IT Development Initiative: Status & Next Steps

Slides:



Advertisements
Similar presentations
CTS Initiatives July 24th, CTS Initiatives Schedule The CTS Initiatives Schedule provides a consolidated view of the work going on at CTS. This.
Advertisements

Page 1 Organize for Success IST Organization Design January, 2013 MALCOLM BERNSTEIN CONSULTING.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Confidential Property of the University of Notre Dame Security From The Ground Up David Seidl Information Security Program Manager University of Notre.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
 Background on the AD project  Status on migrations  Migration process.
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
K-State Information Systems Office Application Development Services Accomplishments for Calendar Year 2008 Last update: March 10, 2009.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Peer Information Security Policies: A Sampling Summer 2015.
Information Technology Assessment Review Presented to the Board of the State Center Community College District.
FY2010 PEMP Notable Outcomes October 15, FRA, LLC Board of Directors 10/15-16/2009 Office of Quality and Best Practices Performance Evaluation Management.
Natick Public Schools Technology Presentation February 6, 2006 Dennis Roche, CISA Director of Technology.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO
System Center 2012 Certification and Training May 2012.
PC MANAGER MEETING January 23, Agenda  Next Meeting  Training  Windows Policy  Main Topic: Windows AV Service Review.
Information Technology Study Fiscal Crisis and Management Assistance Team (FCMAT) Las Virgenes Unified School District Presented By: Leslie Barnes Steve.
Auditing Information Systems (AIS)
Natick Public Schools Technology Update April 23, 2007 Dennis Roche, CISA Director of Technology.
IT Governance Purpose: Information technology is a catalyst for productivity, creativity and community that enhances learning opportunities in an environment.
Commonwealth of Massachusetts Executive Office of Health and Human Services IT Town Hall December 3, 2010.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
Module 6: Designing Security for Network Hosts
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Frontline Enterprise Security
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
SPC Advisory Committee Training - TAC Fall 2015 Institutional Research President’s Office 1 Abridged from the SPC Advisory Committee Training on October.
1 ITS STRATEGIC INITIATIVES Ken Orgill Assistant Vice Chancellor, Information Technology Services and Campus Chief Information Officer.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
Information Technology Assessment Findings Presented to the colleges of the State Center Community College District.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security tools for records managers Frank Rankin.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
IT Governance Purpose: Information technology is a catalyst for productivity, creativity and community that enhances learning opportunities in an environment.
Service Delivery Dashboard: FY17 Overview
Chapter 7. Identifying Assets and Activities to Be Protected
Strategic Planning Update
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
OneSource Project Financial/HR Systems
Information Technology Assessment Review
Cyber Protections: First Step, Risk Assessment
Texas A&M IT Who we are in brief…
SCSU Technology Update FY05
Out of the Breach and Into the Fire
IS4550 Security Policies and Implementation
IT Development Initiative: Status and Next Steps
Computer-Based Processing: Developing an Audit Assessment Approach
General Counsel and Chief Privacy Officer
Enterprise Risk Management
Proposal to Create IAM Working Group
Measure E Technology Update
IS4680 Security Auditing for Compliance
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
IS4680 Security Auditing for Compliance
IBM GTS Storage Security and Compliance overview.
Administrative Review Committee
FY 2020 Audit Plan Kickoff July 15, 2019
Information Resource & Security Management www. oti. fsu. edu www
Information Technology Organization Overview RFP #220-05
IT Next – Transformation Program
John Taylor, Deputy CISO Martin Myers, IT Architect
Presentation transcript:

IT Development Initiative: Status & Next Steps Tom Jackson Vice Chancellor of Information Technology and Chief Information Officer Campus IT Forum November 28, 2018

Agenda IT Development Initiative Information Resources Inventory Data Governance and Resource Risk Classification Security Education Technology Update IT Audit Preparation Next Steps ncat.edu

IT Development Initiative

IT Development Initiative ISO Standard Policies, Operating Standards and Baseline Procedures Information Security Management Projects to address IT security Compliance Information Security Assessments Staffing and Organization Filling IT leadership positions Technology and staff consolidation ncat.edu

