Cybersecurity in the States 2012: Priorities, Issues and Trends
|
|
- Sheryl Jennings
- 8 years ago
- Views:
Transcription
1 Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State Chief Information Officers
2 About NASCIO National association representing state chief information officers and information technology executives from the states, territories and D.C. NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy. Founded in 1969 we re a legacy system
3 More Administrative Flexibility Needed for States Secure and Protect Citizen Data and State Digital Assets Support the Adoption and Expansion of the National Information Exchange Model (NIEM) Support State Role in Identity Management and Verification Solutions NASCIO 2012 Federal Advocacy Priorities
4 Fiscal recovery uneven, slow revenue growth, budgets are better, federal deficit reduction impact? CIOs seeking IT operational cost savings and alternative IT sourcing strategies Opportunities for change and innovation Living with the past - modernizing the legacy IT security and risk! Game has changed IT workforce: retirement wave, skills, recruiting State CIO positions major churn State IT Landscape Today
5 CIO Priorities, Trends and Perspectives
6 State CIO Priorities for Consolidation / Optimization: consolidating infrastructure and services, centralizing 2. Budget and Cost Control: managing budget reduction, strategies for savings 3. Governance: improving IT governance, authority, data governance, partnering, collaboration 4. Health Care: Affordable Care Act, health information and insurance exchanges, architecture, partnering, implementation, technology solutions, Medicaid systems 5. Cloud Computing: governance, service management, service catalogs, platform, infrastructure, security, privacy, data ownership, legal issues, vendor management 6. Security: risk assessment, governance, budget and resource requirements; security frameworks, data protection, training and awareness, insider threats, third party security 7. Broadband and Connectivity: strengthening statewide connectivity, public safety wireless network/interoperability, implementing BTOP grant 8. Shared Services: business models, sharing resources, services, infrastructure, independent of organizational structure, service portfolio management 9. Portal: maturing state portal, e-government, single view of the customer/citizen, emphasis on citizen interactive self-service, mobile apps, accessibility 10. Mobile Services/Mobility: devices, applications, workforce, security, policy issues, support, ownership, communications, wireless infrastructure Source: NASCIO State CIO Survey, October 2011
7 Cybersecurity in the States Critical infrastructure protection More aggressive threats organized crime, unorganized crime, hacktivism Spam, phishing, hacking, and network probes up Data breaches trust impact Insider threats, third party Executive support Inadequate funding Need more training, awareness
8 State governments at risk A call to secure citizen data and inspire public trust
9 Survey Results Deloitte and NASCIO issued the 2010 report of a national survey of state government cybersecurity focused on these key areas: information security governance, investments, use of security technologies, quality of operations, privacy, and identity and access management. 49 states responded to the survey
10 Governance The Enterprise CISO position is firmly established in the majority of states. To be successful, CISOs must continue to evolve this position to garner enterprise visibility, authority, executive support and business involvement.
11 1. To whom does your State s CISO, or equivalent responsible for information security, report? Secretary/Department head 8% General Counsel/Legal 0% Chief Information Officer (CIO), State IT Director or 76% Chief Financial Officer (CFO) 0% Chief Security Officer (CSO) 4% Homeland Security Director/Adviser Internal Audit 0% 0% Other 16% Not applicable/do not know 4% 76 percent of the respondents indicated that their State CISOs report directly to the Board of Directors or C- suite, with the largest number reporting to the Chief Information Officer (CIO). 11
12 2. Which functions are within the scope of the CISO or equivalent official? Information Security (IS) strategy and planning IS budgeting IS program measurement and reporting IS governance (architecture, policies, standards) IS compliance and monitoring IS risk assessment and management Incident management Network security and perimeter defense Technical infrastructure security User administration Identity and access management Vulnerability management IS monitoring IS communications, awareness and training Outsourced security functions Background checks Investigations and forensics Fraud management Disaster recovery planning Business continuity management Physical security Other Not applicable/do not know 10% 31% 29% 10% 4% 33% 24% 22% 14% 4% 43% 45% 49% 49% 57% 61% 67% 76% 82% 88% 92% 96% 94% The top five functions of the CISO includes: Information Security (IS) Strategy and Planning (96 percent), Incident Management (94 percent), IS Governance (92 percent), IS Communication (88 percent) and IS Risk Assessment (82 percent).
13 1. Does your State (or agency) have a documented and approved governance for information security (i.e. defined responsibilities, policies and procedures)? Documented and approved 65% Documented but not approved 6% Intend to have one documented and approved within the next 12 months No 10% 12% Not applicable/do not know (please describe below) 6% 65 percent of the respondents indicated that they have a documented and approved governance for information security.
