Nationwide Cyber Security Review (NCSR) Frequently Asked Questions
|
|
- Beatrice Hardy
- 8 years ago
- Views:
Transcription
1 Nationwide Cyber Security Review (NCSR) Frequently Asked Questions
2 Table of Contents NCSR Frequently Asked Questions Nationwide Cyber Security Review (NCSR)... 1 Frequently Asked Questions What is the Nationwide Cyber Security Review? Is participation in the NCSR mandatory? What does the NCSR cost? What are the benefits of participating in the NCSR? How is the NCSR different than other audits, surveys, assessments, reviews, etc.? What is the Control Maturity Mode (CMM)? Which organizations can participate in the NCSR? Who from my organization should participate in the NCSR? Where is the NCSR located and how do I register for it? What is the timeframe to complete and submit the Survey? How is CIS MS- ISAC protecting the data associated with the 2014 NCSR? What does it mean to be a Sub- Entity? How are my reports shared? Can MS- ISAC share the NCSR Individualized Reports with other individuals, organizations, or entities? How will DHS and MS- ISAC use my results, and will my organization be identified? How can I use my NCSR results? What if I completed the previous NCSR, will I have access to my information? Does participation in the NCSR impact or align with funding awarded under the Federal Emergency Management Agency (FEMA) Homeland Security Grant Program (HSGP)? Who do I contact for NCSR- related questions or concerns? Where can I obtain information on additional cybersecurity services offered by the DHS National Cyber Security Division (NCSD) or the MS- ISAC?... 7 Page 2 of 7
3 1. What is the Nationwide Cyber Security Review? Answer: The NCSR, or Nationwide Cyber Security Review, is a voluntary self- assessment survey designed to evaluate cyber security management within state, local, tribal and territorial governments. The Senate Appropriations Committee has requested an ongoing effort to chart nationwide progress in cybersecurity and identify emerging areas of concern. In response, the U.S. Department of Homeland Security has partnered with the Center for Internet Security s Multi- State Information Sharing and Analysis Center (MS- ISAC), the National Association of Counties (NACo) and the National Association of State Chief Information Officers (NASCIO) to develop and conduct the second NCSR. 2. Is participation in the NCSR mandatory? Answer: No, the NCSR is a voluntary review (i.e., participation is not federally mandated). However, (for example) State Chief Information Officers are free to encourage participation from their State agencies in order to support this Congressional initiative. 3. What does the NCSR cost? Answer: Nothing. There is no cost to the participating organization beyond the time and effort taken by personnel to complete and submit the NCSR, which is between 1 and 2 hours. 4. What are the benefits of participating in the NCSR? Answer: Once completed, participants will have access to a variety of reports that measures the level of adoption of security controls within the organization and includes recommendations on how to raise the organization s risk awareness. After the review period, MS- ISAC and DHS will aggregate all review data and share in- depth statistical analysis with all participants via the NCSR Summary Report (the names of participants and their organizations will not be identified in this report). These reports and metrics can be utilized by your organization any way deemed fit, for example they can be utilized to assess the developing maturity of your organization or used for budget justification. 5. How is the NCSR different than other audits, surveys, assessments, reviews, etc.? Answer: The NCSR focuses on the security practices adopted within an organization, as well as the degree to which risk is used to select and manage security controls. The NCSR is not designed to audit an organization s compliance toward any specific regulation, standard, or model, and will not be used for regulatory purposes. The model that is used to assess your organization is called the Control Maturity Model. Page 3 of 7
4 6. What is the Control Maturity Mode (CMM)? Answer: The NCSR relies on five escalating categories of security control maturity, called the Control Maturity Model. These levels of maturity are based on key milestone activities for information risk management. These milestones are closely aligned with security governance processes and maturity indexes embodied within ISO Information Security Management system, Control Objective s for Information Technology (CobIT), Statement on Auditing Standards 6 (SAS #6) and National Institute of Standards and Technology (NIST) Special Publications 800 series methodologies for information security management and control. For further information regarding the CMM visit our website at 7. Which organizations can participate in the NCSR? Answer: All States (and all agencies within), Local government jurisdictions (and all departments within), Tribal and