Presentation is loading. Please wait.

Presentation is loading. Please wait.

DSC Contract Management Committee Meeting

Published byRandall Nelson Modified over 4 years ago

Similar presentations

Presentation on theme: "DSC Contract Management Committee Meeting"— Presentation transcript:

1 DSC Contract Management Committee Meeting
July 19 DSC Contract Management Committee Meeting Information Security Presented by Vinnie Bhanderi 17 July 2019 Internal Use Only

2 Security Improvement Programme
July 19 Project Work stream Key Action Deliverable Information Security Governance Establish Steering Committee to oversee information security programme Establish Information Security Board Information Security Steering Committee held monthly with senior management/executives with defined terms of reference Define and published security architecture principles for information, systems and services [COMPLETED OCT 2018] ISSC will now be a XEC Sub-Committee with focus time to discuss and track information security performance. A new Terms of Reference has been circulated and is planned to be active from 5 August 2019. Education Training and Awareness Information Security training & awareness governance General awareness campaigns on an on-going basis GCHQ Approved Vendome Selected Provide computer based training for all staff and measure compliance for completion. Phase 3 window has now closed with 80% of assessments completed [12 July] Phase 4 will commenced on 15 July Additional licenses required due to increase in people since launch, [439]. Handover activities continue between Training team and Cybsafe. Data Protection Obtain expert advice on data protection and legal and regulatory issues Measure ongoing compliance Discovery phase completed end of Dec 2018 Remediation and improvement embedding commenced with support from 3rd Party DPA Consultancy and virtual DPO service SOW signed and Purchase Order raised, Service initiated for DPO as a Service Communication update in progress to inform business of changes and new service Security Monitoring Focus on security incident management, root cause analysis and management metrics for reporting Define scope of activity for security operations: e.g. vulnerability assessment (VA), security testing, data loss prevention, threat intelligence and forensic investigations Phased approach with UK Link by end of March 2019 Gemini by end of April 2019 Rest of IT Infrastructure estate by end of May 2019 TCS refinement continues well with sensitivity of alerts adjusted to better align to Xoserve needs Wipro action plan in place to bring full service up to required and contracted levels within 2 weeks. [end of July] Use Case configuration is now complete and 35 Use Cases now LIVE against UK Link.

3 Security Improvement Programme
July 19 Project Work stream Key Action Deliverable Information Security Management System (ISMS) Develop a consistent approach for assessment of information security risk and embed within the organisation. Maintain ISMS documentation to meet ISO standard. Review and address any audit findings Assess the danger of third parties who hold or manage Xoserve proprietary or client data Update key documentation to align with the requirements of the standard. Take corrective action to address non conformances from internal audit. Publish 3rd party reviews that have been conducted. Refresh of the Important Information Asset Register in progress and general updates to internal Security Incident Management documentation Update to security guidelines and principles in progress Next BSI audit on 29 July 2019 Unified Control Framework (UCF) Develop a consistent approach for information security controls to ensure baseline security requirements are understood and embedded. Volunteering to include Network and Information System (NIS) Directive Continue to assess using baseline controls from ISO27001 Extend baseline security controls by selecting NIST Cybersecurity framework Publish fit for purpose framework with details of control requirements against NIS Directive, NIST and ISO27001 standards/frameworks Assess environment to understand maturity and identify gaps Continue to monitor against the UCF and adjust as necessary to meet both business and external obligations/requirements. NOTE: ISO27001 certification remains in place to provide assurance to stakeholders. No further action to take place. Project progressing through close down activity. Critical Business Application Review Develop a consistent approach for assessment against recognised industry frameworks for application security review of top business application. Select and agree top critical business application Completed review of top business critical application Remediation plan defined and treatment plans signed off by security governance Raw data provided and report issued. Update provided to SIP Steerco and ISSC, further remediation required to meet the UCF. No further actions for SIP 1.0 – Project Closure activities taking place and handover to BAU

Download ppt "DSC Contract Management Committee Meeting"

Similar presentations

Environmental Management System Implementation

Environmental Management System Implementation
[Organisation’s Title] Environmental Management System

[Organisation’s Title] Environmental Management System
Environmental Management Systems Refresher

Environmental Management Systems Refresher
Session 3 – Information Security Policies

Session 3 – Information Security Policies
ASPEC Internal Auditor Training Version 1.0 2013.

ASPEC Internal Auditor Training Version
Quality Representative Training Version 1.0 2014.

Quality Representative Training Version
Senior Stakeholder Forum Wednesday 19 th June 2013.

Senior Stakeholder Forum Wednesday 19 th June 2013.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Deakin Richard Tan Head, Information Technology Services Division DEAKIN UNIVERSITY 14 th October 2003.

Deakin Richard Tan Head, Information Technology Services Division DEAKIN UNIVERSITY 14 th October 2003.
Quality Assurance. Identified Benefits that the Core Skills Programme is expected to Deliver 1.Increased efficiency in the delivery of Core Skills Training.

Quality Assurance. Identified Benefits that the Core Skills Programme is expected to Deliver 1.Increased efficiency in the delivery of Core Skills Training.
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC 27001 Standard for Information Security Management Systems.

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
Introduction to the ISO 27000 series ISO 27000 – principles and vocabulary (in development) ISO 27001 – ISMS requirements (BS7799 – Part 2) ISO 27002 –

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –
10/20/2015 1 The ISMS Compliance in 2009 GRC-ISMS Module for ISO 27001 Certification.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
Item 5d Texas RE 2011 Budget Assumptions April 19, 2010 2011 Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,

Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,
Guide - Recordkeeping for business activities carried out by contractors Natalie Dewson Senior Advisor Government Recordkeeping Programme Archives New.

Guide - Recordkeeping for business activities carried out by contractors Natalie Dewson Senior Advisor Government Recordkeeping Programme Archives New.
1) Establish & Identify Scheme 5) Evolve Scheme 4) Review & Modify Scheme Deliverables 3) Operate the Framework 2) Manage Performance Assurance Scheme.

1) Establish & Identify Scheme 5) Evolve Scheme 4) Review & Modify Scheme Deliverables 3) Operate the Framework 2) Manage Performance Assurance Scheme.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.

ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.

Similar presentations

Ads by Google