14 6. Does your State (or agency) actively engage both business stakeholders and technology decision makers in identifying requirements for the State s information security strategy? Lines of business decision makers only 2% Technology decision makers only 21% Both lines of business and technology decision makers 71% Neither lines of business nor technology decision makers 4% Not applicable/do not know (please describe below) 2% 71 percent of the respondents indicated that they engage both lines of business and technology decision makers to indentify the State s information security strategy. 14
15 3. Which of the following best describes the state of senior executive support (Governor s Office or CIO) for security projects to effectively address regulatory or legal requirements? Commitment and adequate funding 14% Commitment but inadequate funding 55% No commitment but provide funds 4% No commitment or funds Not applicable/do not know 12% 14% 55 percent of the respondents indicated that they receive commitment from the senior executives but lack adequate funding for security projects to effectively address regulatory or legal requirements.
16 2. Which statement best represents how you measure and demonstrate the value and effectiveness of your information security organization s activities? We have established metrics that have been aligned to business value and report on a scheduled basis 13% We are working on establishing metrics and aligning them to business value 25% We have established metrics that are technical but not well understood by functions outside of information security 31% Little, if any, measurement is undertaken 23% We do not measure 4% Not applicable/do not know 4% 31 percent of the respondents indicated that they measure and demonstrate their value of information security enterprise activities by using technical metrics that are not well understood by non-information security functions.
17 3. How effective are applicable Federal and State regulatory security requirements at improving information security posture and at reducing data breach risks in your State (or agency)? Very effective 4% Somewhat effective 81% Not effective 13% Not applicable/do not know 2% 81 percent of the respondents indicated that the Federal and State regulatory security requirements are somewhat effective in improving the state s information security posture.
18 1. What are your State s top five (5) security initiatives for 2010? Information security strategy Information security governance (e.g., roles, reporting 27% 29% Aligning information security initiatives with those of the 21% Information security risk assessments Data protection 58% 60% Operationalizing information security 15% Information security measurement and reporting 42% Information security talent management 4% Information security training and awareness 54% Information security regulatory and legislative 21% Security infrastructure improvement 33% Application security 42% Identity and access management Security related to technology advancements (e.g., 19% 19% Information security compliance (e.g., internal / external 29% Managing insider threats 4% Managing or outsourcing of security services Disaster recovery Business continuity Other (please specify below) 10% 8% 6% 4% Not applicable/do not know (please describe below) 0% The respondents indicated that their 2010 top five security initiative includes data protection (60 percent), information security risk assessments (58 percent) information security training and awareness (54 percent), application security (42 percent) and information security measurement and reporting (42 percent).
19 What are your State s top five IT security initiatives? 1. Data Protection 2. Information Security Risk Assessments 3. Information Security Training and Awareness 4. Application Security 5. Information Security Measurement and Reporting
20 Lack of management support 10% Lack of executive support 25% Lack of support from business stakeholders 38% Lack of clarity on mandate, roles and responsibilities 25% Conflicting federal rules and requirements 6% Lack of sufficient funding 88% Lack of procurement oversight and control 19% Lack of visibility and influence within the enterprise 38% Lack of an information security strategy (i.e., shifting Inadequate availability of security professionals Inadequate competency of security professionals Lack of State sector focused laws and regulations Lack of documented processes Lack of legislative support Increasing sophistication of threats Emerging technologies Inadequate functionality and/or interoperability of 15% 13% 10% 17% 23% 21% 23% 40% 56% 2. What major barriers does your State face in addressing information security? Other 15% Not applicable/do not know 0%
21 5. What percentage of your department s overall IT budget is allocated to information security? 0% 11% 1-3% 50% 4-6% 15% Greater than 11% 7% Not applicable/do not know 17% 50 percent of the respondents indicated that 1-3 percent of their department s overall IT budget is allocated to information security.
22 2. Does your enterprise provide training to employees (at least annually) to identify and report suspicious activities? Yes 56% Yes, but only where mandated by laws/regulations 11% No 22% Not applicable/do not know (please describe below) 11% 56 percent of the respondents indicated that they provide training (at least annually) for employees to identify and report suspicious activities
23 4. Which of the following are the top three privacy concerns to your State? Unauthorized access to personal information 89% Managing third-party (contractors, service providers, 38% Intra-governmental sharing of information 20% Managing individual agency privacy requirements Aligning operational practices with policies Web-enabled systems and services 29% 27% 33% Cross-border flows of personal information 13% Internal privacy awareness and training 22% None of the above 2% Not applicable/do not know 7% The top three privacy concerns are the unauthorized access to personal information, (89 percent), followed by managing third-party(38 percent) and aligning operational practices with policies(33 percent).
