1 / 17

Presentation to ISSD Task Force INFORMATION SYSTEMS SECURITY DIVISION Reorganization Study

Presentation to ISSD Task Force INFORMATION SYSTEMS SECURITY DIVISION Reorganization Study Prepared: May 6 , 1991 Revised: May 7, 1991. AGENDA. Proposed Reorganization (Security Automation Division) II. Why Merger of Fraud Detection and ISS Divisions III. ISSD Staff Reduction

hasad-dean
Download Presentation

Presentation to ISSD Task Force INFORMATION SYSTEMS SECURITY DIVISION Reorganization Study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Presentation to ISSD Task Force INFORMATION SYSTEMS SECURITY DIVISION Reorganization Study Prepared: May 6, 1991 Revised: May 7, 1991

  2. AGENDA • Proposed Reorganization (Security Automation Division) II. Why Merger of Fraud Detection and ISS Divisions III. ISSD Staff Reduction • Service & Project Assumptions • ISS-WA Organization & Service Reductions • 155-LA Organizations & Service Reductions • 155-AZ Temporary Organization IV. Cost Reduction Summary V. Action Summary VI. ISSD Functions Summary

  3. WHY MERGE DIVISIONS • Reduction in Cost • Infusion of Expert System Knowledge into Security Function • Centralized Supervision & Administration of Security Technical Functions WHY J XXXXXXX AS DIVISION MANAGER • Significantly More Technical and Managerial Depth • 30 years of Technical and Managerial Data Processing Experience • Development and Systems Assurance Management Experience • Data Center Production and Operations Management Experience • Security (RACF) Project Experience • Expert Systems Project Experience • Commercial and M Application & Architecture Design Experience • Business Resumption and Data Processing Contingency Planning Experience

  4. PROPOSED SECURITY AUTOMATION DIVISION ORGANIZATION

  5. SERVICE & PROJECT ASSUMPTIONS • SAD with the Support of SPAC performs Security Product Reviews • SPBA accepts decentralized Branch Security Administration. AZ Security Service will be provided without local presence (no reduction in service anticipated) • SPAC-NW will use their current system as basis for SPC Online Request Processing and therefore have responsibility for SPC Security Architecture

  6. PROPOSED ISS - WA ORGANIZATION

  7. SAD-WASHINGTON SERVICE REDUCTIONS ELIMINATE • Security Boiler Plate Contributions to Legal Documents REDIRECT • MVS Request Processing • Physical Security Reviews • Security Product Research REDUCE • New Business Research • Procedure and Guideline Writing • Security Awareness Program • Department & Division Administrative Documentation

  8. PROPOSED ISS - LA REQUEST PROCESSING ORGANIZATION

  9. PROPOSED ISS - LA TECHNICAL SUPPORT ORGANIZATION

  10. SAD-LA TECHNICAL SUPPORT SERVICE REDUCTIONS ELIMINATE • Security Boiler Plate Contribution to Legal Documents REDIRECT • PC/Virus Software Distribution • Physical Security Reviews REDUCE • Security Product Research • New Business Research • Procedure & Guideline Writing • Security Awareness Program • Department & Division Administrative Documentation

  11. TEMPORARY ISS - AZ ORGANIZATION

  12. SAD-LA REQUEST PROCESSING SERVICE REDUCTIONS REDIRECT • Procedure & Guideline Writing • TANDEM Request Processing, and Violation Reporting & Review

  13. SAD-AZ SERVICE REDUCTIONS CONSOLIDATE ELSEWHERE INTO SAD • MVS Environment Management (WA) • MVS Request Processing (LA) • Cryptographic Key Management (LA) • Audit Response (WA) TRANSFER TO USERS • Thirty Plus Internal Security Applications

  14. COST REDUCTION SUMMARY Based on Merger of ISS and FD Divisions

  15. ACTION SUMMARY • 2 ND QUARTER 1991 - Layoff Division Manager - Layoff Mainframe Technical Consultant In LA - Layoff Midrange Technical Consultant In LA - Move Data Security Analyst from WA to LA (add TANDEM skills to LA) • 4 TH QUARTER 1991 - Complete Conversion of Arizona Processing to Common Architecture • 1 ST QUARTER 1992 - Transfer(Layoff) AZ Manager - Layoff AZ Data Security Analyst

  16. ISSD FUNCTIONS SUMMARY KEPT AT CURRENT LEVEL OF EFFORT • SPC Security Architecture Development • Mainframe & Tandam Security Request Processing (Consolidated) • Mainframe & Tandem Security Technical Support • Midrange, LAN, and PC Security Technical Support • Network Security Support • Online Security Request Processing System Development • Wire Transfer Security Support • Cryptographic Key Management • MAC Security Request Processing (CA) • Database and Tracking of Waiver, Virus, and Security Incident Events • Information Systems Security Committee (ISSC) Support • Information Systems Security Manual (ISSM) Policy Development • Application Project (such as BDS) Security Consulting REDUCED LEVEL OF EFFORT • Security Procedure and Guideline Writing (Consolidated) • Security Awareness Program • Security Product Reviews (with SPAC) • New Business Research Assistance • Department and Division Administrative Documentation

  17. SECURITY AUTOMATION DIVISION MANAGER OVERALL PURPOSE The purpose of this position is to provide support to the Corporate Security Department objectives in:- Managing and coordinating of computer security plans, projects, and policies; - Developing external fraud detection and prevention applications; - Administering passwords and users identifications for productions and development operations. - Identify and monitor emerging technology in the fields of information security and expert systems products REQ UIREM ENTS - Minimum of 20 years of data processing background with a thorough understanding of computer operating systems and networks. The major emphasis is in database computer environments supported in different geographic locations. - Ability to interact with senior management to gain concurrence on security related methods and production processing. - Possess technical skills to interact, make decisions, and implement security methods consistent with business and technical requirements. - Proven record of knowledge based application development and installation. RESPONSIBILITIES - Provide technical direction and leadership to apply and create access controls to meet Federal, State, CCC, NBE, and internal audit requirements. Additionally, provide risk versus exposure analysis and recommendations. - Provide security direction in the SPC dynamic technical and business environments. - Work with AC in the creation of security related technology, products, procedures, systems, and concepts. The position requires the ability to innovate and to manage innovative projects. - Ensure that the security needs/requirements of the corporation are maintained and established with consideration to the amount of risk or exposure to electronic assets. - Ensure and provide technical direction to mitigate security related failures and damage that can have significant negative impact on the total organization. - Provide technical direction for the design of expert systems related to external fraud detection and prevention. - Ability to analyze user expertise into knowledge base rules.

More Related