Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester.

Published byShonda Bennett Modified over 8 years ago

Similar presentations

Presentation on theme: "Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester."— Presentation transcript:

1 Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester

2 Summary of discussions  Commend NSF for putting security plan in agreements!! Good step forward  It is recognized the wide range of projects that NSF supports – large, medium, small  Protection of data and risk based analysis is the key for the planning  Security planning requires thought of how security is to be implemented and thought about the associated costs follows as well  It is suggested that awardees and NSF program officers will need guidance

3 Summary of discussions con’t  Recommendations:  Get more guidance from NSF on security plan  Security frameworks and best practices templates (e.g. NIST, educause, ISC2, etc)  Program officer security plan checklist Need checklist based on risk  Engaging security experts to help awardees and program officers/reviewers  Incident response planning guide, flowcharts, resources (examples from Teragrid, Yale, etc.)  Acceptable Use Policy examples

4 Summary of discussion so far  Encourage dialogue between awardees and Program Officers  Start discussion about development of protocol for notification about cyber security incidents with program officers (and other events that effects the program)

5 Security Plan  Language in CA says must have a security plan with, but not limited to,  Policy and procedures  Roles and responsibilities  Risk assessment*  Awareness and training  Incident notification procedures  Technical safeguards  Administrative safegards  Physical safeguards * - ones we discussed in the breakout

6 Others Policies of Interest Suggested List  Acceptable Use Policy*  Media Protection*  Incident response*  Access Control  Audit and Accountability  Security Assessment  Configuration Mgmt  Contingency Planning  Identification and Authentication

7  System Acquisition Policy and Procedures  System and Communication Protection  System and Information Integrity  Personnel Security  System Maintenance Discussions so far… Policies

Download ppt "Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester."

Similar presentations

Information Technology – Guidelines for the Management of IT Security

Information Technology – Guidelines for the Management of IT Security
The International Security Standard

The International Security Standard
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
NSF CYBER-SECURITY SUMMIT: INFORMATION SECURITY CLAUSE  Influenced by recommendations from previous Cyber-Security Summit meetings, the clause was added.

NSF CYBER-SECURITY SUMMIT: INFORMATION SECURITY CLAUSE  Influenced by recommendations from previous Cyber-Security Summit meetings, the clause was added.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Information Security Framework & Standards

Information Security Framework & Standards
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
HIPAA COMPLIANCE WITH DELL

HIPAA COMPLIANCE WITH DELL
Applied Technology Services, Inc. Your Partner in Technology www.appliedtechnologyservices.com Applied Technology Services, Inc. Your Partner in Technology.

Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.

Similar presentations

Ads by Google