Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Development Initiative: Status & Next Steps

Published byRolf Neal Modified over 5 years ago

Similar presentations

Presentation on theme: "IT Development Initiative: Status & Next Steps"— Presentation transcript:

1 IT Development Initiative: Status & Next Steps
Tom Jackson Vice Chancellor of Information Technology and Chief Information Officer Campus IT Forum November 28, 2018

2 Agenda IT Development Initiative Information Resources Inventory
Data Governance and Resource Risk Classification Security Education Technology Update IT Audit Preparation Next Steps ncat.edu

3 IT Development Initiative

4 IT Development Initiative
ISO Standard Policies, Operating Standards and Baseline Procedures Information Security Management Projects to address IT security Compliance Information Security Assessments Staffing and Organization Filling IT leadership positions Technology and staff consolidation ncat.edu

5 ISO Standard Governance Policies Operating Standards
Enterprise Applications Governance formed Information Security Advisory Committee formed Information Security Incident Response Committee Academic/Client Advisory Committee to be formed Winter 2019 Policies Information Security Policy Updated November 16, 2018 Appropriate Use Policy adopted November 16, 2018 Operating Standards Incident Respond Standard developed and in use Access Control Standard developed Endpoint Security, Server Security and other standards under development ncat.edu

6 Information Security Management
Projects Eleven (11) completed, thirty-two (32) in progress or pending Vulnerability Scanning Third scan in progress Scan results have identified remediation projects Remediation Projects Two (2) completed, five (5) in progress or pending Projects added as issues identified Penetration Testing Began in November ncat.edu

7 Completed Project Accomplishments
Information Security Management Completed Project Accomplishments Security Projects Perimeter firewall upgrade Virtual Private Network (VPN) upgrade Core fiber loop Second NC-REN connection Craig Hall core switch migration Vulnerability Scanning Third scan in progress Remediation Projects CHHS server Employee Domain ncat.edu

8 In Progress Remediation Projects Security Education
Information Security Management In Progress Remediation Projects Banner database security Wendover endpoints Campus A/V systems ITS servers Network Security Network switch upgrade Network Access Control (NAC) Network device configuration management software Security Education KnowBe4 Training Data Stewards Training Office 365 Multifactor Authentication ncat.edu

9 Compliance Resource Inventory Information Security Assessments
Initial collection began with information security assessments Information Security Assessments Performed annually on each unit that manages technology First round Twelve (12) divisions and colleges assessed in 2018 Seven (7) divisions will be completed in January 2019 Assessments will flow into Information Security Program Reports and Roadmaps will provide guidance for compliance Information Technology Risk Assessment Spring 2019 ncat.edu

10 Information Security Assessments Conducted
Compliance Information Security Assessments Conducted Athletics Bluford Library Business & Finance Enrollment Management Human Resources Information Technology Services Strategic Planning and Institutional Effectiveness Student Affairs College of Agriculture & Environmental Science College of Engineering College of Science & Technology Joint School of Nanoscience and Nanoengineering ncat.edu

11 Staffing and Organization
Leadership Positions Filled Director, Client Technology Services Director, IT Project Management and Business Operations Director, Network and System Administration Hiring in Progress Associate Vice Chancellor for Data Governance and Business Intelligence Director, Enterprise Applications Associate Vice Chancellor for Information Technology and Deputy CIO ncat.edu

12 Staffing and Organization: Consolidation
College of Health and Human Sciences Consolidation in progress File services migration Domain migration Workstations Consolidation pending Staff ncat.edu

13 Information Resources Inventory

14 Information Resources Inventory
Data Hardware Software Must be maintained by division, college or department Provide regular updates to ITS Some inventory collected for information security assessments Remaining inventories to be collected Winter 2019 ncat.edu

