Presentation is loading. Please wait.

Presentation is loading. Please wait.

Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community.

Published byBryan Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community."— Presentation transcript:

1 Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community Colleges Carol A. Myers, CISSP Director College Technology

2 Paradise Valley Community College Maricopa Integrated Risk Assessment (MIRA) Enterprise Risk Management –Integrated risk framework –Not just “insurable” risks –Collaboratively identify, asses, manage future risks and opportunities individually and across the organization

3 Paradise Valley Community College Charge From the Chancellor Multi-year implementation plan Identified specific outcomes –Increased overall effectiveness and accountability –Sound business process; greater assurance of business continuity –Clear demonstrated compliance with applicable laws & regulations –Enhanced employee empowerment & pride –Reinforcement of the strong MCCCD cultural identity –Enhanced competitive advantage

4 Paradise Valley Community College Why OCTAVE? Institutionally inclusive (Organizational View) –Assets –Threats –Organization (not just IT) vulnerabilities –Current security requirements

5 Paradise Valley Community College Why OCTAVE? It’s the technology too –Current inventory –OS level current patch methodology, tracking, auditing services enabled – disabled why –Application level –Security tools

6 Paradise Valley Community College Why OCTAVE? Strategize and Plan –Manage risks and Opportunities –Protect and Review plans –Mitigation strategies now and for the Future It’s never just about the technology

7 Paradise Valley Community College So, how’d it work? Maricopa-wide risk initiative (MIRA) –OCTAVE adapts best with enterprise risk management methodology, senior level buy-in and support IT Security RA work done through subgroup of MIRA committee –Auditor, faculty member, college administrative dean, general counsel, HR director, risk manager and IT security director

8 Paradise Valley Community College Why Not Just Use OCTAVE As Is? Narrowed focus primarily to operational risks and security practices –MIRA methodology supports chief-level buy-in Technology examined only in relation to good security practices (catalog) Protection decisions based on confidentiality, integrity and availability (for IT staff)

9 Paradise Valley Community College Four Simple Phases System infrastructure analysis and documentation (IT staff) Risk and opportunity identification (IT staff) Mitigation strategies and costs, with management Asset cost analysis, with management

10 Paradise Valley Community College Stop the Babble Primarily forms driven –Checkboxes –Short answer Maricopa forms are heavily OCTAVEFIED –OCTAVE forms make sense –OCTAVE forms are initially easy to understand and fill out

11 Paradise Valley Community College Now What? System-wide adoption of pilot –Can easily adapt to another college’s needs given the narrowed focus –Supports and reinforces the MIRA model –Encourages risk awareness

12 Paradise Valley Community College Contact Information Carol Myers Paradise Valley Community College 18401 N. 32 nd Street Phoenix, AZ 85032 602.787.7788 carol.myers@pvmail.maricopa.edu

Download ppt "Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community."

Similar presentations

Governance, Risk Management and Compliance: Summary of Basic Concepts & Program Goals Bob Kotic Chief Financial Officer University of Sydney.

Governance, Risk Management and Compliance: Summary of Basic Concepts & Program Goals Bob Kotic Chief Financial Officer University of Sydney.
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
Security Controls – What Works

Security Controls – What Works
MyMAPP ® Mapping Academic Performance through ePortfolios Cultural Shift from Teaching to Learning through e- Portfolios Steve Bullock Professor, Political.

MyMAPP ® Mapping Academic Performance through ePortfolios Cultural Shift from Teaching to Learning through e- Portfolios Steve Bullock Professor, Political.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Risk Assessment Frameworks

Risk Assessment Frameworks
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Alba Project Partners Introduction Presentation. Typically what people say … We have too many projects –no real priorities We used to know what was going.

Alba Project Partners Introduction Presentation. Typically what people say … We have too many projects –no real priorities We used to know what was going.
Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.

Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.
From the IT Assessment to the IT Roadmap ( )

From the IT Assessment to the IT Roadmap ( )
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Similar presentations

Ads by Google