Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.

INL’s Cellular Data Stipend Jonathan Homer NLIT 2009.

1 Evolving the Cyber Security Program Michael Watson Chief Information Security Officer ISACA 3/12/

1 3M Privacy Filters Justification Toolkit: How to Use The following presentation is meant to provide you with the most impactful data points to help you.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

Enterprise Risk Management at Your School: Getting Started Constance Neary, VP for Risk Management, United Educators Debra Wilson, Legal Counsel, National.

Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1

Gurpreet Dhillon Virginia Commonwealth University

A First Course in Information Security

BYOD Charter Purpose and Scope

Implementing Security Education, Training, and Awareness Programs

FHWA Reorganization Update Program Performance Management Standing Committee on Performance Management Meeting Detroit, MI October 14, 2011 Peter Stephanos.

EEC Internal Control Plan (ICP) FY2013. Direction from Secretary Malone Acting EEC Commissioner Thomas Weber shall initiate a top-to-bottom review of.

Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Georgia Department of Human Services Division of Aging Services (DAS): Data Breach Presenter:Harold Johnson Acting General Counsel Presentation to: Board.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.

1 Guidance for Preparing for Final Exam. 2 Exam will be on Thursday, August 21, 2014 Exam will be all Essay Bring own pen and pencil, paper will be provided.

1 Guidance for Preparing for Final Exam. 2 Exam will be on Thursday, August 22, 2013 Exam will be all Essay Bring own pen and pencil Final Exam covers.

ITIL Framework. What is ITIL ? ITIL stands for the Information Technology Infrastructure Library. ITIL is the international de facto management framework.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

Nancy L. Owens & Karyn Boston

We Recruited a New Member...Now What? Presented March 21, 2013.

MITM743 Advanced Project Management Introduction To The Class.

Solutions Within Reach

Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007.

Publication Schemes Natasha Bodden Freedom of Information Unit November, 2009.

REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.

AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.

Exam Questions 8.A large company with 200 employees uses a local area network (LAN) which includes all the computers in its head office. Describe the.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Lesson Objectives 1.Receive the assignment 2 brief and guidance 2.Work on assignment 2.

Internet of Things Business Case Template. Powered by InfoTech, provided by Atlantic BT Summarize the business case for analyzing the Internet of Things.

Implementing Security Education, Training, and Awareness Programs By: Joseph Flynn.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

CMGT 400 Entire Course CMGT 400 Week 1 DQ 1  CMGT 400 Week 1 Individual Assignment Risky Situation  CMGT 400 Week 1 Team Assignment Kudler Fine Foods.

Moving to BYOD Gary Audin 1.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

SEC 440 OUTLET The learning interface/sec440outletdotcom.

DOJ CYBER RISK REPORT 2015 BREACHES & THE CYBER LANDSCAPE CYBER SECURITY? HUH?

SEC 310 Entire Course For more classes visit SEC 310 Week 1 Goals and Objectives For a Security Organization Paper SEC 310 Week 1.

HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.

Security Risk Assessment of a Remotely Operating Tower Security Engineering Course Student 1: Name and Last Name Student 2: Name and Last Name.

SEC 440 Entire Course (UOP) For more course tutorials visit  SEC 440 Week 1 Organizational Information Security System Analysis.

For more course tutorials visit

CMGT 400 GUIDE Real Success CMGT 400 Entire Course FOR MORE CLASSES VISIT CMGT 400 Week 1 Individual Assignment Risky Situation CMGT.

For More Best A+ Tutorials CMGT 400 Entire Courses (UOP Course) CMGT 400 Week 1 DQ 1 (UOP Course)  CMGT 400 Week 1 Individual Assignments.

DaSy Conference Data Breach Exercise August 2016 [Logo]

To Encrypt or Not Encrypt

Security Risk Profiles – Tips and Tricks

Introduction to the Federal Defense Acquisition Regulation

District Technology Updates

Unit 7 – Organisational Systems Security

SEC 440 Competitive Success/snaptutorial.com

NUR 587 STUDY Lessons in Excellence-- nur587study.com.

SEC 440 Education for Service-- snaptutorial.com.

SEC 440 Teaching Effectively-- snaptutorial.com

CMGT 400 Education for Service-- tutorialrank.com

Reporting personal data breaches to the ICO

Security Awareness Training: System Owners

Energy Systems and Infrastructure Division

Cybersecurity in Elections Infrastructure: Risks and Mitigations

Cybersecurity compliance for attorneys

Level 2 Diploma Unit 11 IT Security

Presentation transcript:

Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION

First Step - Planning Create a “Plan for the Plan” that describes Why? (Policy, risk, etc.)

First Step - Planning Create a “Plan for the Plan” that describes Why? (Policy, risk, etc.) What is affected? (Entire organization)

First Step - Planning Create a “Plan for the Plan” that describes Why? (Policy, risk, etc.) What is affected? (Entire organization) Who? People keeping the plan in motion People you need help from

First Step - Planning Create a “Plan for the Plan” that describes Why? (Policy, risk, etc.) What is affected? (Entire organization) Who? People keeping the plan in motion People you need help from What is being changed? (Focus on 18 control families)

First Step - Planning Create a “Plan for the Plan” that describes Why? (Policy, risk, etc.) What is affected? (Entire organization) Who? People keeping the plan in motion People you need help from What is being changed? (Focus on 18 control families) When? Order of action Best estimates

First Step - Planning Create a “Plan for the Plan” that describes How? Designate Categorize Secure

First Step - Planning Create a “Plan for the Plan” – Other topics to include

First Step - Planning Create a “Plan for the Plan” – Other topics to include Short-term mitigation considerations i.e. current events/threats

First Step - Planning Create a “Plan for the Plan” – Other topics to include Short-term mitigation considerations i.e. current events/threats Targeted mitigation considerations Market research (i.e. Verizon DBIR top threats for your industry) Industry best practices

Second Step – Get Organizational Support Our approach: communicate, repetition Present to Leadership Present to Division Heads Present to Staff

Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc.

Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc. Explain NIST topics at a relatable level i.e. student data at the copier, sensitive data on your desk

Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc. Explain NIST topics at a relatable level i.e. student data at the copier, sensitive data on your desk Sample Slides:

Let’s Minimize Security Risk Across OPI NIST provides guidance on: USB drives Student data at the copier The OPI ISSP

Let’s Minimize Security Risk Across OPI NIST provides guidance on: USB drives Student data on your desk Student data at the copier Desktops The OPI ISSP

Let’s Minimize Security Risk Across OPI NIST provides guidance on: USB drives Student data on your desk ing sensitive information Student data at the copier Phones, Tablets Traveling with a laptop Social Engineering Desktops The OPI ISSP And Many More… Internet Use

Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc. Explain NIST topics at a relatable level i.e. student data at the copier, sensitive data on your desk

Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc. Explain NIST topics at a relatable level i.e. student data at the copier, sensitive data on your desk Introduce your ISSP Plan

Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc. Explain NIST topics at a relatable level i.e. student data at the copier, sensitive data on your desk Introduce your ISSP Plan Ask for help

Lessons Learned Time

Lessons Learned Time Resources

Lessons Learned Time Resources Buy-in

Next Steps for OPI Update Roles and Responsibilities Categorize Systems Project Planning for Controls Planning family Risk assessment family

Contact Curt Norman