INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT. Doomed by Design: Unearthing the Problems with Government Security Programs
|
|
- Geraldine Hancock
- 8 years ago
- Views:
Transcription
1 INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Doomed by Design: Unearthing the Problems with Government Security Programs Christopher Buse Assistant Commissioner & State CISO June 12, 2014 AGENDA State of the States Minnesota Plan Q&A
2 The State of the States Security significantly underfunded Diverse security posture between states Underlying data soft and sometimes unavailable Fragmented governance
3 14% CISOs believe that they have executive support 24% CISOs are confident in protecting state assets 86% CISOs cite funding as their key barrier 680% Increase in significant threats over past 5 years Most States Only Spend Between 1-2% of the IT Budget on Security 0 Government Spending Private Sector Spending
4 46% CISOs have a documented strategy 30% CISOs plan to develop a written strategy 82% CISOs are responsible for measurement and reporting 8% CISOs attempting to measure program effectiveness Good news: The enterprise CISO position is now firmly entrenched in most states Bad news: The enterprise CISO position is often one of coordinating cross-agency resources Limited ability to drive actions across organizational boundaries Security spend outside the control of the CISO
5 Executive Support Freedom To Act Resources Comprehensive Plan Is Your State Security Program Doomed by Design? It s Not Just Retail One of over 2,000 negative headlines on the recent South Carolina breach Hackers gain access to 780,000 individual health records 10
6 The Minnesota IT Consolidation Plan What About Us? Minnesota: a microcosm of the national scene Strong executive support Strategic and tactical plans Security spend is insufficient 2010 legislative study: State of Minnesota spend is 2% of state budget vs. industry standard investment of 5% Overall reduction in security spend in FY13 Silos of agency-based IT Restricted our ability to leverage economies of scale Hampered our ability to implement enterprise security strategies
7 IT Security Consolidation Plan Published in April 2014 Describes the desired end state, yet recognizes Reaching that end state will take a long-term commitment We need to use our existing resources better Outlines a shift in the service delivery model Establishes centrally delivered services Creates line of business security teams Details the breakdown of work between central and line of business teams Focuses on a subset of services to address first The Basic Concept: Consolidated Services Information Security program management Enterprise Services Delivered to All We will reorganize security resources into a single management structure that creates consistency and aligns resources Those services deemed to be enterprise services will be delivered by a centralized security team
8 The Basic Concept: Close-to-Business Services Even if we consolidate the common security services, we still don t have the resources for each agency-based office to manage close-to-the-business security services Close-to-Business Security Cluster 1 Cluster 2 Cluster 3 Cluster 4 Cluster 5 Cluster 6 Our plan is to cluster security teams into lines of business to provide closeto-the-business services to groups of agencies with similar business/security requirements sharing resources, but keeping the specialization where it needs to be The Basic Concept: Effective allocation of resources Staff will be assigned to a cluster or to the enterprise services based on their current work and expertise. Cluster 1 Cluster 2 Cluster 3 Cluster 4 Cluster 5 Cluster 6 Close-to-thebusiness services Close-to-thebusiness services Close-to-thebusiness services Close-to-thebusiness services Close-to-thebusiness services Close-to-thebusiness services Information Security program management Enterprise Services Delivered to All
9 Identity and Access Management Information Security Risk and Compliance Business Continuity and Disaster Recovery Information Security Training and Awareness Secure System Engineering Realigning Work Close-to-the-business services focus on implementation at the business and application level Information Security Incident Response and Forensics Information Security Program Management Information Security Monitoring Continuous Vulnerability Management Boundary Defense Endpoint Defense Physical Security Single management conserves resources and drives consistency Enterprise delivers common functions and tools to all Health Safety Environment General Government Economy Education Health BDs (17) Corrections Agriculture Administration Commerce Education Health Public Safety Animal Health BD Campaign Finance Commerce BDs (3) Arts BD Human Services Transportation Natural Resources Capital Area Architect BD AURI Center for Arts Education Ombudsman MH/DD POST BD Conservation Corps Investment BD Amateur Sports CM High Ed Facilities Authority Veterans Affairs Private Detectives BD Pollution Control MN.IT Combative Sports CM MN State Academies MNsure Sentencing Guidelines BWSR MMB Explore MN Office of Higher Education Ombudsman Families Racing CM MN Zoo Mediation Services DEED Targeted Councils (5) Uniform Laws CM Administrative Hearings Labor & Industry Workers Comp Court Governor Public Utilities CM Gambling Control Human Rights Revenue
