Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 www.vita.virginia.gov Secure Telework Connectivity Peggy Ward Chief Information Security Officer July 22, 2008 www.vita.virginia.gov 1.

Published byJoshua Dixon Modified over 9 years ago

Similar presentations

Presentation on theme: "1 www.vita.virginia.gov Secure Telework Connectivity Peggy Ward Chief Information Security Officer July 22, 2008 www.vita.virginia.gov 1."— Presentation transcript:

1 1 www.vita.virginia.gov Secure Telework Connectivity Peggy Ward Chief Information Security Officer July 22, 2008 www.vita.virginia.gov 1

2 2 Secure Telework Connectivity Goals Support telework by providing accessibility to Commonwealth systems and information from remote locations Prevent access to Commonwealth systems and information by unauthorized parties

3 3 Secure Telework Connectivity Options Provide remote workers with a Commonwealth tablet or laptop with a Virtual Private Network Secure Socket Layer connection (VPN SSL) Exercise 1 of the 3 options authorized by Commonwealth Standard SEC 511 - Use of Non- Commonwealth Computing Devices to Telework Provide an alternative method while obtaining an exception from the Commonwealth Standard SEC 511 - Use of Non-Commonwealth Computing Devices to Telework

4 4 Options under SEC 511 - Use of Non-Commonwealth Computing Devices to Telework The Standard permits using a Non-COV device: for standalone research to access web based applications via a “remote desktop” solution where applications are run from a remote desktop server or terminal server preferably secured within the COV infrastructure. If these do not apply AND the agency has a better solution submit an exception request Exception Request Form - COV IT Security Policy and StandardException Request Form - COV IT Security Policy and Standard

5 5 Options under SEC 511 - Use of Non-Commonwealth Computing Devices to Telework NOTE: The Standard prohibits storage of Commonwealth information on any non-COV device! RISKS: Home machine has malware such as keystroke logging! Malware leads to any of the following –Stolen credentials –Stolen sensitive data –Infection spreads to COV systems Improper data storage on non-COV systems –Temporary data not deleted after use –Downloading email to the home system instead of webmail

6 6 Other Considerations Any internet connection needed should be reliable and have sufficient bandwidth. Meet Records retention and FOIA requirements. Sensitive information must have encryption at rest and in motion. Meet DOA and DHRM requirements.

7 7 Security Incident Response In the event a non-Commonwealth owned or leased computing device used for Commonwealth business is involved in the investigation of a security incident, the employee may be required to release the device to law enforcement or the COV Computer Security Incident Response Team (CIRT) for forensic purposes. The COV CIRT is obligated to report any illegal activity uncovered during a security incident investigation, whether the activity is related to the incident being investigated or not. While all investigations are confidential, the remote user concedes any expectation of privacy related to information stored on a personally owned computing device involved in a security incident.

8 8 www.vita.virginia.gov Questions? Thank you.

Download ppt "1 www.vita.virginia.gov Secure Telework Connectivity Peggy Ward Chief Information Security Officer July 22, 2008 www.vita.virginia.gov 1."

Similar presentations

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
1 www.vita.virginia.gov 2009 COV Security Standard Significant Requirements Changes Michael Watson Director of Security Incident Management www.vita.virginia.gov.

COV Security Standard Significant Requirements Changes Michael Watson Director of Security Incident Management
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Similar presentations

Ads by Google