Presentation is loading. Please wait.

Presentation is loading. Please wait.

Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial."— Presentation transcript:

1 Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial – Share Alike 3.0 license http://creativecommons.org/licenses/by-nc-sa/3.0/ We have reviewed this material in accordance with U.S. Copyright Law and have tried to maximize your ability to use, share, and adapt it. The citation key on the following slide provides information about how you may share and adapt this material. Copyright holders of content included in this material should contact open.michigan@umich.edu with any questions, corrections, or clarification regarding the use of content. For more information about how to cite these materials visit http://open.umich.edu/education/about/terms-of-use. Any medical information in this material is intended to inform and educate and is not a tool for self-diagnosis or a replacement for medical evaluation, advice, diagnosis or treatment by a healthcare professional. Please speak to your physician if you have questions about your medical condition. Viewer discretion is advised: Some medical content is graphic and may not be suitable for all viewers.

2 Citation Key for more information see: http://open.umich.edu/wiki/CitationPolicy Use + Share + Adapt Make Your Own Assessment Creative Commons – Attribution License Creative Commons – Attribution Share Alike License Creative Commons – Attribution Noncommercial License Creative Commons – Attribution Noncommercial Share Alike License GNU – Free Documentation License Creative Commons – Zero Waiver Public Domain – Ineligible: Works that are ineligible for copyright protection in the U.S. (USC 17 § 102(b)) *laws in your jurisdiction may differ Public Domain – Expired: Works that are no longer protected due to an expired copyright term. Public Domain – Government: Works that are produced by the U.S. Government. (USC 17 § 105) Public Domain – Self Dedicated: Works that a copyright holder has dedicated to the public domain. Fair Use: Use of works that is determined to be Fair consistent with the U.S. Copyright Act. (USC 17 § 107) *laws in your jurisdiction may differ Our determination DOES NOT mean that all uses of this 3rd-party content are Fair Uses and we DO NOT guarantee that your use of the content is Fair. To use this content you should do your own independent analysis to determine whether or not your use will be Fair. { Content the copyright holder, author, or law permits you to use, share and adapt. } { Content Open.Michigan believes can be used, shared, and adapted because it is ineligible for copyright. } { Content Open.Michigan has used under a Fair Use determination. }

3 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 3 Enterprise Roles 510 - Data Security and Privacy: Legal, Policy, and Enterprise Issues University of Michigan School of Information Week 8

4 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 4 Enterprise Security Approach  Multidisciplinary responsibility  Managerial  Operational  Technical  Legal  Avoid stovepipe view

5 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 5 ESP Input From Roadmap to an Enterprise Security Program

6 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 6 Elements  Risk management  Security plan  Procedures  Controls  Implementation  Audit

7 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 7 Challenges  Educate constituencies  Need for enterprise approach  Interests and requirements of other groups  Identify and develop processes  Develop cross-department links  Foster team approach  Address turf problems  Question knowledge  Question skills  Question understanding

8 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 8 Elements  Networks  Applications  Information  Digital  Analog

9 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 9 P6STN1  People  Products  Plants  Processes  Policies  Procedures  Systems  Technology  Networks  Information Evaluate all with multidisciplinary approach

10 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 10 The Process  Security Plan  Strategic document  Security Policies  Broad statements that account for management’s risk tolerance and expectations  Security Procedures  Actual steps in the security process  Controls  Standards for each element

11 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 11 Development Stages  Governance  Security Integration and Operations  Implementation and Evaluation  Capital Planning and Investment Controls

12 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 12 Governance  Risk management decision makers  Operational management staff  Cross-organizational teams  Inventory assets  Establish ownership  Catalogue compliance requirements  Threat and risk assessments and reviews  Risk management categorization  Criteria: confidentiality, integrity, availability

13 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 13 Security Integration/Ops  ID standards, best practices, system specific requirements  Determine controls needed  Set performance metrics  Implementation  Efficiency  Effectiveness  Impact  Set contingency and continuity plans

14 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 14 Security Integration/Ops -2  Develop security plan  Business operations and strategic goals  Management goals and organization culture  Legal compliance  System architecture  Develop policies  Develop procedures

15 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 15 Policies  Framework for decisions  Elements  Internal policy  Compliance and monitoring discussion  Enforcement mechanism  Levels  Organizational  Functional  Computing  Baseline

16 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 16 Procedures  Take policies to day-to-day operations level  “How-to”  Detailed

17 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 17 Controls  Evaluation criteria  Provide basis for security assessment  Description of item and statement of goal  May be flexible

18 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 18 Implementation and Evaluation  Hands on; documentation and security management software not enough  Training  Vary by responsibilities  Mechanism to compel  Test and evaluate  Implementation, efficiency, effectiveness, impact  Identify weaknesses and have correction mechanism

19 CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 19 Capital Planning & Investment Controls  Make security part of processes  ROI

