Presentation is loading. Please wait.

Presentation is loading. Please wait.

Northwestern University Information Technology Information and Systems Security/Compliance February 2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Northwestern University Information Technology Information and Systems Security/Compliance February 2005."— Presentation transcript:

1 Northwestern University Information Technology Information and Systems Security/Compliance February 2005

2 Northwestern University Information Technology Dave Kovarik Office: (847) 467-5930 Email: david-kovarik@northwestern.edu 1800 Sherman Ave., Evanston, Suite 600 20+ years in Information Security practice CISSP: Certified Info Systems Security Professional CISM: Certified Information Security Manager Information and Systems Security/Compliance

3 Northwestern University Information Technology Information and Systems Security/Compliance Office of the Vice President Mort Rahimi, VP & CTO Pat Todus, AVP & Deputy CIO Dave Kovarik Director Sharlene Mielke Disaster Recovery Roger Safian Information Security

4 Northwestern University Information Technology Purpose  Enable the University to conduct its business in a secure manner  Maintain that delicate balance between service and security Information and Systems Security/Compliance

5 Northwestern University Information Technology Primary Areas of Responsibility  Security – Information Protection Services  Disaster Recovery / Business Continuity  Compliance - Regulatory, University policy Information and Systems Security/Compliance

6 Northwestern University Information Technology Basic Tenets of Information Security - CIA  Confidentiality  Integrity  Availability/Accessibility …and a few more  Control (access)  Individual accountability  Audit trails (monitoring) Information and Systems Security/Compliance

7 Northwestern University Information Technology Provide direction  Plans: Strategic, Operational  Security Architecture - compatible with and complimentary of the System Architecture  Aligned with business plans Information and Systems Security/Compliance

8 Northwestern University Information Technology We want to be your Business Partner  Working together toward common goals  Design information protection solutions that support your business We have a Service & Support Orientation Information and Systems Security/Compliance

9 Northwestern University Information Technology Develop University policy and standards that address information assets  A collaborative effort, exercising sound judgment, across all lines Focused on Individual Responsibility and Accountability Information and Systems Security/Compliance

10 Northwestern University Information Technology Accommodates regulatory and legislative requirements (HIPAA, FERPA, GLBA, Sarbanes-Oxley, U.S. Patriot Act, DMCA, FTC, government-funded programs, et al) Employs business and industry “best practice” Ensures availability through recoverability Information and Systems Security/Compliance

11 Northwestern University Information Technology Innovative and flexible, focused on…  People (Largest Asset & Vulnerability)  Process  Technology Based on Risk  Protection commensurate with value Information and Systems Security/Compliance

12 Northwestern University Information Technology Risk Assessment  Recognize Threat conditions (now and foreseeable)  Establish our Vulnerability to threat conditions  Determine the Risk Risk Management  Control, minimize, eliminate, transfer or otherwise mitigate the risk Information and Systems Security/Compliance

13 Northwestern University Information Technology Forward-looking  Anticipating and responding to client needs  Requires early involvement Effective protection schemes  Efficient in terms of resources: cost, time, personnel and delivery  Provide a competitive advantage: “Client Confidence” factor Information and Systems Security/Compliance

14 Northwestern University Information Technology Security Awareness and Training  What’s in it for me?  Timely, Consistent, Persistent  “Tell ‘em, tell ‘em again, then tell ‘em one more time, just to be sure!” Communication  360 degrees Information and Systems Security/Compliance

15 Northwestern University Information Technology Dave Kovarik (847) 467-5930  david-kovarik@northwestern.edu Sharlene Mielke (847) 467-7804  s-mielke@northwestern.edu Roger Safian (847) 491-4058  r-safian@northwestern.edu Information and Systems Security/Compliance

16 Northwestern University Information Technology Thank You !!! Your Questions / Discussion are Welcome… Information and Systems Security/Compliance

Download ppt "Northwestern University Information Technology Information and Systems Security/Compliance February 2005."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Vendor Management September 7 th 2007 James Mahan, Vice President Yankee Alliance.

Vendor Management September 7 th 2007 James Mahan, Vice President Yankee Alliance.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security and Personnel

Security and Personnel
Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.

Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Security Controls – What Works

Security Controls – What Works
Business Crisis and Continuity Management (BCCM) Class Session 3 3 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Jim Seligman Chief Information Officer Welcome & Opening Remarks.

Jim Seligman Chief Information Officer Welcome & Opening Remarks.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
ISS IT Assessment Framework

ISS IT Assessment Framework
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information and Systems Security/Compliance UNITS 02 Feb 2006.

Information and Systems Security/Compliance UNITS 02 Feb 2006.

Similar presentations

Ads by Google