Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.

Published byMuriel Greer Modified over 9 years ago

Similar presentations

Presentation on theme: "Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION."— Presentation transcript:

1 Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION

2 First Step - Planning Create a “Plan for the Plan” that describes Why? (Policy, risk, etc.)

3 First Step - Planning Create a “Plan for the Plan” that describes Why? (Policy, risk, etc.) What is affected? (Entire organization)

4 First Step - Planning Create a “Plan for the Plan” that describes Why? (Policy, risk, etc.) What is affected? (Entire organization) Who? People keeping the plan in motion People you need help from

5 First Step - Planning Create a “Plan for the Plan” that describes Why? (Policy, risk, etc.) What is affected? (Entire organization) Who? People keeping the plan in motion People you need help from What is being changed? (Focus on 18 control families)

6 First Step - Planning Create a “Plan for the Plan” that describes Why? (Policy, risk, etc.) What is affected? (Entire organization) Who? People keeping the plan in motion People you need help from What is being changed? (Focus on 18 control families) When? Order of action Best estimates

7 First Step - Planning Create a “Plan for the Plan” that describes How? Designate Categorize Secure

8 First Step - Planning Create a “Plan for the Plan” – Other topics to include

9 First Step - Planning Create a “Plan for the Plan” – Other topics to include Short-term mitigation considerations i.e. current events/threats

10 First Step - Planning Create a “Plan for the Plan” – Other topics to include Short-term mitigation considerations i.e. current events/threats Targeted mitigation considerations Market research (i.e. Verizon DBIR top threats for your industry) Industry best practices

11 Second Step – Get Organizational Support Our approach: communicate, repetition Present to Leadership Present to Division Heads Present to Staff

12 Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc.

13 Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc. Explain NIST topics at a relatable level i.e. student data at the copier, sensitive data on your desk

14 Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc. Explain NIST topics at a relatable level i.e. student data at the copier, sensitive data on your desk Sample Slides:

15 Let’s Minimize Security Risk Across OPI NIST provides guidance on: USB drives Student data at the copier The OPI ISSP

16 Let’s Minimize Security Risk Across OPI NIST provides guidance on: USB drives Student data on your desk Student data at the copier Desktops The OPI ISSP

17 Let’s Minimize Security Risk Across OPI NIST provides guidance on: USB drives Student data on your desk Emailing sensitive information Student data at the copier Phones, Tablets Traveling with a laptop Social Engineering Desktops The OPI ISSP And Many More… Internet Use

18 Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc. Explain NIST topics at a relatable level i.e. student data at the copier, sensitive data on your desk

19 Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc. Explain NIST topics at a relatable level i.e. student data at the copier, sensitive data on your desk Introduce your ISSP Plan

20 Second Step – Get Organizational Support Our approach: communicate, repetition Present to leadership, division heads, staff Elaborate on driving factors for security Policy, audit, breach, reputation, etc. Explain NIST topics at a relatable level i.e. student data at the copier, sensitive data on your desk Introduce your ISSP Plan Ask for help

21 Lessons Learned Time

22 Lessons Learned Time Resources

23 Lessons Learned Time Resources Buy-in

24 Next Steps for OPI Update Roles and Responsibilities Categorize Systems Project Planning for Controls Planning family Risk assessment family

25 Contact Curt Norman CNorman@mt.gov 406-444-3536

Download ppt "Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.

The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.
INL’s Cellular Data Stipend Jonathan Homer NLIT 2009.

INL’s Cellular Data Stipend Jonathan Homer NLIT 2009.
1 www.vita.virginia.gov Evolving the Cyber Security Program Michael Watson Chief Information Security Officer ISACA 3/12/2015 www.vita.virginia.gov 1.

1 Evolving the Cyber Security Program Michael Watson Chief Information Security Officer ISACA 3/12/
1 3M Privacy Filters Justification Toolkit: How to Use The following presentation is meant to provide you with the most impactful data points to help you.

1 3M Privacy Filters Justification Toolkit: How to Use The following presentation is meant to provide you with the most impactful data points to help you.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Enterprise Risk Management at Your School: Getting Started Constance Neary, VP for Risk Management, United Educators Debra Wilson, Legal Counsel, National.

Enterprise Risk Management at Your School: Getting Started Constance Neary, VP for Risk Management, United Educators Debra Wilson, Legal Counsel, National.
Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1

Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1
Gurpreet Dhillon Virginia Commonwealth University

Gurpreet Dhillon Virginia Commonwealth University
A First Course in Information Security

A First Course in Information Security
BYOD Charter Purpose and Scope

BYOD Charter Purpose and Scope
Implementing Security Education, Training, and Awareness Programs

Implementing Security Education, Training, and Awareness Programs
FHWA Reorganization Update Program Performance Management Standing Committee on Performance Management Meeting Detroit, MI October 14, 2011 Peter Stephanos.

FHWA Reorganization Update Program Performance Management Standing Committee on Performance Management Meeting Detroit, MI October 14, 2011 Peter Stephanos.
EEC Internal Control Plan (ICP) FY2013. Direction from Secretary Malone Acting EEC Commissioner Thomas Weber shall initiate a top-to-bottom review of.

EEC Internal Control Plan (ICP) FY2013. Direction from Secretary Malone Acting EEC Commissioner Thomas Weber shall initiate a top-to-bottom review of.
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.

Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Georgia Department of Human Services Division of Aging Services (DAS): Data Breach Presenter:Harold Johnson Acting General Counsel Presentation to: Board.

Georgia Department of Human Services Division of Aging Services (DAS): Data Breach Presenter:Harold Johnson Acting General Counsel Presentation to: Board.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.

Similar presentations

Ads by Google