20 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 20 Security Programs

21 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 21 Security Plan Norms  Must be consistent with  Business operations  Legal compliance framework  Management goals  Organizational culture  Systems architecture

22 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 22 Security Plan Organization  Boards of Directors  Senior management  Internal management  Operational staff

23 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 23 Internal Management  Business unit managers  HR  Legal  Financial  Technical  Security  PR

24 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 24 Assessment  Includes Gap Analysis  Analyze environment and assess risks and vulnerabilities  Assess potential for problem  Identify solutions or countermeasures  Appropriate and cost effective safeguards

25 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 25 Risk Assessment Strategies  Avoid  Mitigate  Accept  Transfer/Insure

26 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 26 IT Risk Managers  Comparatively new concept  Core of any approach, even if term not used  Often taken from financial auditors and analysts

27 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 27 Common Flaws  Failure to focus on value of information and business reputation  Fix as little as possible and not follow up  Assign untrained people and not give them instruction  Ignoring problems  Using surface solutions

28 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 28 Change Management  Another relatively new concept  Can help with many problems  Systematic way to introduce and manage change  Procedures for introducing and implementing  Audit trail to trace problems back

29 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 29 Classification  Gives framework for setting risk priorities  Seems straightforward  Can be complicated  Often not done in systematic way  Flexible process  Must examine data life cycle  Create, access, use, modify, store  Similar approach for applications and systems

30 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 30 Policies  Components of plan  Frameworks for decisions  Place to add standards, guidelines, best practices  Four levels  Corporate  Functional  Computing  Security baseline

31 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 31 Procedures  Put into effect

32 CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 32 Review  At least annually for:  Effectiveness  Compliance  Vulnerability

Download ppt "Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial."

Similar presentations

Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.

Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Author(s): Paul Conway, 2008-2010. License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.

Author(s): Paul Conway, License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): Michael Hortsch, Ph.D., 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.

Author(s): Michael Hortsch, Ph.D., 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): John Doe, MD; Jane Doe, PhD, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.

Author(s): John Doe, MD; Jane Doe, PhD, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): John Doe, MD; Jane Doe, PhD, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.

Author(s): John Doe, MD; Jane Doe, PhD, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Templates for editing U-M OER Materials

Templates for editing U-M OER Materials
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.

Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Author(s): Paul Conway, 2008-2010. License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.

Author(s): Paul Conway, License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Dr. Roy William Mayega, 2009-2012 Resource.

Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Dr. Roy William Mayega, Resource.
Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Prof. John T. Kakitahi, 2009-2012 Resource.

Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Prof. John T. Kakitahi, Resource.
Project: Ghana Emergency Medicine Collaborative Document Title: Open Educational Resources Author(s): University of Michigan Department of Emergency Medicine.

Project: Ghana Emergency Medicine Collaborative Document Title: Open Educational Resources Author(s): University of Michigan Department of Emergency Medicine.
Author(s): Steve Jackson, 2009 License: Unless otherwise noted, this material is made available under the terms of the Attribution - Noncommercial - Share.

Author(s): Steve Jackson, 2009 License: Unless otherwise noted, this material is made available under the terms of the Attribution - Noncommercial - Share.
Author(s): Steve Jackson, 2009 License: Unless otherwise noted, this material is made available under the terms of the Attribution - Noncommercial - Share.

Author(s): Steve Jackson, 2009 License: Unless otherwise noted, this material is made available under the terms of the Attribution - Noncommercial - Share.
We have reviewed this material in accordance with U.S. Copyright Law and have tried to maximize your ability to use, share, and adapt it. The citation.

We have reviewed this material in accordance with U.S. Copyright Law and have tried to maximize your ability to use, share, and adapt it. The citation.
Module: Public Health Disaster Planning for Districts Organization: East Africa HEALTH Alliance, 2009-2012 Author(s): Dr. Roy William Mayega (Makerere.

Module: Public Health Disaster Planning for Districts Organization: East Africa HEALTH Alliance, Author(s): Dr. Roy William Mayega (Makerere.
Author(s): Brenda Gunderson, Ph.D., 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Non-commercial–Share.

Author(s): Brenda Gunderson, Ph.D., 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Non-commercial–Share.
Author: Michael Jibson, M.D., Ph.D., 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Share.

Author: Michael Jibson, M.D., Ph.D., 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Share.
We have reviewed this material in accordance with U.S. Copyright Law and have tried to maximize your ability to use, share, and adapt it. The citation.

We have reviewed this material in accordance with U.S. Copyright Law and have tried to maximize your ability to use, share, and adapt it. The citation.
Author(s): MELO 3D Project Team, 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.

Author(s): MELO 3D Project Team, 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Prof. William Bazeyo, 2009-2012 Resource.

Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Prof. William Bazeyo, Resource.

Similar presentations

Ads by Google