Enterprise Cybersecurity Strategy

Slides:



Advertisements
Similar presentations
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Advertisements

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
BENEFITS OF SUCCESSFUL IT MODERNIZATION
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
David A. Brown Chief Information Security Officer State of Ohio
Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
The topics addressed in this briefing include:
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Information Technology Audit
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
1. 2 IT innovations in specialized areas where competitors will have difficulty copying Excellence in design of processes and activities and how they.
HIPAA COMPLIANCE WITH DELL
Duke Medicine IT Strategy Jeffrey Ferranti, MD Chief Information Officer / VP Medical Informatics Duke Medicine April 17, 2015.
Security Architecture
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan May, 2009.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Eliza de Guzman HTM 520 Health Information Exchange.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Engineering Essential Characteristics Security Engineering Process Overview.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Working with HIT Systems
PMC Update on Cyber Sprint June 18, Overview: 30-Day Cyber Sprint 1.Interagency Cyber Sprint Team: Launched June 11 and executing against the.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
EGovOS Panel Discussion CIO Council Architecture & Infrastructure Committee Subcommittee Co-Chairs March 15, 2004.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Identity Assurance Emory University Security Conference March 26, 2008.
Cyber Security Management Lesson Introduction ●Understand organizational context for cyber security ●Understand the people, process and technology dimensions.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Government and Industry IT: one vision, one community Vice Chairs April Meeting Agenda Welcome and Introductions GAPs welcome meeting with ACT Board (John.
NSF FY 2006 Assessment: Organizational Excellence Advisory Committee for Business and Operations May 18, 2006.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
ISACA: 2016 AND BEYOND MATT LOEB (CGEIT, CAE) ISACA CHIEF EXECUTIVE OFFICER.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.
Information Management System Ali Saeed Khan 29 th April, 2016.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Agenda VA’s Transformation Continues
Information Security Program
Cybersecurity - What’s Next? June 2017
Attention CFOs How to tighten your belt and still survive May 18, 2017.
COMPTIA CAS-003 Dumps VCE
Assistant Vice President and Chief Technology Officer
MAZARS’ CONSULTING PRACTICE
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
IT Management Services Infrastructure Services
Presentation transcript:

Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology

Topics Creating an IT Organization that Supports Tomorrow’s VA Facing Our Challenges with TrAITs Closer Look: VA’s Enterprise Cybersecurity Strategy

OI&T’s Leadership is Moving VA into the Future

Facing Our Challenges with TrAITs “It’s our mission that the Veteran will be the vocal initiator driving every project, every decision for OI&T”

Why TrAITs TrAITs remind us to ask: How will the Veteran benefit from this piece of technology or this new decision? What benefit will this bring to a Veteran or their family?

Facing Our Challenges with TrAITs Transparency

Facing Our Challenges with TrAITs Innovation Teamwork

Closer Look: VA’s Cybersecurity Strategy “VA continues to face significant challenges in complying with the requirements of FISMA due to the nature and maturity of its information security program.” - Office of Inspector General, Federal Information Security Management Act Audits

Cyber Strategy Summary Today’s IT security organizations operate under tremendous threat Recent OPM attacks demonstrate significant risk to VA OI&T is leading the way with aggressive strategic planning and emphasis on Veteran-focused initiatives

Enterprise Cybersecurity Strategy Team “Nothing in IT is more important than protecting VA data and the information entrusted to us by Veterans.” LaVerne Council, Assistant Secretary for Information and Technology and Chief Information Officer

Enterprise Cybersecurity Strategy Team

Governance, Program Management, and Risk Management Key supporting disciplines for decision- making across VA within context of cybersecurity and privacy Balances needs of VA’s mission with protecting high value assets Includes continuous scanning of cybersecurity landscape to proactively position VA to address emerging threats Addresses risks, deficiencies, breaches, and lessons learned

Operations, Telecommunication, and Network Security Key supporting disciplines for securing VA information, data, and computing assets Includes people, products, and procedures to ensure data confidentiality, integrity, availability, assured delivery, and auditability of VA systems Addresses network, platform, and data security

Application and Software Development Disciplines needed to ensure applications used during provision of services to Veterans utilize the most secure practices for data storage, access, manipulation, and transmission Encompasses entire software lifecycle Software assurance, that is, the level of confidence VA software is free of vulnerabilities or defects that could lead to vulnerabilities, is a critical concern

Access Control (AC), Identification and Authentication (IA) Disciplines for reducing likelihood and impact of security incidents AC combines authentication and authorization processes that allow access to VA networks, hardware computing devices, and applications IA verifies a user, process, or device through specific credentials such as passwords, tokens, and biometrics as a prerequisite for granting access to system resources

Medical Cyber Focuses on devices not traditionally considered IT that can be networked or accessed electronically Must be protected from exploitation and from becoming operable vectors for cyberattacks as they collect and transmit PII and PHI Includes medical devices and “cyber physical” systems with similar electronic characteristics, such as HVAC and elevator systems

Security Architecture Key supporting disciplines for developing an enterprise information security architecture Supports business optimization Includes design and engineering skills needed to fully integrate security into VA’s overall business, applications, and IT systems architecture

Privacy Policy and legislatively driven requirements for PII and PHI Focused on implementing the “Best Practices: Elements of a Federal Privacy Program,” published by the Federal CIO Privacy Committee

Cybersecurity Training and Human Capital Hiring practices and skills maturation needed to create a workforce steeped in a culture of cybersecurity to proactively protect all data and information of the Veterans we serve

Enterprise Cybersecurity Strategy Team ECST will construct an accountable, actionable, near-, mid-, and long-range cybersecurity strategic plan that continuously considers and adapts to the newest technologies to secure VA’s IT enterprise. Identifying and addressing: Strengths Weakness Resources Constraints Capabilities, Drivers, Known and unknown threats

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.