Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transporting Information Assets Communications Forum Theresa Masse, Chief Information Security Officer State of Oregon.

Published bySabrina Walsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Transporting Information Assets Communications Forum Theresa Masse, Chief Information Security Officer State of Oregon."— Presentation transcript:

1 Transporting Information Assets Communications Forum Theresa Masse, Chief Information Security Officer State of Oregon

2 Topics Best Practices Best Practices Q & A Q & A

3 Best Practices - Safeguards Use encryption Use encryption Maintain an exact copy Maintain an exact copy Store media in a locked room or cabinet Store media in a locked room or cabinet Limit access to those with a need Limit access to those with a need

4 Best Practices - Employees Employees who transport should: Employees who transport should: Read and understand all applicable written policies and procedures. Read and understand all applicable written policies and procedures. Seal hard copy documents in an envelope marked with street address and phone number. Seal hard copy documents in an envelope marked with street address and phone number.

5 Best Practices - Employees Employees who transport should: Employees who transport should: Maintain physical control throughout transport. Maintain physical control throughout transport. Ensure protection from view by unauthorized personnel. Ensure protection from view by unauthorized personnel.

6 Q & A Q How does this policy relate to the Information Asset Classification levels? A Based on business requirements and needs, an agency needs to determine if an information asset is confidential/sensitive and classifying the information asset contributes to making this decision

7 Q & A Q Does this policy apply to assets transported from office location to office location within an agency? A Anytime confidential/sensitive information assets are transported they must be protected.

8 Q & A Q Who approves the carrier, DAS or the agency? A The term “management” in the policy means agency management.

9 Q & A Q Can an agency still use the U.S. Postal Service (USPS) to send confidential/sensitive information? A Some confidential/sensitive information may be sent through USPS. Agencies need to determine appropriate levels of protection are in place before sending.

10 Q & A Q What is meant by the following requirement "The number, type, and destination of media must be clearly delineated on a form inside the package"? A Examples: 2 Tapes to DAS-SPO 2 Tapes to DAS-SPO 10 Job Applications to DAS-HRSD 10 Job Applications to DAS-HRSD

11 Q & A Q Is the state renegotiating carrier contracts at a statewide level? A No, DAS is reviewing all statewide carrier contracts and will look for opportunities to improve terms and conditions in future contracts.

12 Q & A Q If an agency is not compliant with the policy how will this impact the agency when audited? A If an audit finds that an agency is not compliant with this policy, agency management can explain the circumstance and agency progress when responding to the findings.

13 Q & A Q Is there insurance to cover a breach? A The current focus is on the prevention of a breach and insurance options are being evaluated.

14 Thank You Other Questions Other Questions Contact: Eva.Doud@state.or.us Contact: Eva.Doud@state.or.usEva.Doud@state.or.us

Download ppt "Transporting Information Assets Communications Forum Theresa Masse, Chief Information Security Officer State of Oregon."

Similar presentations

Compliance storyboard: Classifying & controlling content at the input device.

Compliance storyboard: Classifying & controlling content at the input device.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Child Safeguarding Standards

Child Safeguarding Standards
Internal Controls What Are They And Why Should I Care? 1.

Internal Controls What Are They And Why Should I Care? 1.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
BONDS, CRIME and PROPERTY FARA on the behalf of the Office of Risk Management Revised 06/2011.

BONDS, CRIME and PROPERTY FARA on the behalf of the Office of Risk Management Revised 06/2011.
Transportation/Fleet Safety and Environmental Safety Travel - Hazardous Materials Transportation Security- Sandra J. Perry Consulting Services & Treatment.

Transportation/Fleet Safety and Environmental Safety Travel - Hazardous Materials Transportation Security- Sandra J. Perry Consulting Services & Treatment.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Record Management Medical Center Administrative Group Fall Symposium November 15, 2000 University Audit.

1 Record Management Medical Center Administrative Group Fall Symposium November 15, 2000 University Audit.
Information Systems Security Officer

Information Systems Security Officer
Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.

Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.
Information Asset Classification

Information Asset Classification
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.

Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Mark Brett IA Advisor May 2009 Introducing Protective Marking for Local Authority Use.

Mark Brett IA Advisor May 2009 Introducing Protective Marking for Local Authority Use.

Similar presentations

Ads by Google