10
SL2 1 Information Security Board Mission, Goals and Guiding Principles

Information Security Board

  • Upload
    mairi

  • View
    25

  • Download
    1

Embed Size (px)

DESCRIPTION

Information Security Board. Mission, Goals and Guiding Principles. Mission. Assist agency management with implementing and maintaining a sound information security program consistent with industry best practices and compliant with state policies. Goals. - PowerPoint PPT Presentation

Citation preview

Page 1: Information Security Board

SL2 1

Information Security Board

Mission, Goals and Guiding Principles

Page 2: Information Security Board

SL2 2

Mission

• Assist agency management with implementing and maintaining a sound information security program consistent with industry best practices and compliant with state policies.

Page 3: Information Security Board

SL2 3

Goals

1. Implement policies, procedures, and processes to ensure the information security objectives of confidentiality, integrity, and availability are met.

2. Comply with all statewide information security policies and have best practices identified and implemented when practical.

3. Effectively work with partners (DAS, vendors, etc.) to ensure information security objectives are met.

4. Be proactive in identifying and mitigating risks to information as they emerge, however, when a potential breach does occur, the agency reacts immediately to investigate and take appropriate action.

5. Raise user awareness for information security by establishing regular training and information security communications.

6. Develop and implement metrics to track the progress of the information security program.

Page 4: Information Security Board

SL2 4

Information Security Guiding Principles

1. We understand that information security affects us all daily

2. We approach information security in layers

3. We grant access based on “least privilege” and “roles” where appropriate

4. We are fiscally responsible

5. We strive for simplicity over complexity

6. We lean toward “buy” versus “build”

7. We strive to implement best practices as appropriate

8. We weigh the benefits of “open” over “commercial” sourced software

9. We adopt industry “standards” where appropriate

10. We use risk management as a tool in decision making

11. We strive to use existing infrastructure where feasible

Page 5: Information Security Board

SL2 5

Strategies for Goal 1

• Implement policies, procedures, and processes to ensure the information security objectives of confidentiality, integrity, and availability are met.– Develop information security goals and objectives.– Implement policies, procedures, and processes.

• For example:– Completed:

» Acceptable Use policy.» Personal Use of State Resources policy.» Security Breach Response Team.

– In Process:» Data Classification policy.» Information Handling Standards.» Information Security Plan.

– Planning:» Incident Response policy.

Page 6: Information Security Board

SL2 6

Strategies for Goal 2

• Comply with all statewide information security policies and have implemented best practices identified when practical.

– Identify statewide policies the agency must comply with.• For example:

– ORS 646A.600 through 646A.628: Oregon Consumer Identity Theft Protection Act.– ORS 192: Records; Public Reports and Meetings.– ORS 182.122: State Administrative Agencies.– OAR 125-800-0005 through 0020: State Information Security.– DAS policy 107-004-052: Information Security.

– Develop suitable set of information security best practices.• For example:

– Deploy encryption technologies to portable computing and storage devices.– Deploy endpoint management technologies to help prevent data loss.

– Develop information security standards and guidelines.• For example:

– Develop data handling standards.

Page 7: Information Security Board

SL2 7

Strategies for Goal 3

• Effectively work with partners (DAS, vendors, etc.) to ensure information security objectives are met.

– For example:• Participate on the statewide Information Security Council.

– Assigned Jason Stanley and Clint Christopher.

• Share appropriate information with other state agencies and private organizations.

Page 8: Information Security Board

SL2 8

Strategies for Goal 4

• Be proactive in identifying and mitigating risks to information as they emerge, however, when a potential breach does occur, the agency reacts immediately to investigate and take appropriate action.

– For example:• Develop an information security incident response team.

• Revise the Security Breach Incident Response process to include incident response.

– Develop an enterprise risk management program.

Page 9: Information Security Board

SL2 9

Strategies for Goal 5

• Raise user awareness for information security by establishing regular training and information security communications.

– For example:• Develop articles to be published in the PERC and Espersso.

• Maintain an Intranet site for information security.

• Develop agency wide email on “hot topics.”

• Develop information security awareness training using iLearnOregon and other tools.

Page 10: Information Security Board

SL2 10

Strategies for Goal 6

• Develop and implement metrics to track the progress of the information security program.

– For example:• Awareness:

– Do security walkthroughs for workstations “not locked” and compare with previous walkthroughs.

– Develop scenario based testing.

• Incidents:– How many security breaches occurred?

• Prevention:– How many workstations and servers have “up-to-date” patches?– How many viruses have been detected?

• Compliance:– Security findings; high, medium, low. Open versus closed.


Information Security Sharon Welna Information Security Officer

Information Security Sharon Welna Information Security Officer

Documents
ENERGY SECURITY BOARD GOVERNANCE OF DER TECHNICAL ... · 1. Purpose of this consultation paper The Energy Security Board (ESB) has prepared this document to provide information about

ENERGY SECURITY BOARD GOVERNANCE OF DER TECHNICAL ... · 1. Purpose of this consultation paper The Energy Security Board (ESB) has prepared this document to provide information about

Documents
Information Systems Security Information Security & Risk Management

Information Systems Security Information Security & Risk Management

Documents
ENERGY SECURITY BOARD

ENERGY SECURITY BOARD

Documents
Information Systems Security Operational Control for Information Security

Information Systems Security Operational Control for Information Security

Documents
Security in the PEPPOL infrastructure - OASIS · the PEPPOL Governing Board Example requirements: Requirement for information security programme Use of digital certificates (PEPPOL

Security in the PEPPOL infrastructure - OASIS · the PEPPOL Governing Board Example requirements: Requirement for information security programme Use of digital certificates (PEPPOL

Documents
Information Security for the Data Management Professional Micheline Casey Chief Data Officer Federal Reserve Board

