170 likes | 276 Views
Presentation to ISSD Task Force INFORMATION SYSTEMS SECURITY DIVISION Reorganization Study Prepared: May 6 , 1991 Revised: May 7, 1991. AGENDA. Proposed Reorganization (Security Automation Division) II. Why Merger of Fraud Detection and ISS Divisions III. ISSD Staff Reduction
E N D
Presentation to ISSD Task Force INFORMATION SYSTEMS SECURITY DIVISION Reorganization Study Prepared: May 6, 1991 Revised: May 7, 1991
AGENDA • Proposed Reorganization (Security Automation Division) II. Why Merger of Fraud Detection and ISS Divisions III. ISSD Staff Reduction • Service & Project Assumptions • ISS-WA Organization & Service Reductions • 155-LA Organizations & Service Reductions • 155-AZ Temporary Organization IV. Cost Reduction Summary V. Action Summary VI. ISSD Functions Summary
WHY MERGE DIVISIONS • Reduction in Cost • Infusion of Expert System Knowledge into Security Function • Centralized Supervision & Administration of Security Technical Functions WHY J XXXXXXX AS DIVISION MANAGER • Significantly More Technical and Managerial Depth • 30 years of Technical and Managerial Data Processing Experience • Development and Systems Assurance Management Experience • Data Center Production and Operations Management Experience • Security (RACF) Project Experience • Expert Systems Project Experience • Commercial and M Application & Architecture Design Experience • Business Resumption and Data Processing Contingency Planning Experience
SERVICE & PROJECT ASSUMPTIONS • SAD with the Support of SPAC performs Security Product Reviews • SPBA accepts decentralized Branch Security Administration. AZ Security Service will be provided without local presence (no reduction in service anticipated) • SPAC-NW will use their current system as basis for SPC Online Request Processing and therefore have responsibility for SPC Security Architecture
SAD-WASHINGTON SERVICE REDUCTIONS ELIMINATE • Security Boiler Plate Contributions to Legal Documents REDIRECT • MVS Request Processing • Physical Security Reviews • Security Product Research REDUCE • New Business Research • Procedure and Guideline Writing • Security Awareness Program • Department & Division Administrative Documentation
SAD-LA TECHNICAL SUPPORT SERVICE REDUCTIONS ELIMINATE • Security Boiler Plate Contribution to Legal Documents REDIRECT • PC/Virus Software Distribution • Physical Security Reviews REDUCE • Security Product Research • New Business Research • Procedure & Guideline Writing • Security Awareness Program • Department & Division Administrative Documentation
SAD-LA REQUEST PROCESSING SERVICE REDUCTIONS REDIRECT • Procedure & Guideline Writing • TANDEM Request Processing, and Violation Reporting & Review
SAD-AZ SERVICE REDUCTIONS CONSOLIDATE ELSEWHERE INTO SAD • MVS Environment Management (WA) • MVS Request Processing (LA) • Cryptographic Key Management (LA) • Audit Response (WA) TRANSFER TO USERS • Thirty Plus Internal Security Applications
COST REDUCTION SUMMARY Based on Merger of ISS and FD Divisions
ACTION SUMMARY • 2 ND QUARTER 1991 - Layoff Division Manager - Layoff Mainframe Technical Consultant In LA - Layoff Midrange Technical Consultant In LA - Move Data Security Analyst from WA to LA (add TANDEM skills to LA) • 4 TH QUARTER 1991 - Complete Conversion of Arizona Processing to Common Architecture • 1 ST QUARTER 1992 - Transfer(Layoff) AZ Manager - Layoff AZ Data Security Analyst
ISSD FUNCTIONS SUMMARY KEPT AT CURRENT LEVEL OF EFFORT • SPC Security Architecture Development • Mainframe & Tandam Security Request Processing (Consolidated) • Mainframe & Tandem Security Technical Support • Midrange, LAN, and PC Security Technical Support • Network Security Support • Online Security Request Processing System Development • Wire Transfer Security Support • Cryptographic Key Management • MAC Security Request Processing (CA) • Database and Tracking of Waiver, Virus, and Security Incident Events • Information Systems Security Committee (ISSC) Support • Information Systems Security Manual (ISSM) Policy Development • Application Project (such as BDS) Security Consulting REDUCED LEVEL OF EFFORT • Security Procedure and Guideline Writing (Consolidated) • Security Awareness Program • Security Product Reviews (with SPAC) • New Business Research Assistance • Department and Division Administrative Documentation
SECURITY AUTOMATION DIVISION MANAGER OVERALL PURPOSE The purpose of this position is to provide support to the Corporate Security Department objectives in:- Managing and coordinating of computer security plans, projects, and policies; - Developing external fraud detection and prevention applications; - Administering passwords and users identifications for productions and development operations. - Identify and monitor emerging technology in the fields of information security and expert systems products REQ UIREM ENTS - Minimum of 20 years of data processing background with a thorough understanding of computer operating systems and networks. The major emphasis is in database computer environments supported in different geographic locations. - Ability to interact with senior management to gain concurrence on security related methods and production processing. - Possess technical skills to interact, make decisions, and implement security methods consistent with business and technical requirements. - Proven record of knowledge based application development and installation. RESPONSIBILITIES - Provide technical direction and leadership to apply and create access controls to meet Federal, State, CCC, NBE, and internal audit requirements. Additionally, provide risk versus exposure analysis and recommendations. - Provide security direction in the SPC dynamic technical and business environments. - Work with AC in the creation of security related technology, products, procedures, systems, and concepts. The position requires the ability to innovate and to manage innovative projects. - Ensure that the security needs/requirements of the corporation are maintained and established with consideration to the amount of risk or exposure to electronic assets. - Ensure and provide technical direction to mitigate security related failures and damage that can have significant negative impact on the total organization. - Provide technical direction for the design of expert systems related to external fraud detection and prevention. - Ability to analyze user expertise into knowledge base rules.