1. Security and Privacy At The Human Resources Advisory Meeting Marcos Vieyra Chief Information Security Officer Division of Information Security Sarah Morrow Chief Privacy Officer Enterprise Privacy Office South Carolina Budget and Control Board 24Sep14

2. About Your Presenters http://www.linkedin.com/pub/marcos-vieyra/2/494/54ahttps://www.linkedin.com/in/sarahdmorrow

3. Ask Questions at Any Time

4. Information Security and Privacy – A Broad Perspective

5. State of SC – Information Security and Privacy Implementation Timeline ↓ [Sep 2014] Today ↑ [Mar 2013] B & CB Awards Deloitte Contract ↑ [Jul 2013] GA establishes DIS & EPO KEY DeloitteB & CB / DIS / DTO / EPOAgencies Self-Assessments Self-Assessment Life-Cycle [Jul 2015] Agency Self-Assessment, Phase 3 [Jul 2014] Agency Self-Assessment, Phase 2 [Jul 2013] Agency Self-Assessment, Phase 1 Tool Created DIS / EPO Guidance [Mar 2015] Agency Awareness Training, Continuing [Mar 2014] Agency Awareness Training, First Cycle [Feb 2014] Plan, Pilot [Jun 2013] RFP Awareness Training DIS / EPO Revisions & Guidance Professional Training Life-Cycle [Jul 2015] Professional Training Phase 2 [Jun 2014] Professional Training Phase 1 [Nov 2013] Staff Survey, Skills Assessment DIS / EPO Revisions & Guidance Security Professional Development Policy Revision Life-Cycle [Sep 2014] Policy Handbook Published, Agencies Implement [Mar 2014] Agency Policy Workshops [May 2013] Security Policy Devel. DIS / EPO Revisions & Guidance Security Policy & Data Classification FutureFY 2016FY 2015FY 2014FY 2013 ∞ ↑ [May 2013] Deloitte May Report Risk Assessments ↑ [Oct 2013] Interim Report ↑ [Jul 2014] Deloitte Final Report [Jun 2013] Task B 15 Agencies Task A 3 Agcy [Jul 2016] Additional Technologies [Jul 2015] Additional Technologies [Nov 2013] Initial Technologies, Overlapping/Phased Architecting, Planning, Deployment [Jul 2013] Procurem’t Security Technologies

6. IT Security and Privacy- HR Advisory Meeting – People Professional Development Program – 3 Essential Questions Individual : How do I develop my information security career? Agency : How do I close my agency’s information security skill gaps? State : How do I ensure South Carolina has an adequate information security workforce? Ultimate goal : Adequately protect our State’s information assets.

7. IT Security and Privacy- HR Advisory Meeting – People Professional Development Program – Another View All Staff : Need Information Security Awareness IT Staff : Need Information Security Training IS Staff : Need Information Security Career Path(s) Ultimate goal : Adequately protect our State’s information assets.

8. IT Security and Privacy- HR Advisory Meeting Employee Awareness Training – 8 Courses Available Located at: https://sc.thesacschools.com

9. IT Security and Privacy- HR Advisory Meeting Introductory Training – In the Queue http://www.sans.org/onsite/course/intro-information-security

10. IT Security and Privacy- HR Advisory Meeting Foundational Security Training for IT Staff – Delivered June 2014 http://www.sans.org/onsite/course/security-essentials-bootcamp-style

11. IT Security and Privacy- HR Advisory Meeting Information Privacy Training https://privacyassociation.org/certify/cipp/

12. IT Security and Privacy- HR Advisory Meeting Professional Development Program – Work in Progress

13. IT Security and Privacy- HR Advisory Meeting Professional Development Program – Work in Progress

14. IT Security and Privacy- HR Advisory Meeting Professional Development Program – Work in Progress

15. IT Security and Privacy- HR Advisory Meeting Professional Development Program – Work in Progress

16. IT Security and Privacy- HR Advisory Meeting Professional Development Program – Work in Progress

17. IT Security and Privacy- HR Advisory Meeting Thank you! http://dis.sc.gov Marcos Vieyra and Sarah Morrow South Carolina Budget and Control Board Division of Information Security Marcos.Vieyra@cio.sc.gov smorrow@cio.sc.gov