1 / 9

Oregon Consumer Identity Theft Protection Act Communications Forum

Tools and Templates. Safeguard Best Practices ChecklistAdministrative1.1 Appoint one or more employees to coordinate the security program 2.1 Establish formal, written security policies 3.1 Establish standard operating procedures 4.1 Conduct ongoing security risk asse

Gabriel
Download Presentation

Oregon Consumer Identity Theft Protection Act Communications Forum

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Oregon Consumer Identity Theft Protection Act Communications Forum Theresa Masse, Chief Information Security Officer Department of Administrative Services Enterprise Security Office

    2. Tools and Templates Safeguard Best Practices Checklist Administrative 1.1 Appoint one or more employees to coordinate the security program 2.1 Establish formal, written security policies 3.1 Establish standard operating procedures 4.1 Conduct ongoing security risk assessments

    3. Tools and Templates Safeguard Best Practices Checklist Technical 1.1 Control access to information that resides on data storage devices such as servers, desktop PCs, laptops and PDAs 3.4 Have shutdown controls when computers are idle or inactive 6.4 Change all vendor-supplied default passwords

    4. Tools and Templates Safeguard Best Practices Checklist Physical 2.1 Establish physical access controls 3.1 Install secure checkpoint review and monitoring procedures 4.1 Secure the facility include all storage devices and computer equipment

    5. Tools and Templates Notification Best Practices Checklist Security Breach 1.3 Establish a process for determining whether notice is legally mandated or otherwise appropriate. 3.5 Develop a list of FAQ’s and post on the Agency Web site (see attached Sample) 4.1 Determine who has been affected, and notify each affected individual when possible. Double-check the list of recipients before sending.

    6. Tools and Templates Best Practices Checklist Safeguards - oregon.gov/DAS/EISPD/ESO/IDTheft/Safeguard_bestpractices.pdf Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_bestpractices.pdf

    7. Tools and Templates Sample Letters ID Theft Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_letter.pdf ID Theft Credit Monitoring - oregon.gov/DAS/EISPD/ESO/IDTheft/Monitoring_letter.pdf Sample FAQ Sample Frequently Asked Questions (pdf)

    8. Additional Resources Federal Trade Commission - a public workshop, “Security in Numbers: SSNs and ID Theft December 10 and 11, 2007 - Washington D.C. A live web cast will be available Discuss the various uses of SSNs, the necessity of those uses, alternatives available, the challenges faced in moving away from using SSNs, and how SSNs are obtained and used by identity thieves. www.ftc.gov/bcp/workshops/ssn/index.shtml

    9. Additional Resources Oregon Department of Justice - Credit and Identity Theft www.doj.state.or.us/finfraud/idtheft.shtml Federal Trade Commission – Identity Theft www.ftc.gov/bcp/edu/microsites/idtheft

    10. Thank You

More Related