10 A Look Ahead: Industry Trends Does Your Organization Have a Central Security Team? Does Your Organization Have Local Security Groups? Creating Central Group, 3% No Central Security, 4% Central Security Team, 94% Only Central Security 56% Use Local Security Groups 44% Conclusion: MN.IT s Proposed Model Aligns Well With National Trends Assistant Commissioner & CISO Information Standards and Risk Management Assistant Commissioner Service Delivery Enterprise Architect Information Security Oversight Director Client Computing & Customer Support Director Infrastructure as a Service Director Secure Systems Engineering Governance, Risk, & Compliance Endpoint Defense Border Defense Business Continuity Vulnerability Management Identity and Access Management Physical Security Information Security Incident Response Team Health LOB Service Delivery Team Safety LOB Service Delivery Team Environment LOB Service Delivery Team General Govt LOB Service Delivery Team Economic LOB Service Delivery Team 20 Education LOB Service Delivery Team
11 Detailed Service Deliverable Future Level of Effort Central Team Future Level of Effort LOB Team Service Delivery Method Information Security Program Management Minimal Information Security Monitoring Minimal Information Security Incident Response and Forensics Minimal Continuous Vulnerability Management Minimal Boundary Defense Minimal Endpoint Defense Minimal Moderate Secure Systems Engineering Information Security Training and Awareness Business Continuity Moderate Information Security Risk and Compliance Identity and Access Management Moderate Physical Security Primarily Centralized Primarily Centralized Primarily Centralized Primarily Centralized Primarily Centralized Primarily Centralized Central Direction / Hybrid Delivery Central Direction / Hybrid Delivery Central Direction / Hybrid Delivery Central Direction / Hybrid Delivery Central Direction / Hybrid Delivery Central Direction / Hybrid Delivery 21 Selected through planning team consensus Represent highest payback from a risk perspective Plan focuses on rollout of priority services first Plan does not include all service delivery details Priority Services Secure Systems Engineering Continuous Vulnerability Management Information Security Program Management Boundary Defense Information Security Monitoring
12 IT Security Consolidation: Value Proposition MN.IT can provide a full suite of security services to all customers Cost to the customer far less than ramping up alone Better service, as expertise is shared More agile service: getting the experts when and where they need to be More job opportunities and specialization skills for employees Will it be perfect? Priorities will still have to be set, but they will be done at an enterprise level No agency can opt out of security Customers Existing resources used as efficiently and effectively as possible Consistent security practices Metrics to understand security posture MN.IT Services More specialization and deeper bench strength Clear priorities for the enterprise Reduction in single points of failure More career opportunities for staff Better understanding of our risk posture Beneficiaries
13 Final Thoughts Auditing applications is easy and safe Policymakers may be better served by an assessment your state security program foundation Executive support Freedom to act Funding Comprehensive plans Thank
HR/LR Policy #1429 Data Protection Policy for Human Resource Systems
HR/LR Policy #1429 Data Protection Policy for Human Resource Systems Issued 12/01/2014 Revised Authority Enterprise Human Resources Objective Policy Statement Scope Definitions OVERVIEW To ensure that
More information658 Cedar Street Saint Paul, MN 55155 www.oet.state.mn.us
Legislative Report Consolidation of Information Technology Systems and Services January 19, 2012 658 Cedar Street Saint Paul, MN 55155 www.oet.state.mn.us PROVIDING THE LEADERSHIP AND SERVICES THAT IMPROVE
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationMN.IT Services Tactical Plan: FY2013-FY2014
-14 Tactical Plan: Service Optimization MN.IT Services Tactical Plan: FY2013-FY2014 Version 1.0 October 9, 2012 1 -14 Tactical Plan: Service Optimization Table of Contents Table of Contents... 2 Introduction...
