Presentation is loading. Please wait.

Presentation is loading. Please wait.

Annual CISO Update Ken Runyon, CISO

Published byMilo Kelly Modified over 8 years ago

Similar presentations

Presentation on theme: "Annual CISO Update Ken Runyon, CISO"— Presentation transcript:

1 Annual CISO Update Ken Runyon, CISO Ken.Runyon@suny.edu

2 Session Outline: 1.Introduction 2.Annual Training Requirements 3.SANS Securing the Human 4.SAQ 2015 Review 5.Q&A

3 Annual Training and Assessment

4 ISO Training Requirements: NYS-S10-001  ISO or designated security representatives for State Entities  Minimum of 37.5 CPE credits annually User Training Requirements: SUNY 6608 NYS P003-002 PCI-DSS

5 SANS Securing the Human

6 SANS Training: Expected Outcomes  Provide standards based information security awareness training  All system users (faculty or staff) should participate  May be augmented with face to face training (Executives)  Does not replace specific PCI or HIPAA required compliance training Current Situation  24 SUNY entities (campuses and other) participate in group program  4 have conducted training, running out of time for 2015-2016 cycle

7 SAQ 2015 Review

8 ISEC Program Observations: Security Projects remain a top indicator to success Management/Executive are necessary Establishing Policies based on established standards is a requirement  Cyber Security Framework v1.0  NIST 800-53  ISO 27001/27002  COBIT

9 State Operated ISEC Program Scores

10 Community College ISEC Program Scores

11 State Operated ISEC Program Percentages

12 Community College ISEC Program Percentages

13 ISEC Controls Observations: IT has addressed the basics as can be seen in the scores Intrusion Prevention remains a stretch goal 1/3 of the campuses do not conduct vulnerability scans Content based filtering (i.e. DLP) is not being done

14 State Operated IT Controls Scores

15 Community College IT Controls Scores

16 State Operated IT Controls Percentages

17 Community College IT Controls Percentages

18 Questions

Download ppt "Annual CISO Update Ken Runyon, CISO"

Similar presentations

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise.

Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise.
Security Controls – What Works

Security Controls – What Works
Empowering Staff Through Institute Planning (ESTIP) Executive Workshop Institute Name: XXXXXX Presenter: XXXXXX Date: XXXXXX.

Empowering Staff Through Institute Planning (ESTIP) Executive Workshop Institute Name: XXXXXX Presenter: XXXXXX Date: XXXXXX.
1 July 08, 2010 Information Security Officer Meeting.

1 July 08, 2010 Information Security Officer Meeting.
Environmental Management Systems Refresher

Environmental Management Systems Refresher
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.

12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.
1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.

1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
User Group 2015 Security Best Practices. Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations.

User Group 2015 Security Best Practices. Presenters Steve Kelley, COO 31 years experience building and managing operations and service delivery organizations.
PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME 1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal.

PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME 1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal.
Information Security Update CTC 18 March 2015 Julianne Tolson.

Information Security Update CTC 18 March 2015 Julianne Tolson.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Similar presentations

Ads by Google