Information Security for the Data Management Professional Micheline Casey Chief Data Officer Federal Reserve Board

Documents
SOCIAL SECURITY BOARD

SOCIAL SECURITY BOARD

Documents
Information Assurance Professional National Security Registration Board Version 2.6

Information Assurance Professional National Security Registration Board Version 2.6

Documents
Introduction to Information Security - Cengage · Introduction to Information Security ... Amy looked up at the LED tally board on the wall at the end of ... developed the project—which

Introduction to Information Security - Cengage · Introduction to Information Security ... Amy looked up at the LED tally board on the wall at the end of ... developed the project—which

Documents
Introduction to Information Security Module 1 · Introduction to Information Security Module 1 . Definitions of information technology and information security Fundamental Security

Introduction to Information Security Module 1 · Introduction to Information Security Module 1 . Definitions of information technology and information security Fundamental Security

Documents
Does your security chief have board-level commercial savvy?/media/Publications and Reports/Does_yo… · chief have board-level commercial savvy? The chief information-security officer

Does your security chief have board-level commercial savvy?/media/Publications and Reports/Does_yo… · chief have board-level commercial savvy? The chief information-security officer

Documents
Board Member Security

Board Member Security

Technology
The Information Security Risk Landscape - Advisory · research technology consulting The Information Security Risk Landscape How to Discuss Cybersecurity with Your Board International

The Information Security Risk Landscape - Advisory · research technology consulting The Information Security Risk Landscape How to Discuss Cybersecurity with Your Board International

Documents
Information Security and Cryptography · 2015-06-04 · Information Security and Cryptography Texts and Monographs Series Editors David Basin Ueli Maurer Advisory Board Martín Abadi

Information Security and Cryptography · 2015-06-04 · Information Security and Cryptography Texts and Monographs Series Editors David Basin Ueli Maurer Advisory Board Martín Abadi

Documents
Information security in general practice...Information security in general practice 3Practice information security policies Polices should be created to support information security

Information security in general practice...Information security in general practice 3Practice information security policies Polices should be created to support information security

Documents
INFORMATION SECURITY AND PRIVACY ADVISORY OARD · 2018-12-14 · INFORMATION SECURITY AND PRIVACY ADVISORY BOARD Meeting Minutes November 1 and 2, 2018 Page 2 private. There are also

INFORMATION SECURITY AND PRIVACY ADVISORY OARD · 2018-12-14 · INFORMATION SECURITY AND PRIVACY ADVISORY BOARD Meeting Minutes November 1 and 2, 2018 Page 2 private. There are also

Documents
SAM INFORMATION SECURITY (Office of … – INFORMATION SECURITY (Office of Information Security) Rev. 426 ... INFORMATION ASSET MANAGEMENT 5305.5 ... SAM – INFORMATION SECURITY

SAM INFORMATION SECURITY (Office of … – INFORMATION SECURITY (Office of Information Security) Rev. 426 ... INFORMATION ASSET MANAGEMENT 5305.5 ... SAM – INFORMATION SECURITY

Documents
Office of Inspector General · PDF fileISSB Information Systems Security Board ISSM Information Systems Security Manager IT Information Technology MD ... Office of Inspector General

Office of Inspector General · PDF fileISSB Information Systems Security Board ISSM Information Systems Security Manager IT Information Technology MD ... Office of Inspector General

Documents
Information Technology Information and Systems Security/Compliance Information Security

Information Technology Information and Systems Security/Compliance Information Security

Documents
Information technology – Security techniques – Information ... · INTERNATIONAL STANDARD ISO/IEC 27005 Information technology – Security techniques – Information security

Information technology – Security techniques – Information ... · INTERNATIONAL STANDARD ISO/IEC 27005 Information technology – Security techniques – Information security

Documents
Information Security- Perspective for Management Information Security … · 2011-03-18 · 3 Information Security Management Information Security Management “Information security

Information Security- Perspective for Management Information Security … · 2011-03-18 · 3 Information Security Management Information Security Management “Information security

Documents
Information Security Information Security Management · PDF fileInformation Security Information Security Management Framework Standard Agencies must develop an Information Security

Information Security Information Security Management · PDF fileInformation Security Information Security Management Framework Standard Agencies must develop an Information Security

Documents
Changing the Enterprise Security Landscape · have a security/risk committee have information security as a board topic use a standard set of security metrics to track their progress

Changing the Enterprise Security Landscape · have a security/risk committee have information security as a board topic use a standard set of security metrics to track their progress

Documents
Information Security What is Information Security?

Information Security What is Information Security?

Documents
Energy security board€¦ · ENERGY SECURITY BOARD. 2 These slides are solely for workshop purposes only. The content provides general information to support informed stakeholder

Energy security board€¦ · ENERGY SECURITY BOARD. 2 These slides are solely for workshop purposes only. The content provides general information to support informed stakeholder

Documents
Information Security Trends The Information Security Process Information Security Trends Emiliano Kargieman ek@corest.com

Information Security Trends The Information Security Process Information Security Trends Emiliano Kargieman [email protected]

Documents
WELCOME Information Security Officers Enterprise Security Board Members EO504 Stakeholders

WELCOME Information Security Officers Enterprise Security Board Members EO504 Stakeholders

Documents
Information Security Management System.€¦ · Information Security Management System. Information Security at Bühler. V1.0, March 2020. 2 Information Cyber Security at Bühler

Information Security Management System.€¦ · Information Security Management System. Information Security at Bühler. V1.0, March 2020. 2 Information Cyber Security at Bühler

Documents
Information technology — Security techniques — Information security … · Information technology — Security techniques — Information security for supplier relationships —

Information technology — Security techniques — Information security … · Information technology — Security techniques — Information security for supplier relationships —

Documents