UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer
|
|
- Wesley Anthony
- 8 years ago
- Views:
Transcription
1 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Revised Critical Infrastructure Prtectin Reliability Standards Dcket N. RM Statement f Thmas F. O Brien Vice President & Chief Infrmatin Officer PJM Intercnnectin, L.L.C. January 28,
2 PJM Intercnnectin is pleased t prvide these initial cmments in respnse t the Cmmissin s inquiry n the Cyber Security Supply Chain Best Practices. My cmments will address sme f the unique challenges, current PJM actins, and a set f recmmendatins t further advance the supply chain cybersecurity issues. I serve as the Vice President and Chief Infrmatin Officer fr PJM. In this rle, I versee all aspects f PJM s infrmatin technlgy and enterprise infrmatin security. My rle has been t ensure we are implementing technlgy t meet ur respnsibilities as an RTO in a secure and reliable manner. I appreciate the Cmmissin s fcus n the imprtance f supply chain cybersecurity issues. Supply chain risk is a genuine threat that needs t be carefully cnsidered and managed. The cmplexity and breadth f supply chain cybersecurity risk includes end-t-end management f the supply and distributin f hardware, firmware, system sftware, applicatin sftware and services. Effectively identifying and managing the cybersecurity risks within the supply chain is imprtant. There are clear and dcumented examples acrss several supply chains and distributin channels f embedded attacks in hardware, system sftware, applicatin sftware, and services. A risk-based apprach will drive the greatest value by ensuring that we address the highest risks first. Managing the supply chain frm a cybersecurity perspective des create sme unique challenges: The supply chain is highly distributed and des nt fall under any single regulatry jurisdictin, which ptentially culd subject hardware, sftware, and service vendrs t diverse standards frm multiple critical infrastructures and regulatry agencies: The supply chain des nt lend itself t creating the necessary cllabratin and accuntability t ensure issues are managed by thse best able t manage the risk; An ineffective regulatry prgram can create a false sense f security and divert resurces frm fcusing n activities which are mst within the custmer s cntrl; and Ineffective management f the supply chain fr addressing cybersecurity issues culd lead t increased utility csts withut a crrespnding significant benefit t the end user. Thus, it is critically imprtant that we address supply chain cybersecurity risks in an efficient and cst-effective manner PJM is addressing the cybersecurity supply chain issues that the Cmmissin has identified within the cntext f ur verall security prgram. Our prgram has advanced significantly and has demnstrated tangible benefits in terms f advancing the cybersecurity f ur systems thrugh the PJM prcurement prcess. Nevertheless, PJM recgnizes the need fr further enhancements as we manage the threats. Our cllabratin with sftware, hardware, and services vendrs has shwn that 2
3 as ne mves up the supply chain, cybersecurity supply chain practices are incnsistent and therefre must cntinue t evlve and imprve. By way f example, sme f PJM s current activities that are fcused n enhancing cybersecurity f ur systems thrugh ur prcurement prcess and ther internal prcesses include: Our participatin in DHS classified briefings t better understand the cybersecurity threats including supply chain threats; Mdificatins t ur vendr review prcess as part f ur prcurement prcesses t ensure that risk and cybersecurity best practices are carefully cnsidered prir t cntract apprval; Analysis f cyber and physical security cntrls fr majr vendrs f high risk systems t ensure that their internal security practices are sufficient t reduce unintentinal defects as well as intentinal infiltratin f malware and backdrs; Develpment f cmmn security requirements that will be part f ur request fr prpsal