Information Security Awareness activities

www.vita.virginia.gov 1

Information Security Awareness Month Activities

Peggy WardChief Information Security Officer & Internal Audit Officer



Commonwealth Information Security Awareness Activities

• Governor Timothy Kaine issued a proclamation designating October as Information Security Awareness Month.

– To encourage citizens to learn about information security and to put the knowledge to practice.



• Framed & displayed the proclamation in a prominent location in the office & at Information Security Officer Advisory Group (ISOAG) meetings in September & October.

• Provided copies of the proclamation with the seal to agencies & localities.



• Presentations

Oct. 17: Commonwealth Security Information Resource Center presentation at the Cyber Security 2008 Conference, hosted jointly by Virginia Commonwealth University & the Federal Bureau of Investigations' InfraGard chapter

Oct. 21: Commonwealth Information Security Initiatives presentation at the Hampton Roads Cyber Security Awareness Conference



• Presentations

Oct. 22:Commonwealth Information Security Collaboration presentation at the Association of Government Accountants Technology & Fraud Conference

Oct. 24: Chief Information Officer & Chief Information Security Officer remarks at the Chesterfield County Cyber Security Awareness Event



• Internet Activities

The state portal, www.virginia.gov, has displayed a prominent graphic banner promoting Information Security in the "focal point" area, which links to the online guide on the VITA site

Online e-government services on the portal now include the citizens' awareness banner provided by Commonwealth Security

http://www.virginia.gov/



• Internet Activities

New content has been added to the Information Security Awareness Toolkit, thanks to COV agencies & MS-ISAC. The printing of materials from the toolkit was coordinated through DMV to leverage resources



• Security Awareness Video

Produced by VITA Commonwealth Security & VITA Communications

Available in early November in the Knowledge Center, the Information Security Resource Center & YouTube

Available in late November on DVD


VITA Information Security Awareness Activities

• VITA Information Security Awareness activities are implemented to promote simple changes in behavior that strengthen the security of Commonwealth information.

– Hosted lunch time presentations– Conducted raffle giveaways for presentation attendees

• Giveaways items were provided by vendors from conferences.

– Provided VITA branded resource materials from MS-ISAC• Brochures, Booklets, Bookmarks, Calendars, Posters

– Conducted a fill in the blank puzzle contest


Lunch Time Presentations

• Event 1-Oct.1– “Defending the Castle- How to Secure you Home Network”

Bob Baskette, Commonwealth Security Incident Engineer Virginia Information Technologies Agency

• Event 2-Oct 22– “Protecting Your Money, Our Role and Yours”

Chris Saneda, Senior Vice President /Chief Information Officer Virginia Credit Union

– “The Tale of Three Hackers”Victor “Jake” Olesen, Special Agent, Federal Bureau of Investigation


Questions/Discussion

Douglas G. Mack

DMV IT Security Director (ISO)[email protected]

(804) – 367 - 2221

CIO - CAO Meeting October 28, 2008

Information Security Awareness Month at DMV

“Information security

is a people,

rather than a technical, issue.”

Mark B. Desman

The Ten Commandments of Information Security Awareness Training

Three Groups to Address

• Everyone – DMV classified, wage, contractors

• Executive Staff

• Information Technology Services (ITS) Staff

• MSISAC provided 4 security awareness poster designs.

• DMV’s Senior Graphic Designer branded the posters and added Mark Desman’s quote to each design.

• DMV Printing Services printed the posters.

• One of each design of the poster was sent to DMV’s Customer Service Centers and Weigh Stations at the end of September.

• One of each design of the poster was displayed on each floor of DMV Headquarters.

• Throughout the year, once or twice a month the ISO writes and publishes an IT Security Note.– Single Topic– Brief– Diagrams, Screen Prints, Pictures

• DMV’s intensive security awareness activities for October focus on the Cyber Security Awareness Week.

• A new IT Security Note was published each day of Cyber Security Awareness Week.

• DMV has a Cyber Security Awareness Week each October.

• Topics of the Notes for the Week:– (Monday) Cyber Security Puzzle– (Tuesday) Acceptable Use– (Wednesday) A Bit of Computer Humor– (Thursday) Protecting Sensitive Data– (Friday) Recognizing and Avoiding Email

Scams at Home

• MSISAC’s Information Security Executive Brief was sent to each member of the Executive Staff on the first day of the week.

• “It’s important to note that information security is not a technology issue, but rather a management issue requiring leadership, expertise, accountability,

due diligence and risk management. Information security needs to be addressed in a coordinated, enterprise approach, and factored into program decisions.”

• A PowerPoint Presentation was developed that covered some of the significant changes in SEC501-01, specifically:– Data Protection– Application Security

• DMV wanted to provide more IT focused awareness training for Information Technology Services (ITS) staff.

• The Presentation was sent out on October 2 to all ITS staff.

• ITS staff have been given until November 14 to review the presentation

and return the completion certificate to the ISO.

• As of October 22, 44 out of 176 staff members have completed the review.

Final Note

CIO-CAO Meeting

October 28, 2008

Rosario Igharas, Information Security Officer

Information Security Awareness :First Line of Defense Against Social

Engineering

VCSP: Who we are• An independent state agency• Operate Virginia’s Section 529 Programs which

provide funds for higher education

• Largest 529 plan in the country• Over 1.8 million account owners• About $25 Billion in assets under management

• Recognized by Morningstar, Inc (April 2008) which ranked 2 of VCSP’s programs among the BEST Five college savings plans in the country

Current Savings Programs

Information In Our Custody

• Customer Information• Name, address, birthday • Social Security Number• Account Numbers • Student ID

• Employee Information

• Agency Information

• Partner Information

Investment Managers

• Capital Guardian Trust• Century Capital Management• Chase Investment Counsel• Donald Smith & Co., Inc.• Dreyfus• Franklin Templeton• Invesco• LSV Investment Management• NWQ Investment Management

Company• Piedmont Investment Advisors,

LLC

• Pier Capital• Rothschild Asset Management• Sands Capital• Tattersall Advisory (Wachovia)• Thompson, Siegel & Walmsley,

Inc.• Utendahl Capital Management,

LP• Vanguard• Virginia Dept. of Treasury• Western Asset (Legg Mason)• Westfield Capital Management

Information Security is Important to Us

• We respect our customers’ right to privacy and recognize their trust in us to keep information about them secure and confidential.

• Comply with laws and regulations

• Avoid Embarrassment

Technology Investment

People: KEY to Security

“ The security infrastructure is only as good as its weakest link.” Info ~Tech Research Group

Train the Organization

• Technical training

• End user awareness training should not fall behind

• Awareness training has to be ongoing

Thank You, VITA Security Services!

Thank You, DMV!

Bringing it Close to Home

Scary Halloween Stories

• Real-life scary security stories

• Highlight local incidents

http://www.networkworld.com/podcasts/panorama/2007/102507pan-scary-security.html

Final Thoughts

• Information Security Awareness month is just the beginning

• Investment in IT Security Technology is not enough

• Train the organization• Develop a culture of security• Tone at the top

Questions ?

Virginia College Savings Plan

Toll free 1-888-567-0540

www.Virginia529.com

Documents

Information Security Awareness activities