Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System 402.354.4894 Managed Information Security.

Published byChristian Powell Modified over 8 years ago

Similar presentations

Presentation on theme: "1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System 402.354.4894 Managed Information Security."— Presentation transcript:

1 1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Doug.Petry@nmhs.org 402.354.4894 Managed Information Security Architecture

2 2 Introduction to MISA The goal of the MISA model is to provide:  Tool to assess the security architecture  16 Areas of Security  Dashboard executive overview  Current state of security capabilities.

3 3 Introduction to MISA Additional tools were developed to :  Provide a method to identify /document the future state of our security capabilities.  Define efficient implementation approaches across the 16 security areas within the assessment tool.  Map and crosswalks to new and existing regulations to refine the architecture and align with organizational requirements.  Provide a metrics or baseline to enable us to modularize and focus on the levels of security capabilities / deficiencies.  Define efficient implementation approaches across the 16 security areas within the assessment tool.

4 4 Gap Analysis Model Web Servers ApplicationSystems e-Mail NetworkInfrastructure OperatingSystems Databases IntrusionDetection Firewalls Antivirus Educate Administer MonitorRespond Audit Documentation Policies and Procedures Essential and Best Practices Knowledge Gap Compliance Gap Technology Gap

5 5 Information Security Architecture What is ISA?  Way to bridge the gaps  Manage the processes  Alignment to business needs  Minimize risks without impeding the quality of care to the customer

6 6 ISA –vs.– Managed ISA (MISA) Managed ISA, or MISA, provides:  Ongoing review and quality assurance of an ISA with a metrics to track ISA capabilities from a current state to a future state  ISA provides system-based assessments -- MISA assesses the ISA methodologies

7 7 ISA –vs.– Managed ISA (MISA) ISA provides the framework within which our security program aligns with our business objectives and involves:  Organizational Infrastructure  Policies, Standards, and Procedures  Security Baselines and Assessments  Training and Awareness  Compliance MISA provides the managerial, operational, and technical controls necessary to help ensure security.

8 8 Managed ISA Manage Measure Document MISA ISA Most security architectures provide ample documentation on controls, policies, and procedures. In some case, metrics are identified for specific systems or capabilities. MISA manages and measures the security capabilities and the architecture.

9 9 MISA – Documentation Document Management Controls Operational Controls Technical Controls System Security Plan – NIST 800-18 Business Contingency Plan – NIST 800-34 Incident Response Capability – NIST 800-3

10 10 MISA – Measurement Measure Assessments Internal / External Audit Operational Metrics Security Metrics Guide – NIST 800-55 Security Self Assessment Guide – NIST 800-26 CSI – IPAK, NSA IAM, BS 7799, ISO 17799

11 11 MISA – Management Manage Review / Refine Certification Accreditation URAC BS 7799 / ISO 17799

12 12 MISA - Overview MISA requires you to :  Determine Security Capabilities  Determine Current State  Determine Future State  Develop Route Map to Future State  Identify Key Initiatives  Continuous Quality Improvement  Re-Assess Current State/Future State

13 13 Security Capability Identification

14 14 Security Capabilities C / A – Evaluation End User ControlsTraining / Awareness Integrity Controls Charter / Plan Contingency Controls Incident Response Physical / Environmental Encryption Network / Telecom Access Controls Audit Controls Sponsorship / Responsibility Information Mgmt Risk Management Documentation Strategic Tactical

15 15 Manage Measure Document MISA

16 16 Information Service Policy Structure Tier 3 Policy System Specific Tier 2 Policy Business Unit / Service Tier 1 Policy Corporate System Administrator HandbookRisk Management GuideSystem Security PlanSystem Continuity PlanSystem Incident Response Plan

17 17 MISA – Topology

18 18 Manage Measure Document MISA – Topology Foundations for Security Program The Documentation

19 19 MISA – Topology Security Capabilities The Measurement Manage Measure Document

20 20 Implementation Road Map

21 21 Capability Assessment Impact Analysis Risk Analysis

22 22 Security Capabilities

23 23 MISA – Topology Strategic Initiative Alignment The Management Manage Measure Document

24 24 MISA – Topology Quality Improvement The Refinement Manage Measure Document

25 25 Security Capabilities C / A – Evaluation End User ControlsTraining / Awareness Integrity Controls Charter / Plan Contingency Controls Incident Response Physical / Environmental Encryption Network / Telecom Access Controls Audit Controls Sponsorship / Responsibility Information Mgmt Risk Management Documentation Strategic Tactical Manage Measure Document

26 26 Benefit Summary The Bottom Line = MISA provides:  A structured approach to a security architecture and  Consistent tools/methods encourages collaboration and vendor leverage resulting in increased security awareness!

Download ppt "1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System 402.354.4894 Managed Information Security."

Similar presentations

Agenda What is Compliance? Risk and Compliance Management

Agenda What is Compliance? Risk and Compliance Management
Presentation by Priyanka Sawarkar

Presentation by Priyanka Sawarkar
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Improving Your Business Results Six Sigma Qualtec Six Sigma Qualtec Six Sigma Qualtec – All Rights Reserved June 26, 2002 BEYOND SIX SIGMA: A HOLISTIC.

Improving Your Business Results Six Sigma Qualtec Six Sigma Qualtec Six Sigma Qualtec – All Rights Reserved June 26, 2002 BEYOND SIX SIGMA: A HOLISTIC.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Oncor’s EIM Program.

Oncor’s EIM Program.
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
ISS IT Assessment Framework

ISS IT Assessment Framework
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
High-Level Assessment Month Year

High-Level Assessment Month Year
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Basel Accord IITRANSITIONSERVICES Business Integration Support FCM Management Limited Paris New York Toronto.

Basel Accord IITRANSITIONSERVICES Business Integration Support FCM Management Limited Paris New York Toronto.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google