prcess and technlgy implementatins; PJM buying nly frm authrized resellers, aviding used prducts t reduce the risk f cunterfeit and tainted prducts; PJM requiring cntractrs and vendrs t underg PJM s backgrund screening prcess irrespective f the criticality f that access; Engaging third parties fr advanced security penetratin testing n an annual basis and when majr systems are released int prductin envirnments; Advanced 24x7 security event mnitring tls and cntrls t detect ptentially malicius netwrk activity that wuld result frm tainted prducts; File system mnitring fr high-risk systems t ensure that changes n file systems crrespnd t authrized changes; Establishment f a sftware management gvernance team t ensure that all sftware is authrized prir t installatin and has gne thrugh a security review; Participatin in the Cyber Risk Infrmatin Sharing Prgram (CRISP), which prvides detectin f ptentially malicius traffic that may result frm natin state infiltratin f supply chains. In light f the cmplexity, the existing disparate industry standards, the immaturity f supply chain cybersecurity practices amng vendrs, and the absence f well-established practices in supply chain cybersecurity, PJM prpses that, at this time, a directive t NERC t develp a standard in this area may nt be the best use f time and resurces t address this issue. Standard drafting is 3
4 smething f a cttage industry with its wn set f challenges fcused n chice f specific wrds, actin required and issues surrunding enfrcement and penalties. Getting embriled in these issues prematurely may take away frm the kind f develpment f best practices guidance and crssindustry cmmunicatin that is needed at this stage f the prcess. Accrdingly, we wuld urge the Cmmissin t cnsider ther vehicles which culd range frm use f NERC s prcess fr the develpment f Guidance Papers (a prcess which has been used by the Critical Infrastructure Prtectin Cmmittee (CIPC) which is tasked t develp, peridically review, and revise security guidelines) t mre rganized Cmmissin-spnsred cmmunicatins bth within the electric industry as well as acrss industries. 1 A similar effrt fr cmmunicatin amng regulatrs f different sectrs especially impacted by cybersecurity, such as the financial and cmmunicatin sectrs in additin t the utility sectr, wuld als help t advance supply chain cybersecurity capabilities and ensure the sharing f best practices. As a result, ur recmmended path frward is t encurage crss sectr crdinatin and cllabratin with the prviders in the technlgy industry as ppsed t diverting fcus t the drafting f a technical standard at this pint in time. On the ther hand, we d believe there is a key FERC and NERC rle at this pint in time. Presently, there are a hst f standards and publicatins that need t be better crdinated and harmnized. These include: NIST SP Supply Chain Risk Management Practices fr Federal Infrmatin Systems and Organizatins. ISO Open Trusted Technlgy Prvider Standard (O-TTPS) - A standard f the Open Grup Vendrs that prvides a set f guidelines, recmmendatins and requirements that help assure against maliciusly tainted and cunterfeit prducts. Department f Energy s Cybersecurity Prcurement Language fr Energy Delivery Systems - This publicatin is a guidance dcument that prvides baseline cybersecurity prcurement language fr use by asset wners, peratrs, integratrs, and suppliers during the prcurement prcess. NIST Cyber Security Framewrk - Prvides guidance t help the energy sectr establish r align existing cybersecurity risk management prgrams t meet the bjectives f the Cybersecurity Framewrk released by the Natinal Institutes f Standards and Technlgy (NIST) in February ISO Standards Infrmatin Security Management Family f Standards. 1 The develpment f guidance dcuments in lieu f standards is specifically cntemplated in the charters f certain NERC Cmmittees including the CIPC. The full set f CIPC guidelines are available at: 4
