1 / 11

IT Compliance Coordinators

IT Compliance Coordinators. Kick-Off Meeting May 19, 2008. Agenda . Welcome and Introductions Jim Davis Ed Pierce Amy Blum Goals and Responsibilities Metrics and Reports What do you need? Website Training Information Tools Open Discussion on roles and expectations.

loan
Download Presentation

IT Compliance Coordinators

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IT Compliance Coordinators Kick-Off Meeting May 19, 2008

  2. Agenda • Welcome and Introductions • Jim Davis • Ed Pierce • Amy Blum • Goals and Responsibilities • Metrics and Reports • What do you need? • Website • Training • Information • Tools • Open Discussion on roles and expectations

  3. Robert Kilgore College Bob Park Athletics Mitra Ashtari SumSes/CO/SA Eric Chang UNEX Andrea Korn External Affairs Tito Deveyra TFT Kamran Mehdian ASUCLA Mike Kusunoki Anderson Sean Pine Law Jackson Jeng Research Grant Yano Dentistry Terry Ryan Library Julie Austin SEAS Ann Chang Medical Bill Jepson A&A Tom Phelan SSC David Snow Medical/SPH Don Worth Admin Mike Schilling Admin Max Kopelovich Phys Sci Dave Curry Internal Audit Peter Kovaric GSEIS Bryant Ng Nursing Harold Shin Humanities C. Cunningham OIT Mark Jenkins Cap. Programs Kaya Mentesoglu Internat. Inst Vincent Riggs SPA Babak Saberi Life Sciences Amy Blum Resource, Legal Ross Bollens Resource, OIT Kent Wada Resource, OIT Jim Davis Sponsor Ed Pierce Sponsor ITCC Membership

  4. Oversight Committee Internal Audit and Controls • Expectations of Committee - Ed Pierce • Security standing agenda item • Report on security through OIT & in partnership with the medical enterprise • ITCC formal campus entity for institutional regulatory practice in a federated environment • Reporting, education, communication, institutional practice, meaningful policy implementation

  5. ITCC Broad in Scope • Security practice • Web accessibility • Privacy • E-discovery • Records retention • Public Records Act • HIPAA

  6. IT Security Categories • IDs & PWs, authorized practice • Cyber attacks • Loss through individual responsibility

  7. IT Security Practice • Management: credentialing, IDs & PWs, authorized behaviors • Prevention: policy, protocols, culture, incentives, monitoring, tracking, scanning • Incident Response: detection, protocol, mitigation, reporting

  8. Initial Metrics Ideas • % of systems that are 401 compliant 2. % of critical assets or functions residing on compliant systems 3. % of systems hold sensitive/restricted data that are compliant 4. % of above systems that are monitored or have activity logs • % of machines and peripherals that meet standards for secure disposal • Number of people in your unit without a UCLA email address & number not in directory

  9. IT Compliance Website (DRAFT) • Contents • Tone • Critical Link Locations http://safecomputing.ucla.edu/new.htm

  10. Security Administrator Topics • April – Web Vulnerabilities (+ follow-up) • May – eEye • June – Secure Disposal • July – Secure Server Configurations • August – Implementing NAC • Future: • Cisco • Patchlink • Macafee • Secure Macs • RSA/Verisign/2-Factor security

More Related