Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPIA Web Application Introduction.

Published byAlbert Nichols Modified over 6 years ago

Similar presentations

Presentation on theme: "SPIA Web Application Introduction."— Presentation transcript:

1 SPIA Web Application Introduction

2 Privacy Impact Assessment What is SPIA? Security and
Annual risk assessment program conducted at School/Center level to identify privacy and security risks in databases and applications

3 Why SPIA is Important? Helps ensure information entrusted to Penn is properly protected Need to understand: What data Penn has on its systems What risks exist in our environment How those risks can be reduced or even eliminated Trustees recognize the need to create data inventories in order to assess risks to Penn data

4 SPIA 2.0 – Goals Simplify the SPIA program
Create one tool for inventory and risk assessment Provide ability to view data inventories Make risk assessment simpler, more flexible Raise awareness of controls/safeguards Make updates easier year-to-year Areas for improvement with the program

5 SPIA Web Application Automated assessments - no more spreadsheets/ s Role-based access controls allow for delegation of inventory creation Flexible approach to assessing controls and risk Populates selected information into an Executive Summary Data rolled over annually for easier updates Data will be stored in database to enable reporting

6 Administration “Asset” represents the item being assessed.
“Inventory” represents a collection of related assets. “Departments/Units” represent subgroups within a School/Center created for the purpose of organizing data inventories.

7 Roles & Responsibilities
Inventory Managers Create and edit inventories and assets within their Unit Multiple users available at this level View only those inventories and assets within their Department/Unit Assess/review all Department/Unit level assets for inclusion in an Executive Summary School/Center Administrator All of the above plus… Create Departments/Units Assign Inventory Managers Create an Executive Summary Push an Executive Summary and Final Inventory to InfoSec/Privacy A snapshot of the “Final” inventory will be taken annually at the time the School/Center submits it to InfoSec/Privacy.  

8 Roles & Responsibilities
InfoSec/Privacy Manage controls list Manage School/Center Administrators View all School/Center Inventories/Executive Summaries Provide Responses to Submissions Create Reports

9 Organizational Structure

10 Process Submit Inventories and Executive Summary to InfoSec/Privacy
Create and Assess Inventories of Assets Create Executive Summary Submit Inventories and Executive Summary to InfoSec/Privacy

11 Questions

Download ppt "SPIA Web Application Introduction."

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Intermediate Access: Center for Teaching Advancement and Assessment Research On Creating a Database from Scratch.

Intermediate Access: Center for Teaching Advancement and Assessment Research On Creating a Database from Scratch.
5/30/2012. Provides a method for finding services/data on the Exchange Network – discover data. Supports User Friendly Tools Can automatically collect.

5/30/2012. Provides a method for finding services/data on the Exchange Network – discover data. Supports User Friendly Tools Can automatically collect.
Request Material Information Use Case Item as created in Optiva. Supplier information request(s) can happen at any time. The same process works for Optiva.

Request Material Information Use Case Item as created in Optiva. Supplier information request(s) can happen at any time. The same process works for Optiva.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Nu Project Management Office A web based tool to Manage Projects.

Nu Project Management Office A web based tool to Manage Projects.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 4: Implementing and Managing Group and Computer Accounts.
Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide 1- 1.

Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide 1- 1.
1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.

1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Computerised Maintenance Management Systems

Computerised Maintenance Management Systems
PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME 1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal.

PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME 1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal.
New Products for 2009. ©  2009 ANGEL Learning, Inc. Proprietary and Confidential, 2 Update Summary Enrich teaching and learning Meet accountability needs.

New Products for ©  2009 ANGEL Learning, Inc. Proprietary and Confidential, 2 Update Summary Enrich teaching and learning Meet accountability needs.
Introduction to IT Governance Support System (ITGSS)

Introduction to IT Governance Support System (ITGSS)
Benefits of Online Testing: How Online Testing Can Simplify the Your Selection Process Copyright © 2007 Ramsay Corporation. All rights reserved.

Benefits of Online Testing: How Online Testing Can Simplify the Your Selection Process Copyright © 2007 Ramsay Corporation. All rights reserved.
© 2008 IBM Corporation ® IBM Cognos Business Viewpoint Miguel Garcia - Solutions Architect.

© 2008 IBM Corporation ® IBM Cognos Business Viewpoint Miguel Garcia - Solutions Architect.
Ashley Hawley. Project Description Business Need User Profiles Development Technology Testing Plan Deliverables Demonstration Conclusion.

Ashley Hawley. Project Description Business Need User Profiles Development Technology Testing Plan Deliverables Demonstration Conclusion.
Audit Planning Process

Audit Planning Process

Similar presentations

Ads by Google