5 We wuld suggest that FERC direct NERC t develp a guidance dcument (using the existing CIPC guidance dcument prcess utlined abve) as well as gather and synthesize key data n best practices in cybersecurity prcurement as well as wrk with NIST and ther agencies t ratinalize the abve standards and publicatins int a guidance dcument that wrks fr the electric industry in light f its rle as a buyer rather than manufacturer f these prducts. This shuld include cllabratin with IT vendrs and service prviders t understand the current state and t develp a radmap fr imprving vendr cybersecurity supply chain practices. The scpe f this effrt shuld include specific recmmendatins assciated with best practices in implementatin f the abve standards in the cntext f prcurement f sftware and hardware. Fr example, the guidance culd include: cncepts n the ability t validate the authenticity f sftware and patches that are being dwnladed; review f best practices assciated with the prcurement f hardware thrugh specialized supply chains; best practices in applicatin vulnerability management; and ther specific recmmendatins based n the risk analysis. Nevertheless, althugh PJM feels this guidance prcess fcused n detailing best practices as utlined abve is a mre apprpriate first step at this pint, shuld the Cmmissin decide that it desires t mve frward with a directive t NERC t develp a binding standard at this pint, we believe that the fcus and assignment shuld be n strengthening the current CIP standards. Under this scenari, the existing standards wuld be reviewed in light f best practices that have been identified t address the supply chain risk in the areas that registered entities cntrl with respect t preventin, detectin, and resilience. Finally, we nte the passage f recent legislatin that authrizes increased cmmunicatin and cllabratin between the industry and the relevant federal agencies. We believe the passage f this lng-verdue legislatin prvides the legal authrity fr FERC, wrking with DHS and NIST, t ensure greater reprting n cyber threats t the E-ISAC and imprved tw-way cmmunicatins. These effrts shuld be fcused n : Prviding transparency t cybersecurity risks embedded in cmmnly-used critical sftware applicatins and hardware; and Engaging with ther critical infrastructures and gvernment agencies (including ther federal and state regulatrs) t ensure unity f apprach. 5
6 In shrt, we see this entire exercise, including this NOPR, as part f a cntinued evlutin f best practices and cllabratin acrss critical infrastructures and technlgy service prviders. At the same time, we recgnize that prtectin acrss all critical infrastructure sectrs is beynd FERC jurisdictin. As a result, it will be imperative t cntinue the brader engagement with the Department f Hmeland Security, NIST, ther critical infrastructure sectrs, technlgy prviders, and ther gvernment agencies t enhance ur management f the supply chain against cybersecurity threats. PJM stands ready t wrk with the Cmmissin, stakehlders, NERC, and thers in that prcess. 6
POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationMANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016
MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins
More informationGovernment of Malta. Reference: GMICT X 0004-1:2014 Version: 7.0. Effective: 07 January 2014
Gvernment f Malta Reference: GMICT X 0004-1:2014 Versin: 7.0 Effective: 07 January 2014 This dcument is part f the http://ictplicies.gv.mt Underlined terms are defined in the Vcabulary. Purpse The purpse
More informationHigh Level Meeting on National Drought Policy (HMNDP) CICG, Geneva 11-15 March 2013
High Level Meeting n Natinal Drught Plicy (HMNDP) CICG, Geneva 11-15 March 2013 Plicy Dcument: Natinal Drught Management Plicy United Natins Cnventin t Cmbat Desertificatin (UNCCD) Fd and Agriculture Organizatin
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent
More informationSolution. Industry. Challenges. Client Case Study. Legacy Systems too Costly to Maintain. Supply Chain Advantage. Delivered.
