We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJames Larson
Modified over 3 years ago
Data Security Best Practices for Non-Profits & Foundations © 2010 Museum of Fine Arts, Boston John C. Newman Highland Street Foundation Breakfast Seminar March 23, 2010
© 2010 Museum of Fine Arts, Boston A Non-Profit Case Study
450,000 Objects 1 Million Visitors 70,000 Members 1400 SMFA Students 1200 Volunteers 1000 Employees © 2010 Museum of Fine Arts, Boston
3 Restaurants 3 Shops 3 4 Web Sites 2 Web Stores 2 Parking Lots 1 Parking Garage Library Concerts Lectures Films © 2010 Museum of Fine Arts, Boston
State Street Corporation Fenway Entrance Sharf Information Center Huntington Entrance New Courtyard New American Wing Forsyth Dental School Seven sites Temporary relocations © 2010 Museum of Fine Arts, Boston
2010 20052006200720082009 PCI 1.0 Compliance Review Network Account procedures updated Budgeted for Network Penetration Testing PCI 1.2 Compliance Review Mass CMR 17.00 issued Revised Data Inventory Published WISP CMR 17.00 Deadline
Tier 4 PCI Vendor No Staff Wireless No Staff Downloads Separate physical staff and student networks Very limited remote system access © 2010 Museum of Fine Arts, Boston
Museum-Wide MFA Computer Use Policy Information Technology and System User Responsibilities I.T. Policies MFA Computer Network Accounts: Policies and Procedures MFA Employee Departure Policy and Procedure MFA Mobile Device Policy: Laptops and Off- Site Computers Network Security Policy: Unauthorized Devices I.T. Service Request Procedures Financial Policies MFA Mobile Device Policy: Cell Phones + Smart Phones © 2010 Museum of Fine Arts, Boston
Leverage existing systems and procedures New Employee Orientation PCI Data Inventory Track-It! Incident Reporting On-line Publishing Intranet Sharepoint Incident Dashboard © 2010 Museum of Fine Arts, Boston
Obtaining Budget for New Services Time Commitment for Application-Data Inventory and Risk Analysis Ongoing Time Commitment for Education and Annual Review © 2010 Museum of Fine Arts, Boston
Web site requirements Vendor Registration Form Security Incident Dashboard Network Vulnerability Scan © 2010 Museum of Fine Arts, Boston
Increased Security Awareness Increased knowledge of our systems Potential reuse of Data Inventory results © 2010 Museum of Fine Arts, Boston
Implementing MA 201 CMR in a cultural institution… Richard Snow Director of Information Technology Mount Auburn Cemetery
Case Franchise Support & Training. Case Support Who? Who do I call for support? What? What types of questions can be answered by the corporate support.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
By: Matt Winkeler. PCI – Payment Card Industry DSS – Data Security Standard PAN – Primary Account Number.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.
Separate Domains of IT Infrastructure CS Domains of IT 1. User Domain 2.Workstation Domain 3.LAN Domain 4.LAN to WAN Domain 5.WAN Domain 6.Remote.
Value Proposition Key Features A Closer Look Operational Support Essential Payback Employee Access TM Your Window to Employee and Manager Self-Service.
Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.
Frontline Enterprise Security Presented by: Michael Weaver, CISSP, QSA Sword & Shield Enterprise Security October 6,
Welcome. Henrietta TurnerManager, License Administration Colorado Parks & Wildlife (CPW) IPAWS Project Sponsor Ken ThomSenior IT Project Manager Governor’s.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
Raya for Information Technology. About US Raya IT, established in 1998, operates in the field of systems integration and IT business solutions. A.
The Necessity of Collaboration A State-Wide Plan Ray Walker CIO UVU.
Presented by Manager, MIS. GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
1 606 CMR 14.00: Background Record Checks What you need to know!
Apple Inc ISO. Organisation chosen Apple Store The company designs, manufactures and markets personal computers, portable digital.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Desktop computer security policies Applies to ALL computers connecting to the PathStone network irrespective of device ownership.
BUSINESS SERVICES PLANNING PRIORITIES FOR
Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
©2013 Cengage Learning. All Rights Reserved. Business Management, 13e Technology and Information Management Electronic Technology Fundamentals.
New Data Regulation Law 201 CMR TJX Video.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Bring Your Own Device in HCPSS. What is BYOD? BYOD stands for Bring Your Own Device Students and staff are welcome to bring their personal devices such.
Information Security Training for Management Complying with the HIPAA Security Law.
Chapter 3 “A Case Study of Effectively Implemented Information Systems Security Policy” John Doran, CST554, Spring 2008.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Audit Challenges and Best Practices in a Research University Environment NSAA Annual Conference Jeffrey Huskamp Vice President and CIO.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Mobile Connectivity With Sage - connecting employees to business wherever they are - Mobile productivity systems deliver incredible returns to your business.
© Robert G Parker – UW-CISA 2010 S-1 New and Emerging Technologies 3 - New and Emerging Technologies.
Welcome and Logistics Joel Butler Fermilab. Outline Welcome from organizers Welcome from Fermilab Logistics.
Identify risks with mobile devices: Portable data storage Wireless connections 3 rd party applications Data integrity Data availability 2.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Credit Cards at Fermilab Irwin Gaines Computer Security Awareness Day 9-Nov-2010.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
COMPLIANCE MANAGEMENT – VARIOUS PROVISIONS OF LABOUR LAW and STATUTORY REGULATIONS BY OPTIMUM COMPLIANCE CONSULTANTS PVT LTD.
Effective Customer Service: Exploring the process from beginning to end.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
© 2017 SlidePlayer.com Inc. All rights reserved.