Information Security @ Blue Valley Schools FEBRUARY 2015



Similar documents
Security Controls What Works. Southside Virginia Community College: Security Awareness

The Protection Mission a constant endeavor

Goals. Understanding security testing

Miami University. Payment Card Data Security Policy

Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

Best Practices For Department Server and Enterprise System Checklist

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

Critical Controls for Cyber Security.

Client Security Risk Assessment Questionnaire

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Supplier Security Assessment Questionnaire

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

A practical guide to IT security

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Cybersecurity: What CFO s Need to Know

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

Four Top Emagined Security Services

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

HIPAA Compliance Evaluation Report

Security Threat Risk Assessment: the final key piece of the PIA puzzle

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

SAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Big Data, Big Risk, Big Rewards. Hussein Syed

John Essner, CISO Office of Information Technology State of New Jersey

Attachment A. Identification of Risks/Cybersecurity Governance

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BYOD: End-to-End Security

How To Protect Yourself From A Hacker Attack

Cyber Self Assessment

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO TABLE OF CONTENTS

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Information Security Program Management Standard

UF IT Risk Assessment Standard

F G F O A A N N U A L C O N F E R E N C E

Logging In: Auditing Cybersecurity in an Unsecure World

Central Agency for Information Technology

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

CMS Operational Policy for Infrastructure Router Security

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Hengtian Information Security White Paper

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

PII Compliance Guidelines

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Cybersecurity Health Check At A Glance

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Network Segmentation

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Agenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

The Second National HIPAA Summit

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security

Altius IT Policy Collection Compliance and Standards Matrix

HIPAA Security & Compliance

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

External Penetration Assessment and Database Access Review

Presented by Evan Sylvester, CISSP

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Risk Management Guide for Information Technology Systems. NIST SP Overview

1B1 SECURITY RESPONSIBILITY

DIVISION OF INFORMATION SECURITY (DIS)

Small Business IT Risk Assessment

THE BLUENOSE SECURITY FRAMEWORK

Security Management. Keeping the IT Security Administrator Busy

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Information security controls. Briefing for clients on Experian information security controls

ABB s approach concerning IS Security for Automation Systems

Information Technology General Controls (ITGCs) 101

Complying with the Federal Information Security Management Act. Parallels with Sarbanes-Oxley Compliance

Data Management Policies. Sage ERP Online

How To Protect Your Data From Being Stolen

DHHS Information Technology (IT) Access Control Standard

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

Transcription:

Information Security @ Blue Valley Schools FEBRUARY 2015

Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that mission we employ a variety of technology systems to enhance and support that student s education. We take the stewardship of student information in those technological systems very seriously. We have implemented a expansive system of security controls and systems to protect and keep private the student information entrusted to Blue Valley.

The objective of an information security program is to establish a continuous, iteratively improving regimen of planning, building and running security solutions that are aligned to organizational requirements. Gartner January 2012

Gartner (January 2012)

Information Security is a balance between three factors that assesses overall risk.

Information Security is best implemented in a multi-layered defense in depth based approach

What organizations does Blue Valley look to for information security guidance?

Blue Valley Follows the NIST SP800 Information Security Standard Access Control Awareness and Training Audit and Accountability Configuration Management Identification and Authentication Incident Response Maintenance Media Protection Physical Protection Personnel Security Risk Assessment Security Assessment System and Communication Protection System and Information Integrity

Blue Valley Security Focuses Network Built in layers to physically separate access and systems Monitored for improper activity and access Multiple Firewalls Data Classify data by role and access requirements. Build access policies based on data classification All sensitive data is encrypted on the network and backup systems

Blue Valley Security Focuses Physical All physical access to systems is monitored and logged by card access and security cameras Server and network configurations are monitored for unauthorized changes User Devices All user devices are protected by a firewall, anti-virus, and full end point protection systems. Remote wipe for laptops with access to sensitive information Complete incident response system in place for compromised devices

Blue Valley Security Focuses Audit Monitor all servers, networks, and applications for unauthorized access Conduct periodic external and internal penetration scans Security log aggregation systems Disposal Third party contractor completes full NIST scrub of all disposed equipment and devices with full certification of NIST wipe. Real-time provisioning and de-provisioning of user accounts and access rights

Blue Valley Security Focuses Awareness Monthly notices to staff about security updates and awareness Embedded in our curriculum and cyber-citizen initiatives for students Conduct information security training for all new employees Updates All user devices are updated for security patches All servers are updated for security updates All core systems are updated for security updates

Blue Valley Security Focuses Technology Staff Certified Information Security Specialist (CISSP) on staff Monitor global information security notices and bulletins Work with all vendors to implement information security controls in our products and projects. Review our security posture and make continuous updates and improvements to our systems Monitor all networks, systems, and information to keep staff appraised on any threats that occur

Our Commitment Blue Valley works daily to ensure the privacy and protection of the student information in our care. Protecting personal information in secure and responsible ways is at the heart of our efforts to provide a richer and more dynamic learning experience for all students.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information