More informationTable of Contents 2016-17 Biennial Budget Revenue, Department of
Table of Contents 2016-17 Biennial Budget Revenue, Department of Agency Profile Revenue, Department of... 1 Tax System Management... 3 Debt Collection... 6 Minnesota Department of Revenue www.revenue.state.mn.us
More informationCybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationState of Minnesota IT Governance Framework
State of Minnesota IT Governance Framework June 2012 Table of Contents Table of Contents... 2 Introduction... 4 IT Governance Overview... 4 Process for Developing the New Framework... 4 Management of the
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More information658 Cedar Street Saint Paul, MN 55155 www.oet.state.mn.us
State IT Consolidation Phases Two and Three Tactical Plan October 31, 2011 658 Cedar Street Saint Paul, MN 55155 www.oet.state.mn.us PROVIDING THE LEADERSHIP AND SERVICES THAT IMPROVE GOVERNMENT THROUGH
More informationThe Heart of the Matter:
The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs NASCIO Staff Contact: Charles Robb Senior Policy Analyst NASCIO NASCIO represents state chief information officers and information
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationCross Agency Priority Goal Quarterly Progress Update
Cross Agency Priority Goal Quarterly Progress Update Customer Service Goal Leaders: Lisa Danzig, Associate Director for Personnel and Performance, Office of Management and Budget; Carolyn Colvin, Acting
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationCONSULTING IMAGE PLACEHOLDER
CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization
More informationSeamus Reilly Director EY Information Security sreilly@uk.ey.com 0207 951 3179 Cyber Security
Seamus Reilly Director EY Information Security sreilly@uk.ey.com 0207 951 3179 Cyber Security An Internal Audit perspective on the threats and responses within the Retail Sector 15 th May 2014 Agenda Introductions
More informationSecurity Metrics to Manage Change: Which Matter, Which Can Be Measured?
Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationNational Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationENTERPRISE INFORMATION SECURITY
ANNUAL PLANNING TO OPTIMIZE ENTERPRISE INFORMATION SECURITY 60 Commerce Street, Suite 1100 Montgomery, AL 36104 USA www.icsinc.com T: 877.ICS.INC9 / 334.270.2892 F: 334.270.2896 info@icsinc.com A vital
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationBOARD OF GOVERNORS MEETING JUNE 25, 2014
CYBER RISK UPDATE BOARD OF GOVERNORS MEETING JUNE 25, 2014 EXECUTIVE SUMMARY Cyber risk has become a major threat to organizations around the world, as highlighted in several well-publicized data breaches
More informationVulnerability Management. Information Technology Audit. For the Period July 2010 to July 2011
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Vulnerability Management Information Technology Audit For the Period July 2010 to July 2011 May 22, 2012 Report
More informationA Primer on Cyber Threat Intelligence
A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly
More informationNGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
More informationsouth dakota enterprise cyber security operations 2014 NASCIO Recognition Award Nomination Category: Cybersecurity Initiatives
2014 NASCIO Recognition Award Nomination Category: Cybersecurity Initiatives south dakota enterprise cyber security operations Jim Edman Deputy Commissioner (605) 773-4165 Jim.Edman@State.sd.us initiation
More informationStates at Risk: Cyber Threat Sophistication, Inadequate Budget and Talent
SESSION ID: PNG-R04 States at Risk: Cyber Threat Sophistication, Inadequate Budget and Talent MODERATOR: Christopher Ipsen CIO Nevada Desert Research Institute PANELISTS: Tim Hastings Chief Information
More informationRSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA
RSA, The Security Division of EMC Zamanta Anguiano Sales Manager RSA The Age of the Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer
More informationALIGNING BUSINESS STRATEGY TO CLOUD APPLICATIONS