Supply Chain Advantage. Delivered. Client Case Study MEBC Supprts the Federal Aviatin Administratin Manage Prject Risk during Majr ERP Implementatin thrugh Independent Verificatin and Validatin (IV&V)
More informationThe Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future
The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents
More informationApril 29, 2013 INTRODUCTION ORGANIZATIONAL OVERVIEW PROJECT OVERVIEW
April 29, 2013 INTRODUCTION The Mid-Atlantic Reginal Air Management Assciatin, Inc (MARAMA) is seeking t engage a cntractr t assist in updating f MARAMA s current website sftware and mve the website t
More informationCDE Data Governance Program - CDE-Specific and SLDS (P20+) Programs
CDE Data Gvernance Prgram - CDE-Specific and SLDS (P20+) Prgrams On September 27 th and 28 th, State Supprt Team (SST) Members Crey Chatis and Jeff Sellers visited Clrad t help CDE begin a Data Gvernance
More informationAgenda. o Purpose of IT Assessment o Scope of IT Assessment o Deloitte Recommendations o IBM Discussions o Research Data Center o Open Season
Agenda Purpse f IT Assessment Scpe f IT Assessment Delitte Recmmendatins IBM Discussins Research Data Center Open Seasn Purpse f IT Assessment Determine if IT resurces are being utilized efficiently and
More informationFraud Prevention Techniques for Higher Education
Fraud Preventin Techniques fr Higher Educatin Speakers: Brenda Buetw, Crwe Hrwath LLP Jennifer Richards, Crwe Hrwath LLP David English, Augustana Cllege Date: Octber 6, 2014 Sessin Gals Identify the different
More informationMajor capital investment in councils. Good practice checklist for project managers
Majr capital investment in cuncils checklist fr prject managers Prepared by Audit Sctland March 2013 b The Accunts Cmmissin The Accunts Cmmissin is a statutry, independent bdy which, thrugh the audit prcess,
More informationGUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN
Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm
More informationCTF-ENDORSED NF CLINICS: PRINCIPLES OF OPERATION
Pilt Guidelines 2006 CTF-ENDORSED NF CLINICS: PRINCIPLES OF OPERATION Backgrund Children s Tumr Fundatin supprts research directed tward finding treatments fr neurfibrmatsis (NF) as well as effrts fcused
More informationHealth Stream Portfolio (e.g. Mental health, drug & alcohol) and Contract of Employment
Psitin Descriptin Psitin Agency Reprts t Terms and Cnditins f Emplyment Classificatin/ Salary Stream Length f Psitin Lcatin Health Stream Lead Health Stream Prtfli (e.g. Mental health, drug & alchl) Primary
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationOccupational Therapy Working Group: Service Delivery review and Fee Review
Occupatinal Therapy Australia Victria Divisin Terms f Reference submissin Occupatinal Therapy Wrking Grup: Service Delivery review and Fee Review HDSG (TAC and VWA) July 2014 Occupatinal Therapy Australia
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationLINCOLNSHIRE POLICE Policy Document
LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationGravesham Borough Council
Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager
More informationIFRS Discussion Group
IFRS Discussin Grup Reprt n the Public Meeting February 26, 2014 The IFRS Discussin Grup is a discussin frum nly. The Grup s purpse is t assist the Accunting Standards Bard (AcSB) regarding issues arising
More informationWeb Development the Next Steps
Web Develpment the Next Steps Significant prgress has been made n the redesign f the Western Washingtn University hme page. The ATUS Web Services team has wrked hard in cllabratin with the University Cmmunicatins
More informationITU-T T Focus Group on Identity Management (FG IdM):
Internatinal Telecmmunicatin Unin ITU-T ITU-T T Fcus Grup n Identity Management (FG IdM): IdM Tutrial Part II Ray P. Singh Telcrdia Technlgies 732-699-6105 rsingh@telcrdia.cm ITU-T FG IdM Overview IdM
More informationENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More informationCaptive outsourcing models
Captive utsurcing mdels India TP hygiene wrkshp Presenter: Vishnu Bagri Octber 23, 2013 2013 Transfer Pricing Assciates Hlding B.V. BACKDROP + India has evlved as a premier utsurcing hub fr IT, ITES, engineering
More informationITIL Release Control & Validation (RCV) Certification Program - 5 Days
ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management
More informationCommunicating Deficiencies in Internal Control to Those Charged with Governance and Management
Internatinal Auditing and Assurance Standards Bard ISA 265 April 2009 Internatinal Standard n Auditing Cmmunicating Deficiencies in Internal Cntrl t Thse Charged with Gvernance and Management Internatinal
More informationResearch Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012
Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.