Territorial governments. While any department can take the survey, information technology, health, revenue and transportation state departments are highly encouraged to participate in the NCSR. 8. Who from my organization should participate in the NCSR? Answer: The NCSR seeks participation from personnel service in any of the following roles within their organization: Chief Information Officer (CIO); Chief Information Security Officer (CISO); Chief Security Officer (CSO); Chief Technology Officer (CTO); Director of Information Technology (IT)/Information Systems (IS); or Individuals responsible for Information Technology management. Since the questions cover a large breadth of information security and privacy areas, you do have the option of assigning more than one user to fill out portions of the survey through the tool, or by downloading a.pdf of the question list to be filled out in hardcopy, which can then be collated and entered into the NCSR by the primary point of contact. 9. Where is the NCSR located and how do I register for it? Answer: The NCSR is accessible via the NCSR link on the homepage of the NCSR Website. To register, visit and complete the registration form. Page 4 of 7
5 Once your registration is complete, a user account will be created and a link to the Nationwide Cyber Security Review (NCSR) survey on the secure Navis platform, powered by Coalfire Systems, Inc. will be ed to the point of contact for your organization. Once logged in, additional security questions will be required. Once the security questions are created, additional users can be created for your organization, or you can begin taking the survey. For additional questions, to NCSR@cisecurity.org. 10. What is the timeframe to complete and submit the Survey? Answer: The NCSR starts on October 1, 2014 and ends on November 30, The NCSR is planned to coincide with the DHS National Cyber Security Awareness Month, which occurs annually in October. During this timeframe, you will be able to access the NCSR questions, save your progress, and resume the review anytime by logging back into the NCSR website. However, the survey must be completed and submitted by November 30, How is CIS MS- ISAC protecting the data associated with the 2014 NCSR? Answer: Security is a central tenet to CIS- MS- ISAC and from the start it has been incorporated into the development of the NCSR Survey Tool. The NCSR will be hosted on the secure Navis platform, powered by Coalfire Systems, Inc. Coalfire Systems has an established record for excellence and security and is one of the top IT Governance, Risk and Compliance firms. MS- ISAC and Coalfire have worked together to safeguard your information. 12. What does it mean to be a Sub- Entity? Answer: The NCSR Survey Tool has the functionality to organize participating entities in a hierarchical structure. This will provide STLL governments that have a centralized governance structure, the ability to recruit and monitor the completion of the survey for agencies or departments within their authority. For example, the State of Y, with centralized oversight, can recruit departments or agencies under their jurisdiction to take the survey. If the organizations have mutually agreed, then the State of Y will have access to results of any of the departments it recruited, as well as a special summary report of the results of its agencies/departments. Individual agencies of the State of Y cannot see each other s progress or results on the survey. The intention behind this is to supplement the flow of information for entities that have a centralized governance structure. 13. How are my reports shared? Answer: If you are registered as a sub- entity to another organization, then your information is automatically available to that specific organization. However, if you are not a sub- entity, the decision to disseminate all Reports is entirely up to you (and/or your organization). Page 5 of 7
6 14. Can MS- ISAC share the NCSR Individualized Reports with other individuals, organizations, or entities? Answer: MS- ISAC will not share your information unless your organization has agreed to have your results rolled up (shared) to a central, oversight organization. That relationship is established and agreed to at the time that your organization is registered. Your information is never shared with any other organizations outside of that relationship. 