15 Data Governance and Resource Risk Classification

16 Data Stewardship and Classification
Data Governance and Resource Risk Data Stewardship and Classification Data Classifications Added to Information Security Policy Determine the risk level of resources Resource security based on risk Basic level for all resources Additional security for resources with confidential or sensitive data Standards Data Governance Risk Management Planned for Spring 2019 ncat.edu

17 Security Education

18 Training Mandatory for all employees
Security Education Training Mandatory for all employees General training for all employees Specialized training System Administration Application Administration Data Stewardship KnowBe4 training software Begins in Winter 2019 ncat.edu

19 Technology Update

20 Technology Update Banner 9 Admin Pages in production
Banner 9 Self Service starting Winter 2019 Banner Document Management in production in seven (7) departments Web Site redesign underway Planned go-live summer 2019 Network access layer upgrades Network Access Control (NAC) and configuration management Classroom and computer lab updates ncat.edu

21 IT Audit Preparation

22 Audit Preparation Identify risks Prioritized plan to address risks
IT Audit Preparation Audit Preparation Identify risks Prioritized plan to address risks Show progress towards addressing risks ncat.edu

23 Identify Risks – Information Security Assessments
IT Audit Preparation Identify Risks – Information Security Assessments Based on ISO international standard Resource Inventory Completed 12 Assessments, 4 pending Several Processes In Place Immature Need documentation Need addition staff training in processes ncat.edu

24 Next Steps

25 Next Steps Continue development of governance
Continue creation of policies, standards and processes Complete first round of information security assessments Complete current projects Develop multi-year roadmap Finalize after division and department assessments Align with strategic plan and strategic priorities Align with enterprise risk management plan ncat.edu

26 IT Development Initiative
Status and Next Steps Questions? ncat.edu

Download ppt "IT Development Initiative: Status & Next Steps"

Similar presentations

CTS Initiatives July 24th, 2013. CTS Initiatives Schedule The CTS Initiatives Schedule provides a consolidated view of the work going on at CTS. This.

CTS Initiatives July 24th, CTS Initiatives Schedule The CTS Initiatives Schedule provides a consolidated view of the work going on at CTS. This.
Page 1 Organize for Success IST Organization Design January, 2013 MALCOLM BERNSTEIN CONSULTING.

Page 1 Organize for Success IST Organization Design January, 2013 MALCOLM BERNSTEIN CONSULTING.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Confidential Property of the University of Notre Dame Security From The Ground Up David Seidl Information Security Program Manager University of Notre.

Confidential Property of the University of Notre Dame Security From The Ground Up David Seidl Information Security Program Manager University of Notre.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
 Background on the AD project  Status on migrations  Migration process.

 Background on the AD project  Status on migrations  Migration process.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
K-State Information Systems Office Application Development Services Accomplishments for Calendar Year 2008 Last update: March 10, 2009.

K-State Information Systems Office Application Development Services Accomplishments for Calendar Year 2008 Last update: March 10, 2009.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.
Information Technology Assessment Review Presented to the Board of the State Center Community College District.

Information Technology Assessment Review Presented to the Board of the State Center Community College District.
FY2010 PEMP Notable Outcomes October 15, 2009. FRA, LLC Board of Directors 10/15-16/2009 Office of Quality and Best Practices Performance Evaluation Management.

FY2010 PEMP Notable Outcomes October 15, FRA, LLC Board of Directors 10/15-16/2009 Office of Quality and Best Practices Performance Evaluation Management.
Natick Public Schools Technology Presentation February 6, 2006 Dennis Roche, CISA Director of Technology.

Natick Public Schools Technology Presentation February 6, 2006 Dennis Roche, CISA Director of Technology.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO
System Center 2012 Certification and Training May 2012.

System Center 2012 Certification and Training May 2012.
PC MANAGER MEETING January 23, 2008. Agenda  Next Meeting  Training  Windows Policy  Main Topic: Windows AV Service Review.

PC MANAGER MEETING January 23, Agenda  Next Meeting  Training  Windows Policy  Main Topic: Windows AV Service Review.

Similar presentations

Ads by Google