The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.

Slides:



Advertisements
Similar presentations
Ways to Improve the Hazard Management Process
Advertisements

1 NORTH CAROLINA COUNCIL OF INTERNAL AUDITING October 31, 2007.
Information Technology Awareness Wayne Donald IT Security Officer.
January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.
Conservation District Supervisor Accreditation Module 6: Responsibilities and Duties of A Supervisor.
1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.
BENEFITS OF SUCCESSFUL IT MODERNIZATION
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.
Internal Audit Awareness
David A. Brown Chief Information Security Officer State of Ohio
Data Ownership Responsibilities & Procedures
Community Services Block Grant (CSBG) Program Federal Monitoring Update James Gray Program Specialist.
Security Controls – What Works
1 July 08, 2010 Information Security Officer Meeting.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
First Practice - Information Security Management System Implementation and ISO Certification.
Supplier Ethics: Program Checklist
Environmental Management Services
Internal Auditing and Outsourcing
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Los Angeles County Office of Education Division for School Improvement School Site Council (SSC) Training September 9 th 2008 Anna Carrasco From presentation.
Information Security Training for Management Complying with the HIPAA Security Law.
Minnesota’s Internal Control Initiative National Association of State Comptrollers March 25, 2011 Speaker Jeanine Kuwik, MBA, CPA, CISA Director of Internal.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
An Introduction to the Fairfax County Communication Strategy
DAS: State Controller's Division1January 2010 Department of Administrative Services State Controller’s Division Updated January, 2010.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
1 DOE IMPLEMENTATION WORKSHOP ASSESSING MY EMS Steven R. Woodbury
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
A DEPARTMENTAL PERSPECTIVE Drive Value through Compliance with the Green Book – Stop Checking the Box.
Roles and Responsibilities
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
July 10, 2008www.infosecurity.ca.gov1 What’s New!.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
1 August 18, 2010 Disaster Recovery Coordinators’ Meeting.
Geoffrey L. Beausoleil Assistant Manager, Office of Operational Support DOE Idaho Operations Office September 12, 2006 Presentation to DOE ISM Champions.
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
Systems Accreditation Berkeley County School District School Facilitator Training October 7, 2014 Dr. Rodney Thompson Superintendent.
January 8, 2009www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.
Action Tracker · Status Report | Bill Moss, Assistant Secretary Oct 6, 2015 Aging and Long-Term Support, Administration Background Group Topic / Strategic.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.
October 10, Better Together – The Road to Responsible Information Management Presented by Colleen Pedroza, State Information Security Officer.
National Public Health Performance Standards Local Assessment Instrument Essential Service:6 Enforce Laws and Regulations that Protect Health and Ensure.
Chief Compliance Officer
178, 178, , 108, , 208, 80 67, 184, 211 0, 99, 178 STAR-Transition Project October 2011.
Business Continuity Disaster Planning
OSAE sets the PACE: Premier Auditing Consulting and Evaluations! American Recovery and Reinvestment Act (ARRA) Readiness Review.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Business Continuity Planning 101
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Information Security Officer Meeting
Information Security Program
Securing Critical Assets: Arizona’s Security & Privacy Initiatives
Chapter 9 Control, security and audit
Wyoming association of sheriffs and chiefs of police
General Counsel and Chief Privacy Officer
Guide to the Single Plan for Student Achievement
Central New York HEALTH EMERGENCY PREPAREDNESS COALITION
Presentation transcript:

The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State Information Security Office March 2007

CA State Information Security Office 2 Our Vision Our Vision Leading the way to secure the State's information assets Leading the way to secure the State's information assets Our Mission Our Mission To manage security and operational recovery risk for the State's information assets by providing statewide direction and leadership To manage security and operational recovery risk for the State's information assets by providing statewide direction and leadership

CA State Information Security Office 3 Proposal to Move the SISO Governor’s Budget Proposal Governor’s Budget Proposal Consolidate SISO and Office of Privacy ProtectionConsolidate SISO and Office of Privacy Protection Move to State and Consumer Services AgencyMove to State and Consumer Services Agency Completed legislative trailer bill language establishing our authority Completed legislative trailer bill language establishing our authority Completed a BCP to increase the SISO by two additional positions Completed a BCP to increase the SISO by two additional positions Status – Discussions occurring in Senate hearings Status – Discussions occurring in Senate hearings

