Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Audits Lessons Learned THE LOCAL CHILD SUPPORT AGENCY PERSPECTIVE.

Published byGiles Morton Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security Audits Lessons Learned THE LOCAL CHILD SUPPORT AGENCY PERSPECTIVE."— Presentation transcript:

1

2 Information Security Audits Lessons Learned THE LOCAL CHILD SUPPORT AGENCY PERSPECTIVE

3 Large County Perspective San Bernardino County DCSS ✷ 125,000 cases ✷ Three offices Two court locations ✷ 430 staff

4 Small County Perspective El Dorado County DCSS ✷ 7500 cases ✷ Two offices Two court locations ✷ 67 staff

5 Preparation for Information Security Review “Internal Safeguard Review” Checklist ✷ Guide for ensuring compliance with information security requirements ✷ Checklist was provided to the department prior to the review

6 Preparation for Information Security Review (cont’d) Functional areas impacted: ✷ Facilities ✷ Security Process ✷ Records Management ✷ Case Management Practices ✷ Policies and Procedures ✷ Employee Awareness ✷ Information Technology

7 Preparation for Information Security Review (cont’d) Plan: ✷ Assess current level of compliance ✷ Identify any improvements needed ✷ Establish timeline ✷ Communicate with deputy directors and managers ✷ Monitor process to ensure required improvements are implemented

8 Preparation for Information Security Review (cont’d) Large County Issues: ✷ Coordinating with several deputy directors and managers, working in different office locations ✷ Delegation of administrative and Information Technology functions ✷ Ensuring consistent communication throughout the organization ✷ Updating multiple procedures ✷ Time-frames to implement necessary changes

9 Preparation for Information Security Review (cont’d) Small County Issues: ✷ No one held responsible for security. Information was outdated and spread out all over two offices. ✷ No one had time to participate and be primarily responsible for preparing the security questionnaire. ✷ Procedures had to be written – MANY were non-existent. ✷ Changes took time and several requests for postponement took place.

10 Preparation for Information Security Review (cont’d) Review Team Members: ✷ Deputy Directors ✷ Administrative Manager and staff ✷ Operations Managers ✷ Program Specialists (Policy Team) ✷ Staff Analyst ✷ Information Technology Manager

11 Preparation for Information Security Review (cont’d) Preparation for Review ✷ Coordinated with Review Team ✷ Implemented needed refinements ✷ Prepared/updated policies and procedures ✷ Assembled binders with required documents for DCSS reviewers ✷ Verified implementation of changes

12 Review Site Review ✷ Entrance Conference ✷ Tour of Loma Linda office ✷ Tours of other facilities ✷ Ongoing discussions with DCSS reviewers ✷ Exit Conference ✷ DCSS Letter of Findings

13 Small County Review Site Review ✷ Director met with Auditor/Review Staff from DCSS ✷ Toured Placerville office ✷ Questions regarding other offices ✷ Delivered binder including all documents ✷ Exit Conference

14 Challenges San Bernardino Information Security Challenges: ✷ Updated scans needed ✷ Different information security requirements (State vs. County) ✷ Policies needed to be updated ✷ Logs completed, but did not meet standard set by Information Security Manual (ISM)

15 Challenges El Dorado Challenges: ✷ Many security/key issues ✷ Building remodeling needed ✷ New contracts and access agreements with third parties such as janitorial, shred contract, etc. ✷ Many policies needed to be re-written – or written ✷ Shortened time for “time outs.” Purchased fingerprint reader – single signons

16 Ensuring Continued Compliance ■Developing administrative policies and procedures to advise staff of department expectations and their own responsibilities regarding information security ■Establishes timeline for periodic reviews to ensure continuing compliance ✷ Key/badge logs ✷ Floor plans ✷ Visitor logs ✷ Incident logs ✷ Policies and Procedures ✷ “Walking Around” reviews ✷ Document destruction invoices

17

Download ppt "Information Security Audits Lessons Learned THE LOCAL CHILD SUPPORT AGENCY PERSPECTIVE."