ISO Standard Governance Policies Operating Standards Enterprise Applications Governance formed Information Security Advisory Committee formed Information Security Incident Response Committee Academic/Client Advisory Committee to be formed Winter 2019 Policies Information Security Policy Updated November 16, 2018 Appropriate Use Policy adopted November 16, 2018 Operating Standards Incident Respond Standard developed and in use Access Control Standard developed Endpoint Security, Server Security and other standards under development ncat.edu

Information Security Management Projects Eleven (11) completed, thirty-two (32) in progress or pending Vulnerability Scanning Third scan in progress Scan results have identified remediation projects Remediation Projects Two (2) completed, five (5) in progress or pending Projects added as issues identified Penetration Testing Began in November ncat.edu

Completed Project Accomplishments Information Security Management Completed Project Accomplishments Security Projects Perimeter firewall upgrade Virtual Private Network (VPN) upgrade Core fiber loop Second NC-REN connection Craig Hall core switch migration Vulnerability Scanning Third scan in progress Remediation Projects CHHS server Employee Domain ncat.edu

In Progress Remediation Projects Security Education Information Security Management In Progress Remediation Projects Banner database security Wendover endpoints Campus A/V systems ITS servers Network Security Network switch upgrade Network Access Control (NAC) Network device configuration management software Security Education KnowBe4 Training Data Stewards Training Office 365 Multifactor Authentication ncat.edu

Compliance Resource Inventory Information Security Assessments Initial collection began with information security assessments Information Security Assessments Performed annually on each unit that manages technology First round Twelve (12) divisions and colleges assessed in 2018 Seven (7) divisions will be completed in January 2019 Assessments will flow into Information Security Program Reports and Roadmaps will provide guidance for compliance Information Technology Risk Assessment Spring 2019 ncat.edu

Information Security Assessments Conducted Compliance Information Security Assessments Conducted Athletics Bluford Library Business & Finance Enrollment Management Human Resources Information Technology Services Strategic Planning and Institutional Effectiveness Student Affairs College of Agriculture & Environmental Science College of Engineering College of Science & Technology Joint School of Nanoscience and Nanoengineering ncat.edu

Staffing and Organization Leadership Positions Filled Director, Client Technology Services Director, IT Project Management and Business Operations Director, Network and System Administration Hiring in Progress Associate Vice Chancellor for Data Governance and Business Intelligence Director, Enterprise Applications Associate Vice Chancellor for Information Technology and Deputy CIO ncat.edu

Staffing and Organization: Consolidation College of Health and Human Sciences Consolidation in progress File services migration Domain migration Workstations Consolidation pending Staff ncat.edu

Information Resources Inventory

Information Resources Inventory Data Hardware Software Must be maintained by division, college or department Provide regular updates to ITS Some inventory collected for information security assessments Remaining inventories to be collected Winter 2019 ncat.edu

Data Governance and Resource Risk Classification

Data Stewardship and Classification Data Governance and Resource Risk Data Stewardship and Classification Data Classifications Added to Information Security Policy Determine the risk level of resources Resource security based on risk Basic level for all resources Additional security for resources with confidential or sensitive data Standards Data Governance Risk Management Planned for Spring 2019 ncat.edu

Security Education

Training Mandatory for all employees Security Education Training Mandatory for all employees General training for all employees Specialized training System Administration Application Administration Data Stewardship KnowBe4 training software Begins in Winter 2019 ncat.edu

Technology Update

Technology Update Banner 9 Admin Pages in production Banner 9 Self Service starting Winter 2019 Banner Document Management in production in seven (7) departments Web Site redesign underway Planned go-live summer 2019 Network access layer upgrades Network Access Control (NAC) and configuration management Classroom and computer lab updates ncat.edu

IT Audit Preparation

Audit Preparation Identify risks Prioritized plan to address risks IT Audit Preparation Audit Preparation Identify risks Prioritized plan to address risks Show progress towards addressing risks ncat.edu

Identify Risks – Information Security Assessments IT Audit Preparation Identify Risks – Information Security Assessments Based on ISO 27002 international standard Resource Inventory Completed 12 Assessments, 4 pending Several Processes In Place Immature Need documentation Need addition staff training in processes ncat.edu

Next Steps

Next Steps Continue development of governance Continue creation of policies, standards and processes Complete first round of information security assessments Complete current projects Develop multi-year roadmap Finalize after division and department assessments Align with strategic plan and strategic priorities Align with enterprise risk management plan ncat.edu

IT Development Initiative Status and Next Steps Questions? ncat.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.