180 likes | 190 Views
This presentation highlights the importance of security for executives' understanding, covering threats, risks, and benefits. It emphasizes protecting sensitive data, trust, and operations from various internal and external risks. The program elements, security initiatives, laws, and compliance are discussed for enhancing security measures.
E N D
Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]
[the Agency] Today • [the Agency’s] mission and vision • The way we do business is changing • Increased reliance on systems and technology • Increased threats to information and systems
Enterprise Security Risks Threats Attempts to Access Sensitive Information Sabotage Natural Disaster Malicious Acts User Error Pranks Industrial Espionage [the Agency’s]Systems Integrity of [Agency]Data & Reports Corrupted Public, Partner, Legislative Trust Lost Sensitive Data Disclosed Failed CFO Audit Services & Benefits Interrupted Critical Operations Halted Assets Lost Potential Damage
Enterprise Security Risks Unauthorized Access to Sensitive Information Threats Sabotage Natural Disaster User Error [the Agency’s] Systems Public, Partner, Legislative Trust Lost Integrity of [Agency] Data & Reports Corrupted Sensitive Data Disclosed Failed CFO Audit Services & Benefits Interrupted Critical Operations Halted Assets Lost Potential Damage
Enterprise Security Risks Industrial Espionage Threats Sabotage Natural Disaster User Error [the Agency’s] Systems Public, Partner, Legislative Trust Lost Integrity of [Agency] Data & Reports Corrupted Sensitive Data Disclosed Failed CFO Audit Services & Benefits Interrupted Critical Operations Halted Assets Lost Potential Damage
Enterprise Security Risks Threats Attempts to Access Sensitive Information Sabotage Natural Disaster Malicious Acts User Error Pranks Industrial Espionage [the Agency’s] Systems Public, Partner, Legislative Trust Lost Integrity of [Agency’ Data & Reports Corrupted Sensitive Data Disclosed Failed CFO Audit Services & Benefits Interrupted Critical Operations Halted Assets Lost Potential Damage
Enterprise Security Risks Threats Attempts to Access Sensitive Information Sabotage Natural Disaster Malicious Acts User Error Pranks Industrial Espionage [the Agency’s] Systems Failed CFO Audit Public, Partner, Legislative Trust Lost Sensitive Data Disclosed Services & Benefits Interrupted Critical Operations Halted Assets Lost Potential Damage
Why is Security Important to [the Agency’s]? • Protect privacy information • Protect processes and corporate assets • Provide continuity of services • Provide accessibility of information It is a prudent business practice to reduce risks to [the Agency’s]
Why is Security Important to US? Each One Of Us Is Accountable!
Laws and Regulations • Computer Security Act of 1987 • Privacy Act of 1974 • Freedom of Information Act • Presidential Decision Directive (PDD) 63 • OMB A-130, Appendix III, Revised • Health Insurance Portability and Accountability Act • FISMA of 2002
Audit’s Point of Weaknesses • General Accounting Office • Internal Revenue Service • Office of the Inspector General • Chief Financial Officer • Office of Information Services
[the Agency’s] Enterprise Security Program Policy, Training, Engineering, and Management Oversight for all [the Agency’s] employees, contractors, and agents
Security Program Elements Personnel and Physical Security Security Awareness, Training, & Education Risk Management Integrating Security into the SDLC Security Determinations and Requirements Security Plans & Certification Systems Access Security Acquisitions & Contracts Remote Access Security Audit Systems Business Contingency Planning Workstation Security LAN Security Security Incidents E-Mail & Facsimile Security Internet / Intranet Security Virus Prevention, Detection, & Reporting Medicare Contractor Oversight
Current Enterprise Security Initiatives • GPRA Goal of Zero Material Weaknesses for the Year 2000 and Beyond • [the Agency’s] Enterprise Security Handbook • Information Technology Architecture • IT Council Security Committee • HIPAA Compliance
Immediate Next Steps • Designation of Information Systems Security Officers • Re-certification of User Access Privileges • Corrective Action Plans to Audit Findings • [the Agency’s] Contractor Oversight • Security Awareness and Training
Summary • Recognize that security risks in [the Agency’s] environment impact [the Agency’s] Mission. • Security is a management responsibility. • Security is everybody’s business.
We ask you to: • Encourage and support [the Agency’s] security initiative activities! • Lead by example! • Be proactive!