Presentation is loading. Please wait.

Presentation is loading. Please wait.

Instructional & Information Technology Services Fall, 2008 2010 Activities and Updates Teresa Macklin Information Security Officer Information Security.

Published byAngela Robinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Instructional & Information Technology Services Fall, 2008 2010 Activities and Updates Teresa Macklin Information Security Officer Information Security."— Presentation transcript:

1 Instructional & Information Technology Services Fall, 2008 2010 Activities and Updates Teresa Macklin Information Security Officer Information Security

2 Instructional & Information Technology Services Fall, 2008 Major Activities Information Security Audits –10 campuses this year –Both practices and vulnerabilities being tested CSU-Wide Info Security Policies & Standards –Still in draft –Affects campus business practices

3 Instructional & Information Technology Services Fall, 2008 Policy & Standards Development  Scope: All campus plus auxiliary organizations  Schedule: Draft of both due Fall, 2008 The CSU is implementing a set of CSU-wide policies and standards  Baseline policy and standard for a broad set of information security elements

4 Instructional & Information Technology Services Fall, 2008 Policy & Standards Scope  Strict identification, handling practices and tracking of “protected” data.  More process around accessing an employee’s files and email when they leave campus employment  Employees will have to receive security awareness training before being granted a user account.  Structured reviews of user access lists for department shares and similar.  More use of encryption to store and transmit protected data

5 Instructional & Information Technology Services Fall, 2008 Security Awareness CSU-Wide program  Online training similar to sexual harassment training  Customized by campus  Provides baseline security awareness  Participation is a requirement  Scope: Entire campus community  Schedule: AY08/09

6 Instructional & Information Technology Services Fall, 2008 Information Security Audit  CSU Auditors scheduling 10 audits this calendar year, likely the remaining campus in 2009  Initial audit document request is for 90 document areas  Requires participation from IITS, HR, Materials Management, Procurement, Risk Management  Payment Card Industry standards  Requires frequent assessment  Affects any use of payment cards via campus network or using campus equipment

7 Instructional & Information Technology Services Fall, 2008 Changes To Campus Practices  Classification of the data your organization uses.  Periodic review of department access lists and practices by ISO  IT security assessments required for some organizations  Many former “practices” documented as procedure ……

8 Instructional & Information Technology Services Fall, 2008 Example details Data Classification (Standard 15) –Depts will be required to identify applications and systems which access or store protected data. –Some data may not be sent unless encrypted –Annual reviews of security permissions & practices. –Approval required to create “shadow” systems. Mobile Devices (Standards 12.2 & 12.3) –No protected data store on mobile devices unless encrypted/protected. (Laptops, data phones, memory sticks) Info Security Awareness (Standard 10) –Required and tracked for every employee Procurement/Contracts (Standards 6, 11 –Risk management process prior to procuring new systems –Third party contract changes Personnel (Standard 8) –Exit process must include securing data and access.

9 Instructional & Information Technology Services Fall, 2008 Your Action Items Respond to specific document requests by ISO Develop new internal processes to meet new requirements when policy/standards are published Engage in development process for campus implementation Establish responsibility for annual reports and internal security audits (with ISO)

Download ppt "Instructional & Information Technology Services Fall, 2008 2010 Activities and Updates Teresa Macklin Information Security Officer Information Security."

Similar presentations

EMPLOYEE ACCESS TERMINATION PROJECT

EMPLOYEE ACCESS TERMINATION PROJECT
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
The International Security Standard

The International Security Standard
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Internal Audit Awareness

Internal Audit Awareness
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Security Controls – What Works

Security Controls – What Works
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
ASPEC Internal Auditor Training Version 1.0 2013.

ASPEC Internal Auditor Training Version
RJC Certification - (COP 9) Bribery and Facilitation Payments Training Module – March 2014.

RJC Certification - (COP 9) Bribery and Facilitation Payments Training Module – March 2014.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
© 2008 CH2M HILL, Inc Data contained on this sheet is proprietary; use or disclosure is prohibited. Page 1 The CSU System-wide Policy Project Communications.

© 2008 CH2M HILL, Inc Data contained on this sheet is proprietary; use or disclosure is prohibited. Page 1 The CSU System-wide Policy Project Communications.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Similar presentations

Ads by Google