ICTF Conference – Workshop – 2010 Sarah Lawson – IT Coordinator, NPEU

Slides:

Advertisements

Similar presentations

Overview of the Board’s Quality Management Plan. Topics in this Session  Quality System Overview  Overview of the contents of the Board’s Quality Management.

Advertisements

Responsible Sponsorship A case study Dr Birgit Whitman, Head of Research Governance.

Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics Peter T. Davis Principal Peter Davis+Associates.

Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.

1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”

IT Security Requirements

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

First Practice - Information Security Management System Implementation and ISO Certification.

Quality Management.

He called this state of no government State of Nature.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Technical Meeting on Evaluation Methodology for Nuclear Power Infrastructure Development December, 2008 Nuclear Safety in Infrastructure Building.

Information Security Training for Management Complying with the HIPAA Security Law.

Handling information 14 Standard.

Evolving IT Framework Standards (Compliance and IT)

Cartagena protocol on Biosafety to the Convention on Biological Diversity and the International debates (COP- MOP) Stakeholders’ workshop on the Biosafety.

Thailand NUCLEAR POWER PROGRAM INFRASTRUCTURE AND STATUS OF IMPLEMENTATION: Regulatory Body Prof. Dr. Chaivat TOSKULKAO Secretary General Office of Atoms.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Erica Cummings Grant Coordinator 1.  The New Mexico Department of Homeland Security and Emergency Management (DHSEM) is responsible for:  Monitoring.

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –

1 Social Considerations in EC Public Procurement Loredana Puiu Internal Market & Services DG Directorate C: Public Procurement Policy.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

Holistic Approach to Security

1 P.AG. KENYA PASTORS & STAFF PROVIDENT FUND. DUTIES OF A SCHEME ADMINISTRATOR.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

The Fifteenth National HIPAA Summit Overview of Approaches to Security Officer Training John Parmigiani December 12, 2007.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

MOSCOW, NOVEMBER 12 – 14, THE RESEARCH 1.Respondents 8 respondents from SAI Indonesia : auditor, investigator, R &D 2.Time 3 weeks (Sept to Oct.

This project has been funded with support from the European Commission. This publication [communication] reflects the views only of the author, and the.

Major Objectives of Internal Audit Strategy Development in Belarus 2nd Internal auditors’ Community of Practice Workshop Chisinau, Moldova June

1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.

DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

POLICIES = CONTROL Simply stated, a policy lays out what management wants employees to do and a procedure describes how it should be done.

Security Training and Awareness Brad Reed, IT Security Analyst OIT – Information Security Office Securing the University – ITSS 2015.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

CYBER SECURITY in UKRAINE NATO LIAISON OFFICE, KYIV

MEKONG RIVER COMMISSION PROGRAMMES FOR SUSTAINABLE DEVELOPMENT.

Christine Winkelmann This work is part of the Joint Action on Improving Quality in HIV Prevention (Quality Action), which has received funding from the.

Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,

Future needs for capacity building and recommendations to the OIE Dr Sarah Kahn Consultant to the OIE

IAEA International Atomic Energy Agency Arusha, Tanzania Uganda Dr. Akisophel Kisolo Project Counterpart 2 – 5 December 2013 RAF9038 Final Coordination.

Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester.

Information Security tools for records managers Frank Rankin.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

AUDIT Explain the audit context and the BTC internal control system TRAINING LAF 2009.

Dr. Yeffry Handoko Putra, M.T

Department of Safety & Quality Assurance

Business Cointinmuit Framework

GDPR Awareness and Training Workshop

What are ISO 9000 Standards? ISO 9000 Standards

Project proposal for ISO 27001:2013 implementation

GDPR Workshop G.LEFTHERIOTIS /

ارائه كننده: شاهين انتصاري

Survey of ICT Standardization Capability of Developing Countries

Public Internal Control (PIC) in Belgium

Study on National Standards Capability

EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO

Maintain and organise tools equipment and work areas

LO1 - Know about aspects of cyber security

Role of State Audit Bureau of Kuwait in promoting and audit of IT Security

Closing event 16th July 2019 Technical Assistance for Establishing the Institutional Framework for the Implementation of AIS/AES Project funded by the.

Presentation transcript:

ICTF Conference – Workshop – 2010 Sarah Lawson – IT Coordinator, NPEU

IT Governance A mind map of thoughts around IT Governance

Information Security is one of the most important parts of an IT Professionals job – we are the gate keepers of the information held on the systems we support. As IT professionals it is our job to be aware of and adhere to all necessary regulations and good practice relating to the IT systems we support. IT Governance – Why Bother ?– some contentious statements The risk associated with security incidents concerning data stored on IT systems is so great that all IT staff should be trained in Risk management and audit control. Over the coming years there will be an increasing number of regulations, laws and rules that will govern the use of IT. The IT professional will have to be able to know them all!

Some Possible Regulations you may like to – or HAVE to follow BS ISO/IEC – Information Technology – Security Techniques – Information Security Management Systems - Requirements. BS EN ISO 9000:2005 – Quality Management Systems – Fundamentals and vocabulary NISCC (National Infrastructure Security Co-ordination Centre)- Forensic Readiness planning CESG (Information Assurance arm of GCHQ) - The National Technical Authority for Information Assurance Data Protection Act 1998 Freedom of Information Act 2000 Environmental Information Regulations 2004 Human Rights Act 1998 All common law – contract, tort etc. Cabinet Office HMG Security Policy Framework Regulations required by your funding body or sponsor – NHS, MRC, DIMS etc Good practice guidelines and regulations for your institution.