Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness Training: System Owners

Published byCalvin Ziegler Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Awareness Training: System Owners"— Presentation transcript:

1 Security Awareness Training: System Owners

2 Definition VITA , p. 7 The System Owner is the agency business manager responsible for having an IT system operated and maintained. With respect to IT security, the System Owner’s responsibilities include the following: 1. Require that the IT system users complete any system unique security training prior to, or as soon as practicable after, receiving access to the system, and no less than annually, thereafter. 2. Manage system risk and developing any additional information security policies and procedures required to protect the system in a manner commensurate with risk. 3. Maintain compliance with COV Information Security policies and standards in all IT system activities. 4. Maintain compliance with requirements specified by Data Owners for the handling of data processed by the system. 5. Designate a System Administrator for the system.

3 Security Your responsibility Implement Security Controls
Software Safeguards Access Controls Data Owner Requirements Who Type What permissions Approve access Remote Access Investigate unusual activities Notify affected users of Security Breach Ensure proper environmental controls are in place. Ensure systems are in secured locations Notify Data Owner of breach System hardening Baseline Security on all systems Additional Security on all systems Review

4 Communication The Data Owner decides the sensitivity level and level of protection for the data, communicating it to you, the system owner Designate and direct the System Administrator in requirements to protect the data Work with the Data Owner on BIA Notify Data Owner of breach Assist Data Owner in reviews

5 Risk Management & Business Continuity
Participate in BIA with Data Owner Document Sensitive Systems Risk Assessment Approve backup schedule Approve emergency backup and operations restoration plans SEC Sect 4.2.2: Security Plan requirements Include: Security Controls, current and planned How the controls mitigate risk Get Agency Head or ISO approval Revise if disapproved Update every three years

6 System Interoperability
Section of SEC501-01 Document Systems with shared data Type Data flow Contact info Written agreement with security requirements Specify how data is stored System Owner agrees to abide by legal requirements System Owner’s authority to approve access Approve and enforce Inform others who share the system or data to include new shares

7 Other Security Considerations
Phishing/Social Engineering Data Disposal Password requirements SSN and Credit Card number communication

Download ppt "Security Awareness Training: System Owners"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
MN PRIMA: 2014 Data Practices Presentation Stacie Christensen, Director Information Policy Analysis Division, Admin.

MN PRIMA: 2014 Data Practices Presentation Stacie Christensen, Director Information Policy Analysis Division, Admin.
Environmental Management System (EMS)

Environmental Management System (EMS)
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
VITA [Virginia Information Technologies Agency]

VITA [Virginia Information Technologies Agency]
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Information Systems Security Officer

Information Systems Security Officer
Documentation Management Biosafety and Biosecurity Awareness Training For Afghan and Pakistani Bioscientists January 12-14, 2010 SAND No. 2008-0480P Sandia.

Documentation Management Biosafety and Biosecurity Awareness Training For Afghan and Pakistani Bioscientists January 12-14, 2010 SAND No P Sandia.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.

Similar presentations

Ads by Google