Presentation is loading. Please wait.

Presentation is loading. Please wait.

November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.

Published byColin Johnston Modified over 8 years ago

Similar presentations

Presentation on theme: "November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza."— Presentation transcript:

1 November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza

2 November 13, 2008www.infosecurity.ca.gov2 Policy Releases  MM 08-10 - Industry Standard Terminology For Disaster Recovery  MM 08-11 - Safeguarding Against and Responding to an Information Security Breach involving Personal Information  SIMM 65D - Security Breach Involving Personal Information: Requirements and Decision-Making Criteria for State Agencies  Forthcoming Q1 2009: MM on Incident Management for State Agencies  Add definition(s) for incident, etc  Update reporting criteria and forms  OISPP to provide incident management training

3 November 13, 2008www.infosecurity.ca.gov3 Current OISPP Projects  Enterprise Security Strategic Plan  FSR for an Automated Incident Management System (OHS Grant Funded)  Online Cyber Security and Privacy Training (OHS Grant Funded)  Policy Gap Analysis  Data Exchange Agreement Guidance and Model Templates Document  Information Security Leader Academy (ISLA)

4 November 13, 2008www.infosecurity.ca.gov4 Update on 2009 Compliance Documents DR Plans Due by October 15th 29 Disaster Recovery Plans were due 21 were filed Form Updates SIMM 65A, 70B, 70D forms were revised to reflect the change to Disaster Recovery from Operational Recovery.

5 November 13, 2008www.infosecurity.ca.gov5 Update on 2009 Compliance Documents SIMM 70A Form was revised to: CHANGE: Reflect the change to Disaster Recovery NEW: Require a Privacy Program Coordinator back-up NEW: Require classification be provided for designated back-ups NEW: Require an organization chart indicating the reporting structure for the designees be attached to the Form NEW: Safeguard language added to the footer *Please note that the form allows for more than one individual to be an authorized designee for the Director

6 November 13, 2008www.infosecurity.ca.gov6 Update on 2009 Compliance Documents SIMM 70C Form was revised to:  Change: Reflect the change to Disaster Recovery  NEW: Check boxes added to each component of a fully developed Risk Management and Privacy Program.  Revised: Expansion of the SAM sections to address: Date of your agency’s last Risk Assessment Date the remediation activities were completed  There are NO new policy requirements on this Form  Removed: the bullet stating, “Compliance with the state audit requirement relating to the integrity of information and security incident reporting requirements. See SAM Section 20000.”  NEW: Safeguard language added to the footer.

7 November 13, 2008www.infosecurity.ca.gov7 Update on 2009 Compliance Documents  To meet the January 31, 2009 filing requirements, agencies must file the revised: Form 70A dated November 2008. This form may be signed by the Director or the Director’s Designee. However, if the Designee is not on file with our Office, the form will be returned with a letter indicating that it did not have the authorized signature. Form 70C dated November 2008. It must be signed by the Director or agency head. Old forms submitted will be returned to the Director with a letter indicating that the revised form must be submitted.

8 November 13, 2008www.infosecurity.ca.gov8 Questions?

Download ppt "November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.

January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Agricultural Research, Extension and Education Reform Act (AREERA) Program and Administrative Update May 25, 2011.

Agricultural Research, Extension and Education Reform Act (AREERA) Program and Administrative Update May 25, 2011.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
1. All pages of the completed Internet Recharter must be submitted for processing. If they are not submitted with the package your charter will be held.

1. All pages of the completed Internet Recharter must be submitted for processing. If they are not submitted with the package your charter will be held.
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
Head of IS Branch Assistant Director Business Operations Crime Input Unit Occupation Checks Unit Property & Logistics Information Governance Information.

Head of IS Branch Assistant Director Business Operations Crime Input Unit Occupation Checks Unit Property & Logistics Information Governance Information.
OMB A-123 Update CRT April 20, 2015 Mike Wetklow

OMB A-123 Update CRT April 20, 2015 Mike Wetklow
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
ERSEA Training April 17, /17/2015

ERSEA Training April 17, /17/2015
DES Providers Webinar DES Guideline Changes 3.00 PM Tuesday 14 January 2014.

DES Providers Webinar DES Guideline Changes 3.00 PM Tuesday 14 January 2014.
1-1 Create and Enforce Sell-Side Contracts with Oracle Sales Contracts.

1-1 Create and Enforce Sell-Side Contracts with Oracle Sales Contracts.
Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum 21 CFR Part 11 Considerations November 14, 2002.

Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum 21 CFR Part 11 Considerations November 14, 2002.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Westminster City Council and Westminster Primary Care Trust Voluntary Sector Funding 2009/10 Voluntary Sector Funding Eligibility, Application Form Funding,

Westminster City Council and Westminster Primary Care Trust Voluntary Sector Funding 2009/10 Voluntary Sector Funding Eligibility, Application Form Funding,
Session 71 National Incident Management Systems Session 7 Slide Deck.

Session 71 National Incident Management Systems Session 7 Slide Deck.
National Incident Management System. Homeland Security Presidential Directive – 5 Directed the development of the National Incident Management System.

National Incident Management System. Homeland Security Presidential Directive – 5 Directed the development of the National Incident Management System.

Similar presentations

Ads by Google