More informationCDC UNIFIED PROCESS PRACTICES GUIDE
Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Business Case and t describe the practice verview, requirements, best practices, activities, and key terms related t these
More informationStandardization or Harmonization? You need Both
Standardizatin r? Yu need Bth Albrecht Richen and Ansgar Steinhrst Recently the CFO f a majr cnsumer electrnics cmpany stated, We dn t need standardizatin f ur wrldwide prcesses, we need harmnizatin. Is
More informationA National CERT what can it do for you?
A Natinal CERT what can it d fr yu? Ian M Dwdeswell Qatar Cmputer Emergency Respnse Team (Q-CERT) 2 Presentatin Overview Wh we are What we d What we can d fr yu Questins 3 What is Q-CERT? The natinal cmputer
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationEqual Pay Audit 2014 Summary
Equal Pay Audit 2014 Summary Abut the dcument The fllwing summary is an abridged versin f Ofcm s equal pay audit 2014. In the full versin f the reprt we set ut ur key findings, cmment n any issues arising
More informationCross Agency Priority Goal Quarterly Progress Update
Crss Agency Pririty Gal Quarterly Prgress Update Shared Services Gal Leaders: Krysta Harden, Deputy Secretary, US Department f Agriculture; Dave Mader, Cntrller, Office f Federal Financial Management,
More informationCHANGE MANAGEMENT STANDARD
The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the
More informationMigrationWiz HIPAA Compliant Migration. Focus on data migration, not regulation. BitTitan Global Headquarters: 3933 Lake Washington Blvd NE Suite 200
MigratinWiz HIPAA Cmpliant Migratin Fcus n data migratin, nt regulatin. BitTitan Glbal Headquarters: 3933 Lake Washingtn Blvd NE Suite 200 Table f Cntents Kirkland, WA 98033 www.bittitan.cm sales@bittitan.cm
More informationSecretariat of the Joint Forum Bank for International Settlements CH-4002 Basel, Switzerland. Dear Secretariat of the Joint Forum,
Secretariat f the Jint Frum Bank fr Internatinal Settlements CH-4002 Basel, Switzerland Dear Secretariat f the Jint Frum, The Glbal Federatin f Insurance Assciatins (GFIA), thrugh its 35 member assciatins,
More informationJob Classification Details Department Job Function Job Family Job Title Job Code Salary Level
Jb Classificatin Details Department Jb Functin Jb Family Jb Title Jb Cde Salary Level Chief Diversity Office Marketing, Cmmunicatins, & Outreach Cmmunicatin/Cnstituent Relatins Cmmunicatins Crdinatr PMP1
More informationPENETRATION TEST OF THE FOOD COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE FOOD AND DRUG ADMINISTRATION'S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office fpublic
More informationBetter Practice Guide Financial Considerations for Government use of Cloud Computing
Better Practice Guide Financial Cnsideratins fr Gvernment use f Clud Cmputing Nvember 2011 Intrductin Many Australian Gvernment agencies are in the prcess f cnsidering the adptin f clud-based slutins.
More informationCross Agency Priority Goal Quarterly Progress Update
Crss Agency Pririty Gal Quarterly Prgress Update Shared Services Gal Leaders: Krysta Harden, Deputy Secretary, US Department f Agriculture; Dave Mader, Cntrller, Office f Federal Financial Management,
More information2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY
2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY OFFICE OF INFORMATION TECHNOLOGY AUGUST 2008 Executive Summary The mst recent CSU Stanislaus infrmatin technlgy (IT) plan was issued in 2003.
