IT Development Initiative: Status and Next Steps

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,
Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
1 April 12, 2010 Information Security Officer Meeting.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Tune IT Up Campaign Overview Mark Kaletka Computing Division 9/29/2009 Mark Kaletka Computing Division 9/29/2009.
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 July 08, 2010 Information Security Officer Meeting.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Session 3 – Information Security Policies
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.
Peer Information Security Policies: A Sampling Summer 2015.
© 2008 CH2M HILL, Inc Data contained on this sheet is proprietary; use or disclosure is prohibited. Page 1 The CSU System-wide Policy Project Communications.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Information Security Training for Management Complying with the HIPAA Security Law.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Pro-active Security Measures
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.
© University of Reading Information Technology Services 23 December 2015 Information Security Policy Mike Roch - Director of IT.
Information Security Standards 2015 Update IIPS Security Standards Committee Roderick Brower - Chair.
IT Summit November 4th, 2009 Presented by: IT Internal Audit Team Leroy Amos Sue Ann Lipinski Suzanne Lopez Janice Shelton.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
PROGRESS ON THE IMPLEMENTATION OF AUDIT RECOMMENDATIONS FOR 2014/15: INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) 1 Briefing presentation to the Portfolio.
Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3.
Information Security tools for records managers Frank Rankin.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Access Provisioning: Navigating the Request Process Stella Le and Jim Lewis Senior Information Security Analysts Enterprise Application Security Team (EAST)
Information Security Standards 2016 Update IIPS Security Standards Committee Roderick Brower - Chair.
Information Security Officer Meeting
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Information Security Review Panel Report
Team 4 – Mack, Josh, Felicia, Kevin and Walter
BYOD: Short-term Gain Without Long-term Pain?
THE SELECT COMMITTEE ON LOCAL GOVERNMENT AND ADMINISTRATION
Auditing Cloud Services
Cyber Protections: First Step, Risk Assessment
Enterprise Content Management Owners Representative Contract Approval
Figure 11-5: Control Principles
General Counsel and Chief Privacy Officer
Foothill College Accreditation Self-Study Update
Information Technology Policy Institutional Data Policy
UConn NIST Compliance Project
SIS Modernization project
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO
IT Development Initiative: Status & Next Steps
Information Resource & Security Management www. oti. fsu. edu www
Fy ‘08 NETWORK PLANNING TASK FORCE
Information Technology Organization Overview RFP #220-05
Presentation transcript:

IT Development Initiative: Status and Next Steps Tom Jackson Vice Chancellor of Information Technology Services and Chief Information Officer May 1, 2018 Campus Presentation

Agenda Status Operating Standards Information Resources Inventory IT Development Initiative Status and Next Steps Agenda Status Operating Standards Information Resources Inventory Data Stewardship and Classification Information Security Program Training Timeline

IT Development Initiative Status

IT Development Initiative IT Development Initiative Status and Next Steps IT Development Initiative ISO Standard Policies, Operating Standards and Baseline Procedures Information Security Management Several projects related to IT security Compliance Information Security Assessments Organization Filling IT leadership positions and consolidation of technology and staff

ISO Standard Status Governance Policies Operating Standards IT Development Initiative Status and Next Steps ISO Standard Status Governance Information Security Advisory Committee formed Information Security Incident Response Team formed Policies Information Security Policy approved and effective April 30th, 2018 Acceptable Use, Data Stewardship and Email polices under development Operating Standards Seven (7) standards under development Includes Windows Server, Windows Desktop, Linux Server, Macintosh Desktop

Information Security Management Status IT Development Initiative Status and Next Steps Information Security Management Status Initial Projects Fourteen (14) projects underway Vulnerability Scanning Third scan underway Reviewing results to identify remediation projects Remediation Projects First remediation project underway Projects will be identified and executed throughout the summer

Compliance Information Security Assessments IT Development Initiative Status and Next Steps Compliance Information Security Assessments Performed annually on each unit that manages technology Information Technology Services assessment will occur first, in Summer 2018 Other divisions and colleges will be assessed Summer and Fall 2018 Assessments will flow into Information Security Program Information Technology Risk Assessment Will occur late Fall 2018

Organization Status Search Firm Interviews Filled Deputy CIO IT Development Initiative Status and Next Steps Organization Status Search Firm Deputy CIO Associate VC Data Governance Director, Enterprise Applications Interviews Director, Network and Systems Filled Director, Client Technology Director, IT Project Management and Business Operations Interim Director, Network and Systems

Operating Standards

Operating Standards Expansions of the Information Security Policy IT Development Initiative Status and Next Steps Operating Standards Expansions of the Information Security Policy More technical details Prescriptive Auditable Reduce risk Exemptions Must include justification Approved by division or college leadership Approved by ITS Require alternative controls

Operating Standards Partial List IT Development Initiative Status and Next Steps Operating Standards Partial List Windows Server Windows Desktop/Laptop Linux Server Macintosh Desktop/Laptop Authentication Access Control Application Administration Incident Response Mobile Device Management Network Device Configuration Perimeter Security Software Development

Operating Standards Rolled out during Summer 2018 IT Development Initiative Status and Next Steps Operating Standards Rolled out during Summer 2018 May lead to remediation projects Projects must be completed by Fall 2018

Information Resources Inventory

Information Resources Inventory IT Development Initiative Status and Next Steps Information Resources Inventory Resources Data Hardware Software Inventory Must be maintained by division, college or department ITS has collected some data on hardware More details forthcoming Must be completed during the summer

Data Stewardship and Classification

Data Stewardship and Classification IT Development Initiative Status and Next Steps Data Stewardship and Classification Additional policy To be completed during Summer 2018 Defines roles and responsibilities Data trustee Data steward Data custodian Data user Additional information forthcoming

Data Trustees Oversee data management and security Oversee policy IT Development Initiative Status and Next Steps Data Trustees Oversee data management and security Oversee policy Oversee compliance

IT Development Initiative Status and Next Steps Data Stewards Ensure compliance with regulations, policies and agreements Ensure data governance and management practices are followed Ensure proper access and security controls are implemented Ensure segregation of duties are implemented Ensure adequate data protection measures are implemented Ensure data is classified and inventoried

Data Custodians Grant access based on authority delegated from steward IT Development Initiative Status and Next Steps Data Custodians Grant access based on authority delegated from steward Manage operations and security Servers Applications

Information Security Program

Information Security Program IT Development Initiative Status and Next Steps Information Security Program Continuous Improvement Cycle Manage risk Manage and secure data Manage and secure technology Hardware Software Do Check Act Plan

Information Security Program IT Development Initiative Status and Next Steps Information Security Program Led by Information Security Advisory Committee Information Security Services Includes annual information security assessments Each office that manages information resources Compliance with policy, standards and procedures Identifies risks and vulnerabilities Outcomes are prioritized to be addressed

Training

Training Mandatory General training for all employees IT Development Initiative Status and Next Steps Training Mandatory General training for all employees Specialized training System Administration Application Administration Data Stewardship Begins in Fall 2018

Timeline

Timeline May – Initial operating standards review IT Development Initiative Status and Next Steps Timeline May – Initial operating standards review Vulnerability scanning review June – Initial operating standards rollout to campus Additional operating standards development begins Remediation project planning Address operating standard compliance Address vulnerabilities Remediation projects begin Inventory begins

Timeline July – Remediation projects continue IT Development Initiative Status and Next Steps Timeline July – Remediation projects continue ITS information security assessment Additional division or college information security assessments August – Remediation projects continue Additional policies approved September – Remediation projects continue

IT Development Initiative Status and Next Steps Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.