15. How will DHS and MS- ISAC use my results, and will my organization be identified? Answer: Once the NCSR concludes on November 30, DHS and MS- ISAC will aggregate all responses and analyze the results to produce the NCSR Summary Report. The NCSR Summary Report will be non- attributable to individual participants; participant names, and their organizations, will not be identified within the NCSR Summary Report. This Summary Report will be presented to Congress in Q1 of How can I use my NCSR results? Answer: The reports can be used to document support for cybersecurity programs, guide implementation of security controls and be provided to decision makers to encourage additional investments in infrastructure or training. As part of the Individual Reports, you will receive tailored suggested practices based upon leading cyber security standards and best practices, including NIST, ISO, PCI DSS and others. In addition, NCSR will provide you with a report that compares your organization s score to those of similar organizations. If you have taken previous or future iterations of the NCSR, you will have the ability to track the maturity of your information security program over the course of time. The more you participate in the NCSR, the more useful information you get. 17. What if I completed the previous NCSR, will I have access to my information? Answer: Absolutely, if your entity has taken the previous NCSR, then you will be provided with a unique Historical Report based upon your previous organizations previous and current results. This is a feature that will also be in future iterations of the NCSR to provide you insight on how your security program is maturing. Page 6 of 7
7 18. Does participation in the NCSR impact or align with funding awarded under the Federal Emergency Management Agency (FEMA) Homeland Security Grant Program (HSGP)? Answer: No, the NCSR will not directly impact funding awarded under the FEMA HSGP. Participation in the NCSR, and the resulting reports, will not guarantee cybersecurity funding under the FEMA HSGP. However, DHS and MS- ISAC are exploring the possibility of incorporating future iteration of the NCSR into the FEMA grants process. 19. Who do I contact for NCSR- related questions or concerns? Answer: If you should have any questions or would like additional information please NCSR@cisecurity.org or contact Kathleen Patentreger, NCSR Program Director, at (518) Where can I obtain information on additional cybersecurity services offered by the DHS National Cyber Security Division (NCSD) or the MS- ISAC? Answer: Requests for various NCSD programs and other services can be made by ing us at NCSR@cisecurity.com. Page 7 of 7
Threats to Local Governments and What You Can Do to Mitigate the Risks
Association of Minnesota Counties Threats to Local Governments and What You Can Do to Mitigate the Risks Andrew Dolan Director of Government Affairs Multi-State Information Sharing and Analysis Center()
More information1851 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to (1) require a State to report data under subsection
U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to () require a State to report data under subsection (a); or () require a non-federal
More informationCybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationHomeland Security Perspectives: Cyber Security Partnerships and Measurement Activities
16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, Mid Atlantic Region National Cyber Security Division (NCSD) Office
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationCOPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction
Contents Acknowledgments Introduction 1. Governance Overview How Do We Do It? What Do We 1 Get Out of It? 1.1 What Is It? 1 1.2 Back to Basics 2 1.3 Origins of Governance 3 1.4 Governance Definition 5
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationDepartment of Homeland Security
Implementation Status of EINSTEIN 3 Accelerated OIG-14-52 March 2014 Washington, DC 20528 / www.oig.dhs.gov March 24, 2014 MEMORANDUM FOR: FROM: SUBJECT: Bobbie Stempfley Acting Assistant Secretary Office
More informationGet the most out of Public Sector Cyber Security Associations & Collaboration
Get the most out of Public Sector Cyber Security Associations & Collaboration Gary Coverdale Chief Information Security Officer County of Napa, CA Stacey A. Wright Intel Manager MS-ISAC Get the most out
More informationAn Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
More informationSecure360. Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services
Secure360 Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services Question about Life HOW DO YOU KNOW IF YOU ARE GETTING THE MOST OUT
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationResponse to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity
National Grid Overview National Grid is an international electric and natural gas company and one of the largest investor-owned energy companies in the world. We play a vital role in delivering gas and
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationRe: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )
10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure
More informationCybersecurity@RTD Program Overview and 2015 Outlook
Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationIntroduction. Special thanks to the following individuals who were instrumental in the development of the toolkits:
Introduction In this digital age, we rely on our computers and devices for so many aspects of our lives that the need to be proactive and vigilant to protect against cyber threats has never been greater.