More informationPolicy on Free and Open-source Software. Government Policy of Iceland
Plicy n Free and Open-surce Sftware Gvernment Plicy f Iceland Prime Minister s Office December 2007 Intrductin Free and pen-surce sftware is sftware based n a surce cde which the authrs chse t make public
More informationLicensing Windows Server 2012 for use with virtualization technologies
Vlume Licensing brief Licensing Windws Server 2012 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents This
More informationProfessional Leaders/Specialists
Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and
More informationGrant Application Writing Tips and Tricks
Grant Applicatin Writing Tips and Tricks Grants are prvided by gvernment (lcal, state and natinal), charitable trusts, and by cmmunity rganisatins (eg Ltteries, Rtary, etc). Each grant has a specific purpse,
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationLicensing Windows Server 2012 R2 for use with virtualization technologies
Vlume Licensing brief Licensing Windws Server 2012 R2 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 R2 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents
More informationSuccession Planning & Leadership Development: Your Utility s Bridge to the Future
Successin Planning & Leadership Develpment: Yur Utility s Bridge t the Future Richard L. Gerstberger, P.E. TAP Resurce Develpment Grup, Inc. 4625 West 32 nd Ave Denver, CO 80212 ABSTRACT A few years ag,
More informationColorado Health Benefit Exchange Board Advisory Group Selection Process, Timeline, Charters and Nominee Form
Clrad Health Benefit Exchange Bard Selectin Prcess, Timeline, Charters and Nminee Frm Backgrund At the COHBE Bard meeting n April 9, 2012, staff shared a mem utlining a recmmendatin t frm vlunteer s (Health
More informationProcess Improvement Center of Excellence Service Proposal Recommendation. Operational Oversight Committee Report Submission
Prcess Imprvement Center f Excellence Service Prpsal Recmmendatin Operatinal Oversight Cmmittee Reprt Submissin INTRODUCTION This Prpsal prvides initial infrmatin regarding a pssible additin t a service.
More informationCyber Security Legislation Privacy Protections are Substantially Similar
Cyber Security Legislatin Privacy Prtectins are Substantially Similar By Rb Strayer and David Beardwd The fur mst prminent cyber security legislative prpsals the Obama administratin s legislative text;
More informationIntroducing the en.lighten partnership
Intrducing the en.lighten partnership Facilitating supprt t cuntries t implement the transitin t efficient lighting This dcument serves t intrduce the en.lighten partnership thrugh which the UNEP/GEF en.lighten
More informationThe National Cyber Security Policy
The Natinal Cyber Security Plicy Ministry f Science, Technlgy and Innvatin f Malaysia (MOSTI) The Natinal Cyber Security Plicy Page 1 f 7 The Natinal Cyber Security Plicy Executive Summary Malaysia s jurney
More information1 Focus Area: Water & Urbanization
1 Fcus Area: Water & Urbanizatin Water & Urbanizatin addresses Integrated Urban Water Management (IUWM), fld risk management in cities, climate change and urban areas, management f newly urbanized areas,
More informationInformation Technology Policy
Infrmatin Technlgy Plicy Custmer Applicatins Plicy ITP Number ITP-APP025 Categry Recmmended Plicy Cntact RA-itcentral@pa.gv Effective Date March 23, 2009 Supersedes Scheduled Review April 2015 This Infrmatin
More informationCrnwall Partners in Care
Crnwall Partners in Care Mving Frward Versin 2.0 8 th January 2014 By Richard Mnk Crnwall Partners in Care August 2013 Page 1 f 6 CPIC mving frward This dcument has been created t help prvide a little
More informationGetting Started Guide
AnswerDash Resurces http://answerdash.cm Cntextual help fr sales and supprt Getting Started Guide AnswerDash is cmmitted t helping yu achieve yur larger business gals. The utlined pre-launch cnsideratins
More informationHEALTH INFORMATION EXCHANGE GRANTS CRITERIA
1 HEALTH INFORMATION EXCHANGE GRANTS CRITERIA INTRODUCTION On August, 20 th, the federal Office f the Natinal Crdinatr fr Health Infrmatin Technlgy (ONC) released an pprtunity fr states t apply fr between
More information9 ITS Standards Specification Catalog and Testing Framework
New Yrk State ITS Standards Specificatin Develpment Guide 9 ITS Standards Specificatin Catalg and Testing Framewrk This chapter cvers cncepts related t develpment f an ITS Standards Specificatin Catalg
More informationSession 9 : Information Security and Risk
INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin
More informationCOUNTY OF SONOMA AGENDA ITEM SUMMARY REPORT
COUNTY OF SONOMA AGENDA ITEM SUMMARY REPORT Department: General Services Department Snma Cunty Water Agency Cntact: Dave Head Phne: 565-2089 REQUESTED BOARD ACTION: Bard Date: May 12, 2009 Clerk f the
More informationAudit Committee Charter
Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm
More informationThis report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.
