1 / 15

Agency Security Officer User Group Meeting

Agency Security Officer User Group Meeting. Ivan Jackson, Chief Information Systems Policy and Control Staff. Agenda. Organization Mission Emphasis on Security Bringing Security into Focus Statistics from 2009 Responsibility of an Agency Security Officer (ASO). Agenda.

dieter
Download Presentation

Agency Security Officer User Group Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agency Security Officer User Group Meeting Ivan Jackson, ChiefInformation Systems Policy and Control Staff

  2. Agenda • Organization • Mission • Emphasis on Security • Bringing Security into Focus • Statistics from 2009 • Responsibility of an Agency Security Officer (ASO)

  3. Agenda • Security Access Request Process • NFC Web Page • Identity Access Manager (IAM) • SecureAll (SALL) • Future Direction of ISPCS/ISSO

  4. Organization

  5. Mission • The Information Systems Policy and Control Staff (ISPCS) ensures: • Protection of NFC’s data • Data integrity, confidentiality, and availability • NIST 800-53 Standards and FISMA, as part of an overall security plan to develop and administer information systems security, are followed

  6. Emphasis on Security • Information Security – protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction • Personally Identifiable Information (PII) – understanding the importance of protecting personally identifiable information

  7. Bringing Security into Focus • Organizational structure • Reassess sections • Evaluate skill sets • Retool with training

  8. Security Statistics - FY 2009 Over 170 Federal Agencies

  9. Agency Security Officer Responsibility • Only POC for security between agency and NFC – important to have back-up • Ensure compliance with controls for A-123, SAS70, etc., as it pertains to access for NFC applications • Ensure compliance with all PII policies • Ensure access request is complete and accurate • Submit requests timely to avoid having to expedite • Timely communicate with NFC on employee separations

  10. Security Access Request Process • Agency User Needs Access • Agency Approves Access • ASO Submits Access Request to NFC • NFC Receives Request • NFC Reviews, Logs & Files Request • NFC Sends Notification to ASO • NFC Assigns Request to Access Administrator • NFC Access Administrator Processes Request on all Platforms • NFC Access Administrator Files Request Electronically • NFC Access Administrator Sends Completed Request Notification to ASO • ASO Notifies Agency User

  11. NFC Web Page • Security Corner • Security Updates (New Security Initiatives) • Security Processes • Agency Security Officer Responsibilities • Add or Change Security Access • Remove Security Access • Request Security Access Reports • Review Security Access Reports • Security Resources • Glossary • Training • User Group • Customer Survey

  12. Identity Access Manager - IAM Identity Manager Policy Store CA Workflow NFC Mainframe Applications (TSO, IDMS, DB2, etc.) Business Role HRMS Enter new Employee Information into IAM NFC Unix (AIX, Linux, etc.) Applications NFC Windows Applications Business Role Customer Agency Security Officer Enter new Employee Information into IAM NFC Oracle Applications Phase 1 – FY10/11 NFC Customers NFC Phase 2 – FY11/12

  13. SecureAll - SALL • Reporting Center implemented intoSALL in 2009 • ASOs should beable to reset passwords for users within their scope of authority and view security reports • Schedule of future applications to be implemented into SALL: • FUND CY10 PP15 • FSDE CY11 PP04 • ITRS CY11 PP07 • OFEE CY11 PP10 • TUMS CY11 PP13 • IBIL CY11 PP20

  14. Future Direction of ISPCS/ISSO

  15. Contact Information Ivan.Jackson@usda.gov 504-426-0400 Mike.Zeringue@usda.gov 504-426-0408

More Related