More informationIT Governance, Risk, and Compliance Survey, 2014
IT Governance, Risk, and Compliance Survey, 2014 Thank you for participating in this ECAR survey of IT governance, risk, and compliance (GRC). EDUCAUSE has made IT GRC a strategic initiative for 2014,
More informationManaging Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach
Managing Cyber Risks to Transportation Systems Mike Slawski Cyber Security Awareness & Outreach The CIA Triad 2 SABSA Model 3 TSA Mission in Cyber Space Mission - Facilitate the measured improvement of
More informationTestimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:
Testimony of Doug Johnson On behalf of the New York Bankers Association before the New York State Senate Joint Public Hearing: Cybersecurity: Defending New York from Cyber Attacks November 18, 2013 Testimony
More informationReport: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business
S 2 ERC Project: Cyber Threat Intelligence Exchange Ecosystem: Economic Analysis Report: An Analysis of US Government Proposed Cyber Incentives Author: Joe Stuntz, MBA EP 14, McDonough School of Business
More informationCForum: A Community Driven Solution to Cybersecurity Challenges
SESSION ID: AST3-R01 CForum: A Community Driven Solution to Cybersecurity Challenges Tom Conkle Cybersecurity Engineer G2, Inc. @TomConkle Greg Witte Sr. Security Engineer G2, Inc. @thenetworkguy Organizations
More informationSeptember 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President
004216 THE WHITE HOUSE WASHINGTON MEMORANDUM FOR September 28, 2 012 MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President MR. STEPHEN D. MULL Executive
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationVoluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council
Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations
More informationImplementing the U.S. Cybersecurity Framework at Intel A Case Study
SESSION ID: STR-W01 Implementing the U.S. Cybersecurity Framework at Intel A Case Study Tim Casey Senior Strategic Risk Analyst Intel Information Security @timcaseycyber How would you represent your entire
More informationENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE
ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation
More informationNo. 33 February 19, 2013. The President
Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001
More informationFeature. Developing an Information Security and Risk Management Strategy
Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationSMITHSONIAN INSTITUTION
SMITHSONIAN INSTITUTION FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA) 2012 INDEPENDENT EVALUATION REPORT TABLE OF CONTENTS PURPOSE 1 BACKGROUND 1 OBJECTIVES, SCOPE, AND METHODOLOGY 2 SUMMARY OF RESULTS
More information1. Describe your organization and its interest in the Framework.
To: Diane Honeycutt, National Institute of Standards and Technology From: Robert Arnold, Director, Office of Transportation Management U.S. Department of Transportation, Federal Highway Administration
More informationTime Is Not On Our Side!
An audit sets the baseline. Restricting The next steps Authenticating help prevent, Tracking detect, and User Access? respond. It is rare for a few days to pass without news of a security breach affecting
More informationNuclear Regulatory Commission Computer Security Office CSO Office Instruction
Nuclear Regulatory Commission Computer Security Office CSO Office Instruction Office Instruction: Office Instruction Title: CSO-PLAN-0100 Enterprise Risk Management Program Plan Revision Number: 1.0 Effective
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...
More informationFY 2015 Homeland Security Grant Application Workshop
FY 2015 Homeland Security Grant Application Workshop Grants Management Branch For any questions regarding the application please contact: Grants Team 502-564-2081 homelandsecurity@ky.gov Agenda Project
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationWritten Statement of Richard Dewey Executive Vice President New York Independent System Operator
Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationCSU INFORMATION SECURITY. Presentation for 2012 CSU Auxiliary Conference January 11, 2012
CSU INFORMATION SECURITY Presentation for 2012 CSU Auxiliary Conference January 11, 2012 Agenda Governance, Risk, and Compliance (GRC) Project Virtual Information Security Service Center (VISC) Compliance
More informationRevised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationTop 10 Baseline Cybersecurity Controls Banks Aren't Doing
Top 10 Baseline Cybersecurity Controls Banks Aren't Doing SECURE BANKING SOLUTIONS 1 Contact Information Chad Knutson President, SBS Institute Senior Information Security Consultant Masters in Information
More informationGLOBAL STANDARD FOR INFORMATION MANAGEMENT
GLOBAL STANDARD FOR INFORMATION MANAGEMENT Manohar Ganshani Businesses have today expanded beyond local geographies. Global presence demands uniformity within the processes across disparate locations of
More informationESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014
ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014 Dear Chairperson, I would like to thank you for the opportunity to provide management
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationADMINISTRATIVE POLICY # 32 8 2 (2014) Information Security Roles and Responsibilities
Policy Title: Information Security Roles Policy Type: Administrative Policy Number: ADMINISTRATIVE POLICY # 32 8 2 (2014) Information Security Roles Approval Date: 05/28/2014 Revised Responsible Office:
More informationUniversity of Colorado Health Performance Incentive Compensation Plan Plan Summary Fiscal Year 2014 Staff/Managers/Directors
University of Colorado Health Performance Incentive Compensation Plan Plan Summary Fiscal Year 2014 Staff/Managers/Directors Plan Purpose The University of Colorado Health provides outstanding patient
More informationNIST Cybersecurity Framework. ARC World Industry Forum 2014
NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy
More informationNGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
More informationNext. CDS 2015 Survey Module 7 Information Security Survey Errata
1 CDS 2015 Survey Survey Errata This module includes questions about the IT security organization, staffing, policies, and practices related to information technology security. This is an optional module.
