We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJames Larson
Modified over 3 years ago
Data Security Best Practices for Non-Profits & Foundations © 2010 Museum of Fine Arts, Boston John C. Newman Highland Street Foundation Breakfast Seminar March 23, 2010
© 2010 Museum of Fine Arts, Boston A Non-Profit Case Study
450,000 Objects 1 Million Visitors 70,000 Members 1400 SMFA Students 1200 Volunteers 1000 Employees © 2010 Museum of Fine Arts, Boston
3 Restaurants 3 Shops 3 4 Web Sites 2 Web Stores 2 Parking Lots 1 Parking Garage Library Concerts Lectures Films © 2010 Museum of Fine Arts, Boston
State Street Corporation Fenway Entrance Sharf Information Center Huntington Entrance New Courtyard New American Wing Forsyth Dental School Seven sites Temporary relocations © 2010 Museum of Fine Arts, Boston
2010 20052006200720082009 PCI 1.0 Compliance Review Network Account procedures updated Budgeted for Network Penetration Testing PCI 1.2 Compliance Review Mass CMR 17.00 issued Revised Data Inventory Published WISP CMR 17.00 Deadline
Tier 4 PCI Vendor No Staff Wireless No Staff Downloads Separate physical staff and student networks Very limited remote system access © 2010 Museum of Fine Arts, Boston
Museum-Wide MFA Computer Use Policy Information Technology and System User Responsibilities I.T. Policies MFA Computer Network Accounts: Policies and Procedures MFA Employee Departure Policy and Procedure MFA Mobile Device Policy: Laptops and Off- Site Computers Network Security Policy: Unauthorized Devices I.T. Service Request Procedures Financial Policies MFA Mobile Device Policy: Cell Phones + Smart Phones © 2010 Museum of Fine Arts, Boston
Leverage existing systems and procedures New Employee Orientation PCI Data Inventory Track-It! Incident Reporting On-line Publishing Intranet Sharepoint Incident Dashboard © 2010 Museum of Fine Arts, Boston
Obtaining Budget for New Services Time Commitment for Application-Data Inventory and Risk Analysis Ongoing Time Commitment for Education and Annual Review © 2010 Museum of Fine Arts, Boston
Web site requirements Vendor Registration Form Security Incident Dashboard Network Vulnerability Scan © 2010 Museum of Fine Arts, Boston
Increased Security Awareness Increased knowledge of our systems Potential reuse of Data Inventory results © 2010 Museum of Fine Arts, Boston
Implementing MA 201 CMR in a cultural institution… Richard Snow Director of Information Technology Mount Auburn Cemetery
Case Franchise Support & Training. Case Support Who? Who do I call for support? What? What types of questions can be answered by the corporate support.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
By: Matt Winkeler. PCI – Payment Card Industry DSS – Data Security Standard PAN – Primary Account Number.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.
Separate Domains of IT Infrastructure CS Domains of IT 1. User Domain 2.Workstation Domain 3.LAN Domain 4.LAN to WAN Domain 5.WAN Domain 6.Remote.
Value Proposition Key Features A Closer Look Operational Support Essential Payback Employee Access TM Your Window to Employee and Manager Self-Service.
Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.
Frontline Enterprise Security
Welcome. Henrietta TurnerManager, License Administration Colorado Parks & Wildlife (CPW) IPAWS Project Sponsor Ken ThomSenior IT Project Manager Governor’s.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
Raya for Information Technology. About US Raya IT, established in 1998, operates in the field of systems integration and IT business solutions. A.
The Necessity of Collaboration A State-Wide Plan Ray Walker CIO UVU.
Presented by Manager, MIS. GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
606 CMR 14.00: Background Record Checks What you need to know!
Apple Inc ISO. Organisation chosen Apple Store The company designs, manufactures and markets personal computers, portable digital.
© 2017 SlidePlayer.com Inc. All rights reserved.