Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bridget-Anne Hampden U.S. Department of Education Guaranty Agency Security Reviews.

Published byHector Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "Bridget-Anne Hampden U.S. Department of Education Guaranty Agency Security Reviews."— Presentation transcript:

1 Bridget-Anne Hampden U.S. Department of Education Guaranty Agency Security Reviews

2 Why We Did It… How We Did It… What We Did… What We Found… Next Steps… 2 Guaranty Agency Reviews

3 Why We Did It… PII Breach reported in March 2010 2010 Guaranty Agency (GA) Security and Privacy Conference in Washington, DC Focus on Privacy, Data Security, and Critical Infrastructure Protection GA’s asked to prepare and submit Self-Assessment Forms 3

4 Why We Did It…(cont’d.) Assessment of results Creation of an FSA Report Summary of findings based on risk category Highlight key focus areas 4

5 How We Did It… Used a risk-based approach Outstanding loan balance Risk profile Size Outstanding Loan Balance (75%) Result was an assessment of 15 Guaranty Agencies visited in FY 2011 Remaining 16 Guaranty Agency visits were conducted in FY 2012 5

6 How We Did It… (cont’d.) Preparation and Distribution of Pre-Visit Questionnaire Perform Market Research on each GA Review 10K Reports Google and Blog Searches Recent Audit and SAS70 Reports Review System Security Plans (SSP’s) 6

7 What We Did… FSA Team performed a day long visit at each site Senior Management opening briefing Review of information submitted in pre-visit package Engage Guaranty Agency technical team (CIO, CISO, Audit Manager, etc) In depth discussions/questions based on risk categories/groupings 7

8 What We Did… (cont’d) Focus on privacy and records management Review Guaranty Agency’s processes, policies, and procedures Data Center visit Operational Unit tour (vault, call center, etc.) Management out brief Prepare and distribute report – observations and recommendations Receive and record GA management responses 8

9 What We Found… Overall observations (SWOT analysis) Strengths Logical Access Control Critical Infrastructure Protection Governance Weaknesses Strategy Incident Breach Response 9

10 What We Found… Opportunities Update and embellish policies/processes Improve communication between GA’s and service partners Improve certification of technical staff Create and expand on the trusted relationship between FSA and the GA’s Threats Monitoring Revalidating user accounts 10

11 Summary of FY 11 Reviews 11

12 Summary of FY12 Reviews 12

13 Logical Access Control 13 ?  

14 Critical Infrastructure Protection 14 ?  

15 Strategy 15 ?  

16 Incident/Breach Response 16 ?  

17 Monitoring (Vulnerability Management) 17 ?  

18 Governance 18 ?  

19 Next Steps… Populate the OVMS database Liaising with GA’s on remediation plans – quarterly reporting Continuing Dialogue – explore ways for continued collaboration with the GA community 19

20 Contact Information 20 We appreciate your feedback & comments. Bridget-Anne Hampden Deputy CIO E-mail: Bridget-Anne.Hampden@ed.govBridget-Anne.Hampden@ed.gov Phone: 202-377-3508

Download ppt "Bridget-Anne Hampden U.S. Department of Education Guaranty Agency Security Reviews."

Similar presentations

Evaluation at NRCan: Information for Program Managers Strategic Evaluation Division Science & Policy Integration July 2012.

Evaluation at NRCan: Information for Program Managers Strategic Evaluation Division Science & Policy Integration July 2012.
SAFE AND WELL Angela McKinnon Feb. 2006. What is Safe and Well? A document building on previous guidance - part of the SE reform programme Supplement.

SAFE AND WELL Angela McKinnon Feb What is Safe and Well? A document building on previous guidance - part of the SE reform programme Supplement.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
UMC for Consulting & Services. UMC UMC for Consulting & Services UMC Profile UMC Profile UMC Range of Consulting Services UMC Range of Consulting Services.

UMC for Consulting & Services. UMC UMC for Consulting & Services UMC Profile UMC Profile UMC Range of Consulting Services UMC Range of Consulting Services.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.

1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.
Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.

Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.
FY 14 STRATEGIC PLAN SUMMARY Roadmap Implementation Progress Update – 9/20/2013.

FY 14 STRATEGIC PLAN SUMMARY Roadmap Implementation Progress Update – 9/20/2013.
OVERVIEW OF ClASS METHODS and ACTIVITIES. Session Objectives By the end of the session, participants will be able to: Describe ClASS team composition.

OVERVIEW OF ClASS METHODS and ACTIVITIES. Session Objectives By the end of the session, participants will be able to: Describe ClASS team composition.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Prepared: October, 2005 1 Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.

Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
NOAA Deemed Exports Compliance Program Ann Murphy/Michele Peruch Office of the Chief Administrative Officer Hugh Schratwieser General Counsel Washington,

NOAA Deemed Exports Compliance Program Ann Murphy/Michele Peruch Office of the Chief Administrative Officer Hugh Schratwieser General Counsel Washington,
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
SOX & ISO 27001 Protect your data and be ready to be audited!!!

SOX & ISO Protect your data and be ready to be audited!!!
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,

Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,
Community Planning Training 1-1. Community Plan Implementation Training 1- Community Planning Training 1-3.

Community Planning Training 1-1. Community Plan Implementation Training 1- Community Planning Training 1-3.

Similar presentations

Ads by Google