400 likes | 710 Vues
Information Security Awareness Month Activities. Peggy Ward Chief Information Security Officer & Internal Audit Officer. www.vita.virginia.gov. 1. Commonwealth Information Security Awareness Activities.
E N D
Information Security Awareness Month Activities Peggy Ward Chief Information Security Officer & Internal Audit Officer www.vita.virginia.gov 1
Commonwealth Information Security Awareness Activities • Governor Timothy Kaine issued a proclamation designating October as Information Security Awareness Month. • To encourage citizens to learn about information security and to put the knowledge to practice.
Commonwealth Information Security Awareness Activities • Framed & displayed the proclamation in a prominent location in the office & at Information Security Officer Advisory Group (ISOAG) meetings in September & October. • Provided copies of the proclamation with the seal to agencies & localities.
Commonwealth Information Security Awareness Activities • Presentations Oct. 17: Commonwealth Security Information Resource Center presentation at the Cyber Security 2008 Conference, hosted jointly by Virginia Commonwealth University & the Federal Bureau of Investigations' InfraGard chapter Oct. 21: Commonwealth Information Security Initiatives presentation at the Hampton Roads Cyber Security Awareness Conference
Commonwealth Information Security Awareness Activities • Presentations Oct. 22:Commonwealth Information Security Collaboration presentation at the Association of Government Accountants Technology & Fraud Conference Oct. 24: Chief Information Officer & Chief Information Security Officer remarks at the Chesterfield County Cyber Security Awareness Event
Commonwealth Information Security Awareness Activities • Internet Activities The state portal, www.virginia.gov, has displayed a prominent graphic banner promoting Information Security in the "focal point" area, which links to the online guide on the VITA site Online e-government services on the portal now include the citizens' awareness banner provided by Commonwealth Security
Commonwealth Information Security Awareness Activities • Internet Activities New content has been added to the Information Security Awareness Toolkit, thanks to COV agencies & MS-ISAC. The printing of materials from the toolkit was coordinated through DMV to leverage resources
Commonwealth Information Security Awareness Activities • Security Awareness Video Produced by VITA Commonwealth Security & VITA Communications Available in early November in the Knowledge Center, the Information Security Resource Center & YouTube Available in late November on DVD
VITA Information Security Awareness Activities • VITA Information Security Awareness activities are implemented to promote simple changes in behavior that strengthen the security of Commonwealth information. • Hosted lunch time presentations • Conducted raffle giveaways for presentation attendees • Giveaways items were provided by vendors from conferences. • Provided VITA branded resource materials from MS-ISAC • Brochures, Booklets, Bookmarks, Calendars, Posters • Conducted a fill in the blank puzzle contest
Lunch Time Presentations • Event 1-Oct.1 • “Defending the Castle- How to Secure you Home Network” Bob Baskette, Commonwealth Security Incident Engineer Virginia Information Technologies Agency • Event 2-Oct 22 • “Protecting Your Money, Our Role and Yours” Chris Saneda, Senior Vice President /Chief Information Officer Virginia Credit Union • “The Tale of Three Hackers” Victor “Jake” Olesen, Special Agent, Federal Bureau of Investigation
Information Security Awareness Month at DMV Douglas G. Mack DMV IT Security Director (ISO) Douglas.Mack@dmv.virginia.gov (804) – 367 - 2221 CIO - CAO Meeting October 28, 2008
“Information security is a people, rather than a technical, issue.” Mark B. Desman The Ten Commandments of Information Security Awareness Training
Three Groups to Address • Everyone – DMV classified, wage, contractors • Executive Staff • Information Technology Services (ITS) Staff
MSISAC provided 4 security awareness poster designs. • DMV’s Senior Graphic Designer branded the posters and added Mark Desman’s quote to each design. • DMV Printing Services printed the posters.
One of each design of the poster was sent to DMV’s Customer Service Centers and Weigh Stations at the end of September. • One of each design of the poster was displayed on each floor of DMV Headquarters.
Throughout the year, once or twice a month the ISO writes and publishes an IT Security Note. • Single Topic • Brief • Diagrams, Screen Prints, Pictures
DMV has a Cyber Security Awareness Week each October. • DMV’s intensive security awareness activities for October focus on the Cyber Security Awareness Week. • A new IT Security Note was published each day of Cyber Security Awareness Week.
Topics of the Notes for the Week: • (Monday) Cyber Security Puzzle • (Tuesday) Acceptable Use • (Wednesday) A Bit of Computer Humor • (Thursday) Protecting Sensitive Data • (Friday) Recognizing and Avoiding Email Scams at Home
MSISAC’s Information Security Executive Brief was sent to each member of the Executive Staff on the first day of the week.
“It’s important to note that information security is not a technology issue, but rather a management issue requiring leadership, expertise, accountability, due diligence and risk management. Information security needs to be addressed in a coordinated, enterprise approach, and factored into program decisions.”
DMV wanted to provide more IT focused awareness training for Information Technology Services (ITS) staff. • A PowerPoint Presentation was developed that covered some of the significant changes in SEC501-01, specifically: • Data Protection • Application Security
The Presentation was sent out on October 2 to all ITS staff. • ITS staff have been given • until November 14 to review the presentation and return the completion certificate to the ISO. • As of October 22, 44 out of 176 staff members have completed the review.
CIO-CAO Meeting October 28, 2008 Rosario Igharas, Information Security Officer Information Security Awareness : First Line of Defense Against Social Engineering
VCSP: Who we are • An independent state agency • Operate Virginia’s Section 529 Programs which provide funds for higher education • Largest 529 plan in the country • Over 1.8 million account owners • About $25 Billion in assets under management • Recognized by Morningstar, Inc (April 2008) which ranked 2 of VCSP’s programs among the BEST Five college savings plans in the country
Information In Our Custody • Customer Information • Name, address, birthday • Social Security Number • Account Numbers • Student ID • Employee Information • Agency Information • Partner Information
Investment Managers • Pier Capital • Rothschild Asset Management • Sands Capital • Tattersall Advisory (Wachovia) • Thompson, Siegel & Walmsley, Inc. • Utendahl Capital Management, LP • Vanguard • Virginia Dept. of Treasury • Western Asset (Legg Mason) • Westfield Capital Management • Capital Guardian Trust • Century Capital Management • Chase Investment Counsel • Donald Smith & Co., Inc. • Dreyfus • Franklin Templeton • Invesco • LSV Investment Management • NWQ Investment Management Company • Piedmont Investment Advisors, LLC
Information Security is Important to Us • We respect our customers’ right to privacy and recognize their trust in us to keep information about them secure and confidential. • Comply with laws and regulations • Avoid Embarrassment
People: KEY to Security “ The security infrastructure is only as good as its weakest link.” Info ~Tech Research Group
Train the Organization • Technical training • End user awareness training should not fall behind • Awareness training has to be ongoing
Bringing it Close to Home Scary Halloween Stories • Real-life scary security stories • Highlight local incidents http://www.networkworld.com/podcasts/panorama/2007/102507pan-scary-security.html
Final Thoughts • Information Security Awareness month is just the beginning • Investment in IT Security Technology is not enough • Train the organization • Develop a culture of security • Tone at the top
Questions ? Virginia College Savings Plan Toll free 1-888-567-0540 www.Virginia529.com