Cmmittee: Date(s): Infrmatin Systems Sub Cmmittee 11 th March 2015 Subject: Agilisys Managed Service Financial Reprt Reprt f: Chamberlain Summary Public Fr Infrmatin This reprt prvides Members with an
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationGuidelines for Outsourcing, Offshoring, and Cloud Services
Preview Guidelines fr Outsurcing, Offshring, and Clud Services Frewrd Data security and data prtectin challenges arise in mst utsurcing and ffshring transactins, particularly where services are clud based.
More informationRisk Management Policy AGL Energy Limited
Risk Management Plicy AGL Energy Limited AUGUST 2014 Table f Cntents 1. Abut this Dcument... 2 2. Plicy Statement... 2 3. Purpse... 2 4. AGL Risk Cntext... 3 5. Scpe... 3 6. Objectives... 3 7. Accuntabilities...
More information(DRAFT) WISHIN DIRECT MARKETING PLAN Prepared by Kim Johnston June, 2011
Prepared by Kim Jhnstn Purpse Prvide a review f the market Give an verview f the market segments fr WISHIN Direct Outline the marketing and cmmunicatin activities fr WISHIN Direct Identify the cmmunicatin
More informationLEED Rating System Development
LEED Rating System Develpment Why are the LEED rating systems being updated? The hallmark f LEED and its ability t affect market transfrmatin is its cntinuus imprvement cycle that enables the rating system
More informationFinancial advisory and taxation services in Australia
Financial advisry and taxatin services in Australia CPA Australia The Institute f Chartered Accuntants in Australia The Natinal Institute f Accuntants Intrductin: Access t financial and tax advice Cnsumers
More informationVulnerability Management:
Vulnerability Management: Creating a Prcess fr Results Kyle Snavely Veris Grup, LLC Summary Organizatins increasingly rely n vulnerability scanning t identify risks and fllw up with remediatin f thse risks.
More informationSECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain
More informationFEEDBACK FROM THE VICTORIA QUALITY COUNCIL INTERHOSPITAL PATIENT TRANSFER WORKSHOP
FEEDBACK FROM THE VICTORIA QUALITY COUNCIL INTERHOSPITAL PATIENT TRANSFER WORKSHOP Results arising frm the survey f Participants at the Victrian Quality Cuncil (VQC) Interhspital Patient Transfer Wrkshp
More informationService Description Implementing Kimble Professional Services Automation
Service Descriptin Implementing Kimble Prfessinal Services Autmatin Felber Cnsulting wrks with clients ranging frm large gvernment r private sectr rganisatins t small & mediumsized enterprises. We wrk
More informationThe Whole of Government Approach: Models and Tools for EGOV Strategy & Alignment
The Whle f Gvernment Apprach: Mdels and Tls fr EGOV & Alignment Adegbyega Oj (in cllabratin with T. Janwski and E. Estevez) United Natins University a@iist.unu.edu OVERVIEW 1. THE WG APPROACH 2. APPLICATION
More informationJob Profile Data & Reporting Analyst (Grant Fund)
Jb Prfile Data & Reprting Analyst (Grant Fund) Directrate Lcatin Reprts t Hurs Finance Slihull Finance Directr Nminally 37 hurs but peratinally available at all times t meet Cmpany requirements Cntract
More informationLoss Share Data Specifications Change Management Plan
Lss Share Data Specificatins Change Management Plan Last Updated: 2/27/2013 Table f Cntents I. Purpse... 3 II. Change Management Apprach... 3 III. Categries f Revisins... 4 IV. Help and Supprt... 6 Lss
More informationMobile Telecom Expense Management
Mbile Telecm Expense Management Quick Start Mbile Telecm Expense Management Intrductin The BT Mbile Telecm Expense Management Quick Start Service is part BT Managed Mbility Expenses* BT s suite f telecm
More informationProjects Director Report Guidelines. IPMA Level A
Prjects Directr Reprt Guidelines IPMA Level A Cntents 1. GENERAL PROVISIONS.. 2 2. PROJECT PORTFOLIO / PROGRAMME DESCRIPTION...2 3. PROJECTS DIRECTOR REPORT 5 4. ANNEXES..7 Authr Classificatin Status Electrnic
More informationRCPNC Grants for Creative Strategies and Pragtimatic Pragmatins
REQUEST FOR APPLICATIONS (RFA) The RCPNC is accepting grant applicatins fr prjects that use creative strategies t imprve crdinatin amng USDA-FNS Child Nutritin prgrams and ther nutritin assistance prgrams.
