Presentation is loading. Please wait.

Presentation is loading. Please wait.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Published byStuart Shepherd Modified over 8 years ago

Similar presentations

Presentation on theme: "Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014."— Presentation transcript:

1 Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014

2 Establishment of an Affiliated Security Collaborative There is consensus among UMB and UM Medicine IT Network CIOs and technology leaders that an enterprise-wide, collaborative Information Security Program and Assessment Plan needs to be established and implemented; It is the responsibility of IT Leaders to establish and administer an Information Security Program that adheres to Federal, State, University, and other mandatory security rules, requirements and guidelines in order to protect the confidentiality, integrity, and availability of data; IT leaders will establish and share operational policies, practices, and procedures that result in effective information security and the protection of information assets, protected health information, and patient and employee personal information; The IT leaders will establish an Information Security Working Group as a means of coordinating activities that respond to information security vulnerabilities and risks, and cyber-attacks, that cross operational intersections.

3 Guiding Principles of the Affiliated Security Collaborative Each organization is responsible for developing, implementing, monitoring and funding their respective security program. Participants understand the importance of harmonizing security program efforts across the enterprise and pledge to share all pertinent information needed to ensure the security posture of each organization and the combined IT systems and infrastructure which represent the “affiliated enterprise”. UMB as the core IT data network infrastructure and Internet Service Provider for the medical campus will serve as the coordinating body for the enterprise Security Collaborative. The Affiliated Security Collaborative is a multi-organizational structure formed to facilitate information sharing and coordination of effort to expedite an organized response to security events.

4 FPISOMUMMS Information Security Working Group Central Offices DentalLaw Pharmacy GradNursingSSW UM Medicine IT Network Affiliated Enterprise Model: Information Security UMB Affiliated Enterprise Services UMB Information Security

5 Primary Objectives of the Affiliated Security Collaborative Collaboratively assess, identify, and report on any information security risk or vulnerability; Define common areas of risk as they relate to information security at appropriate operational intersections; Share information security strategies, processes and practices that adhere to local, state, and federal regulatory rules and requirements in order to avoid duplication of effort; Share technology platforms and information security knowledge among technology professionals in order to broaden knowledge and expertise; Collaborate on the improvement and strengthening of information security policies, practices, and solutions, and ensure coverage across the enterprise; Develop a global communication strategy to promote and expand information security awareness across the UMB affiliated enterprise.

6 UMB and UM Medicine IT Network Information Security Structure Assessment PlanPolicy Review and DevelopmentSecurity Awareness and Education Execution of Assessment Plan and Activities Information Security Working Group UMB and UM Medicine IT Network Executive Leadership CIOs and IT Leaders Continuous Security Monitoring

7 Assessment Plan and Activities Include: Announcing and communicating the Information Security Collaborative and Assessment Plan; Forming the Information Security Working Group (ISWG)  Members of the ISWG will work to: Develop an inventory of information technology and data assets; Apply a uniform classification category for each data asset; Run network scans to identify any existing vulnerability; Investigate servers and computers to determine if they contain sensitive data: SSNs, PHI, PCI; Check network and server/computer configuration and firewall rules to determine if they comply with security standards.

8 Assessment Plan and Activities (cont.) Include: Conducting a thorough and complete risk/vulnerability assessment, using a detailed checklist, for any found sensitive, high-risk data on computers or servers; Work with the operational leaders to determine the existence of any non- electronic, hardcopy records that contain sensitive data, e.g., SSNs, PHI, PCI; Analyzing the information collected to determine the actual risk to the critical assets and propose appropriate mitigation for areas identified as weak or procedures not implemented; Preparing a report of the findings; including a list of assets, threats and vulnerabilities; risk determination; recommended controls; and cost benefit analysis; to be shared with each organization’s executive leadership Performing a final review of information security best practices, processes and procedures with the unit.

9 Estimated Timeline Announce the information security affiliated collaborative initiativeApril 2014 Develop a high-level plan for the affiliated enterprise-wide information May 2014 security collaborative; and create the information security working group Initiate the assessment plan and activities in UMB schools, June 2014 and UM Medicine IT network Complete the assessment plan and activities for UMB central offices:  Registrar; Institutional Research and Accountability; Financial Aid; Financial Services; Human Resource Services; Sponsored Projects Accounting and Compliance; Public Safety; Parking Services August 2014 Complete the Assessment Plan and Activities in Schools and UM Medicine IT Network TBD

10 Questions

Download ppt "Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014."

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
UCSC History. UCSC: A brief history 60s University Placement Committee A lot of field trips/interaction with employers.

UCSC History. UCSC: A brief history 60s University Placement Committee A lot of field trips/interaction with employers.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Randy Benson RHQN Executive Director May, 2012. Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
August 2013 School of Medicine Strategic Planning Community Engagement Committee.

August 2013 School of Medicine Strategic Planning Community Engagement Committee.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Duties and Responsibilities of Budget Managers and Budget Analyst Duties and Responsibilities of Budget Managers and Budget Analyst.

Duties and Responsibilities of Budget Managers and Budget Analyst Duties and Responsibilities of Budget Managers and Budget Analyst.
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.

UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Similar presentations

Ads by Google