1 / 10

State of Minnesota

State of Minnesota. Secure Email System Train-the-Trainer Class Presented by: Rick Ensenbach/Enterprise Security Joe Arel/Enterprise Technology Services. Agenda. Overview of Enterprise Security Policy on Electronic Mail (Security Policy 2006-05) Spam-Filtering & Virus Protection Overview

zeroun
Télécharger la présentation

State of Minnesota

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. State of Minnesota Secure Email SystemTrain-the-Trainer ClassPresented by:Rick Ensenbach/Enterprise SecurityJoe Arel/Enterprise Technology Services

  2. Agenda • Overview of Enterprise Security Policy on Electronic Mail (Security Policy 2006-05) • Spam-Filtering & Virus Protection Overview • External Email Encryption – CipherTrust IronEnvelope Overview • Internal Email Encryption - Transport Layer Security (TLS) Overview • Questions

  3. Enterprise Security Policy on Electronic Mail (State of MN CIO Security Policy 2006-05) • Why did we need a policy? • Regulatory requirements (i.e. HIPAA) • State Data Practices • Reputation (i.e. MN Statute13.055 State agencies; disclosure of breach in security) • Reduce the chances of legal and financial liability • Security Best Practice

  4. Enterprise Security Policy on Electronic Mail (State of MN CIO Security Policy 2006-05) What are we protecting? 13.02 Collection, security, and dissemination of records; definitions • Subd. 3. Confidential data on individuals. "Confidential data on individuals" means data which is made not public by statute or federal law applicable to the data and is inaccessible to the individual subject of that data. • Subd. 8a. Not public data. "Not public data" means any government data which is classified by statute, federal law, or temporary classification as confidential, private, nonpublic, or protected nonpublic. • Subd. 9. Nonpublic data. "Nonpublic data" means data not on individuals that is made by statute or federal law applicable to the data: (a) not accessible to the public; and (b) accessible to the subject, if any, of the data. • Subd. 12. Private data on individuals. "Private data on individuals" means data which is made by statute or federal law applicable to the data: (a) not public; and (b) accessible to the individual subject of that data.

  5. Enterprise Security Policy on Electronic Mail (State of MN CIO Security Policy 2006-05) What are we protecting against? • Spam • Viruses and other malicious logic/software • Unauthorized disclosure (breach of data confidentiality) • Tampering with Data (breach of data integrity)

  6. Enterprise Security Policy on Electronic Mail (State of MN CIO Security Policy 2006-05) OET Responsibilities • Maintain a central mail solution that will examine all email for viruses, spam, etc. • Maintain a central email encryption solution • Educate and disseminate email security statistics to State agencies

  7. Enterprise Security Policy on Electronic Mail (State of MN CIO Security Policy 2006-05) Agency Responsibilities • Provide training to users on: • Email security best practices • What is considered Not Public data and when it is necessary to encrypt email • Recognizing common email-based security threats • Understanding that only State email accounts are to be used to conduct official State business • Ensure all agency email flows through the State’s centralized mail infrastructure

  8. Enterprise Security Policy on Electronic Mail (State of MN CIO Security Policy 2006-05) User Responsibilities • Encrypt all email messages that contain Not Public data • Follow email security best practices established by agency leaders

  9. Questions

  10. Rick EnsenbachCISSP-ISSMP, CISA, CISM Rick.Ensenbach@state.mn.us 651.201.2790 Joe Arel Joe.Arel@state.mn.us 651.201.1031

More Related