Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Program

Published byBaldric Gabriel Tate Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Security Program"— Presentation transcript:

1 Information Security Program
4/13/2018 Information Security Program March 22, 2017 Tom Ambrosi Chief Information Security Officer Template D Plain-white-dark

2 https://er.educause.edu/articles/2017/1/top-10-it-issues-2017-foundations-for-student-success

3

4

5

6 Penn State University President – Eric Barron
“We all will need to take additional steps to protect ourselves, our identities and our information from a new global wave of cybercrime and cyberespionage," Barron said in his statement. "Well-funded and highly skilled cyber criminals have become brazen in their attacks on a wide range of businesses and government agencies, likely in search of sensitive information and intellectual property.“ "In this particular case we are dealing with the highest level of sophistication," Barron said. "Unfortunately, we now live in an environment where no computer network can ever be completely, 100 percent secure.“ Mandiant "Advanced cyberattacks like this -- sophisticated, difficult to detect and often linked to international threat actors -- are 'the new normal,'" said Nick Bennett, Mandiant's senior manager of professional services. "No company or organization is immune -- the world's leading banks, energy companies, retailers and educational institutions have all been and will be targets."

7 Program Requirements/Drivers
4/13/2018 Program Requirements/Drivers Required to comply with Federal, State & Industry Standards & Regulations FERPA HIPAA PCI DSS v3.1 – 6.1, 10.6, 12.2 GLBA Washington State OCIO Policy 141 – Securing Information Technology Assets Template D Plain-white-dark

8

9 Program Governance Initiatives
Governance Structure Information Security Program Strategy Information Security Policies University Security Policy Update to University Data Policies Security & Privacy Accountabilities, Roles & Responsibilities Standards & Compliance Frameworks PCI, HIPAA Requirements / Drivers

10 Executive Perspectives on Top Risks for 2017

11 Executive Perspectives on Top Risks for 2017

12 Institutional Risk Areas For Public Research Institutions
Financial & Economic Conditions Ability to Recruit Quality Students, Faculty & Staff Business Continuity Physical Infrastructure WSU IT Infrastructure Legal & Regulatory Compliance Safety & Security Research Reputation & Brand Requirements / Drivers

13 Information Security & Privacy Risk Areas
Cyber Attacks & Data Security Advanced Threats to C-I-A Data Privacy Breaches Federal, State, Industry Regulations Legal & Regulatory Compliance Outsourcing & Cloud Computing Mobile Devices Incident Response Identity & Access Mgmt Education, Training & Awareness Business Continuity & Disaster Recovery Requirements / Drivers

14 Managing Security & Privacy Risk
Establish Risk Mgmt Framework Consistent with Enterprise Risk Mgmt Identify, Assess, Respond, Monitor Risk Mgmt Objectives Support Strategic Decision Making & Planning Allocate Resources Effectively Better able to meet Compliance Requirements Provide Optimized set of Risk Mitigations Enable University Mission & Business Objectives with acceptable level of risk Security & Privacy Risks are Institutional Risks Requirements / Drivers

15 Risk = Likelihood x Impact
Each Vulnerability/Threat Pair will be evaluated for Likelihood of Occurrence Impact Classification Risk Level Assigned

16

17

18

19 Responsibilities Protecting Data Security & Privacy is a shared responsibility Promote a Risk-Aware Culture Understand risks to your business & potential impacts to the University Be Proactive – Avoiding risk is Accepting risk Escalate critical risks to Senior Leadership Include risk assessment processes into business processes Ensure all employees are aware of their responsibilities Provide training for employees that is appropriate to their roles & responsibilities

20 4/13/2018 Questions? Template D Plain-white-dark

21 Executive Perspectives on Top Risks for 2017

22 Executive Perspectives on Top Risks for 2017

Download ppt "Information Security Program"

Similar presentations

Organizational Governance

Organizational Governance
IT Security Policy Framework

IT Security Policy Framework
Chapter 14 Fraud Risk Assessment.

Chapter 14 Fraud Risk Assessment.
Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.

Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Www.UE.org Emerging and Strategic Risk Management TASSCUBO Janice M. Abraham, President & CEO.

Emerging and Strategic Risk Management TASSCUBO Janice M. Abraham, President & CEO.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Similar presentations

Ads by Google