Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation to the CIO PREPARED BY: JOSHUA SMITH, GARY FAULKNER, BRANDON VAN GUILDER, AND ERIC RUSCH.

PublishLewis Boone Modified over 9 years ago

Similar presentations

Presentation on theme: "Presentation to the CIO PREPARED BY: JOSHUA SMITH, GARY FAULKNER, BRANDON VAN GUILDER, AND ERIC RUSCH."— Presentation transcript:

1 Presentation to the CIO PREPARED BY: JOSHUA SMITH, GARY FAULKNER, BRANDON VAN GUILDER, AND ERIC RUSCH

2  Overview of Security Incident  Analysis of incident using COBIT control objectives (DS5)  Recommendations based on analysis  Conclusion & Questions

3  Stolen information was retrieved from VA servers by an authorized worker  The VA worker utilized the data for testing and had authorization to bring work home  Information was brought home on external HD and laptop  An unencrypted national database of 26.5 million veteran’s personal information was stolen  The theft occurred on May 3 rd at the worker’s home and reported by the VA May 22 nd

4  Analysis was completed using COBIT Control Objectives (DS5)  All 21 control objectives were assessed  Not all objectives were applicable  Objectives not applicable were given a grade of PASS  Objectives not met were given expanded recommendations

5  Create an independent Security Oversight Committee  Committee reviews policies, procedures, and security control practices annually and directly after any security incidents.  Cost: $10k – 20k Annually  Improve Communication and documentation between departments and management  Increase security incident response  Cost: $5k - $10k  Expand Authority of the CIO  Manage all IT staff across departments  Enforce policies  Cost: $5k - $10k

6  Employee Training Program  Employees need annual training on security policies and procedures.  Cost: $10k – $15k annually  DLP – Data Loss Prevention Policy and Procedure  Policy and procedure restricting data removal to prevent PII  Restrict Personal Devices from be connected to the VA network  Cost: Minimal  Implement NAC on the VA Network  Restrict Personal or unauthorized devices from connecting to the VA Network  Cost: $75k - $100k

7  Encrypt all VA devices using SEE (Symantec Endpoint Encryption)  Utilize full disk encryption to protect data and PII  Cost: $35k - $50K  Implement Identify Finder to Prevent Data Leakage  Locate and secure sensitive information and PII  Cost: $1.5M - $2M plus $30K - $50K annually

8  Develop and maintain a security program that will meet our needs now and in the future.  Questions & Discussion

Download ppt "Presentation to the CIO PREPARED BY: JOSHUA SMITH, GARY FAULKNER, BRANDON VAN GUILDER, AND ERIC RUSCH."

Similar presentations

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.

Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA Implementation. Basic HIPAA Requirements Designating a Privacy Officer Notifying patients about their privacy rights and how their information can.

HIPAA Implementation. Basic HIPAA Requirements Designating a Privacy Officer Notifying patients about their privacy rights and how their information can.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Lack of Security in Hotspots/Wi Fi Areas Yin Wai ISM 158 4/27/10.

Lack of Security in Hotspots/Wi Fi Areas Yin Wai ISM 158 4/27/10.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
Database Security Overview Blake Middleton CSE 7330 – Fall 2009.

Database Security Overview Blake Middleton CSE 7330 – Fall 2009.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
VA OI&T Field Security Service Seal of the U.S. Department of Veterans Affairs Office of Information and Technology Office of Information Security.

VA OI&T Field Security Service Seal of the U.S. Department of Veterans Affairs Office of Information and Technology Office of Information Security.

Similar presentations

Ads by Google