H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.

Slides:

Advertisements

Similar presentations

Ensure the Disaster Housing Strategy is institutionalized throughout the jurisdiction Identify a process to update and maintain the Disaster Housing Strategy.

Advertisements

INTRODUCTION COPYRIGHT 2011 PONY CLUB AUSTRALIA TRAVEL SAFETY, SECURITY AND CRISIS MANAGEMENT PLAN.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Appendix B: Designing Policies for Managing Networks.

Security Controls – What Works

Information Security Policies and Standards

Laboratory Personnel Dr/Ehsan Moahmen Rizk.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

Factors to be taken into account when designing ICT Security Policies

Stephen S. Yau CSE , Fall Security Strategies.

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Risk Management Vs Risk avoidance William Gillette.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Session 3 – Information Security Policies

Introduction to Network Defense

Incident Response Updated 03/20/2015

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Website Hardening HUIT IT Security | Sep

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

SEC835 Database and Web application security Information Security Architecture.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Information Security Training for Management Complying with the HIPAA Security Law.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Minnesota’s Internal Control Initiative National Association of State Comptrollers March 25, 2011 Speaker Jeanine Kuwik, MBA, CPA, CISA Director of Internal.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Kevin Casady Hanna Short BJ Rollinson.  Centralized and Structured collection of data stored in a computer system  An electronic filing system  Easy.

Chapter 6 of the Executive Guide manual Technology.

DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Kellie E. Tomeo, Esq Rampart International, LLC. AdvantageChallenge Increase existing security personnel productivity Increase existing facility personnel.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Strategically Managing the HRM Function McGraw-Hill/Irwin ©2012 The McGraw-Hill Companies, All Rights Reserved.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

IMFO Annual Conference – 2015 S21: Good Governance & Oversight B2B.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Hitting the Leadership Target Through Leadership and Accountability.

Brandon Traffanstedt Systems Engineer - Southeast

This Lecture Covers Roles of –Management –IT Personnel –Users –Internal Auditors –External Auditors.

H UMAN R ESOURCES M ANAGEMENT August 18, O UTLINE Key Results Ensure all stakeholders are well informed of cybersecurity and its financial impact.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Information Security tools for records managers Frank Rankin.

The NIST Special Publications for Security Management By: Waylon Coulter.

Department of Defense Voluntary Protection Programs Center of Excellence Development, Validation, Implementation and Enhancement for a Voluntary Protection.

Trinity Industries, Inc. FEI Presentation May 31, 2012.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

Review of IT General Controls

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

Team 1 – Incident Response

Security Standard: “reasonable security”

Cybersecurity Policies & Procedures ICA

San Francisco IIA Fall Seminar

I have many checklists: how do I get started with cyber security?

Final HIPAA Security Rule

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Cyber Security in a Risk Management Framework

Microsoft Data Insights Summit

IT Management Services Infrastructure Services

Presentation transcript:

H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009

H UMAN R ESOURCES M ANAGEMENT Multiple levels of engagement Leadership Cyber security management team Individual contributor Network guests, teammates and customers Risk Mitigation Proactive/strategic activities Crisis Management Reactive/tactical activities

R ISK M ITIGATION Training and awareness Regular schedule for employees/all levels of engagement (intake, periodic and termination) General communications Network management and security Account management policy and procedure Network access and administration Layered defense Disciplinary process

C RISIS M ANAGEMENT Backup and recovery process Investigations Stakeholder identification and leadership responsibilities Investigative process and follow-through Disciplinary process Communications

K EY Q UESTIONS TO M ANAGE I NSIDER T HREATS Do we periodically awareness and training all employees in cyber security? How strict are our password and account management policies and practices? Are we logging, monitoring and, and auditing employee online actions? What extra precautions are we taking with system administrators and privileged users? Do we use layered defense against remote attacks? Are we able to monitor and respond to suspicious or disruptive behavior? Do we routinely deactivate computer access following employee termination? What are our practices for collecting and saving data for use in investigations? Have we implemented secure backup and recovery processes? Have we clearly documented insider threat controls? How do we attract, develop and retain critical cyber security technical and leadership talent, including those in functional areas requiring cyber security savvy? Does our organizational structure support key functional integration to ensure threat mitigation and rapid crisis response? How does our cyber security communications plan address and measure the effectiveness of threat awareness and training for all network stakeholders? What is our monitoring and auditing operating procedure for online activity? How up-to-date are our password and account management policies? How do we ensure stakeholder compliance? Do we use layered defense against remote attacks? How does our SOP address elevated access possessed by system administrators and privileged users? Have we assessed the need for protection of our social networking and share center sites? How do we routinely audit network access throughout the network stakeholder lifecycle, especially at termination or out-processing? Does our progressive discipline policy address our need for threat investigations involving any network stakeholder for suspicious or disruptive behavior? How do we ensure integrity and continued operations of our employee database and related systems like recruiting, benefits, travel and payroll? Do our performance management and compensation strategies provide adequate support for our cyber security mission? Provided Updated: broader definition of user community, compliance, & measurement