24 1. Which statement best describes the level at which your State handles third party (contractors, service providers, business partners) security capabilities, controls & agency dependencies? Third-party security capabilities and controls are unknown 23% Knowledge of third-party security capabilities, controls and agency dependencies are identified 36% Knowledge of third-party security capabilities, controls and agency dependencies are identified and assessed 18% Knowledge of third-party security capabilities, controls and agency dependencies are regularly reviewed and tested 7% Not applicable/do not know 16% 36 percent of the respondents indicated that they have identified the knowledge of third-party security capabilities, controls, and agency dependencies; 23 percent indicated that the third-party security capabilities and controls are unknown.
25 2. How confident are you in the information security practices of your third parties (contractors, service providers, business partners)? Not very confident 20% Somewhat confident 69% Very confident 7% Extremely confident Not applicable/do not know 2% 2% 69 percent of the respondents indicated they are somewhat confident in the information security practices of their third parties whereas only seven percent indicated that they are very confident in the third party information security practices.
26 Growing IT Security Risks in the States Protecting legacy systems Expansion of wireless networks Online transactions Use of social media platforms Mobile devices and services Use of personally-owned devices (BYOD) for state business Adoption of cloud services; rouge cloud users Consumer digital devices in the workplace Third-party contractors and managed services
27 Business objectives Governance Acquisition strategy Jurisdictional issues Security and privacy concerns Policy and legal issues Exit strategy
28 Apply existing security framework and policies Consumer cloud vs. industrial strength Test drive: start with private cloud 3 rd party contracts protect state interests Enable legitimate business use Monitor & control unauthorized use Leverage FedRAMP
29 Today s State IT Workforce: Under Pressure State CIOs say % of state IT employees eligible for retirement within the next five years Fiscal stress - hiring freezes and elimination of vacant positions Nearly two-thirds say they anticipate having to reduce IT staff IT Security positions are difficult to recruit and retain Source: NASCIO State IT Workforce: Under Pressure, January 2011
30 Challenges Recruiting IT Security Professionals Skills and disciplines that present a challenge to fill Secuity 52.4% Project Management App & Mobile App 47.6% 50.0% Architecture 47.6% Analysis and Design 42.9% 40% 45% 50% 55% Comparison of total percentage of responses Source: NASCIO State IT Workforce: Under Pressure, January 2011
31 DHS National Cyber Security Review (NCSR): 2011 Baseline Assessment of the States Comprehensive risk-based survey of states and large urban areas Focus on 12 control areas using maturity model approach Key findings: identification of capabilities and gaps Potential areas to focus security programs for improvements Tool that can be used for additional cybersecurity reviews Metrics for cybersecurity investment justifications Reports to each respondent providing best practices and recommendations to improve cybersecurity posture What did we learn? States have major gaps in key areas
32 Looking Ahead: Action Items for States Looking Ahead More education and awareness of the risks More IT consolidation, shared services Consider NASCIO s Core Services Taxonomy for IT Security programs Outsourcing: more steering, less rowing IT implications of healthcare reform More intra-state, inter-state and federal collaboration Demand for performance, results State Centers of Excellence for cyber education & research Extending the enterprise: locals? Massive collaboration - Web 2.0 Funded research, scholarships, internships Sharing best practices, recognition
33 NASCIO Cybersecurity Call to Action Key Questions for State Leaders Have you created a culture of information security in your state government? Have you adopted a cybersecurity framework, based on national standards & guidelines? Have you acquired continuous vulnerability management capabilities? Have you documented the effectiveness of your cybersecurity with metrics and testing? Have you developed security awareness training for workers and contractors?