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationWhat are you trying to secure against Cyber Attack?
Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally
More informationNext. CDS 2015 Survey Module 7 Information Security Survey Errata
CDS 2015 Survey Survey Errata This module includes questions about the IT security organization, staffing, policies, and practices related to information technology security. This is an optional module.
More informationStakeholder Engagement Initiative: Customer Relationship Management
for the Stakeholder Engagement Initiative: December 10, 2009 Contact Point Christine Campigotto Private Sector Office Policy 202-612-1623 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationSTATE OF ARIZONA Department of Revenue
STATE OF ARIZONA Department of Revenue Douglas A. Ducey Governor September 25, 2015 David Raber Director Debra K. Davenport, CPA Auditor General Office of the Auditor General 2910 North 44 th Street, Suite
More informationCloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015
Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix
More informationNARA s Information Security Program. OIG Audit Report No. 15-01. October 27, 2014
NARA s Information Security Program OIG Audit Report No. 15-01 October 27, 2014 Table of Contents Executive Summary... 3 Background... 4 Objectives, Scope, Methodology... 7 Audit Results... 8 Appendix
More informationDocket No. DHS-2015-0017, Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations
Submitted via ISAO@hq.dhs.gov and www.regulations.gov July 10, 2015 Mr. Michael Echols Director, JPMO-ISAO Coordinator NPPD, Department of Homeland Security 245 Murray Lane, Mail Stop 0615 Arlington VA
More informationWisconsin National Governor s Association: Call To Action
Wisconsin National Governor s Association: Call To Action David Cagigal Chief Information Officer State of Wisconsin 101 E. Wilson St, 8th Floor Madison, WI 53703 608.261.8406 May 14, 2014 Cybersecurity
More informationCMS Policy for Configuration Management
Chief Information Officer Centers for Medicare & Medicaid Services CMS Policy for Configuration April 2012 Document Number: CMS-CIO-POL-MGT01-01 TABLE OF CONTENTS 1. PURPOSE...1 2. BACKGROUND...1 3. CONFIGURATION
More informationState Homeland Security Strategy (2012)
Section 1 > Introduction Purpose The purpose of the State Homeland Security Strategy (SHSS) is to identify statewide whole community priorities to achieve and sustain a strengthened ability to prevent,
More informationMEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 M-10-15 April 21, 2010 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FROM: Jeffrey Zients Deputy Director
More informationCyber Legislation & Policy Developments 2014
Cyber Legislation & Policy Developments 2014 SESSION ID: LAW-Fo2 Michael A. Aisenberg, Esq. Chair, ABA Information Security Committee Policy Task Force ABA Section on Science & Technology Law Principal
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationPERSONALLY IDENTIFIABLE INFORMATION (Pin BREACH NOTIFICATION CONTROLS
ClOP CHAPTER 1351.19 PERSONALLY IDENTIFIABLE INFORMATION (Pin BREACH NOTIFICATION CONTROLS TABLE OF CONTENTS SECTION #.1 SECTION #.2 SECTION #.3 SECTION #.4 SECTION #.5 SECTION #.6 SECTION #.7 SECTION
More informationS. ll IN THE SENATE OF THE UNITED STATES A BILL
TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information
More informationNH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""
National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL NH!ISACADVISORY201.13 NATIONALCRITICALINFRASTRUCTURERESILIENCEANALYSISREPORT
More informationNASCIO 2014 State IT Recognition Awards
NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
More informationHSIN R3 User Accounts: Manual Identity Proofing Process
for the HSIN R3 User Accounts: Manual Identity Proofing Process DHS/OPS/PIA-008(a) January 15, 2013 Contact Point James Lanoue DHS Operations HSIN Program Management Office (202) 282-9580 Reviewing Official
More informationGAO ELECTRONIC GOVERNMENT ACT. Agencies Have Implemented Most Provisions, but Key Areas of Attention Remain
GAO United States Government Accountability Office Report to the Committee on Homeland Security and Governmental Affairs, U.S. Senate September 2012 ELECTRONIC GOVERNMENT ACT Agencies Have Implemented