ALIGNING BUSINESS STRATEGY TO CLOUD APPLICATIONS AGENDA Introductions Business challenges Cloud answers Organization adoption Migration to Cloud Governance, risk and compliance Panel discussion Summary
More informationA Pulse on Virtualization & Cloud Computing
A Pulse on Virtualization & Cloud Computing Prepared for Quest Software by Norwich University, School of Graduate and Continuing Studies April 2011 2010 Quest Software, Inc. ALL RIGHTS RESERVED Table of
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More informationCapital Markets Report
Accenture 2014 High Performance Finance Study Capital Markets Report GROWTH REALIGNMENT INTEGRATION INTRODUCTION Capital markets institutions have been hit hard by the financial crisis, and face the challenge
More information2011-13 Omnibus Budget Temporary Layoffs LEAP Omnibus Document S-TL3 April 12, 2011 (Dollars in Thousands)
House of Reps General Fund-State (201) (201) Senate General Fund-State (172) (172) Leg Audit & Review General Fund-State (30) (30) State Actuary Dept of Retirement Systems Expense Account-State (18) (18)
More informationMULTI-AGENCY EMERGENCY PREPAREDNESS AT SELECTED STATE AGENCIES. Report 2007-S-29 OFFICE OF THE NEW YORK STATE COMPTROLLER
Thomas P. DiNapoli COMPTROLLER OFFICE OF THE NEW YORK STATE COMPTROLLER DIVISION OF STATE GOVERNMENT ACCOUNTABILITY Audit Objective... 2 Audit Results - Summary... 2 Background... 3 Audit Findings and
More informationFISCAL YEAR 2017 OPERATING BUDGET. TESTIMONY OF David A. Garcia, Secretary
LARRY HOGAN Governor S T A T E O F M A R Y L A N D DEPARTMENT OF INFORMATION TECHNOLOGY BOYD RUTHERFORD Lieutenant Governor DAVID A. GARCIA Secretary FISCAL YEAR 2017 OPERATING BUDGET TESTIMONY OF David
More informationOne Failure Leads to Another: Developing Leading Indicators for Security Threats and Risks
One Failure Leads to Another: Developing Leading Indicators for Security Threats and Risks SESSION ID: TRM-W07 Dr. Lance Hayden Solutions Architect & Information Scientist Cisco Global Security Services
More informationApps to the Future: Predicting Enterprise Mobility in 2015
Apps to the Future: Predicting Enterprise Mobility in 2015 Jonathan Dale Director of Marketing @JonathanMDale John Jackson Research Vice President @hellojackson Outlook 2015: Predictions and Prescriptions
More informationWhat s Holding Back the Cloud?
MAY 2012 Peer Research What s Holding Back the Cloud? Intel Survey on Increasing IT Professionals Confidence in Cloud Security Why You Should Read This Document This report captures key findings from a
More informationHow To Understand Cloud Economics
WHITE PAPER Cloud Economics: A Financial Analysis of Information Management IT Delivery Models Sponsored by: Viewpointe LLC Michael Versace October 2013 Randy Perry IDC OPINION Executive Summary Cost optimization
More informationFY 2012 Information Technology Budget
FY 2012 Information Technology Budget Cutting What We Cannot Afford & Deploying Game-Changing Technologies Vivek Kundra U.S. Chief Information Officer www.whitehouse.gov The Technology Agenda Cutting What
More informationThe economics of IT risk and reputation
Global Technology Services Research Report Risk Management The economics of IT risk and reputation What business continuity and IT security really mean to your organization Findings from the IBM Global
More informationNARA s Information Security Program. OIG Audit Report No. 15-01. October 27, 2014
NARA s Information Security Program OIG Audit Report No. 15-01 October 27, 2014 Table of Contents Executive Summary... 3 Background... 4 Objectives, Scope, Methodology... 7 Audit Results... 8 Appendix
More informationCloud, where are we? Mark Potts, HP Fellow, CTO Cloud November 2014
Cloud, where are we? Mark Potts, HP Fellow, CTO Cloud November 2014 What do the experts say? 3 4 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationCross Agency Priority Goal Quarterly Progress Update
Cross Agency Priority Goal Quarterly Progress Update Customer Service Goal Leaders: Lisa Danzig, Associate Director for Personnel and Performance, Office of Management and Budget; Carolyn Colvin, Acting
