Springs, NY October 20, 2014.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

United States Department of Agriculture Office of Procurement & Property Management Charge Card Service Center USDA Purchase Card Coordinators Procedures.

Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.

A DEPARTMENTAL PERSPECTIVE Drive Value through Compliance with the Green Book – Stop Checking the Box.

Supporting voluntary, community and social enterprise organisations to understand the information requirements when bidding for and receiving European.

July 10, 2008www.infosecurity.ca.gov1 What’s New!.

NAPHSIS REAL ID Overview June 6, 2007 In support of this key requirement,

D5240 Document Retention System 8/20/ District 5240 The Rotary Foundation Grants Document Retention System Rotary Year

Florida Test Security Measures Presented at CCSSO National Conference of Student Assessment National Harbor, Maryland June 2013.

SFY 2016 OLGA TRAINING. REGISTERING FOR AN ACCOUNT All OLGA users need to have an account on the Turnstile by going to the department website, or right.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

SFY 2016 OLGA TRAINING. REGISTERING FOR AN ACCOUNT All OLGA users need to have an account on the Turnstile by going to the department website, or right.

The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.

January 8, 2009www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.

October 10, Better Together – The Road to Responsible Information Management Presented by Colleen Pedroza, State Information Security Officer.

ROUNDTABLE New Tools & Initiatives for Addressing Medical Device Security Thursday, February 17, 9:45am ROUNDTABLE New Tools & Initiatives for Addressing.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Audit – Consultation – Ethics & Compliance – Enterprise Risk Management – Investigations Office of Internal Audit and Compliance Best Practices for Protecting.

January 10, 2008www.infosecurity.ca.gov/1 Office Updates ORP-COOP/COG Alignment SAM/SIMM Restructure New/Revised SIMM Forms and Instructions Presented.

Termly Governor Briefings Keith Grimwade Service Director: Learning Spring 2016.

Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.

DCSS Information Security Office Partnership for a secure environment Lawrence “Buddy” Troxler Chief Information Security Officer February 13, 2011.

The Unit Safety Statement November 2014 Dr Emer Bell Integrated Risk Solutions.

Washington State Auditor’s Office Third Party Receipting Presented to Washington Public Ports Association June 2016 Peg Bodin, CISA.

Agency ATO Quick Guide September 21, 2015

Review, Revise and Amend from Procedures for State Board Policy 74

NYSICA 2016Membership survey

Microsoft 365 Get help with regulatory compliance

Anna Preston Vance, HA of Paris

Reportable Events & Other IRB Updates February 2017

The Federal programs department September 26, 2017

Office of Naval Research Update

Know Your Revised Alternate Security Program (ASP) Jen Wilk

STB / Local District ELPAC Summative Assessment Coordinator Support

Health Risk Assessment (HRA): Workshop Guide

Training Appendix Revised January 2018.

Staff Training Travel Authorization electronic approvals

Training Appendix for Adult Protective Services and Employment Supports June 2018.

Agency SFY IT Strategic Plans: Training

Security Awareness Training: System Owners

Open Comment Period on the Model State Plan: National Webinar An OSCOE National Webinar Tuesday, December 19th 2017 Dr. Jarle Crocker | CCAP, NCRT Director.

Cyber Risk & Cyber Insurance - Overview

Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005

System Optimizations Work Group Update

Online District Registration & NASSAU BOCES DISTRICT PORTAL

Institutional Perspectives on Integrity of Publication

Presentation transcript:

November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza

November 13, 2008www.infosecurity.ca.gov2 Policy Releases  MM Industry Standard Terminology For Disaster Recovery  MM Safeguarding Against and Responding to an Information Security Breach involving Personal Information  SIMM 65D - Security Breach Involving Personal Information: Requirements and Decision-Making Criteria for State Agencies  Forthcoming Q1 2009: MM on Incident Management for State Agencies  Add definition(s) for incident, etc  Update reporting criteria and forms  OISPP to provide incident management training

November 13, 2008www.infosecurity.ca.gov3 Current OISPP Projects  Enterprise Security Strategic Plan  FSR for an Automated Incident Management System (OHS Grant Funded)  Online Cyber Security and Privacy Training (OHS Grant Funded)  Policy Gap Analysis  Data Exchange Agreement Guidance and Model Templates Document  Information Security Leader Academy (ISLA)

November 13, 2008www.infosecurity.ca.gov4 Update on 2009 Compliance Documents DR Plans Due by October 15th 29 Disaster Recovery Plans were due 21 were filed Form Updates SIMM 65A, 70B, 70D forms were revised to reflect the change to Disaster Recovery from Operational Recovery.

November 13, 2008www.infosecurity.ca.gov5 Update on 2009 Compliance Documents SIMM 70A Form was revised to: CHANGE: Reflect the change to Disaster Recovery NEW: Require a Privacy Program Coordinator back-up NEW: Require classification be provided for designated back-ups NEW: Require an organization chart indicating the reporting structure for the designees be attached to the Form NEW: Safeguard language added to the footer *Please note that the form allows for more than one individual to be an authorized designee for the Director

November 13, 2008www.infosecurity.ca.gov6 Update on 2009 Compliance Documents SIMM 70C Form was revised to:  Change: Reflect the change to Disaster Recovery  NEW: Check boxes added to each component of a fully developed Risk Management and Privacy Program.  Revised: Expansion of the SAM sections to address: Date of your agency’s last Risk Assessment Date the remediation activities were completed  There are NO new policy requirements on this Form  Removed: the bullet stating, “Compliance with the state audit requirement relating to the integrity of information and security incident reporting requirements. See SAM Section ”  NEW: Safeguard language added to the footer.

November 13, 2008www.infosecurity.ca.gov7 Update on 2009 Compliance Documents  To meet the January 31, 2009 filing requirements, agencies must file the revised: Form 70A dated November This form may be signed by the Director or the Director’s Designee. However, if the Designee is not on file with our Office, the form will be returned with a letter indicating that it did not have the authorized signature. Form 70C dated November It must be signed by the Director or agency head. Old forms submitted will be returned to the Director with a letter indicating that the revised form must be submitted.

November 13, 2008www.infosecurity.ca.gov8 Questions?