CA State Information Security Office 4 Top Risks for State Government Inadequate statewide policies, standards, and guidelines Inadequate statewide policies, standards, and guidelines Inability to stay current with existing policies and laws Inability to stay current with existing policies and laws Failure to comply with policies, regulations, and laws Failure to comply with policies, regulations, and laws Limited training and education for employees and contractors Limited training and education for employees and contractors Increased risks, threats, and vulnerabilities Increased risks, threats, and vulnerabilities

CA State Information Security Office Accomplishments Re-engineered our internal processes Re-engineered our internal processes Updated incident notification and reporting requirements Updated incident notification and reporting requirements Provided educating and training to state agency staff to improve their security/privacy programs Provided educating and training to state agency staff to improve their security/privacy programs Issued monthly newsletters Issued monthly newsletters Developed risk management best practices tool Developed risk management best practices tool Unveiled our new Web site at Unveiled our new Web site at

CA State Information Security Office 6 Major Initiatives for 2007 Ensuring that the legislative language is established in Government Code ( ) Ensuring that the legislative language is established in Government Code ( ) Updating and revising existing policies Updating and revising existing policies Continuing education and training awareness for information security and privacy Continuing education and training awareness for information security and privacy Developing more tools for risk self-assessment Developing more tools for risk self-assessment Developing ISO roles and responsibilities guidelines Developing ISO roles and responsibilities guidelines Developing Internet usage policy and guidelines Developing Internet usage policy and guidelines Coordinating efforts to align operational recovery and business continuity plans Coordinating efforts to align operational recovery and business continuity plans Developing a repository for templates, sample language, and tools Developing a repository for templates, sample language, and tools Establishing October as National Cyber Security month with a special executive management event Establishing October as National Cyber Security month with a special executive management event

CA State Information Security Office 7 Long-Range Initiatives Developing a strategy for establishing policies, standards, and guidelines Developing a strategy for establishing policies, standards, and guidelines Elevating departmental ISO role Elevating departmental ISO role Enhancing project documents (FSRs, SPRs, PIERs)Enhancing project documents (FSRs, SPRs, PIERs) Ensuring IT classifications include security componentsEnsuring IT classifications include security components Developing an ongoing training curriculum for ISOsDeveloping an ongoing training curriculum for ISOs

CA State Information Security Office 8 Direction of the State’s Security Program Policy Policy Developing, issuing, and maintaining statewide policy, standards, and guidelinesDeveloping, issuing, and maintaining statewide policy, standards, and guidelines Assistance/Advisory Assistance/Advisory Providing assistance and adviceProviding assistance and advice Providing training and educationProviding training and education Providing tools, templates, and samplesProviding tools, templates, and samples Compliance Compliance Ensuring statewide compliance through monitoring, reviews, and auditsEnsuring statewide compliance through monitoring, reviews, and audits

CA State Information Security Office 9 Privacy Component Work with Office of Privacy Protection to implement: Establish state agency privacy programEstablish state agency privacy program Guidance on privacy policy statementsGuidance on privacy policy statements IPA rules of conductIPA rules of conduct Privacy officer roles and responsibilitiesPrivacy officer roles and responsibilities Privacy awareness program elementsPrivacy awareness program elements Privacy contents for internal auditors’ checklist and trainingPrivacy contents for internal auditors’ checklist and training

CA State Information Security Office 10 Statewide Outreach Efforts Establishing our Office as the centralized point for dispersing information about threats, vulnerabilities, and important issues Establishing our Office as the centralized point for dispersing information about threats, vulnerabilities, and important issues Establishing ongoing trusting relationships with our partners Establishing ongoing trusting relationships with our partners Conducting meetings, presentations, special events Conducting meetings, presentations, special events Being accessible via phone, , and in person Being accessible via phone, , and in person

CA State Information Security Office 11 External Outreach Efforts Sharing with federal and local governments, universities and colleges, and other communities of interest Sharing with federal and local governments, universities and colleges, and other communities of interest Acting as California’s contact for the Multi- State Information Sharing and Analysis Center (MS-ISAC) Acting as California’s contact for the Multi- State Information Sharing and Analysis Center (MS-ISAC) Establishing a “Partners in Learning” at GTC 2007 West Establishing a “Partners in Learning” at GTC 2007 West Participating in presentations, discussions, committees, boards, and other activities Participating in presentations, discussions, committees, boards, and other activities

CA State Information Security Office 12 Contact Us Phone - (916) Phone - (916) General - General - Web site - Web site -

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.