1 / 39

Information Security Awareness Month Activities

Information Security Awareness Month Activities. Peggy Ward Chief Information Security Officer & Internal Audit Officer. www.vita.virginia.gov. 1. Commonwealth Information Security Awareness Activities.

alec-dalton
Download Presentation

Information Security Awareness Month Activities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Awareness Month Activities Peggy Ward Chief Information Security Officer & Internal Audit Officer www.vita.virginia.gov 1

  2. Commonwealth Information Security Awareness Activities • Governor Timothy Kaine issued a proclamation designating October as Information Security Awareness Month. • To encourage citizens to learn about information security and to put the knowledge to practice.

  3. Commonwealth Information Security Awareness Activities • Framed & displayed the proclamation in a prominent location in the office & at Information Security Officer Advisory Group (ISOAG) meetings in September & October. • Provided copies of the proclamation with the seal to agencies & localities.

  4. Commonwealth Information Security Awareness Activities • Presentations Oct. 17: Commonwealth Security Information Resource Center presentation at the Cyber Security 2008 Conference, hosted jointly by Virginia Commonwealth University & the Federal Bureau of Investigations' InfraGard chapter Oct. 21: Commonwealth Information Security Initiatives presentation at the Hampton Roads Cyber Security Awareness Conference

  5. Commonwealth Information Security Awareness Activities • Presentations Oct. 22:Commonwealth Information Security Collaboration presentation at the Association of Government Accountants Technology & Fraud Conference Oct. 24: Chief Information Officer & Chief Information Security Officer remarks at the Chesterfield County Cyber Security Awareness Event

  6. Commonwealth Information Security Awareness Activities • Internet Activities The state portal, www.virginia.gov, has displayed a prominent graphic banner promoting Information Security in the "focal point" area, which links to the online guide on the VITA site Online e-government services on the portal now include the citizens' awareness banner provided by Commonwealth Security

  7. Commonwealth Information Security Awareness Activities • Internet Activities New content has been added to the Information Security Awareness Toolkit, thanks to COV agencies & MS-ISAC. The printing of materials from the toolkit was coordinated through DMV to leverage resources

  8. Commonwealth Information Security Awareness Activities • Security Awareness Video Produced by VITA Commonwealth Security & VITA Communications Available in early November in the Knowledge Center, the Information Security Resource Center & YouTube Available in late November on DVD

  9. VITA Information Security Awareness Activities • VITA Information Security Awareness activities are implemented to promote simple changes in behavior that strengthen the security of Commonwealth information. • Hosted lunch time presentations • Conducted raffle giveaways for presentation attendees • Giveaways items were provided by vendors from conferences. • Provided VITA branded resource materials from MS-ISAC • Brochures, Booklets, Bookmarks, Calendars, Posters • Conducted a fill in the blank puzzle contest

  10. Lunch Time Presentations • Event 1-Oct.1 • “Defending the Castle- How to Secure you Home Network” Bob Baskette, Commonwealth Security Incident Engineer Virginia Information Technologies Agency • Event 2-Oct 22 • “Protecting Your Money, Our Role and Yours” Chris Saneda, Senior Vice President /Chief Information Officer Virginia Credit Union • “The Tale of Three Hackers” Victor “Jake” Olesen, Special Agent, Federal Bureau of Investigation

  11. Questions/Discussion

  12. Information Security Awareness Month at DMV Douglas G. Mack DMV IT Security Director (ISO) Douglas.Mack@dmv.virginia.gov (804) – 367 - 2221 CIO - CAO Meeting October 28, 2008

  13. “Information security is a people, rather than a technical, issue.” Mark B. Desman The Ten Commandments of Information Security Awareness Training

  14. Three Groups to Address • Everyone – DMV classified, wage, contractors • Executive Staff • Information Technology Services (ITS) Staff

  15. MSISAC provided 4 security awareness poster designs. • DMV’s Senior Graphic Designer branded the posters and added Mark Desman’s quote to each design. • DMV Printing Services printed the posters.

