Presentation is loading. Please wait.

Presentation is loading. Please wait.

5 Steps to get funding for IT Security

Published byえつと ことじ Modified over 5 years ago

Similar presentations

Presentation on theme: "5 Steps to get funding for IT Security"— Presentation transcript:

1 5 Steps to get funding for IT Security
Show Me the Money 5 Steps to get funding for IT Security

2 Pssst.. Who is this guy? Rob Garbee Technical Security Analyst
20 or so years in IT Banking, DOD, HIPAA CISSP What does all that mean?

3 I’m Just Like you… A minion trying to figure it out

4 Why do this stuff Advocate $5.55 Million
Didn’t conduct an accurate and thorough assessment of the potential risks and vulnerabilities to all of its ePHI; Did not reasonably safeguard an unencrypted laptop when left in an unlocked vehicle overnight. University of Mississippi Medical Center 2.75 Million Did not implement appropriate policies and procedures to prevent, detect, contain, and correct security violations; Did not implement physical safeguards for all workstations that access ePHI to restrict access to authorized users; $1 Million Morgan Stanley The SEC found that MSSB violated Regulation S-P due to its failure to implement sufficient safeguards to protect customer information.

5 Lets Get Started

6 Step 1 - Policies and Procedures (or whatever you call them)
Are you and your company following them Do procedures align with policy Are procedures documented Identify gaps and document them Policy and procedures Review your policies and procedures? Are you and your company following them? Do procedures align with policy Are you procedures documented Where are they stored Online / Offline Identify gaps

7 Step 2 Speak to your management team
What keeps them up at night What are you responsible for Where is your important data How much is that data worth Note these items What keeps them up at night? What are you responsible for? Where is your important info? How much is that data worth? Seriously what is it worth? Note these items?

8 Step 3 Perform an inventory
Where is your stuff Where is your important data If you don’t know how can you protect it Where are your assets? Where does your important data live? Servers Laptops PC's Printers BYOD, Phones

9 Before we move on you should now have the following
STOP Before we move on you should now have the following What the important data is Where the important data lives How much the important data is worth Policy discrepancies

10 Use the data you have collected Logical Risk Assessment
Step 4 Risk Assessment Use the data you have collected Logical Risk Assessment Physical Risk Assessment isk analysis Use the data that you have collected Physical risk assessment Spreadsheet example (template) Walkthrough Logical risk assessment

11 Step 4 Risk Assessment (British mathematician and professor of statistics at the University of Wisconsin

12 Step 5 Demonstrate the results
Use the data that you have collected Hard to argue with their own words Demonstrate the need by use of monetary loss Report, PowerPoint, etc. Present your findings Use the data that you have collected Hard to argue with their own words - Policy, etc. Demonstrate the need by use of monetary loss

13 If we have done it right..

14 5 Steps to get funding for IT Security
Show Me the Money 5 Steps to get funding for IT Security

15 Additional stuff Use external resources if needed
Use free tools if needed Nessus Security Onion Present your findings Use the data that you have collected Hard to argue with their own words - Policy, etc. Demonstrate the need by use of monetary loss

Download ppt "5 Steps to get funding for IT Security"

Similar presentations

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
1 1 Risk Management: How to Comply with Everything July 11, 2013.

1 1 Risk Management: How to Comply with Everything July 11, 2013.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Information Security Policies and Standards

Information Security Policies and Standards
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.

What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.
SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.

SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.
Where’s the Money Going? 10 Things You Should Know about Internal Controls and Fraud Donna S. Brown, CPA Bob Powell, CPA November 12, 2010.

Where’s the Money Going? 10 Things You Should Know about Internal Controls and Fraud Donna S. Brown, CPA Bob Powell, CPA November 12, 2010.
Security Architecture

Security Architecture
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)

Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)

Similar presentations

Ads by Google