Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Slides:



Advertisements
Similar presentations
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Advertisements

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
BENEFITS OF SUCCESSFUL IT MODERNIZATION
Protection of Information Assets I. Joko Dewanto 1.
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
BNSF Ethics and Compliance Program Roger Nober Executive Vice President Law and Secretary July 13, 2011.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
NCI Enterprise Security Program
Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Building a Successful Security Infrastructure
Overarching Roles of Critical Partners In A Project 9:30 – 10:00 Rob Curlee, FMO Joseph Dominque, OCISO Mike Perry, EA.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Systems Security Officer
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
TIPHON IP Telephony Implementation Association TIPIA Overview Ayse Dilber, Michael Blaschitz TIPIA Vice-Chair, TIPIA Chair
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Complying With The Federal Information Security Act (FISMA)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Enterprise NASA Will Peters August, 2010.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Confidentiality Integrity Accountability Communications Data Hardware Software Next.
IT Security Requirements Under the HITECH Act RA for MU and Continuous Monitoring Lisa Broome, RPMS ISSO.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
NMS Certification and Accreditation (C&A) Removal of Material Weakness for NMS Security and Access Controls Jim Craft USAID ISSO.
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
Privacy Project Framework & Structure HIPAA Summit Brent Saunders
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
EPA Geospatial Segment United States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program Segment Architecture.
1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Enterprise Cybersecurity Strategy
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
Information Security IBK3IBV01 College 3 Paul J. Cornelisse.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Government and Industry IT: one vision, one community Vice Chairs April Meeting Agenda Welcome and Introductions GAPs welcome meeting with ACT Board (John.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Emerging and Evolving Cyber Threats Require Sophisticated Response and Protection Capabilities  Advanced Algorithms  Cyber Attack Detection and Machine.
U.S. Department of Agriculture eGovernment Program Smart Choice Pre-Select Phase Transition September 2002.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
NIST SP800 53R4 WMISACA Conferance April 2016 By Dean E Brown CISSP, ISSMP, CSSLP, MCSD Owner – ITSecurityAxioms.com 262 Barrington Cir Lansing, MI
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
Information Security for Executives v1.0
Data Architecture World Class Operations - Impact Workshop.
Capabilities Matrix Access and Authentication
IS4680 Security Auditing for Compliance
John Carlson Senior Director, BITS
UW System Information Security
Vijay Rachamadugu and David Snyder September 7, 2006
Albeado - Enabling Smart Energy
Presentation transcript:

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

What is Security? 2 Security Architecture & Models Cryptography Security Management Access Controls & Methodology Laws, Investigations, & Ethics Applications & Systems Development Physical Security Operations Security Telecommunications & Networking Security Business Continuity Planning

What is Enterprise Security Architecture? 3 Enterprise Security Architecture is… …the strategic focus that enables the organization to carry out its mission in a secure manner What Drives Security Architecture? FISMA OMB A-130; Appendix III NIST Organization Policies and Procedures

Minimum Enterprise Security Architecture 4 All agencies must create a Security and Privacy Profile (SPP) that addresses, per OMB A-130; Appendix III: Encryption Malware Access Controls Identification & Authentication Audit Trail Creation & Analysis Intrusion Detection & Prevention Fraud Detection, Prevention, & Mitigation

Enterprise Security Architecture Answers… 5 The OMB SPP Helps Organize… Is the existing security program effective? Is risk being managed effectively? Are there any new laws or policies that need to be implemented? Planning Efforts for Future Requirements Current Requirements Capabilities Gap Analysis Efforts

Key EA Security Goals 7 EA Security Requirements Confidentiality Integrity Availability Enable advanced IT security capabilities Developed an IT security empowered workforce Improve IT security situational awareness Provide DOT-wide IT security services

Where Do These Efforts Fit Within the EA Framework? 8

Priorities For Addressing Integration of EA & Security 10 Streamline communication between Business Owners, ISSO’s, and Information Security Office Implement metrics that will effectively analyze the performance of security within DOT Information Systems EA Team Members must participate within Information Security working groups and Vice Versa Coordinate with Business Owners and the Information Security Office to develop the Trust Model Architecture

QUESTIONS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.