  16. One of each design of the poster was sent to DMV’s Customer Service Centers and Weigh Stations at the end of September. • One of each design of the poster was displayed on each floor of DMV Headquarters.

  17. Throughout the year, once or twice a month the ISO writes and publishes an IT Security Note. • Single Topic • Brief • Diagrams, Screen Prints, Pictures

  18. DMV has a Cyber Security Awareness Week each October. • DMV’s intensive security awareness activities for October focus on the Cyber Security Awareness Week. • A new IT Security Note was published each day of Cyber Security Awareness Week.

  19. Topics of the Notes for the Week: • (Monday) Cyber Security Puzzle • (Tuesday) Acceptable Use • (Wednesday) A Bit of Computer Humor • (Thursday) Protecting Sensitive Data • (Friday) Recognizing and Avoiding Email Scams at Home

  20. MSISAC’s Information Security Executive Brief was sent to each member of the Executive Staff on the first day of the week.

  21. “It’s important to note that information security is not a technology issue, but rather a management issue requiring leadership, expertise, accountability, due diligence and risk management. Information security needs to be addressed in a coordinated, enterprise approach, and factored into program decisions.”

  22. DMV wanted to provide more IT focused awareness training for Information Technology Services (ITS) staff. • A PowerPoint Presentation was developed that covered some of the significant changes in SEC501-01, specifically: • Data Protection • Application Security

  23. The Presentation was sent out on October 2 to all ITS staff. • ITS staff have been given • until November 14 to review the presentation and return the completion certificate to the ISO. • As of October 22, 44 out of 176 staff members have completed the review.

  24. Final Note

  25. CIO-CAO Meeting October 28, 2008 Rosario Igharas, Information Security Officer Information Security Awareness : First Line of Defense Against Social Engineering

  26. VCSP: Who we are • An independent state agency • Operate Virginia’s Section 529 Programs which provide funds for higher education • Largest 529 plan in the country • Over 1.8 million account owners • About $25 Billion in assets under management • Recognized by Morningstar, Inc (April 2008) which ranked 2 of VCSP’s programs among the BEST Five college savings plans in the country

  27. Current Savings Programs

  28. Information In Our Custody • Customer Information • Name, address, birthday • Social Security Number • Account Numbers • Student ID • Employee Information • Agency Information • Partner Information

  29. Investment Managers • Pier Capital • Rothschild Asset Management • Sands Capital • Tattersall Advisory (Wachovia) • Thompson, Siegel & Walmsley, Inc. • Utendahl Capital Management, LP • Vanguard • Virginia Dept. of Treasury • Western Asset (Legg Mason) • Westfield Capital Management • Capital Guardian Trust • Century Capital Management • Chase Investment Counsel • Donald Smith & Co., Inc. • Dreyfus • Franklin Templeton • Invesco • LSV Investment Management • NWQ Investment Management Company • Piedmont Investment Advisors, LLC

  30. Information Security is Important to Us • We respect our customers’ right to privacy and recognize their trust in us to keep information about them secure and confidential. • Comply with laws and regulations • Avoid Embarrassment

  31. Technology Investment

  32. People: KEY to Security “ The security infrastructure is only as good as its weakest link.” Info ~Tech Research Group

  33. Train the Organization • Technical training • End user awareness training should not fall behind • Awareness training has to be ongoing

  34. Thank You, VITA Security Services!

  35. Thank You, DMV!

  36. Bringing it Close to Home Scary Halloween Stories • Real-life scary security stories • Highlight local incidents http://www.networkworld.com/podcasts/panorama/2007/102507pan-scary-security.html

  37. Final Thoughts • Information Security Awareness month is just the beginning • Investment in IT Security Technology is not enough • Train the organization • Develop a culture of security • Tone at the top

  38. Questions ? Virginia College Savings Plan Toll free 1-888-567-0540 www.Virginia529.com

More Related