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationBe Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience
Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Mike O Neill Managing Director Graeme McGowan Associate Director of Cyber Security
More informationPrivate cloud computing
White paper Private cloud computing Increase agility and reduce cost Increasing agility and reducing cost with cloud computing Table of contents 2 A time of big IT trends 3 As if IT needed more challenges
More informationIMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE
IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business
More information2008 NASCIO Award Submission. Utilizing PCI Compliance to Improve Enterprise Risk Management
Section A Cover Page 2008 NASCIO Award Submission Utilizing PCI Compliance to Improve Enterprise Risk Management Information Security and Privacy Michigan Section B - Executive Summary Michigan has implemented
More informationSTATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO
STATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO Introduction Since taking office in January 2015, Governor Larry Hogan has
More informationState of South Carolina Initial Security Assessment
State of South Carolina Initial Security Assessment Deloitte & Touche LLP Date: May 1, 2013 Our services were performed in accordance with the Statement on Standards for Consulting Services that is issued
More informationIT UNIFICATION Vision, Impact & Strategy. May 2015
IT UNIFICATION Vision, Impact & Strategy May 2015 Presentation Agenda Why Unification Embracing Business Drivers UC San Diego Strategic Plan IT Unification Vision Campus Impact What s in it for campus?
More informationBusiness of Data: Employer Engagement in Workforce Information
Business of Data: Employer Engagement in Workforce Information Rachel Zinn WDQC Director July 10, 2015 WorkforceDQC.org WDQC Mission Advocate for inclusive, aligned and market-relevant education and workforce
More informationManaging the Unpredictable Human Element of Cybersecurity
CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151
More informationWasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute
Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name
More informationEnterprise Security Governance, Risk and Compliance System. Category: Enterprise IT Management Initiatives. Initiation date: June 15, 2013
Enterprise Security Governance, Risk and Compliance System Category: Enterprise IT Management Initiatives Initiation date: June 15, 2013 Completion date: November 15, 2013 Nomination submitted by: Samuel
More informationDepartment of Finance & Management Strategic Plan V.3.3
Department of Finance & Management Strategic Plan V.3.3 Planning Period: 2012 2015 Table of Contents Message from the Commissioner... 3 Department Overview... 4 Department Strategic Planning Process...
More informationProject initiation and completion dates: July 1, 2013 December 1, 2014
Title: IT Optimization Driving Business Value Category: Enterprise IT Management Contact: Katrina Flory Ohio Department of Administrative Services Office of Information Technology 614-995-5466 katrina.flory@das.ohio.gov
More informationInformation Security for Managers
Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize
More informationEl Camino College Homeland Security Spring 2016 Courses
El Camino College Homeland Security Spring 2016 Courses With over 250,000 federal positions in Homeland Security and associated divisions, students may find good career opportunities in this field. Explore
More informationSecurity and Privacy Trends 2014
2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,
More informationThe CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).
Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationCommission on Care Leadership Workgroup
Commission on Care Leadership Workgroup Findings and Draft Recommendations March 22, 2016 1 Building a Leadership System: Leadership Workgroup Topics Five Topics 1. Organizational Health and Cultural Transformation
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationSecurity Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.