Similar presentations

MONITORING OF SUBGRANTEES

MONITORING OF SUBGRANTEES
CRI- Common Review Initiative Reducing Lender Review Redundancy.

CRI- Common Review Initiative Reducing Lender Review Redundancy.
Leon County Schools Performance Feedback Process August 2006 For more information www.leon.k12.fl.us/Public/Person/

Leon County Schools Performance Feedback Process August 2006 For more information
(Individuals with Disabilities Education Improvement Act) and

(Individuals with Disabilities Education Improvement Act) and
Local School Audits Virginia Association of Test Directors Fall 2009 Conference Fairfax County Public Schools.

Local School Audits Virginia Association of Test Directors Fall 2009 Conference Fairfax County Public Schools.
Effective Contract Management Planning

Effective Contract Management Planning
Monitoring Local GSRPs Linda Stachowiak Preschool Services Supervisor.

Monitoring Local GSRPs Linda Stachowiak Preschool Services Supervisor.
FRANK ESPOSITO DIRECTOR OF SPECIAL EDUCATION SOUTH PLAINFIELD SCHOOL DISTRICT Effective Communication Pathways in Special Education.

FRANK ESPOSITO DIRECTOR OF SPECIAL EDUCATION SOUTH PLAINFIELD SCHOOL DISTRICT Effective Communication Pathways in Special Education.
ORGANIZATION. 2 Purchasing & Inventory Assessment Occurrence Management Information Management Process Improvement Customer Service Facilities & Safety.

ORGANIZATION. 2 Purchasing & Inventory Assessment Occurrence Management Information Management Process Improvement Customer Service Facilities & Safety.
U.S. Department of Veterans Affairs Veterans Health Administration Supportive Services for Veteran Families (SSVF) Program SSVF Grantee Uniform Monitoring.

U.S. Department of Veterans Affairs Veterans Health Administration Supportive Services for Veteran Families (SSVF) Program SSVF Grantee Uniform Monitoring.
EMS Auditing Definitions

EMS Auditing Definitions
2015-2016 Special Education Accountability Reviews Let’s put the pieces together March 25, 2015.

Special Education Accountability Reviews Let’s put the pieces together March 25, 2015.
NOAA Deemed Exports Compliance Program Ann Murphy/Michele Peruch Office of the Chief Administrative Officer Hugh Schratwieser General Counsel Washington,

NOAA Deemed Exports Compliance Program Ann Murphy/Michele Peruch Office of the Chief Administrative Officer Hugh Schratwieser General Counsel Washington,
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
U.S. Department of Veterans Affairs Veterans Health Administration Supportive Services for Veteran Families (SSVF) Program SSVF Grantee Audit Plan Overview.

U.S. Department of Veterans Affairs Veterans Health Administration Supportive Services for Veteran Families (SSVF) Program SSVF Grantee Audit Plan Overview.
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
Duties and Responsibilities of Budget Managers and Budget Analyst Duties and Responsibilities of Budget Managers and Budget Analyst.

Duties and Responsibilities of Budget Managers and Budget Analyst Duties and Responsibilities of Budget Managers and Budget Analyst.
1 PROCUREMENT AUTHORITY AND RESPONSEBILITIES Dr. Fred Mugambi Mwirigi JKUAT.

1 PROCUREMENT AUTHORITY AND RESPONSEBILITIES Dr. Fred Mugambi Mwirigi JKUAT.
The National University Special Education Internship Introduction to the Program 2006-2007.

The National University Special Education Internship Introduction to the Program
1 Monitoring Review: What Every New Coordinator Should Know Victoria Rankin and Greta Colombi, NDTAC.

1 Monitoring Review: What Every New Coordinator Should Know Victoria Rankin and Greta Colombi, NDTAC.

Similar presentations

Ads by Google