Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

Published byAniya Dain Modified over 9 years ago

Similar presentations

Presentation on theme: "Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]"— Presentation transcript:

1 Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

2 2 [the Agency] Today  [the Agency’s]  [the Agency’s] mission and vision  The way we do business is changing  Increased reliance on systems and technology  Increased threats to information and systems

3 3 Attempts to Access Sensitive Information Industrial Espionage Malicious Acts Pranks Natural Disaster Sabotage User Error Threats Public, Partner, Legislativ e Trust Lost Critical Operations Halted Sensitive Data Disclosed Services & Benefits Interrupted Integrity of [ Agency ] [ Agency ] Data & Reports Corrupted Assets Lost Potential Damage [the Agency’s] [the Agency’s] Systems Enterprise Security Risks Failed CFO Audit

4 4 Natural Disaster Sabotage User Error Threats Public, Partner, Legislativ e Trust Lost Critical Operations Halted Sensitive Data Disclosed Services & Benefits Interrupted Integrity of [Agency] [Agency] Data & Reports Corrupted Assets Lost Potential Damage [the Agency’s] [the Agency’s] Systems Enterprise Security Risks Failed CFO Audit Unauthorized Access to Sensitive Information

5 5 Natural Disaster Sabotage User Error Threats Public, Partner, Legislativ e Trust Lost Critical Operations Halted Sensitive Data Disclosed Services & Benefits Interrupted Integrity of [Agency] [Agency] Data & Reports Corrupted Assets Lost Potential Damage [the Agency’s] [the Agency’s] Systems Enterprise Security Risks Failed CFO Audit Industrial Espionage

6 6 Attempts to Access Sensitive Information Industrial Espionage Malicious Acts Pranks Natural Disaster Sabotage User Error Threats Public, Partner, Legislativ e Trust Lost Critical Operations Halted Sensitive Data Disclosed Services & Benefits Interrupted Integrity of [Agency’ [Agency’ Data & Reports Corrupted Assets Lost Potential Damage [the Agency’s] [the Agency’s] Systems Enterprise Security Risks Failed CFO Audit

7 7 Attempts to Access Sensitive Information Industrial Espionage Malicious Acts Pranks Natural Disaster Sabotage User Error Threats Public, Partner, Legislativ e Trust Lost Critical Operations Halted Sensitive Data Disclosed Services & Benefits Interrupted Assets Lost Potential Damage [the Agency’s] [the Agency’s] Systems Enterprise Security Risks Failed CFO Audit

8 8 Why is Security Important to [the Agency’s] ?  Protect privacy information  Protect processes and corporate assets  Provide continuity of services  Provide accessibility of information It is a prudent business practice to reduce risks to [the Agency’s]

9 9 Why is Security Important to US? Each One Of Us Is Accountable!

10 10 Laws and Regulations  Computer Security Act of 1987  Privacy Act of 1974  Freedom of Information Act  Presidential Decision Directive (PDD) 63  OMB A-130, Appendix III, Revised  Health Insurance Portability and Accountability Act  FISMA of 2002

11 11 Audit’s Point of Weaknesses  General Accounting Office  Internal Revenue Service  Office of the Inspector General  Chief Financial Officer  Office of Information Services

12 [the Agency’s] Enterprise Security Program Policy, Training, Engineering, and Management Oversight for [the Agency’s] all [the Agency’s] employees, contractors, and agents

13 13 Security Program Elements  Personnel and Physical Security  Security Awareness, Training, & Education  Risk Management  Integrating Security into the SDLC  Security Determinations and Requirements  Security Plans & Certification  Systems Access Security  Acquisitions & Contracts  Remote Access Security  Audit Systems  Business Contingency Planning  Workstation Security  LAN Security  Security Incidents  E-Mail & Facsimile Security  Internet / Intranet Security  Virus Prevention, Detection, & Reporting  Medicare Contractor Oversight

14 14 Current Enterprise Security Initiatives  GPRA Goal of Zero Material Weaknesses for the Year 2000 and Beyond  [the Agency’s] Enterprise Security Handbook  Information Technology Architecture  IT Council Security Committee  HIPAA Compliance

15 15 Immediate Next Steps  Designation of Information Systems Security Officers  Re-certification of User Access Privileges  Corrective Action Plans to Audit Findings  [the Agency’s]  [the Agency’s] Contractor Oversight  Security Awareness and Training

16 16 Summary  Recognize that security risks in [the Agency’s] environment impact [the Agency’s] Mission.  Security is a management responsibility.  Security is everybody’s business.

17 17 We ask you to:  Encourage and support [the Agency’s] security initiative activities!  Lead by example!  Be proactive!

18 Thank You

Download ppt "Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
1 www.vita.virginia.gov IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1, 2013 www.vita.virginia.gov.

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.

Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.
Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
Women in Technology 2009 Mary Henthorn. Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security.

Women in Technology 2009 Mary Henthorn. Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security.
Khammar Mrabit Director Office of Nuclear Security

Khammar Mrabit Director Office of Nuclear Security
2009 Data Protection Seminar

2009 Data Protection Seminar
Surveillance TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Surveillance TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.

2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.
U.S. Department of Health and Human Services Information Security for Executives v1.0 1 MAY 2011.

U.S. Department of Health and Human Services Information Security for Executives v1.0 1 MAY 2011.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Colorado Cyber Security Program (CCSP) Risk Based Gap Analysis (RBGA) and Statewide Security Planning Update Rick Dakin, Security Strategist September.

Colorado Cyber Security Program (CCSP) Risk Based Gap Analysis (RBGA) and Statewide Security Planning Update Rick Dakin, Security Strategist September.
Security Controls – What Works

Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

Similar presentations

Ads by Google