Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal Risk Assessments and Corrective Action Planning IT Decentralized Risk Assessment Corrective Action Planning Workgroup February, 2010.

Published byCory Floyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Internal Risk Assessments and Corrective Action Planning IT Decentralized Risk Assessment Corrective Action Planning Workgroup February, 2010."— Presentation transcript:

1 Internal Risk Assessments and Corrective Action Planning IT Decentralized Risk Assessment Corrective Action Planning Workgroup February, 2010

2 Objectives Put the risk assessments in context Lay out the timeline for corrective actions Identify corrective action planning resources Provide a general “road map”

3 Background Risk assessments conducted 2009 –By University Audit & Advisory Services Q2 2009: Decentralized IT Risk Assessment Q3 2009: Centralized IT Risk Assessment –Reported to ABOR –Referenced in report to Auditor General’s Office

4 Auditor General’s Office said… According to officials, the university intends to monitor compliance with the information security program through its risk assessments. In fiscal year 2009 the university’s [University] Audit and Advisory Services completed two risk assessments, however ASU is still developing a plan for monitoring information security program compliance, including mechanisms for responding to noncompliance and holding departments accountable.

5 ASU proposed… Decentralized –University-wide training, departmental outreach –Schedule Initial Risk Assessment – Q2 2009 Evaluate/Develop Corrective Action Plan – Q4 2009 Conduct Corrective Action Plan – 12/2009 through Q1 2010 Follow-up Risk Assessment – Q2 2010 Evaluate/Develop Corrective Action Plan – Q4 2010

6 ASU proposed… Centralized –Follows the same model –Schedule Initial Risk Assessment – Q3 2009 Evaluate/Develop Corrective Action Plan – Q1 2010 Conduct Corrective Action Plan – Q2 2010 Follow-up Risk Assessment – Q3 2010 Evaluate/Develop Corrective Action Plan – Q4 2010

7 Decentralized risk assessment DRA summarized 20 points of concern –Units differ in points to be addressed –Each unit may require its own plan ASU has… –Convened a working group Reviewed items requiring additional action Identified ASU-wide/departmental corrective actions Identified areas where UTO can assist Finalized the corrective action plan –Developed security awareness training For faculty/staff/employed students Addresses most of the 20 points Available through Blackboard now –Drafted a guide for unit responses

8 The road map Review your survey responses –1, 5, 8, 10, 18-19, 21, 23-25, 27-28, 31-32, 35, 37-38, 47, 49-50, 64, 68 –Scores of 4 or 5 Refer to the CAP guide –http://getprotected.asu.edu/capguidehttp://getprotected.asu.edu/capguide Walkthrough – your survey –If you have more than one, just pick one

9 The road map Promote the GISA training to your personnel –Details: http://help.asu.edu/Security_Awarenesshttp://help.asu.edu/Security_Awareness –Include topic reinforcements in announcement Coordinate with UTO where needed –Web application scanning –Disaster Recovery plans –Potentially useful centralized services –Service Desk (feedback survey) Draft departmental documentation if needed –Business Continuity plan –Incident Response procedures

10 The road map Timeline –February: Training, planning, resource gathering –March: Completion –April: Follow-up risk assessments

11 Questions? infosec@asu.edu

Download ppt "Internal Risk Assessments and Corrective Action Planning IT Decentralized Risk Assessment Corrective Action Planning Workgroup February, 2010."

Similar presentations

MONITORING OF SUBGRANTEES

MONITORING OF SUBGRANTEES
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
1 NORTH CAROLINA COUNCIL OF INTERNAL AUDITING October 31, 2007.

1 NORTH CAROLINA COUNCIL OF INTERNAL AUDITING October 31, 2007.
Arizona Department of Homeland Security SAA Site Monitoring 6 th Annual Homeland Security UASI Conference May 2012 May 2012 Governor Janice K. BrewerDirector.

Arizona Department of Homeland Security SAA Site Monitoring 6 th Annual Homeland Security UASI Conference May 2012 May 2012 Governor Janice K. BrewerDirector.
Software Quality Assurance Plan

Software Quality Assurance Plan
School Board Audit Committee Training Module 7 Evaluation of the Audit Committee 1.

School Board Audit Committee Training Module 7 Evaluation of the Audit Committee 1.
A Multi-Year Improvement System and Schedule

A Multi-Year Improvement System and Schedule
A Presentation on the Management and Curriculum Audit for the Guam Public School System April 14, 2009.

A Presentation on the Management and Curriculum Audit for the Guam Public School System April 14, 2009.
1 Guidance for the American Recovery and Reinvestment Act of 2009 By David G. Bullock, Partner Macias Gini & O’Connell LLP.

1 Guidance for the American Recovery and Reinvestment Act of 2009 By David G. Bullock, Partner Macias Gini & O’Connell LLP.
Compliance Application Notice Process Update and Discussion with NERC MRC.

Compliance Application Notice Process Update and Discussion with NERC MRC.
BUSINESS PROCESS IMPROVEMENT INITIATIVES Chad Cleveland June 18, 2014 BAAF Meeting.

BUSINESS PROCESS IMPROVEMENT INITIATIVES Chad Cleveland June 18, 2014 BAAF Meeting.
INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.

INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Introduction & Background Laurene Christensen National Center on Educational Outcomes National Center on Educational Outcomes (NCEO)

Introduction & Background Laurene Christensen National Center on Educational Outcomes National Center on Educational Outcomes (NCEO)
What is Program Management?

What is Program Management?
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
NDSU RECORDS MANAGEMENT INITIATIVE December 2007 PowerPoint.

NDSU RECORDS MANAGEMENT INITIATIVE December 2007 PowerPoint.
2015 - 2017 Audit Program: Introduction. Our role Located within the Tasmanian Archives and Heritage Office (TAHO), the Government Recordkeeping team.

Audit Program: Introduction. Our role Located within the Tasmanian Archives and Heritage Office (TAHO), the Government Recordkeeping team.
Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.

Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.
2014-2015 On Site Review Process Office of Field Services.

On Site Review Process Office of Field Services.

Similar presentations

Ads by Google