1 / 59

Training Agenda

S tate T echnology A nnual R eport R egister (STARR) SAISO Security / Systems Security Training. Training Agenda. STARR Overview Training STARR Purpose What is STARR STARR Roles STARR Data Collection Timeline Responding to a Questionnaire (Video) STARR Role Based Training

mariko
Télécharger la présentation

Training Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. State Technology Annual Report Register (STARR) SAISO Security / Systems Security Training

  2. Training Agenda • STARR Overview Training • STARR Purpose • What is STARR • STARR Roles • STARR Data Collection Timeline • Responding to a Questionnaire (Video) • STARR Role Based Training • SAISO (Security / Systems Security) • STARR Dashboards • Helpful Tips • When to Contact Agency Super User • Questions

  3. STARR Overview Training

  4. STARR Purpose O.C.G.A. 50-25-4(8), (13) & 50-25-7.10, the State CIO is responsible for collecting and publishing an information technology report that covers the state’s current and planned use of technology for the purpose of making recommendations on the needs and opportunities for the enterprise. Governor’s Executive Order on March 2008 requires agencies to report on the status of their agency information security program.

  5. What is STARR • STARR serves as a data repository for State IT, Security and supports the annual report • Replaces the existing tool • Information Technology Governance Report (ITGR) with a tool where the majority of data will be entered via questionnaires (similar to Survey Monkey) • Uses web based questionnaires to enter and validate data • STARR questionnaires are targeted to specific roles • Standard Questions encompassing role-specific questions (I.e.. BCP, IT Security, BO) • Entity Questionnaire targeting (I.e.. Agency Super User, Systems Security, CIO, CFO)

  6. What is STARR • The majority of the questionnaires will be pre-populated with pre-existing ITGR data • Provides enhanced Reporting and Dashboard capability

  7. STARR Roles

  8. STARR Roles (1 of 3) • Business Owner (BO) • answers questionnaire on Secure, Reliable, and Sustainable Maturity (SRS Maturity) • Agency Super User • agency point of contact for STARR • responsible for the agency profile questionnaire • has the ability to produce reports • Business Continuity Planner (BCP) • answers questionnaire regarding business continuity planning

  9. STARR Roles (2 of 3) • Chief Information Officer (CIO ) • answers questionnaire regarding business application inventory • answers questionnaire about agency IT Spend • answers questionnaire on Secure, Reliable, and Sustainable Maturity (SRS Maturity) • Senior Agency Information Security Officer (SAISO) • answers questionnaires regarding agency IT systems and security

  10. STARR Roles (3 of 3) • Chief Financial Officer (CFO) • answers questionnaire on the agency IT Spend • Agency Head / Commissioner • will receive a questionnaire to validate agency IT information

  11. STARR Data Collection Timeline

  12. STARR Training & Questionnaire Distribution Schedule

  13. Responding to STARR Questionnaires

  14. Responding to STARR Questionnaires Video Please note: The STARR Tool is a SaaS (Software as a Service) Solution. The video you are about to review was produced by our vendor CAI for their tool AMI. Therefore during the videoyou may hear the term “AMI” being used throughout.

  15. Responding to STARR Questionnaire (Video)

  16. Security - SAISO Questionnaire Notice

  17. Sample Security – SAISO Email Notice State Technology Annual Report Registry (STARR) donotreply@compaid.com Identifies the email as a STARR Questionnaire Identifies your organization Identifies Questionnaire Type Questionnaire due date Link to launch Questionnaire

  18. Sample Security - SAISO Questionnaire You may click “Save progress and exit” to save your work and exit the questionnaire. You can then return later to complete your questionnaire by clicking on the link in the previous email notification Clicking on the previous email link will launch the Security – SAISO questionnaire start page You may also click on “Discard answersand exit” the questionnaire. You can then return later to restart your questionnaireby clicking on the link in the previous emailnotification

  19. Sample Security - SAISO Questionnaire To begin your questionnaire click on “Begin Assessment” to start addressing your questions

  20. Sample Security - SAISO Questionnaire Clicking on the “Begin Assessment” buttonwill take you to the start page of yourquestionnaire As previously shared during the video, the assessment bar for the standard questionnaire will behigh-lighted as you progressthrough the questionnaire The fiscal year field will be prepopulated withthe reporting fiscal year

  21. Sample Security - SAISO Questionnaire As you begin to answer the questionnaire,if you require additional information about a question, you can click on the “?” to review help text about that specific question.Note: not all questions have help text listed

  22. Sample Security - SAISO Questionnaire As you begin to answer the questionnaire,if you require additional information about a question, you can click on the “?” to review help text about that specific question.Note: not all questions have help text listed

  23. Sample Security - SAISO Questionnaire This page provides asample view of the types Of questions you will be answering

  24. Sample Security - SAISO Questionnaire This page represents the certification page. On this page you are certifying to the accuracyof your responses to the security questions You have 2 options:“Yes” or “No”Your response is shared with your agency leadership You may click “Next Page”to progress forward to the next page You may click “Previous Page” to navigate back to the previous page

  25. Sample Security - SAISO Questionnaire This page represents the final page of the Questionnaire. You may select “Return to the beginning of the assessment to reviewyour answers” orYou may “Submit your Completed Assessment”to end your session