34 Connect with... nascio.org facebook.com linkedin.com youtube.com/nasciomedia twitter.com/nascio
Trends. AAMVA 2012 International Conference August 21, 2012
State eid Priorities, Issues and Trends AAMVA 2012 International Conference August 21, 2012 Chad Grant, Senior Policy Analyst National Association of State Chief Information Officers About NASCIO National
More informationThe Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap
The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap AAMVA Region I Conference E-ID, DLDV, and Privacy Conducting Business Securely
More informationEmerging Trends in Information. Impacting the States
Emerging Trends in Information Technology and Policies Impacting the States Doug Robinson, Executive Director National Association of State Chief Information Officers About NASCIO National association
More informationState of the States: IT Trends, Priorities and Issues
State of the States: IT Trends, Priorities and Issues OSC Financial Conference 2012 Doug Robinson, Executive Director National Association of State Chief Information Officers Fiscal recovery: budgets are
More informationThe Digital Identity Ecosystem of the States: Securing the Enterprise
The Digital Identity Ecosystem of the States: Securing the Enterprise Security Industry Alliance September 28, 2011 Doug Robinson, Executive Director National Association of State Chief Information Officers
More informationUnder the Digital Dome: State IT Priorities, Trends and Perspectives
Under the Digital Dome: State IT Priorities, Trends and Perspectives Best Practices Exchange 2014 Conference Montgomery, Alabama November 19, 2014 Doug Robinson, Executive Director National Association
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationForces of Change: Perspectives and Trends on State Information Technology 2015 Annual NAJIS Conference October 6, 2015
Forces of Change: Perspectives and Trends on State Information Technology 2015 Annual NAJIS Conference October 6, 2015 Doug Robinson, Executive Director National Association of State Chief Information
More informationIT Trends and the Cyber Security Agenda
State of the States: IT Trends and the Cyber Security Agenda Executive Policy Forum on Cyber and Electronic Crime NGA Center for Best Practices September 9, 2008 Doug Robinson Executive Director NASCIO
More informationSMART LEAN GOVERNMENT NASCIO. Direction, State Experiences and Federated Identity Management. April 29, 2014
SMART LEAN GOVERNMENT NASCIO Direction, State Experiences and Federated Identity Management April 29, 2014 Eric Sweden, Program Director, Enterprise Architecture & Governance Overview Enterprise.... Federation....
More informationNGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
More informationState of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013
State of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013 Mitch Herckis Director of Government Affairs National Association of State Chief Information Officers Today s State IT
More informationManaging Data as a Strategic Asset: Reality and Rewards
Managing Data as a Strategic Asset: Reality and Rewards GTA Technology Summit 2015 May 11, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About
More informationState CIOs, Emerging Trends and the Forces of Change
State CIOs, Emerging Trends and the Forces of Change xchange SLED Conference May 25, 2016 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationStates at Risk: Cyber Threat Sophistication, Inadequate Budget and Talent
SESSION ID: PNG-R04 States at Risk: Cyber Threat Sophistication, Inadequate Budget and Talent MODERATOR: Christopher Ipsen CIO Nevada Desert Research Institute PANELISTS: Tim Hastings Chief Information
More informationNote: NASCA is in the process of collecting the top pain points for 2016.
Formed in 1976, NASCA brings together state general services professionals from the 50 states, the District of Columbia and the U.S. territories to develop creative and timely solutions to issues facing
More informationNASA OFFICE OF INSPECTOR GENERAL
NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationState IT Workforce: Recruiting and Retaining Tech Talent NCSL Legislative Summit Minneapolis, MN August 19, 2014
State IT Workforce: Recruiting and Retaining Tech Talent NCSL Legislative Summit Minneapolis, MN August 19, 2014 Doug Robinson, Executive Director National Association of State Chief Information Officers
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationThe CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).
Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of
More informationSTATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO
STATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO Introduction Since taking office in January 2015, Governor Larry Hogan has
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More information2012 Deloitte-NASCIO Cybersecurity Study State Officials Questionnaire - Aggregate Results (NASACT)
2012 Deloitte-NASCIO Cybersecurity Study State Officials Questionnaire - Aggregate Results (NASACT) November, 2012 Note: This document has been produced for the sole use of National Association of State
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationSITUATIONAL AWARENESS MITIGATE CYBERTHREATS
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationInformation Systems Security Line of Business (ISS LoB)
Information Systems Security Line of Business (ISS LoB) Information Security and Privacy Advisory Board George Washington University Washington, DC March 22, 2007 Agenda Background Status Next Steps Background
More informationThe NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session
The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session Robert Smith Systemwide IT Policy Director Compliance & Audit Educational Series 5/5/2016 1 Today s reality There are two kinds
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationNationwide Cyber Security Review (NCSR) Frequently Asked Questions
Nationwide Cyber Security Review (NCSR) Frequently Asked Questions Table of Contents NCSR Frequently Asked Questions Nationwide Cyber Security Review (NCSR)... 1 Frequently Asked Questions... 1 1. What
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationState of South Carolina Initial Security Assessment
State of South Carolina Initial Security Assessment Deloitte & Touche LLP Date: May 1, 2013 Our services were performed in accordance with the Statement on Standards for Consulting Services that is issued
More informationCyber ROI. A practical approach to quantifying the financial benefits of cybersecurity
Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9
More informationWritten Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications
Written Testimony of Mark Kneidinger Director, Federal Network Resilience Office of Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationCONSULTING IMAGE PLACEHOLDER
CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization
More informationExecutive Management of Information Security
WHITE PAPER Executive Management of Information Security _experience the commitment Entire contents 2004, 2010 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationAudit of NRC s Network Security Operations Center
Audit of NRC s Network Security Operations Center OIG-16-A-07 January 11, 2016 All publicly available OIG reports (including this report) are accessible through NRC s Web site at http://www.nrc.gov/reading-rm/doc-collections/insp-gen
More informationCommonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012
Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationAgency for State Technology
Agency for State Technology 2015-2018 Statewide Information Technology Security Plan The Way Forward Rick Scott, Governor Jason M. Allison, State CIO Table of Contents From the Desk of the State Chief
More informationCyber and Data Risk What Keeps You Up at Night?
Legal Counsel to the Financial Services Industry Cyber and Data Risk What Keeps You Up at Night? December 10, 2014 Introduction & Overview Today s Discussion: Evolving nature of data and privacy risks
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationNational Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
More informationBOARD OF GOVERNORS MEETING JUNE 25, 2014
CYBER RISK UPDATE BOARD OF GOVERNORS MEETING JUNE 25, 2014 EXECUTIVE SUMMARY Cyber risk has become a major threat to organizations around the world, as highlighted in several well-publicized data breaches
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationOffice of the Chief Information Officer
Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business
More informationNASCIO 2014 State IT Recognition Awards
NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos
More informationGovernmental Oversight and Accountability Committee
The Florida Senate BILL ANALYSIS AND FISCAL IMPACT STATEMENT (This document is based on the provisions contained in the legislation as of the latest date listed below.) Prepared By: The Professional Staff
More informationA Pulse on Virtualization & Cloud Computing
A Pulse on Virtualization & Cloud Computing Prepared for Quest Software by Norwich University, School of Graduate and Continuing Studies April 2011 2010 Quest Software, Inc. ALL RIGHTS RESERVED Table of
More information2014 Deloitte-NASCIO Cybersecurity Study State governments at risk: Time to move forward
2014 Deloitte-NASCIO Cybersecurity Study State governments at risk: Time to move forward A publication of Deloitte and the National Association of State Chief Information Officers (NASCIO) Contents Message
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationAll Eyes: A Security Breach Exercise. Disaster Recovery/Security and Business Continuity Readiness
All Eyes: A Security Breach Exercise Disaster Recovery/Security and Business Continuity Readiness Commonwealth of Pennsylvania Molly Dougherty, Director Continuity of Government and Records Information
More informationLeveraging MITA to Implement Service Oriented Architecture and Enterprise Data Management. Category: Cross Boundary Collaboration
Leveraging MITA to Implement Service Oriented Architecture and Enterprise Data Management Category: Cross Boundary Collaboration Initiation date: August 2011 Completion date: October 2013 Nomination submitted
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationOFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON
OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON PERIODIC INFORMATION SECURITY AND PENETRATION AUDITS OF THE EXECUTIVE BRANCH INFORMATION TECHNOLOGY SYSTEMS APRIL 1, 2016 SUBMITTED TO THE TWENTY-EIGHTH
More informationGAO ELECTRONIC GOVERNMENT ACT. Agencies Have Implemented Most Provisions, but Key Areas of Attention Remain
GAO United States Government Accountability Office Report to the Committee on Homeland Security and Governmental Affairs, U.S. Senate September 2012 ELECTRONIC GOVERNMENT ACT Agencies Have Implemented
More informationStatement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education
Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information
More informationGOVERNMENT USE OF MOBILE TECHNOLOGY
GOVERNMENT USE OF MOBILE TECHNOLOGY Barriers, Opportunities, and Gap Analysis DECEMBER 2012 Product of the Digital Services Advisory Group and Federal Chief Information Officers Council Contents Introduction...
