Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Published byNora Sutton Modified over 8 years ago

Similar presentations

Presentation on theme: "Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO."— Presentation transcript:

1 Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO

2 Security Program (Agency Name) mission is to provide constituent internet interface for the sale of state logo widgets This security program has been developed to support business processes and communications to support business goals

3 Security Program Governance Complies with Federal, Industry and State statutes and requirements such as HIPAA, PCI and the Georgia Enterprise Policies, Standards and Guidelines

4 Security Program Governance Key Components of Governance –Planning Strategic Security Plan –Governance structures State CIO Council Information Security Officer Council Agency Risk Management Board Agency IT Leadership

5 Security Program Governance Key Components of Governance –Policy Georgia Enterprise Policy (Agency Policy) Industry Practices Federal Policies –Monitoring Self-assessments Third Party assessments Georgia Dept of Audits

6 Security Program Governance Challenges and Keys to Success –Challenges Resources New Threats –Keys to Success Resources to achieve goals –Meditation of shortfalls –Certification of assurance Education –Executive –Employee

7 Security Program System Development Life Cycle Four cycle as prescribed by OPB for IT equipment In the third year of the current planning cycle –25% IT equipment refresh budgeted –Security device refresh scheduled

8 Security Program Awareness and Training Awareness and Training program based on federal model User Awareness training completed –120/125 employee participation –96% ‘pass’ for Annual Awareness Training –Remedial training identified and scheduled Training program underway for technical staff –Act-Online.net –Strategic Training Alliance Executive training underway –Act-Online.net

9 Security Program Capital Planning Security Priorities and Funding –Top Five Security Priorities Third Party assessment to (1) High system Refresh firewall pair (7 years old) Refresh Intrusion system (5 years old) SIEM acquisition Training (ISO skills - administrative training) – Total FY 2009 Funding request $125K –Allowed FY 2009 Funding:$77K Third Party assessment Refresh firewall pair

10 Security Program Interconnecting Systems PeopleSoft – State Accounting Office Enterprise Active Directory/Exchange - GTA GBA Physical Access Control System PCI vendor – XYZ Corporation

11 Security Program Performance Measures Annual Agency Information Security Report –Due 30 June –Reporting to GTA –Reporting items as prescribed by Enterprise Standard

12 Security Program Security Planning Approach for security planning is performed by examining each system Security Program is based upon aggregating plans, assessments and audits –Current plans are attached to the Security Program document

13 Security Program Contingency Planning No formal agency Business Continuity Plan has been developed IT has rudimentary planning underway –Several meetings with system owners –IT staff has begun requirements collection

14 Security Program Risk Management Agency has a Risk Management Board that meets monthly Structure and scope aligns with NIST 800- 30 Risk Management Security heavily involved

15 Security Program Security Assessments Self-Assess with current IT staff –Performed quarterly Third party assessments once a year Georgia Dept of Audit every third year

16 Security Program Security Products and Accquisition Conduct research and consult with GTA Office of Information Security Current focus –Application firewall –Intrusion systems –Content filtering

17 Security Program Incident Response Escalation procedures include security hand-off decision points Procedures are periodically tested Security personnel have been trained: –Cyber First Responder –Forensic Investigations (National White Collar Crime Center)

18 Security Program Configuration Management Configuration management is given high importance to maintain the integrity of the network and IT assets. Agency has a Configuration Management Board (CMB) that meets weekly The CMB coordinates with GTA’s CMB as it may impact enterprise operations

19 Security Program Questions

Download ppt "Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO."

Similar presentations

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.

Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
Security Controls – What Works

Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.

Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Information Technology Assessment Review Presented to the Board of the State Center Community College District.

Information Technology Assessment Review Presented to the Board of the State Center Community College District.
A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’

A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’
Continual Service Improvement Process

Continual Service Improvement Process
FY2010 PEMP Notable Outcomes October 15, 2009. FRA, LLC Board of Directors 10/15-16/2009 Office of Quality and Best Practices Performance Evaluation Management.

FY2010 PEMP Notable Outcomes October 15, FRA, LLC Board of Directors 10/15-16/2009 Office of Quality and Best Practices Performance Evaluation Management.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs

Similar presentations

Ads by Google