Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Standards 2015 Update IIPS Security Standards Committee Roderick Brower - Chair.

Published byJohnathan Jordan Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security Standards 2015 Update IIPS Security Standards Committee Roderick Brower - Chair."— Presentation transcript:

1 Information Security Standards 2015 Update IIPS Security Standards Committee Roderick Brower - Chair

2 IT Standards Committee Officers Roderick B. Brower Chair (Ch. 1-Classifying Data & Legal Requirements) Deborah Joyner (Ch. 2-Securing the End User) Jeff Drake (Ch. 3-Securing the Network) Chuck Hauser (Ch. 4-Securing Systems) Karen Sasser (Ch. 5-Physical Security) Bambi Edwards (Ch. 6-Cyber Security Incident Response) Jodi Dyson (Ch. 7-Business Continuity & Risk Management)

3 How Did We Get Here? New document released from SCIO (January 2015) Extensive review by IT Standards Team started in July Will submit to SCIO (Post IIPS Conference) Seek approval from SCIO Yearly review of the IIPS Standards by IIPS Committee and based on releases from the SCIO

4 Highlights Manual has been reduced from 15 to 7 chapters Consolidation Reduction of redundancy Document getting better

5 CIOs Local College CIO is defined (Introduction Section) To manage and implement at local level First point of contact on issues of concern (conduit to State CIO) Work closely with Business & Finance area on PCI Compliance

6 Data Owners and Custodians 010101Classifying Information Responsible for data Responsible for data procedures (software development requests, testing, patch approvals) These individuals should be clearly defined and documented by title in college manuals

7 User Re-Certification 020101 Managing Access Control Standards User rights shall be reviewed and approved by data owners at six (6)-month intervals. Yearly?????

8 030107Time-Out Facility For some higher risk information systems, such as systems that process student or employee data, tax data, or credit card information, the requirement for a session idle timeout shall be 15 minutes or less, as determined by law or industry standards. The local college CIO should make the determination as to which system(s) should meet this timeout requirement.

9 System Configuration Manual 040407Systems Documentation Colleges should develop and maintain additional documentation that details hardware and software placement and configuration, provide flowcharts, etc. Documentation should include: Vendor name, address, and contact information License number and version Update information Configuration reports and listing for operating system and server software. Bios rev information Port listing

10 Passwords Managing User Access (020102) User credentials that are inactive for a maximum of ninety (90) days must be disabled, except as specifically exempted by the security administrator. Passwords defined (020106) At least eight characters in length Strong passwords for High Security Systems

11 Highlights 041002Using Laptop/Portable Computers Must adhere to College Acceptable Use Policy Training to raise user awareness of the additional risks that accompany mobile computing and the controls with which users must comply If not protected by encryption software, the BIOS password on such devices must be enabled if technically possible. Training to raise user awareness of the additional risks that accompany mobile computing and the controls that should be implemented.

12 Highlights Chapter 7 – Business Continuity and Risk Management Initiation Development Implementation Assessment Constant visitation of the plan, Constant improvement.

13 Incidents 060201 Reporting Information Security Incidents Incident Response Reporting Local CIO is first point of contact and handles reporting of incidents ITS is notified by local CIO

14 Local Implementation You do NOT have to re-write these standards at your local institution This manual should be referenced in your local Administrative Procedures Manual  Statement should reflect that all standards included in the NCCC Information Security manual are followed locally Any deviation from the manual needs to be documented locally and college needs to be prepared to justify the deviation

15 Looking Forward Living document (This document is not perfect) Manual will be updated as Statewide Manual is updated Edits will be sent out, reviewed, and adopted at the “upcoming” IIPS Conference (as needed)

16 Q&A Once approved by SCIO Official Document will be placed on IIPS website: http://www.nciips.org/ (About IIPS Tab)

Download ppt "Information Security Standards 2015 Update IIPS Security Standards Committee Roderick Brower - Chair."

Similar presentations

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
1 April 12, 2010 Information Security Officer Meeting.

1 April 12, 2010 Information Security Officer Meeting.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
PESO Meeting | June 11, 2014 1 TAC 213 Electronic and Information Resources Rule Review Jeff Kline Statewide Accessibility Coordinator Lon Berquist Technology.

PESO Meeting | June 11, TAC 213 Electronic and Information Resources Rule Review Jeff Kline Statewide Accessibility Coordinator Lon Berquist Technology.
Shared Technical Architecture’s Role within the ECIO Organization “Arkansas Shared Technical Architecture”

Shared Technical Architecture’s Role within the ECIO Organization “Arkansas Shared Technical Architecture”
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Computer Security Fundamentals

Computer Security Fundamentals
CORE Team / Data Governance / IT Standards Marcia A. Daniel, Ellucian Roderick B. Brower, Fayetteville Tech CC.

CORE Team / Data Governance / IT Standards Marcia A. Daniel, Ellucian Roderick B. Brower, Fayetteville Tech CC.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Network security policy: best practices

Network security policy: best practices
How To Prepare For A Procurement Audit Shabrel Hoyt-Davis Texas Comptroller of Public Accounts Procurement Review October 3, 2007.

How To Prepare For A Procurement Audit Shabrel Hoyt-Davis Texas Comptroller of Public Accounts Procurement Review October 3, 2007.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
General Awareness Training

General Awareness Training

Similar presentations

Ads by Google