  26. Sample Security - SAISO Questionnaire

  27. Systems Security - SAISO Questionnaire

  28. Sample Systems Security SAISO Email Notice State Technology Annual Report Registry (STARR) donotreply@compaid.com Identifies the email as a STARR Questionnaire Identifies your organization Identifies Questionnaire Type Questionnaire due date Link to launch Questionnaire

  29. Sample Systems Security Questionnaire Clicking the link in the email notice launches the Systems Security - SAISOProfile landing page for your agency The profile page will show your “Agency ID”,“Agency Name” and “Description”. At any time during your session, you may click onthe “Attachments” button, to retrieve important help related documents such as “FAQs”

  30. Sample Systems Security Questionnaire To move forward you must clickon the “Systems” tab to access the Systems Listing page

  31. Sample Systems Security Questionnaire The empty boxes shown on this summary screen are viewing filters. You will be able to select your viewing criteria by entering your specific filter preference Clicking on Systems tab displays all systemscurrently loaded in STARR for your agency You may click on fiscal year to review and update information for the identified system(s) Note: Fiscal Year must be changed to the current reporting year before submitting any of your updates If your list of systems exceeds onepage, you have the ability to scrollpages. You may also dictate the number of systems that are viewable on the Systems summary screen by manipulating the “Records per page” selection.

  32. Sample Systems Security Questionnaire Clicking on the fiscal year on the previous screen will open up the systems information for the selected system. You are now in view mode for the selected system. You can validate the data fields for the reporting year

  33. Sample Systems Security Questionnaire In order to make any updates to your systems information you must – click on the “Edit” button to be able to update your systems data fields. Note: You must update the fiscal year field with the current reporting fiscal year

  34. Sample Systems Security Questionnaire Clicking on the Edit button will open the form up to edit mode. From this screen you will be able to make updates to your systems data fields. 1. You can now update the fiscal year with the current reporting fiscal year 2. If the system is no longer active, you can change the “System Status” indicator to “inactive” 3. You should make any other updates as appropriate Required fields are marked withan “*”. You must enter something for all required fields

  35. Sample Systems Security Questionnaire When you have completed your updates. Clicking the “Save” button will save your updates Clicking “Cancel will not save your updates

  36. Sample Systems Security Questionnaire Click on the “Back to all” link to review the restof the systems inventory list

  37. Sample Systems Security Questionnaire When Adding a System: Clicking on Systems tab displays all systemscurrently loaded in STARR for your agency If you need to add additional systems, you have the ability to add a new system by clicking on the “add systems” button

  38. Sample Systems Security Questionnaire When you click on the “Add Systems” button on the previous screen, A blank systems form displays – 1 Begin entering your data by Enter the current fiscal year 2 Complete the remaining data fields as appropriate keeping in mind the required fields The Systems ID must be unique within theagency, The format can be any combination of letters and/or numbers

  39. Sample Systems Security Questionnaire Or you can save yourupdates by clicking on the “Save” button Updated Data Fields Click on “Cancel” link to exit the systemwithout saving any of your field updates.

  40. Sample Systems Security Questionnaire Please Note: Once you have entered all your systems updates, click on the “I’m Finished!” button to complete your session If you need to leave and return to the questionnaire later, click on the “Close and finish later” link. You will be able to return to the questionnaire by clicking on the link in your original email notice

  41. Sample Systems Security Questionnaire

  42. STARR Dashboards The agency data reflected on the dashboard views are driven by the questionnaire responses. Dashboard Types: • Dials • Graphs • Charts

  43. IT Security Dashboard IT Security Dashboard report Agency: • Security Awareness Training: • Security Awareness Training for agency staff (Staff and Contractors) • Record keeping for Security Awareness Training • Security Governance: • Confirmation of a formal documented security program as required by Enterprise Information Security Infrastructure Standard (SS-08-005.01) • Agency's information security governance process

  44. Sample IT Security Dashboard

  45. Sample Business Continuity Dashboard Business Continuity Dashboard reflects the Agency’s: Q1: established guidelines on how emergency situations should be handled by the agency and it’s personnel Q3: documented processes that continue it’s core mission capabilities Q5: identification of key personnel essential to support critical business processes

  46. Application Inventory Dashboard The Application Inventory Graph compiles a summary view of the Agency’s Application Inventory Data segmented by: • Application Spend vs. Budgeted Amount • Application Inventory • Contractor Labor Costs • Employee Labor Costs • Full Time Equivalent (FTE) Information • Contractor • Employee

  47. Sample Application Inventory Dashboard

  48. IT Agency Spend Dashboard The IT Agency Spend Graph compiles a summary view of IT Agency Spend segmented out by Cost Categories • Total Infrastructure Costs • Total Network Costs • Total Application Costs • Total Project Costs (Fiscal Year Spend)

  49. Sample IT Agency Spend Dashboard

  50. Sample SRS Maturity Dashboard The SRS Maturity Dashboard represent cumulative operational responses from Business Owners and CIOs input related to the current state of their agency; data, systems and IT security. The SRS Maturity dials represented on the following page identify: • Secure • Reliable • Sustainable • Overall SRS Average

More Related