Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Employees Retirement System October 31, 2007 Eric Sokol, CSD Administrator Jeffrey Marecic, ISD Administrator Senate Bill 583 Implementation.

Published byGerard Daniel Modified over 8 years ago

Similar presentations

Presentation on theme: "Public Employees Retirement System October 31, 2007 Eric Sokol, CSD Administrator Jeffrey Marecic, ISD Administrator Senate Bill 583 Implementation."— Presentation transcript:

1 Public Employees Retirement System October 31, 2007 Eric Sokol, CSD Administrator Jeffrey Marecic, ISD Administrator Senate Bill 583 Implementation

2 2 PERS SB 583 Program Components Incident Response Plan Incident Response Plan Eliminate Sending Personal Information Eliminate Sending Personal Information Information Security Program Information Security Program Issues Issues

3 3 HQ 72nd SDC VPN BHS Mercer Iron Mtn CitiStreet Salem PERS Rev-Q VPN FTP/VPN FTP Manual Saber VPN Internet VPN Manual D.O.R. Treasury Employers VPN Health Care Insurance Carriers Medical Advisors PERS Business Network

4 4 Two Incident Response Teams Two Incident Response Teams –Executive team makes policy and response decisions. –Security Breach Response Team (SBRT) works under the direction of the Executive team and provides coordination, analysis, procedures and actions associated with suspected breaches. Other Sections of Agency Get Involved as Needed Other Sections of Agency Get Involved as Needed Incident Response Plan Notification Best Practices Checklist Greatly Assisted in Developing This Plan

5 5 Incident Response Plan

6 6 Inventoried All System Generated Correspondence Inventoried All System Generated Correspondence Completed/Nearly Completed Completed/Nearly Completed –Remove SSN Completely Where Possible –Use Last 4 Digits Where Needed –Move to PERS ID in the Long Term Relaxed Procedural Requirements that Lead to Returned Documents in the First Place Relaxed Procedural Requirements that Lead to Returned Documents in the First Place Move to Redacting SSN and Personal Information on Member Records Requests Move to Redacting SSN and Personal Information on Member Records Requests Move to Secure FTP and VPN Instead of Tapes/Disks Move to Secure FTP and VPN Instead of Tapes/Disks Eliminate Sending/Transporting Personal Information Personal Information

7 7 Information Security Program Information Security Message Begins at the Top Information Security Message Begins at the Top Information Security is Everyone’s Job Information Security is Everyone’s Job Information Security Board Formed Information Security Board Formed Security Awareness Training Security Awareness Training –HR and ISD Leads the Training Effort – Division Administrators Ensure Compliance

8 8 Information Security Program Policies and Procedures Policies and Procedures –Review and Update Data Classification Data Classification Data/Document Labeling and Handling Data/Document Labeling and Handling ‘Clean Desk’ Provisions ‘Clean Desk’ Provisions Consultant/Contractor Compliance Consultant/Contractor Compliance

9 9 Physical Security Physical Security –Key Card Access to All Work Areas and Sensitive Information –Limited Access to Records Management Area –Monthly Review of Access System Information Security Program

10 10 Data Files Data Files –Network File Structure and Access –Data in Transport (Tapes, Disks, etc.) Encrypt Encrypt Password Protect Password Protect Log Movements (senders and receivers) Log Movements (senders and receivers) –Electronic Transfer (SFTP, VPN, EDX, Email) Encryption Encryption –Developer Environments Encrypted, Scrambled, Fictitious Data Encrypted, Scrambled, Fictitious Data Information Security Program

11 11 Backup Tapes Backup Tapes –Encrypt –Log movements Information Security Program

12 12 Information Security Program System Generated Reports System Generated Reports –Remove SSN Where Possible –Limit Internal Distribution to Those Who ‘Need to Know’ –Track Reports When Printed When Printed When Delivered (internally) When Delivered (internally)

13 13 Public Records Requests Public Records Requests –Redaction policy & procedure Information Security Program

14 14 Applications Applications –Remove SSN From Screens –Implement Role Based Access Control (RBAC) –Replace SSN as Account Identifier –ORION is Being Developed to Comply –RIMS will be retired Q4/2009 Information Security Program

15 15 Internal Audit Internal Audit –Provides Periodic Assessments of Agency Compliance to Information Security Program Information Security Program

16 16 ISSUES 3 rd party vendors out-of-state 3 rd party vendors out-of-state –Vendor Certifications Required? Members Sending Original Documents Members Sending Original Documents Public Records Requests Public Records Requests Member Records Requests Member Records Requests Movement of Personnel Files Movement of Personnel Files Employer Data Exchange (SSN vs Another Identifier) Employer Data Exchange (SSN vs Another Identifier)

Download ppt "Public Employees Retirement System October 31, 2007 Eric Sokol, CSD Administrator Jeffrey Marecic, ISD Administrator Senate Bill 583 Implementation."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
DOCUMENTATION Missouri Medicaid Audit and Compliance Provider Certification Review Materials.

DOCUMENTATION Missouri Medicaid Audit and Compliance Provider Certification Review Materials.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
Electronic Official Personnel Folder (e-OPF) for Federal Employees 2014.

Electronic Official Personnel Folder (e-OPF) for Federal Employees 2014.
Audits: How to Prepare and What to Expect Council of Senior Business Administrators Focus Session April 21, 2004 James Laird Assistant Dean for Finance.

Audits: How to Prepare and What to Expect Council of Senior Business Administrators Focus Session April 21, 2004 James Laird Assistant Dean for Finance.
Security Controls – What Works

Security Controls – What Works
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Data Exchange Standards in support of transaction processes 08 November 2004 Bonn, Germany Peggy Quarles Perrin Quarles Associates, Inc.

Data Exchange Standards in support of transaction processes 08 November 2004 Bonn, Germany Peggy Quarles Perrin Quarles Associates, Inc.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014.

Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014.
3-1. 3-2 Learning Objectives Discuss measures to address: –Physical Security –Technical Security –Administrative Security.

Learning Objectives Discuss measures to address: –Physical Security –Technical Security –Administrative Security.

Similar presentations

Ads by Google