Presenter: Mohammed Jalaluddin

Slides:



Advertisements
Similar presentations
Major Accident Prevention Policy (MAPP) and Safety Management System (SMS) in the Context of the Seveso II Directive.
Advertisements

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Session 3 – Information Security Policies
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.
An overview of the NIST Risk Management Framework ISA 652 Fall 2010
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Evolving IT Framework Standards (Compliance and IT)
DFARS & What is Unclassified Controlled Technical Information (UCTI)?
Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Working with HIT Systems
1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.
NIST Computer Security Framework and Grids Original Slides by Irwin Gaines (FNAL) 20-Apr-2006 Freely Adapted by Bob Cowles (SLAC/OSG) for JSPG 13-Mar-2007.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Risk Management Process Frame = context, strategies Assess = determine.
Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
The NIST Special Publications for Security Management By: Waylon Coulter.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
NIST SP800 53R4 WMISACA Conferance April 2016 By Dean E Brown CISSP, ISSMP, CSSLP, MCSD Owner – ITSecurityAxioms.com 262 Barrington Cir Lansing, MI
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

Pipeline Safety Management Systems
Safeguarding CDI - compliance with DFARS
Information Security Policy
Stony Brook University Data Strategy
BruinTech Vendor Meet & Greet December 3, 2015
Cybersecurity - What’s Next? June 2017
Demystifying cybersecurity: Best practices to help strengthen your program Chris Candela Senior Consultant Business Consulting Services Charles Schwab.
why these are important? Four Goals of Comprehensive School Safety Student and Staff Protection Safeguard Educational Investments Educational Continuity.
Introduction to the Federal Defense Acquisition Regulation
Special Publication Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Dr. Ron Ross Computer Security.
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Chapter 9 Control, security and audit
San Francisco IIA Fall Seminar
Cyber security standards
Environmental Health and Safety (EH&S) Supplier Awareness Training
Supplier Information Session Safeguarding Covered Defense Information and Cyber Incident Reporting, DFARS August 16, 2016 Christian Ortego.
UConn NIST Compliance Project
NCHER Knowledge Symposium Federal Contractor/TPS Session
Final HIPAA Security Rule
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
MBUG 2018 Session Title: NIST in Higher Education
EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO
Cybersecurity ATD technical
Continuous Monitoring
HIPAA Security Standards Final Rule
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
IT Management Services Infrastructure Services
Presentation transcript:

Presenter: Mohammed Jalaluddin Managing Security of your UI Data using NIST Presenter: Mohammed Jalaluddin

Who are they? National Institute of Standards and Technology Established 1901 1901 -1988 National Bureau of Standards Non Regulatory Agency 18 control families each family has

What they do? Develop standards and metrics for various areas Promote innovation and industrial competitiveness 18 control families each family has

Areas of Focus NIST sets the standard for these areas Advanced Communications Cybersecurity Energy & Environment Health & Bioscience Advanced Manufacturing Forensic Science Disaster Resilience Quantum Science Areas of Focus NIST sets the standard for these areas

Security Control Families AC - Access Control 25 AU - Audit & Accountability 16 AT - Awareness & Training 05 CM - Configuration Management 11 CP - Contingency Planning 12 IA - Identification & Authentication 11 IR - Incident Response 10 MA - Maintenance 06 MP - Media Protection 08 PS - Personnel Security 08 PE - Physical & Environmental 20 PL - Planning 09 PM - Program Management 16 RA - Risk Assessment 06 CA - Security Assessment & Authorization 09 SC - System & Communication Protection 44 SI - System and Information Integrity 17 SA - System and Services Acquisition 22 Controls 255 800+ controls & enhancements

Figure 1.

Money Staff Challenges

COMPLIANCE

What’s Needed Cultural Change Maturity Resources Focus on the basics Invest in Awareness Training Get Senior Management Buy in Policies & Procedures Implementation and Testing Integration Properly Maintained Equipment Knowledgeable Staff Budget Cultural Change Maturity Resources

How ???????? Figure 2

WHY NIST? Improves overall organizational security Helps to ensure a secure infrastructure Lays a foundation to follow to achieve compliance with specific regulations

Pub 1075 largely based on NIST NIST & Pub 1075 Pub 1075 largely based on NIST Pub 1075 has additional requirements such as: Two factor authentication FTI not allowed to be printed, emailed or faxed FTI can not be used in a test environment Special requirements for cloud computing

Build it right Continuously monitor Rev 4 What’s New? NIST PUB1075 • New security controls and control enhancements • New privacy controls and implementation guidance • Updated security control baselines • New summary tables for security controls to facilitate ease-of-use • Background investigations minimum requirements • Table for 45 Day notification reporting requirements • Guidance for use of consolidated data centers • All contractor and shared sites to be included in Safeguard reviews Build it right Continuously monitor

MDES’ APPROACH

Cloud Off site data storage Productivity anywhere Low cost of ownership & maintenance Scalable Resiliency and Redundancy Productivity anywhere Off site data storage

Unauthorized access prevention Tools Unauthorized access prevention Data Protection Encryption PUB 1075 Monitoring Vormetric Guardium

A good set of tools for improving information cyber security; A good guide for industry best practices; and Agencies such as the FTC, SSA, and IRS are increasingly expecting NIST-level safeguards. TAKE-AWAYS

References: Figure 1 Figure 2 http://corpgov.law.harvard.edu/wp-content/uploads/2014/08/140496_NIST-Cybersecurity-Framework-Alert-Aug-14_v3_Chart_02.jpg Figure 2 http://csrc.nist.gov/publications/nistpubs/800-53-rev4/sp800-53r4_summary.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.