Information Security Board - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Information Security Board

Description:

Assigned Jason Stanley and Clint Christopher. ... Develop information security awareness training using iLearnOregon and other tools. ... – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 11
Provided by: clintchr
Category:

less

Transcript and Presenter's Notes

Title: Information Security Board


1
Information Security Board
  • Mission, Goals and Guiding Principles

2
Mission
  • Assist agency management with implementing and
    maintaining a sound information security program
    consistent with industry best practices and
    compliant with state policies.

3
Goals
  • Implement policies, procedures, and processes to
    ensure the information security objectives of
    confidentiality, integrity, and availability are
    met.
  • Comply with all statewide information security
    policies and have best practices identified and
    implemented when practical.
  • Effectively work with partners (DAS, vendors,
    etc.) to ensure information security objectives
    are met.
  • Be proactive in identifying and mitigating risks
    to information as they emerge, however, when a
    potential breach does occur, the agency reacts
    immediately to investigate and take appropriate
    action.
  • Raise user awareness for information security by
    establishing regular training and information
    security communications.
  • Develop and implement metrics to track the
    progress of the information security program.

4
Information Security Guiding Principles
  • We understand that information security affects
    us all daily
  • We approach information security in layers
  • We grant access based on least privilege and
    roles where appropriate
  • We are fiscally responsible
  • We strive for simplicity over complexity
  • We lean toward buy versus build
  • We strive to implement best practices as
    appropriate
  • We weigh the benefits of open over commercial
    sourced software
  • We adopt industry standards where appropriate
  • We use risk management as a tool in decision
    making
  • We strive to use existing infrastructure where
    feasible

5
Strategies for Goal 1
  • Implement policies, procedures, and processes to
    ensure the information security objectives of
    confidentiality, integrity, and availability are
    met.
  • Develop information security goals and
    objectives.
  • Implement policies, procedures, and processes.
  • For example
  • Completed
  • Acceptable Use policy.
  • Personal Use of State Resources policy.
  • Security Breach Response Team.
  • In Process
  • Data Classification policy.
  • Information Handling Standards.
  • Information Security Plan.
  • Planning
  • Incident Response policy.

6
Strategies for Goal 2
  • Comply with all statewide information security
    policies and have implemented best practices
    identified when practical.
  • Identify statewide policies the agency must
    comply with.
  • For example
  • ORS 646A.600 through 646A.628 Oregon Consumer
    Identity Theft Protection Act.
  • ORS 192 Records Public Reports and Meetings.
  • ORS 182.122 State Administrative Agencies.
  • OAR 125-800-0005 through 0020 State Information
    Security.
  • DAS policy 107-004-052 Information Security.
  • Develop suitable set of information security best
    practices.
  • For example
  • Deploy encryption technologies to portable
    computing and storage devices.
  • Deploy endpoint management technologies to help
    prevent data loss.
  • Develop information security standards and
    guidelines.
  • For example
  • Develop data handling standards.

7
Strategies for Goal 3
  • Effectively work with partners (DAS, vendors,
    etc.) to ensure information security objectives
    are met.
  • For example
  • Participate on the statewide Information Security
    Council.
  • Assigned Jason Stanley and Clint Christopher.
  • Share appropriate information with other state
    agencies and private organizations.

8
Strategies for Goal 4
  • Be proactive in identifying and mitigating risks
    to information as they emerge, however, when a
    potential breach does occur, the agency reacts
    immediately to investigate and take appropriate
    action.
  • For example
  • Develop an information security incident response
    team.
  • Revise the Security Breach Incident Response
    process to include incident response.
  • Develop an enterprise risk management program.

9
Strategies for Goal 5
  • Raise user awareness for information security by
    establishing regular training and information
    security communications.
  • For example
  • Develop articles to be published in the PERC and
    Espersso.
  • Maintain an Intranet site for information
    security.
  • Develop agency wide email on hot topics.
  • Develop information security awareness training
    using iLearnOregon and other tools.

10
Strategies for Goal 6
  • Develop and implement metrics to track the
    progress of the information security program.
  • For example
  • Awareness
  • Do security walkthroughs for workstations not
    locked and compare with previous walkthroughs.
  • Develop scenario based testing.
  • Incidents
  • How many security breaches occurred?
  • Prevention
  • How many workstations and servers have
    up-to-date patches?
  • How many viruses have been detected?
  • Compliance
  • Security findings high, medium, low. Open versus
    closed.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Security Board" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!