More informationCertified Identity and Access Manager (CIAM) Overview & Curriculum
Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management
More informationSTATEMENT OF CHARLES EDWARDS DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE
STATEMENT OF CHARLES EDWARDS DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY U.S. HOUSE OF REPRESENTATIVES
More informationDeputy Chief Financial Officer Peggy Sherry. And. Chief Information Security Officer Robert West. U.S. Department of Homeland Security.
Deputy Chief Financial Officer Peggy Sherry And Chief Information Security Officer Robert West U.S. Department of Homeland Security Testimony Before the Subcommittee on Government Organization, Efficiency
More informationPriority III: A National Cyberspace Security Awareness and Training Program
Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.
More informationDefending against modern cyber threats
Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda 1. The seriousness of today s situation
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationCIO-SP3 Service areas NIH Chief Information Officers-Solutions & Partners
CIO-SP3 Service areas NIH Chief Information Officers-Solutions & Partners PwC Contents Page 1 IT Services for Biomedical Research and Healthcare 2 Chief Information Officer (CIO) Support 3 5 3 Imaging
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationThe Heart of the Matter:
The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs NASCIO Staff Contact: Charles Robb Senior Policy Analyst NASCIO NASCIO represents state chief information officers and information
More informationSeamus Reilly Director EY Information Security sreilly@uk.ey.com 0207 951 3179 Cyber Security
Seamus Reilly Director EY Information Security sreilly@uk.ey.com 0207 951 3179 Cyber Security An Internal Audit perspective on the threats and responses within the Retail Sector 15 th May 2014 Agenda Introductions
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationState of Information Security
State of Information Security Second Annual Assessment Study 2013 Table of Contents: Synopsis and Methodology _ page 2 A Snapshot of Participants _ page 2 Survey Findings _ page 5 Final Thoughts _ page
More informationBreaking Down the Silos: A 21st Century Approach to Information Governance. May 2015
Breaking Down the Silos: A 21st Century Approach to Information Governance May 2015 Introduction With the spotlight on data breaches and privacy, organizations are increasing their focus on information
More informationInternal audit value optimization for insurance organizations
Internal audit value optimization for insurance organizations Webinar May 13, 2015 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationNARA s Information Security Program. OIG Audit Report No. 15-01. October 27, 2014
NARA s Information Security Program OIG Audit Report No. 15-01 October 27, 2014 Table of Contents Executive Summary... 3 Background... 4 Objectives, Scope, Methodology... 7 Audit Results... 8 Appendix
More informationAccess Health CT: Connecticut s Health Insurance Marketplace
Access Health CT: Connecticut s Health Insurance Marketplace NASCIO 2014 State IT Recognition Awards Category: Digital Government: Government to Citizen Contact: Mark Raymond State of Connecticut Chief
More informationSecurity Metrics to Manage Change: Which Matter, Which Can Be Measured?
Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:
More information2012 Deloitte-NASCIO Cybersecurity Study State governments at risk: a call for collaboration and compliance
2012 Deloitte-NASCIO Cybersecurity Study State governments at risk: a call for collaboration and compliance A publication of Deloitte and the National Association of State Chief Information Officers Contents
More informationSome thoughts about cloud computing risks. Andris Soroka 28 th of January, 2015 Riga, Latvia
Some thoughts about cloud computing risks Andris Soroka 28 th of January, 2015 Riga, Latvia Role of DSS in Cyber-security Development in Baltics Cyber-Security Awareness Raising Technology and knowledge
More informationDepartment of Human Resources
Workforce Services Workforce Policy and Planning Department Management/ Human Resource Information Systems Employee Relations Employment Compensation and Workforce Analysis Employee Benefits Organizational
More informationDon t Get Left in the Dust: How to Evolve from CISO to CIRO
SESSION ID: CXO-W04 Don t Get Left in the Dust: How to Evolve from CISO to CIRO JC-JC James Christiansen VP Information Risk Management Accuvant jchristiansen@accuvant.com Bradley J. Schaufenbuel, CISSP
More informationHow To Use Cloud Computing For Federal Agencies
Cloud Computing Briefing Scott Renda Office of Management and Budget www.whitehouse.gov/omb/egov Cloud Computing Basics Style of computing Cloud Computing: What Does it Mean? Close public/private sector
More information2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
More information2008 NASCIO Award Submission. Utilizing PCI Compliance to Improve Enterprise Risk Management
Section A Cover Page 2008 NASCIO Award Submission Utilizing PCI Compliance to Improve Enterprise Risk Management Information Security and Privacy Michigan Section B - Executive Summary Michigan has implemented
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationRETHINKING CYBER SECURITY Changing the Business Conversation
RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More information