Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Slides:

Advertisements

Similar presentations

The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007.

Advertisements

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

David Cronkright Chuck Dudinetz Paul Jones Corporate Auditing The Dow Chemical Company February 16, 2012 Auditing Protection of Intellectual Property.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

CIP Cyber Security – Security Management Controls

Mr C Johnston ICT Teacher

Working Group 2: Next Generation Alerting December 16, 2011 Co-Chairs: Damon Penn, Asst. Administrator, Nat’l Continuity Programs, DHS-FEMA Scott Tollefsen,

Security Controls – What Works

Working Group 2: Next Generation Alerting September 23, 2011 Co-Chairs: Damon Penn, Asst. Administrator, National Continuity Programs, DHS-FEMA Scott Tollefsen,

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Enterprise Risk ManagementSeptember 2010Miami, FL © 2010 Enterprise Risk Management Information Security- Facing the Risks in Electronic Channels and Social.

Information Security Technological Security Implementation and Privacy Protection.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

HIPAA COMPLIANCE WITH DELL

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.

Dell Connected Security Solutions Simplify & unify.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

September 15, 2003FG3 Report FOCUS GROUP 3 Interoperability Report to NRIC VI Council September 15, 2003 Cliff Naughton (Boeing)

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Note1 (Admi1) Overview of administering security.

STRATEGY SESSION SEPTEMBER 15, YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.

TIF-Security Update Robert Ono, IT Security Coordinator October 2010.

PMC Update on Cyber Sprint June 18, Overview: 30-Day Cyber Sprint 1.Interagency Cyber Sprint Team: Launched June 11 and executing against the.

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

Work Group 4C Steering Committee Technical Options for E9-1-1 LOCATION ACCURACY October 7, 2010.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Frontline Enterprise Security

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Session 13 Cyber-security and cybercrime. Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect.

Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.

IS3220 Information Technology Infrastructure Security

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

Information Security tools for records managers Frank Rankin.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.

ISSeG Integrated Site Security for Grids WP2 - Methodology

Cybersecurity - What’s Next? June 2017

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Business Risks of Insecure Networks

IS4550 Security Policies and Implementation

I have many checklists: how do I get started with cyber security?

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

County HIPAA Review All Rights Reserved 2002.

How to Mitigate the Consequences What are the Countermeasures?

Cyber Risk & Cyber Insurance - Overview

Presented to Information Systems Security Association of Orange County

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Anatomy of a Common Cyber Attack

Presentation transcript:

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010

Subgroups / Sub Topics WirelessIP ServicesNetworkPeopleLegacy Services Mobile Devices WIFI Cellular Emerging Devices Microwave / Satellite High Speed Broadband Internet VoIP Content on Demand IPv6 Cloud Services Access Control Availability Confidentiality Integrity Security Mgmt Security Audit & Alarm Security Policy & Standard Awareness SPAM Social Engineering Data Loss / Data Leakage Phishing SS7 Media Gateways Communication Assisted Law Enforcement (CALEA) Signal Control Points (SCP) Gateway to Gateway Protocol, interoperability, and security issues Scanning & Flooding Identity Mgmt Identity Management Human Entities and associated information attributes (e.g. roles, privileges, credentials), Non Human Entities (e.g. Physical Objects such as devices, network equipment, and Virtual Objects such as data and video content), Protection of Personal Identifiable Information Encryption Service Providers – Layered VPN and Encryption Strategies, Active Management Approach, Frequent Key Rotation, Use of Authentication Process as a Delivery Mechanism for Pushing Updates and Patches to Correct Encryption Breaches Consumer – Force the Use of Strong Passwords, Device Specified ID as a partial Key in the password and authentication process, Automating the Process of Encryption Patches Vulnerability Mgmt Alerting, Asset Inventory, Mitigation, Patch Mgmt, Risk & Vulnerability Assessment Incident Response Identifying & Categorizing Assets & Threats, Developing an Incident Plan, Reporting, Determining source, Responding, Recovering, Incident Governance

Current Events/Status  Overall Working Group 2A meets monthly  Sub-groups meeting weekly or bi-weekly  Sub-Topics within sub-groups assigned to members  5 of 9 Sub-group have provided a rough draft of the “best practices”  Review of rough draft underway  Final draft for sub-group best practices due November 12

Action Items Closed items:  Difficulties initially with participation. Adjustments made to sub-team memberships.  Until August, Encryption sub-group lacked members. Leadership was established and members added. The sub-group is several months behind the other sub-groups but will make the fall dates. Open items:  Co-chair position was vacated and will need to be filled

Next Steps  Remaining 4 subgroup to provide rough draft of “best practices”  Review of each subgroup’s best practice draft and provide feedback  Firm rough drafts and tie up outstanding research by November 12  Begin drafting overview and summary documents targeting completion by January 15, with deliverable to Steering Committee on January 31  Final Report to CSRIC Members will be February 10, 2011