Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pro-active Security Measures

Published byJocelin Eaton Modified over 8 years ago

Similar presentations

Presentation on theme: "Pro-active Security Measures"— Presentation transcript:

1 Pro-active Security Measures
David Mannering September 20, 2004 APPA Business and Financial Conference Jacksonville, Florida 1

2 Lincoln Electric System
Municipal utility in Lincoln, Nebraska 119,500 electric customers 450 employees at four sites 35 IT staff 2

3 IT Security 2

4 Technology Technology Hardware & software dedicated to security
Firewalls Anti-virus etc. Technology 2

5 Operational Procedures
Activities related to security Log monitoring Incident response Etc. Procedures Technology 2

6 User Practices User Practices Security awareness & actions
Company employees Vendors & Contractors Business Partners Procedures Technology Users 2

7 Policy Corporate policy Security policy Authority Responsibility
Standards Etc. Policy Procedures Technology Users 2

8 Security Structure Board & CEO Security Policy ISO-17799 Steering
Committee CIO Security Orgs CSO IT Staff Training Regulations Security Program IT Staff SLA’s Local Standards Operational Procedures Physical Security Security Education IT Infrastructure IT Architecture 2

9 Corporate Security Policy
Goal “We will secure our information systems” Authority Enforced by corporate management Responsibility Governance (Steering committee) Chief Security Officer (or equivalent) Standards ISO-17799 Method Security program 2

10 Corporate Security Program
Local standards ISO regulations & special conditions Influences security architecture Ties security to SLA’s Operational procedures Carried out by IT staff & users Connected to IT infrastructure Education Employee security awareness program Issues & current events Standards & procedures Vendor/contractor/partner security awareness 2

11 Proactive Methods Vulnerability Assessments
Internal Compliance Auditing Security Awareness Training Incident Response Drills Employee background checks Alertness to current issues & events 2

12 Vulnerability Assessments
Annually if possible Use external consultant Wholesale or Specialized scope Inform only those with need to know Act on the results Budget Staff performance goals Security program 2

13 Internal Compliance Auditing
Announced or stealth Have clear connection to policy Prioritized by a risk assessment Coordinate with internal auditors Escalating consequences for non-compliance Warnings, loss of access, etc. Act on patterns discovered Employee training Operational procedures 2

14 Security Awareness Program
Goals Make security part of the culture Well informed employees Employee education Annual classes Topical briefings Timely Announcements Partner & contractor awareness Compliance and confidentiality agreement Administration Management reporting 2

15 Incident Response Drills
Practice different kinds of incidents Hacking, theft, virus infection, etc. Write the incident report Have report reviewed by non-involved party Debrief the response team Discuss the “what if’s” Update procedures if necessary 2

16 Employee Background Checks
On hiring Employment history Educational History Criminal Records For critical positions Credit report Psychological testing Re-check periodically 2

17 Alertness Monitor external security organizations
CERT, Infragard, ES-ISACS. etc. Check the daily news CSO, SANS, Yahoo, Wired etc. Discuss security issues with your peers 2

18 Conclusion King Arthur: Where hides evil, then, in my kingdom.
Merlin: Always where you never expect it. Always. (Excalibur) 2

19 Business Card David Mannering Chief Information Officer
Lincoln Electric System (402) 2

Download ppt "Pro-active Security Measures"

Similar presentations

Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Security and Personnel

Security and Personnel
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works

Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.

The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Information Systems Security Officer

Information Systems Security Officer
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material.

Disclaimer Copyright Michael Chapple and Jane Drews, This work is the intellectual property of the authors. Permission is granted for this material.
Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness.

Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness.
Network security policy: best practices

Network security policy: best practices
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Similar presentations

Ads by Google