More informationEnvironment Protection Authority
Envirnment Prtectin Authrity EPA Cmplaints Management Plicy Intrductin This plicy sets ut the purpse, principles and prcess fr hw custmer feedback, including cmplaints, will be managed in the EPA t imprve
More informationAudit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd
Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew
More informationINFRASTRUCTURE TECHNICAL LEAD
1. PURPOSE OF POSITION This psitin is respnsible fr the delivery f peratinal supprt and maintenance f the TDHB IT infrastructure envirnment. This rle is als pivtal in the develpment and delivery f infrastructure
More informationWHITE PAPER. Vendor Managed Inventory (VMI) is Not Just for A Items
WHITE PAPER Vendr Managed Inventry (VMI) is Nt Just fr A Items Why it s Critical fr Plumbing Manufacturers t als Manage Whlesalers B & C Items Executive Summary Prven Results fr VMI-managed SKUs*: Stck-uts
More informationRichmond Clinical Commissioning Group Report Summary
Richmnd Clinical Cmmissining Grup Reprt Summary Meeting Title: Gverning Bdy Date: 16 September 2014 Reprt Title: Better Care Fund Plan Agenda Item: 8 Attachment: D Purpse: (please delete /N as apprpriate)
More informationImplementing an electronic document and records management system using SharePoint 7
Reprt title Agenda item Implementing an electrnic dcument and recrds management system using SharePint 7 Meeting Finance, Prcurement & Prperty Cmmittee 16 June 2008 Date Reprt by Dcument Number Head f
More informationSmall Business, Enterprise and Employment Bill: Insolvency fact sheets Contents
1 Small Business, Enterprise and Emplyment Bill: Inslvency fact sheets Cntents Directr Disqualificatin and Inslvency General Aims... 2 Administratin: sales t cnnected persns (prepack administratins)...
More informationHow to Address Key Selection Criteria
Hw t Address Key Selectin Criteria Yu've seen an jb pprtunity that yu're interested in, n a jbs bard r in the press and want t apply, but where d yu start? A key requirement fr jbs in Gvernment is t respnd
More informationHow To Write An Itu-T Security Standards Manual
ITU-T Netwrk Security Initiatives Michael Harrp The Cttingham Grup Internatinal Telecmmunicatin Unin Overview f Presentatin ITU-T Shw the cntext f ITU-T security standards activities Highlight sme f key
More informationThe Allstate Foundation Domestic Violence Program 2015 Moving Ahead Financial Empowerment Grant
The Allstate Fundatin Dmestic Vilence Prgram 2015 Mving Ahead Financial Empwerment Grant Due Date: September 1, 2015 Online applicatin: https://www.grantrequest.cm/sid_1010?sa=sna&fid=35296 The Allstate
More informationSoftware and Hardware Change Management Policy for CDes Computer Labs
Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces
More information