More information10 Best-Selling Modules For Home Information Technology Professionals
Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich
More informationESG Threat Intelligence Research Project
TM Enterprise Strategy Group Getting to the bigger truth. ESG Threat Intelligence Research Project May 2015 Jon Oltsik, Senior Principal Analyst Project Overview 304 completed online surveys with IT professionals
More informationPreservation of longstanding, roles and missions of civilian and intelligence agencies
Safeguards for privacy and civil liberties Preservation of longstanding, respective roles and missions of civilian and sharing with targeted liability Why it matters The White House has pledged to veto
More informationAchieving Security through Compliance
Achieving Security through Compliance Policies, plans, and procedures Table of Contents This white paper was written by: McAfee Foundstone Professional Services Overview...3 The Rock Foundation...3 Governance...3
More informationCriticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all
More informationCyber Risk Managemet Next? What Board Members, Shareholders, Government, Auditors and Others Will be Asking from the CIO Next:
11 Cyber Risk Managemet Next? What Board Members, Shareholders, Government, Auditors and Others Will be Asking from the CIO Next: 1. Why the Conversation has shifted. 2. How Boards are reacting. 3. What
More informationINFORMATION SECURITY. Additional Oversight Needed to Improve Programs at Small Agencies
United States Government Accountability Office Report to Congressional Requesters June 2014 INFORMATION SECURITY Additional Oversight Needed to Improve Programs at Small Agencies GAO-14-344 June 2014 INFORMATION
More informationUNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION
UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Technical Conference on Critical Infrastructure Protection Issues Identified in Order No. 791 Prepared Statement of Melanie Seader, Senior
More informationManaging Liabilities from Cyber Threats Using the SAFETY Act
Managing Liabilities from Cyber Threats Using the SAFETY Act Brian Zimmet Dismas Locaria Jason Wool August 5, 2014 2013 Venable LLP 1 Agenda 1. Introduction 2. The SAFETY Act An Overview 3. Applicability
More informationFeature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits.
Feature A Higher Level of Governance Monitoring IT Internal Controls Mike Garber, CGEIT, CIA, CITP, CPA, has many years experience as both director for IT governance and as IT audit director for Motorola
More informationHealth Industry Implementation of the NIST Cybersecurity Framework
Health Industry Implementation of the NIST Cybersecurity Framework A Collaborative Presentation by HHS, NIST, HITRUST, Deloitte and Seattle Children s Hospital 1 Your presenters HHS Steve Curren, Acting
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationThe NIST Cybersecurity Framework
View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the
More informationDecember 23, 2008. Congressional Committees
United States Government Accountability Office Washington, DC 20548 December 23, 2008 Congressional Committees Subject: Homeland Security Grant Program Risk-Based Distribution Methods: Presentation to
More informationCIPAC Water Sector Cybersecurity Strategy Workgroup: FINAL REPORT & RECOMMENDATIONS
CIPAC Water Sector Cybersecurity Strategy Workgroup: FINAL REPORT & RECOMMENDATIONS April 2015 TABLE OF CONTENTS Acronyms and Abbreviations... 1 Workgroup Background... 2 Workgroup Findings... 3 Workgroup
More informationDepartment of Homeland Security
Hawaii s Management of Homeland Security Grant Program Awards for Fiscal Years 2009 Through 2011 OIG-14-25 January 2014 Washington, DC 20528 / www.oig.dhs.gov JAN 7 2014 MEMORANDUM FOR: FROM: SUBJECT:
More informationDEVELOPING A CYBERSECURITY POLICY ARCHITECTURE
TECHNICAL PROPOSAL DEVELOPING A CYBERSECURITY POLICY ARCHITECTURE A White Paper Sandy Bacik, CISSP, CISM, ISSMP, CGEIT July 2011 7/8/2011 II355868IRK ii Study of the Integration Cost of Wind and Solar
More informationEmergency Management Performance Grant (EMPG) Administrative Plan
New Hampshire Homeland Security and Emergency Management Emergency Management Performance Grant (EMPG) Administrative Plan This document and its attachments can be found at the link listed below http://www.nh.gov/safety/divisions/hsem/forms.html
More information