90 likes | 289 Views
Tools and Templates. Safeguard Best Practices ChecklistAdministrative1.1 Appoint one or more employees to coordinate the security program 2.1 Establish formal, written security policies 3.1 Establish standard operating procedures 4.1 Conduct ongoing security risk asse
E N D
1. Oregon Consumer Identity Theft Protection ActCommunications Forum Theresa Masse, Chief Information Security Officer
Department of Administrative ServicesEnterprise Security Office
2. Tools and Templates
Safeguard Best Practices Checklist
Administrative
1.1 Appoint one or more employees to coordinate the security program
2.1 Establish formal, written security policies
3.1 Establish standard operating procedures
4.1 Conduct ongoing security risk assessments
3. Tools and Templates
Safeguard Best Practices Checklist
Technical
1.1 Control access to information that resides on data storage devices such as servers, desktop PCs, laptops and PDAs
3.4 Have shutdown controls when computers are idle or inactive
6.4 Change all vendor-supplied default passwords
4. Tools and Templates
Safeguard Best Practices Checklist
Physical
2.1 Establish physical access controls
3.1 Install secure checkpoint review and monitoring procedures
4.1 Secure the facility include all storage devices and computer equipment
5. Tools and Templates
Notification Best Practices Checklist
Security Breach
1.3 Establish a process for determining whether notice is legally mandated or otherwise appropriate.
3.5 Develop a list of FAQ’s and post on the Agency Web site (see attached Sample)
4.1 Determine who has been affected, and notify each affected individual when possible. Double-check the list of recipients before sending.
6. Tools and Templates
Best Practices Checklist
Safeguards - oregon.gov/DAS/EISPD/ESO/IDTheft/Safeguard_bestpractices.pdf
Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_bestpractices.pdf
7. Tools and Templates
Sample Letters
ID Theft Notification - oregon.gov/DAS/EISPD/ESO/IDTheft/Notification_letter.pdf
ID Theft Credit Monitoring - oregon.gov/DAS/EISPD/ESO/IDTheft/Monitoring_letter.pdf
Sample FAQ
Sample Frequently Asked Questions (pdf)
8. Additional Resources Federal Trade Commission - a public workshop, “Security in Numbers: SSNs and ID Theft
December 10 and 11, 2007 - Washington D.C.
A live web cast will be available
Discuss the various uses of SSNs, the necessity of those uses, alternatives available, the challenges faced in moving away from using SSNs, and how SSNs are obtained and used by identity thieves.
www.ftc.gov/bcp/workshops/ssn/index.shtml
9. Additional Resources
Oregon Department of Justice - Credit and Identity Theft
www.doj.state.or.us/finfraud/idtheft.shtml
Federal Trade Commission – Identity Theft www.ftc.gov/bcp/edu/microsites/idtheft
10.
Thank You