1 / 18

Why Security?

Why Security?. A Commitment for [ the Agency’s ] Executives. [CIO’s name] EC Presentation [date]. [ the Agency ] Today. [ the Agency’s ] mission and vision The way we do business is changing Increased reliance on systems and technology Increased threats to information and systems.

milo
Télécharger la présentation

Why Security?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

  2. [the Agency] Today • [the Agency’s] mission and vision • The way we do business is changing • Increased reliance on systems and technology • Increased threats to information and systems

  3. Enterprise Security Risks Threats Attempts to Access Sensitive Information Sabotage Natural Disaster Malicious Acts User Error Pranks Industrial Espionage [the Agency’s]Systems Integrity of [Agency]Data & Reports Corrupted Public, Partner, Legislative Trust Lost Sensitive Data Disclosed Failed CFO Audit Services & Benefits Interrupted Critical Operations Halted Assets Lost Potential Damage

  4. Enterprise Security Risks Unauthorized Access to Sensitive Information Threats Sabotage Natural Disaster User Error [the Agency’s] Systems Public, Partner, Legislative Trust Lost Integrity of [Agency] Data & Reports Corrupted Sensitive Data Disclosed Failed CFO Audit Services & Benefits Interrupted Critical Operations Halted Assets Lost Potential Damage

  5. Enterprise Security Risks Industrial Espionage Threats Sabotage Natural Disaster User Error [the Agency’s] Systems Public, Partner, Legislative Trust Lost Integrity of [Agency] Data & Reports Corrupted Sensitive Data Disclosed Failed CFO Audit Services & Benefits Interrupted Critical Operations Halted Assets Lost Potential Damage

  6. Enterprise Security Risks Threats Attempts to Access Sensitive Information Sabotage Natural Disaster Malicious Acts User Error Pranks Industrial Espionage [the Agency’s] Systems Public, Partner, Legislative Trust Lost Integrity of [Agency’ Data & Reports Corrupted Sensitive Data Disclosed Failed CFO Audit Services & Benefits Interrupted Critical Operations Halted Assets Lost Potential Damage

  7. Enterprise Security Risks Threats Attempts to Access Sensitive Information Sabotage Natural Disaster Malicious Acts User Error Pranks Industrial Espionage [the Agency’s] Systems Failed CFO Audit Public, Partner, Legislative Trust Lost Sensitive Data Disclosed Services & Benefits Interrupted Critical Operations Halted Assets Lost Potential Damage

  8. Why is Security Important to [the Agency’s]? • Protect privacy information • Protect processes and corporate assets • Provide continuity of services • Provide accessibility of information It is a prudent business practice to reduce risks to [the Agency’s]

  9. Why is Security Important to US? Each One Of Us Is Accountable!

  10. Laws and Regulations • Computer Security Act of 1987 • Privacy Act of 1974 • Freedom of Information Act • Presidential Decision Directive (PDD) 63 • OMB A-130, Appendix III, Revised • Health Insurance Portability and Accountability Act • FISMA of 2002

  11. Audit’s Point of Weaknesses • General Accounting Office • Internal Revenue Service • Office of the Inspector General • Chief Financial Officer • Office of Information Services

  12. [the Agency’s] Enterprise Security Program Policy, Training, Engineering, and Management Oversight for all [the Agency’s] employees, contractors, and agents

  13. Security Program Elements Personnel and Physical Security Security Awareness, Training, & Education Risk Management Integrating Security into the SDLC Security Determinations and Requirements Security Plans & Certification Systems Access Security Acquisitions & Contracts Remote Access Security Audit Systems Business Contingency Planning Workstation Security LAN Security Security Incidents E-Mail & Facsimile Security Internet / Intranet Security Virus Prevention, Detection, & Reporting Medicare Contractor Oversight

  14. Current Enterprise Security Initiatives • GPRA Goal of Zero Material Weaknesses for the Year 2000 and Beyond • [the Agency’s] Enterprise Security Handbook • Information Technology Architecture • IT Council Security Committee • HIPAA Compliance

  15. Immediate Next Steps • Designation of Information Systems Security Officers • Re-certification of User Access Privileges • Corrective Action Plans to Audit Findings • [the Agency’s] Contractor Oversight • Security Awareness and Training

  16. Summary • Recognize that security risks in [the Agency’s] environment impact [the Agency’s] Mission. • Security is a management responsibility. • Security is everybody’s business.

  17. We ask you to: • Encourage and support [the Agency’s] security initiative activities! • Lead by example! • Be proactive!

  18. Thank You

More Related