Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information governance and information security

Published byBella Schuler Modified over 5 years ago

Similar presentations

Presentation on theme: "Information governance and information security"— Presentation transcript:

1 Information governance and information security

2 Information governance

3 Where InfoSec is coming from
today Where InfoSec is coming from How InfoGov can work with InfoSec What Records Managers need to learn

4 The players Risk Audit Compliance Information Security Privacy
IT Operations Legal

5 Information security CIA: Confidentiality, Integrity, Availability
Prevent breaches of information Train and educate end users Patching Put in place CONTROLS Respond to Security Audits Access Controls Cyber Insurance Information security

6 Information security controls
DLP or Data Loss Prevention NAC Network Access Controls Policies Procedures Access Controls Multi-Factor Authentication

7 Protecting Information
PII Personally Identifiable Information PHI Personal Healthcare Information PCI Credit Card Information Attorney Client Privilege Trade Secrets

8 Information security Know what we have (PII or PHI) Know where it is
Know how it is being used = Controls easily implemented

9 Information security alignment
Standards & FRAMEWORKS Regulations HIPAA GDPR NACHA ISO NIST COBIT SOC2 ETSI CISQ NERC ISA/IEC 62443 IASME To build your Information Security Management System ISMS

10 The two professions 1995 1955 ARMA has been around since 1955
The first CISO was named in 1995

11 Information governance
We know our organization’s information We know where the gaps are We know the players We have a good understanding of the playing field We know the end users We understand the process of getting information policies and processes pushed through

12 Information governance tasks
Learn the language Learn Know the technology Know Understand the controls Understand See the priorities See

13 Organizations and certifications
ISACA – Knowledge and practices for Information Systems ISSA -- International Systems Security Association ISC Squared - Cybersecurity and IT Security Professional Organization IAPP -- International Association of Privacy Professionals IIA – Institute of Internal Auditors CISA® validates skills and experience in auditing, control information security and cybersecurity. CRISC™… risk, information systems control and cybersecurity. CISM®… information security management and cybersecurity. CGEIT®… enterprise IT governance.

14 Remove duplicate efforts
goals Pool resources Remove duplicate efforts Leverage controls Translate

15

16 You know your information landscape

17 THANK YOU! Jeff Lewis

Download ppt "Information governance and information security"

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
© ITGI, ISACA - not for commercial use. John R. Robles 787-647-3961 Guidance for Information.

© ITGI, ISACA - not for commercial use. John R. Robles Guidance for Information.
1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Introduction to IT audits PART II IT.

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.
Information Security Framework & Standards

Information Security Framework & Standards
Information Security Update CTC 18 March 2015 Julianne Tolson.

Information Security Update CTC 18 March 2015 Julianne Tolson.
Cybersecurity nexus (CSX)

Cybersecurity nexus (CSX)
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
GRC - Governance, Risk MANAGEMENT, and Compliance

GRC - Governance, Risk MANAGEMENT, and Compliance
OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP 221601 YAP YONG TECK 228407 TAN YUAN JUE 226491 TAY QIU JIE 227495 GROUP MEMBER:

OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP YAP YONG TECK TAN YUAN JUE TAY QIU JIE GROUP MEMBER:
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Similar presentations

Ads by Google