Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Critical Assets: Arizona’s Security & Privacy Initiatives

Published byClaud Cannon Modified over 5 years ago

Similar presentations

Presentation on theme: "Securing Critical Assets: Arizona’s Security & Privacy Initiatives"— Presentation transcript:

1 Securing Critical Assets: Arizona’s Security & Privacy Initiatives
This domain is the most complex in terms of understanding how we mange data and information and the systems supporting such data. The intent is to develop a representation of IT reality as it applies to the agency, COI’s and the enterprise. Most Internet-based services in the State are developed and presented separately, according to jurisdictional boundaries of an individual agency rather than being integrated cooperatively according to lines of business or function

2 Background Arizona has been Identity Theft Capital of U.S. for past 4 years AZ Government has Decentralized Service Delivery & IT Infrastructure Management Increasing Our Security Risks Citizens have ready access to public data (Web Portal, Google partnership, Arizona 2-1-1, etc.) All States subject to Federal Privacy Mandates: Health Insurance Portability and Accountability Act (HIPAA) Federal Information Security Management Act of 2002 (FISMA) Family Educational Rights and Privacy Act (FERPA) Pending Data Security Breach (Privacy Disclosure), etc.

3 AZ Security & Privacy Initiatives
Our Security & Privacy Activities have focused on: State Legislation Executive Policies State Initiatives

4 Legislative Actions GITA Duties as Statewide Strategic IT Planning and Oversight Agency Notification for Compromised Personal Information. Identifies appropriate information practices and protection of all personal information collected from its citizens and consumers. ***Current Pending Legislation - S.B – Proposes Statewide Information Security and Privacy Office to be Placed in GITA & Baseline Statewide Security Risk Assessment***

5 Executive Policy IT Enterprise Architecture developed in 2003 included Statewide IT Security & Privacy Policies, Standards and Practices (PSP). Project Investment Justification (PIJ) Process, Consulting & Monitoring Functions Cover Security & all other IT Areas. Advisory & Oversight Boards: Emergency Preparedness Oversight Council (EPOC) IT Security Advisory Committee (ITSAC) CIO Council (CIOs of largest State agencies) Program Participation: Multi-State Information Sharing & Analysis Center (MS-ISAC) Participation HIPAAZ Program

6 State Security & Privacy Initiatives
Annual Standards Compliance Assessment (TISA) Gap Closure Process Training & Awareness Linkage with BCPs & IT DR IT Security Training & Awareness Annual CIO Standards Awareness Training Annual BCP Coordinator Training (includes IT/DR) DES Training Pilot Business Continuity Planning IT Disaster Recovery Critical Business Function Resource Mapping Statewide Infrastructure Protection Center (SIPC) Incident Reporting Event Management

7 Resource References Arizona’s Statewide IT Enterprise Architecture, Quality Assurance, and IT Security Standards: GITA’s online assessment tools (PARIS, ISIS & TISA) allow streamlined IT planning, standards compliance assessment, and inventory reporting: Business Continuity/IT Disaster Recovery Planning guide:

8 Lessons Learned Privacy protection should drive IT Security standards.
Business Leaders must drive BCP, IT/DR, IT Planning & Standards Compliance for effective implementation. Risk Management should be tailored to level of risk: 30 “Group 1” BCP agencies (large, critical) 70 “Group 2” BCP agencies, boards, commissions) Different compliance & training for each group Business Impact Analysis (BIA) should target Critical Business Function (CBF) mapping. Agencies need actionable, documented & tested workaround procedures. Statewide Central Oversight & Control is needed in decentralized environments for security protection to be effective.

9 Government Information Technology Agency (GITA)
Questions/Comments Chris Cummiskey State CIO & Director Government Information Technology Agency (GITA)

Download ppt "Securing Critical Assets: Arizona’s Security & Privacy Initiatives"

Similar presentations

1 www.vita.virginia.gov IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1, 2013 www.vita.virginia.gov.

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Shared Technical Architecture’s Role within the ECIO Organization “Arkansas Shared Technical Architecture”

Shared Technical Architecture’s Role within the ECIO Organization “Arkansas Shared Technical Architecture”
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.

Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
OHIO OFFICE OF INFORMATION TECHNOLOGY. Even the agents are suffering…

OHIO OFFICE OF INFORMATION TECHNOLOGY. Even the agents are suffering…
OneMinnesota January 25, 2012 Carolyn Parnell OET Commissioner and State CIO.

OneMinnesota January 25, 2012 Carolyn Parnell OET Commissioner and State CIO.
Advisor: Jim French, Dept of Ecology Team Members: Scott Andersen, WSDOT Gary Duffield, DIS Doug Selix, OFM Thelma Smith, WSDOT Brian Sylvester, DOP.

Advisor: Jim French, Dept of Ecology Team Members: Scott Andersen, WSDOT Gary Duffield, DIS Doug Selix, OFM Thelma Smith, WSDOT Brian Sylvester, DOP.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Similar presentations

Ads by Google