Security Services A Solution for Providing BPM of Security Services within the Enterprise Environment. First steps towards Next Generations Operations (OPS) to drive Gross Margin Dear security colleagues,
More informationFundamentals of Information Governance:
Fundamentals of Information Governance: More than just records management PETER KURILECZ CRM CA IGP Hard as I try, I simply cannot make myself understand how Information Governance isn t just a different
More informationState of Cloud Survey SOUTH AFRICA FINDINGS
2011 State of Cloud Survey SOUTH AFRICA FINDINGS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Cloud security is top goal and top concern.................................. 8 Finding 2: IT
More informationDon t Get Left in the Dust: How to Evolve from CISO to CIRO
SESSION ID: CXO-W04 Don t Get Left in the Dust: How to Evolve from CISO to CIRO JC-JC James Christiansen VP Information Risk Management Accuvant jchristiansen@accuvant.com Bradley J. Schaufenbuel, CISSP
More informationCyber Security Solutions
Cyber Security Solutions Defending the Enterprise General Dynamics Information Technology defends mission-critical systems including government, health, finance, defence, large-enterprise and national
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationIT Risk & Security Specialist Position Description
Specialist Position Description February 9, 2015 Specialist Position Description February 9, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 2 Explanation of Proficiency Level
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationClose The Gaps Left By Traditional Vulnerability Management Through Continuous Monitoring Organizations Find Real Value With Continuous Monitoring
A Forrester Consulting Thought Leadership Paper Commissioned By Tenable Network Security February 2014 Close The Gaps Left By Traditional Vulnerability Management Through Continuous Monitoring Organizations
More informationIs it Time to Trust the Cloud? Unpacking the Notorious Nine
Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious
More informationFeature. Developing an Information Security and Risk Management Strategy
Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide
More informationGAO DEPARTMENT OF HOMELAND SECURITY. Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed
GAO November 2009 United States Government Accountability Office Report to the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, Committee on Homeland
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationInformation Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer
Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related
More informationDefining the Gap: The Cybersecurity Governance Study
Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining
More information1/8/2012. Gordon Shevlin, Allgress, Founder, CEO Kyle Starkey, CISO, Early Warning Services. Effectively Communicating IT Risk to Senior Management
Gordon Shevlin, Allgress, Founder, CEO Kyle Starkey, CISO, Early Warning Services Effectively Communicating IT Risk to Senior Management 1/8/2012 Agenda The evolution of IT Security Key Challenges in Communicating
More informationGlobal trends in information security
Global trends in information security Trends on the following topics are discussed in this newsflash: leadership behavior incidents and privacy tools safeguards related to people Introduction LinkedIn,
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationHosting JDE EnterpriseOne in the Cloud Hear how one company went to the cloud
Hosting JDE EnterpriseOne in the Cloud Hear how one company went to the cloud October 2015 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T Agenda Organizational
More informationCloud vs On-Premise Software: And the Winner is
Cloud vs On-Premise Software: And the Winner is QR Code Presenters: Moderator, Micah Myers, Information Technology Director, City of St. Cloud, MN Speakers: Greg Jonsen, SaaS Leader, State of Minnesota
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationGovernmental Oversight and Accountability Committee
The Florida Senate BILL ANALYSIS AND FISCAL IMPACT STATEMENT (This document is based on the provisions contained in the legislation as of the latest date listed below.) Prepared By: The Professional Staff
More informationData Integration Initiative Semi Annual Report April 2009. State of North Carolina Office of the State Controller
Data Integration Initiative Semi Annual Report April 2009 State of North Carolina Office of the State Controller David McCoy, State Controller April 1, 2009 Table of Contents I. Background... 1 II. BEACON
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationInformation Security Training & Awareness
Online Training & Project Briefing Expectations & Responsibilities Information Security Manager s Forum, March 4, 2008 Revised September 20, 2010 (1) Why is awareness important? Obligation to protect private
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationStatement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives
Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations
More informationHow To Manage Cloud Management
WHITE PAPER Five Steps to Successful Integrated Cloud Management Sponsored by: HP Mary Johnston Turner May 2011 Robert P. Mahowald IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA
More informationInformation Assurance. and Critical Infrastructure Protection
Information Assurance and Critical Infrastructure Protection A Federal Perspective Information Assurance Presented by the Government Electronics and Information Technology Association 2001 Executive Summary
More informationThe Role of Business Capabilities in Strategic Planning. Sneaking up on Quality Using Business Architecture in a learning corporation
The Role of Business Capabilities in Strategic Planning Sneaking up on Quality Using Business Architecture in a learning corporation 2 Credits The Open Management Group, Business Architecture Special Interest
More information