Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Services Transition Weekly Program Management Working Session February 28, 2011 | Monday | 1:00 – 3:00pm.

Published byLucy Nicholson Modified over 8 years ago

Similar presentations

Presentation on theme: "IT Services Transition Weekly Program Management Working Session February 28, 2011 | Monday | 1:00 – 3:00pm."— Presentation transcript:

1 IT Services Transition Weekly Program Management Working Session February 28, 2011 | Monday | 1:00 – 3:00pm

2 Agenda IT Security: –Overview of List of "Services" identified to date –Discussion around Next Steps and Impacts on Other WGs / IT Service Areas (Jay Carter, Liz Egan, Christian Hamer) IT Service Delivery WGs: Checkpoint on 2 key templates –R1 Customer Input Summary; and –Enhanced IT Service Definition Template Foundational WGs: Round-robin status updates –Communications –HR –Finance 2

3 3 IT Security WG Debrief

4 IT Services Catalog - Security Agenda –Review approach to crossover services – RACI - Jay –Review KC Advisor feedback and proposed principles - Liz/ Jay/ Christian –Battle of the Catalogs: Multi-services vs. Bundled services - Jay/ Christian –University Obligations – Liz –Next steps

5 RACI Role Distinction Responsible The entity that actually performs the work to achieve the task. There is typically one entity designated as Responsible, although others can be delegated to assist in the work required. Ongoing management and support. Accountable The entity ultimately accountable for the correct and thorough completion of the deliverable or task, and the one to whom the Responsible entity is accountable. In other words, an Accountable entity must sign off (Approve) on work that the Responsible entity provides. There must be only one Accountable entity specified for each task or deliverable. Product management. Assure compliance and Approver sign-off. Consulted Those whose opinions are sought and potentially influence outcomes; and with whom there is two-way communication. Assure compliance and Approver sign-off. Informed Those who are kept up-to-date on progress, often only on completion of the task or deliverable; and with whom there is just one-way communication.

6 IT Services Catalog - Security Service Secure code analysis Description Provide a toolset for system owners and administrators to analyze static and dynamic code and deployed web applications against common security vulnerabilities. RACIResponsibleAccountableConsultedInformed IT SecurityAdministrative ITNon-admin IT developers Key Metrics

7 IT Services Catalog - Security Service Patch Management Description Provide administrators a mechanism to inventory managed endpoint devices for software patches installed and identify patches not installed. Validation includes verification of installation of applicable system patches against an established baseline. RACIResponsibleAccountableConsultedInformed Infrastructure Client Services Administrative IT Infrastructure Client Services Administrative IT IT SecurityCustomers Key Metrics

8 Information Security Services – Advisor Feedback Only list what I can order Describe the service I will receive, e.g., what will you do for me? Flatten services to combine complimentary services View through the eyes on the customer not IT

9 Information Security Services Before Feedback: Policy and Compliance Protection Services Response Services Monitoring, Detection and Testing Services Security Compliance Consulting Remediation Guidance Security Education After Feedback: Vulnerability Assessment, Penetration Testing and Code Analysis Digital Certificate Management Computer Security Incident Response and Digital Forensic Investigation Security Operations Center Security Consulting Security Education

10 Information Security Service Catalog – 1 st DRAFT ID# Service Name (core business svc bolded ; supporting svc ital ) Service Description Service Area Provided To Est. Timeframe (existing/new) Further Definition Req'd? ('grey areas') Comments Univ-wideCA/FAS Other Schools S1Policy and Compliance Services Security and Privacy Policy development and management as needed to meet legal and regulatory requirements and the evolving needs of the University. The Service includes Communication to all Harvard communities, and management of related Compliance program(s). IT Security Yes ExistingNo S1.1 Security Policy ProgramSecurity Policy is a set of requirements for the protection of Harvard confidential information, including High Risk Confidential and other information whose protection is required by law or regulation. The Program includes maintenance and evolution of the existing Harvard security policies (HEISP and HRDSP) and development of new policies as required by changes in regulations, University requirements, and experience with existing policies. IT SecurityYes ExistingNo S1.2 Privacy Policy ProgramPrivacy Policy is a set of requirements for what information can be collected, shared, and used in various situations. The Program includes the maintenance and evolution of Privacy policy and development of new policies as required by changes in regulations, University requirements, and experience with existing policies. IT SecurityYes New - by June 2012 No S1.3 Security and Privacy Policy Communication Outreach to ensure that individuals (faculty, staff, students) and service providers in the University community understand their responsibilities under University security and privacy policies. IT SecurityYes ExistingNo S1.4 Compliance ProgramA program for ensuring that all Schools and Central units annually assess and report their compliance with University security and privacy policies as well as regulatory requirements. IT SecurityYes ExistingNo S2Security Protection ServicesProtection services include guidance and standards on authentication, identity management, and endpoint protection. Advise and recommend tools/technologies such as firewalls, encryption, and patch management help secure endpoint devices (from mobile devices to servers) and applications. IT Security NoYes ExistingNo

