Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oregon Consumer Identity Theft Protection Act Communications Forum Theresa Masse, Chief Information Security Officer Department of Administrative Services.

Published byDustin Alexander Modified over 8 years ago

Similar presentations

Presentation on theme: "Oregon Consumer Identity Theft Protection Act Communications Forum Theresa Masse, Chief Information Security Officer Department of Administrative Services."— Presentation transcript:

1 Oregon Consumer Identity Theft Protection Act Communications Forum Theresa Masse, Chief Information Security Officer Department of Administrative Services Enterprise Security Office

2 Tools and Templates Safeguard Best Practices Checklist Safeguard Best Practices Checklist Administrative Administrative 1.1 Appoint one or more employees to coordinate the security program 2.1 Establish formal, written security policies 3.1 Establish standard operating procedures 4.1 Conduct ongoing security risk assessments

3 Tools and Templates Safeguard Best Practices Checklist Safeguard Best Practices Checklist Technical Technical 1.1 Control access to information that resides on data storage devices such as servers, desktop PCs, laptops and PDAs 3.4 Have shutdown controls when computers are idle or inactive 6.4 Change all vendor-supplied default passwords

4 Tools and Templates Safeguard Best Practices Checklist Safeguard Best Practices Checklist Physical Physical 2.1 Establish physical access controls 3.1 Install secure checkpoint review and monitoring procedures 4.1 Secure the facility include all storage devices and computer equipment

5 Tools and Templates Notification Best Practices Checklist Notification Best Practices Checklist Security Breach Security Breach 1.3 Establish a process for determining whether notice is legally mandated or otherwise appropriate. 3.5 Develop a list of FAQ’s and post on the Agency Web site (see attached Sample) 4.1 Determine who has been affected, and notify each affected individual when possible. Double-check the list of recipients before sending.

6 Tools and Templates Best Practices Checklist Best Practices Checklist Safeguards - oregon.gov/DAS/EISPD/ESO/IDTheft/Safeguard_bes tpractices.pdf Safeguards - oregon.gov/DAS/EISPD/ESO/IDTheft/Safeguard_bes tpractices.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Safeguard_bes tpractices.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Safeguard_bes tpractices.pdf Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_b estpractices.pdf Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_b estpractices.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_b estpractices.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_b estpractices.pdf

7 Tools and Templates Sample Letters Sample Letters ID Theft Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_l etter.pdf ID Theft Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_l etter.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_l etter.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_l etter.pdf ID Theft Credit Monitoring - oregon.gov/DAS/EISPD/ESO/IDTheft/Monitoring_le tter.pdf ID Theft Credit Monitoring - oregon.gov/DAS/EISPD/ESO/IDTheft/Monitoring_le tter.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Monitoring_le tter.pdf oregon.gov/DAS/EISPD/ESO/IDTheft/Monitoring_le tter.pdf Sample FAQ Sample FAQ Sample Frequently Asked Questions (pdf) Sample Frequently Asked Questions (pdf) Sample Frequently Asked Questions (pdf) Sample Frequently Asked Questions (pdf)

8 Additional Resources Federal Trade Commission - a public workshop, “Security in Numbers: SSNs and ID Theft Federal Trade Commission - a public workshop, “Security in Numbers: SSNs and ID Theft December 10 and 11, 2007 - Washington D.C. December 10 and 11, 2007 - Washington D.C. A live web cast will be available A live web cast will be available Discuss the various uses of SSNs, the necessity of those uses, alternatives available, the challenges faced in moving away from using SSNs, and how SSNs are obtained and used by identity thieves. Discuss the various uses of SSNs, the necessity of those uses, alternatives available, the challenges faced in moving away from using SSNs, and how SSNs are obtained and used by identity thieves. www.ftc.gov/bcp/workshops/ssn/index.shtml

9 Additional Resources Oregon Department of Justice - Credit and Identity Theft Oregon Department of Justice - Credit and Identity Theft www.doj.state.or.us/finfraud/idtheft.shtml Federal Trade Commission – Identity Theft www.ftc.gov/bcp/edu/microsites/idtheft Federal Trade Commission – Identity Theft www.ftc.gov/bcp/edu/microsites/idtheft www.ftc.gov/bcp/edu/microsites/idtheft

10 Thank You

Download ppt "Oregon Consumer Identity Theft Protection Act Communications Forum Theresa Masse, Chief Information Security Officer Department of Administrative Services."

Similar presentations

A Reliable and Secure Network TM105: ESTABLISHING SANE TECHNOLOGY POLICIES FOR YOUR PROGRAM.

A Reliable and Secure Network TM105: ESTABLISHING SANE TECHNOLOGY POLICIES FOR YOUR PROGRAM.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Randy Benson RHQN Executive Director May, 2012. Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)
Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.

Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Information Systems Services Protecting Data – Keeping Safe Kevin Darley, IT Security Co-ordinator 8 th November 2012.

Information Systems Services Protecting Data – Keeping Safe Kevin Darley, IT Security Co-ordinator 8 th November 2012.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
Red Flags Rule & Municipal Utilities

Red Flags Rule & Municipal Utilities
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Welcome to. New Employee Orientation Business Services Tim Michalski Director of Business Services Institutional Compliance Officer

Welcome to. New Employee Orientation Business Services Tim Michalski Director of Business Services Institutional Compliance Officer

Similar presentations

Ads by Google