We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJames Larson
Modified over 2 years ago
Data Security Best Practices for Non-Profits & Foundations © 2010 Museum of Fine Arts, Boston John C. Newman Highland Street Foundation Breakfast Seminar March 23, 2010
© 2010 Museum of Fine Arts, Boston A Non-Profit Case Study
450,000 Objects 1 Million Visitors 70,000 Members 1400 SMFA Students 1200 Volunteers 1000 Employees © 2010 Museum of Fine Arts, Boston
3 Restaurants 3 Shops 3 4 Web Sites 2 Web Stores 2 Parking Lots 1 Parking Garage Library Concerts Lectures Films © 2010 Museum of Fine Arts, Boston
State Street Corporation Fenway Entrance Sharf Information Center Huntington Entrance New Courtyard New American Wing Forsyth Dental School Seven sites Temporary relocations © 2010 Museum of Fine Arts, Boston
PCI 1.0 Compliance Review Network Account procedures updated Budgeted for Network Penetration Testing PCI 1.2 Compliance Review Mass CMR issued Revised Data Inventory Published WISP CMR Deadline
Tier 4 PCI Vendor No Staff Wireless No Staff Downloads Separate physical staff and student networks Very limited remote system access © 2010 Museum of Fine Arts, Boston
Museum-Wide MFA Computer Use Policy Information Technology and System User Responsibilities I.T. Policies MFA Computer Network Accounts: Policies and Procedures MFA Employee Departure Policy and Procedure MFA Mobile Device Policy: Laptops and Off- Site Computers Network Security Policy: Unauthorized Devices I.T. Service Request Procedures Financial Policies MFA Mobile Device Policy: Cell Phones + Smart Phones © 2010 Museum of Fine Arts, Boston
Leverage existing systems and procedures New Employee Orientation PCI Data Inventory Track-It! Incident Reporting On-line Publishing Intranet Sharepoint Incident Dashboard © 2010 Museum of Fine Arts, Boston
Obtaining Budget for New Services Time Commitment for Application-Data Inventory and Risk Analysis Ongoing Time Commitment for Education and Annual Review © 2010 Museum of Fine Arts, Boston
Web site requirements Vendor Registration Form Security Incident Dashboard Network Vulnerability Scan © 2010 Museum of Fine Arts, Boston
Increased Security Awareness Increased knowledge of our systems Potential reuse of Data Inventory results © 2010 Museum of Fine Arts, Boston
Confidential Property of the University of Notre Dame Security From The Ground Up David Seidl Information Security Program Manager University of Notre.
Credit Card Data Security Compliance Achieving PCI Compliance July 2009 Kim Ray Billing and Payment Services Campus Credit Card Coordinator Karen Eft IT.
NC Financial Systems Conference 2010 PCI Compliance & Credit Card Processing What Does It Mean & How Do We Get There?
Presented to OUHSC Policies and Procedures Workshop IT Information Security Services.
John Clark COO, PCI Security and Compliance CCIA Fall Meeting – 7 th October 2011.
How Microsoft does end-to-end IT Security Bruce Cowper Senior Program Manager, Security Initiative Microsoft Canada.
© 2005, EDUCAUSE/Internet2 Computer and Network Security Task Force Information Security Governance: The Buck Stops Where? Mark Luker Vice President, EDUCAUSE.
PCI Boot Camp Presented by the PCI Compliance Task Force.
A Compliance Framework for Credit Card Security Gabriel Dusil SecureWorks Inc. Director Partnerships, EMEA cz.linkedin.com/in/gabrieldusil.
Personal Information Security Workshop Williams College Office for Information Technology (OIT) Winter 2010.
Dealing with Web Application Security, Regulation Style Andrew Weidenhamer 11/10/2010.
PCI:DSS What is it, and what does it mean to you? Dale Pearson 17 th November 2009.
Mount Auburn Hospital Information Security Awareness Training How to protect electronic information at work and at home.
To ensure quality instruction and educational success, NVC Information Technology is committed to delivering high quality technical leadership, resources,
PCI-DSS Compliance and Payment Card Acceptance Cathy Freeman Cash and Treasury Services Phone:
Personal Accountability for Data Stewardship 1 st Year Medical Students – October 18, nd Year Medical Students – October 9, 2012 Noella RawlingsRichard.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Avaya Unified Communications for Teleworkers. Agenda © 2009 Avaya Inc. All rights reserved.2 OverviewBusiness ValueSolution Overview.
Data Breach Prevention 101 and Lessons Learned Mr. Sam Jenkins TMA Privacy Office Department of Defense TRICARE Management Activity THE THIRTEENTH NATIONAL.
Introduction Scott Jerabek Product Manager The CBORD Group Founded in 1975 Foodservice, Campus Card and Security solutions to College and University.
Copyright © 2011 Pearson Education, Inc. publishing as Prentice Hall 14-1 MANAGING INFORMATION TECHNOLOGY 7 th EDITION CHAPTER 14 INFORMATION SECURITY.
1 Copyright © 2010, Oracle. All rights reserved. Cyber Security / Cyber Warfare Hype or underestimated? Bert Oltmans Director Defence, Justice and Public.
1 Network Security Workshop BUSAN 2003 Rahmat Budiarto
Wendee Shinsato – Senior Audit Manager Ann Hough – Audit Manager.
Pharmaceutical Congress Spring 2003 Preconference Symposia Compliance 101 for Pharmaceutical Manufacturers Michael P. Swiatocha June 8, 2003.
LESSONS LEARNED ON THE WAY TO PCI COMPLIANCE The University of Western Ontario & McMaster Universitys Experiences June 7th, 2011.
Electronic Payments: PCI Compliance Program Overview Rick Dakin, QSA August 2008.
Presented to the Fifth HIPAA Summit October 30, 2002 HIPAA Assessment and Implementation.
Case Study One UN ICT Infrastructure Mozambique ToT Common Services and Harmonized Business Practices, New York 14 – 17 September 2010.
Boston Springfield Albany Enter Presentation Title Here Presenter Name © 2009 Wolf & Company, P.C. Presentation date Location 1 Boston Springfield Albany.
© 2016 SlidePlayer.com Inc. All rights reserved.