11 Information Security Service Catalog – 2 nd DRAFT Service Name Service Description - Business Definition Service Area Provided To Est. Timeframe (existing/new) Further Definition Req'd? ('grey areas') With whom? For Data Validation Lists *DO NOT ALTER* ID# Univ- wide CA/FAS Other Schools Vulnerability Assessment, Penetration Testing and Code Review Scan IT hardware, Operating Systems, third-party software and web applications for security vulnerabilities, either on request or via a schedule. Present findings to resource owner and recommend remediation. Re-test to verify remediation effectiveness. IT SecurityNoYes ExistingNoAcad IT Digital Certificate Management Manage Root Certificates assigned to Harvard University by an accredited external Certificate Authority, for example, VeriSign, GeoTrust, Thwate, etc. Manage the University's Certificate issuance service to issue/revoke a digital certificate for authorized hardware, applications, etc. IT SecurityYes ExistingYes Computer Security Incident Response Digital Forensic Investigation Provide response services to a computer security event, for example, computer infected with malicious software, machine compromise, data breach, etc. Manage Incident Response effort. Investigate a computer security event to identify root cause, scope and escalation requirement. Provide reports and recommend mitigation and/or remediation where appropriate. IT SecurityYes ExistingYes Security Operations Center Aggregate security log data from infrastructure resources in real-time to monitor infrastructure resources and detect behavior consistant with a cyber attack, compromised machine, data breach, etc. Notify resource owner, and coordinate incident response. IT SecurityNoYes New - by June 2012 No Consulting Provide subject matter expertise across the Information Security discipline, including; Policy, firewall rule analysis, secure architecture and engineering, risk assessments, Regulatory/Policy compliance and vendor compliance review. IT SecurityYes ExistingYes Security Education Maintain Security Awareness Education materials for faculty, students, staff and researchers, including printed materials, online learning modules, presentations and security product education. IT SecurityYes ExistingYes

12 University Obligations Security and Privacy Policy University Compliance Management –Security, Privacy, HIPAA, FERPA, others? DMCA Management Law Enforcement Interaction

13 Security Services Catalog – Next Steps Define and refine consultative and core services Address varieties of consulting Define core platform Finalize required and bundled services High level review across all Service areas; address all required services

14 IT Service Delivery WGs Checkpoint on 2 Templates 14

15 15 IT Service Delivery WGs 1.R1 Customer Input Summary (see separate.doc template) Confirm purpose Confirm target due date: 3/7, Monday @ COB 2.Enhanced IT Service Definition Template (see separate.doc template) Still under development Will email out @ end of day today Next steps: email back feedback / high priority additional changes; email clarification questions, too

16 Foundational WGs Round-robin Status Updates 16

17 17 Program-wide Status Snapshot: Key Updates Only Working Group Notes on Updates High-level StatusKey Issues / Open Items Finance (Laurie Gamble) Continued piloting a scenario service suggested by Eric D’Souza Met with Gartner SMEs on Friday to understand related leading practices None reported HR (Kelly Imberman / Kim Castelda) Obtained approval from EVP Katie Lapp on new org structure + FY12 Funding Approach CISO Search: posted CISO position last Friday; CTO Search: continuing to receive and screen resumes, and preparing for Wave 1 interviews Continuing to work with Steering Committee to develop shared leadership competencies, specialized competencies, and related job descriptions – Client Services Service Area Leader next big priority, closely followed by Academic IT Service Area Leader Search and S&P Sr PMs (2 backfills) Standing issue: Immediate hiring needs occurring in tandem with org design impacting speed with which jobs can be posted; major staffing challenges on WG Communications (Vaughn Waters) Standing-up comms infrastructure ~70% complete Launched new iSite area for All-Staff Communications! Published FAQs! WG hiring update New org naming contest Major staffing challenges on WG 3-4 weeks behind on new org name contest (from original workplan and all-staff communications) Steering Committee (Cathy Cho Yoo) ~35% complete with detailed org planningNone reported

Download ppt "IT Services Transition Weekly Program Management Working Session February 28, 2011 | Monday | 1:00 – 3:00pm."

Similar presentations

Program Management Office (PMO) Design

Program Management Office (PMO) Design
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
1 IT Transition Team Infrastructure Workgroup Meeting # 11 And Appreciation Luncheon March 23, 2011 1:00pm-2:00pm

1 IT Transition Team Infrastructure Workgroup Meeting # 11 And Appreciation Luncheon March 23, :00pm-2:00pm
1 IT Transition Team Infrastructure Workgroup Meeting # 9 March 2, 2011 1:30pm-2:30pm

1 IT Transition Team Infrastructure Workgroup Meeting # 9 March 2, :30pm-2:30pm
February 23, 2011 | Wednesday | 10 – 11:30am | 6 Story St., 1 st Fl. IT Services Transition Transition Team Biweekly Program Briefing.

February 23, 2011 | Wednesday | 10 – 11:30am | 6 Story St., 1 st Fl. IT Services Transition Transition Team Biweekly Program Briefing.
March 28, 2011 | Monday | 1:00-2:30pm | 6 Story St. IT Services Transition Weekly Program Management Meeting.

March 28, 2011 | Monday | 1:00-2:30pm | 6 Story St. IT Services Transition Weekly Program Management Meeting.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
ECM Project Roles and Responsibilities

ECM Project Roles and Responsibilities
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
April 6, 2011 | Wednesday | 10 – 11:30am | 6 Story St., 1 st Fl. IT Services Transition Transition Team Biweekly Program Briefing.

April 6, 2011 | Wednesday | 10 – 11:30am | 6 Story St., 1 st Fl. IT Services Transition Transition Team Biweekly Program Briefing.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Similar presentations

Ads by Google