Affiliated information security collaborative
Download
1 / 10

Affiliated Information Security Collaborative - PowerPoint PPT Presentation


  • 151 Views
  • Uploaded on

Affiliated Information Security Collaborative. An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014. Establishment of an Affiliated Security Collaborative .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Affiliated Information Security Collaborative' - astrid


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Affiliated information security collaborative

Affiliated Information Security Collaborative

An Affiliated Enterprise Approach to Information Security

Deans and Vice Presidents Meeting

April 17, 2014


Establishment of an affiliated security collaborative

Establishment of an Affiliated Security Collaborative

There is consensus among UMB and UM Medicine IT Network CIOs and technology leaders that an enterprise-wide, collaborative Information Security Program and Assessment Plan needs to be established and implemented;

It is the responsibility of IT Leaders to establish and administer an Information Security Program that adheres to Federal, State, University, and other mandatory security rules, requirements and guidelines in order to protect the confidentiality, integrity, and availability of data;

IT leaders will establish and share operational policies, practices, and procedures that result in effective information security and the protection of information assets, protected health information, and patient and employee personal information;

The IT leaders will establish an Information Security Working Group as a means of coordinating activities that respond to information security vulnerabilities and risks, and cyber-attacks, that cross operational intersections.


Guiding principles of the affiliated security collaborative

Guiding Principles of the Affiliated Security Collaborative

Each organization is responsible for developing, implementing, monitoring and funding their respective security program.

Participants understand the importance of harmonizing security program efforts across the enterprise and pledge to share all pertinent information needed to ensure the security posture of each organization and the combined IT systems and infrastructure which represent the “affiliated enterprise”.

UMB as the core IT data network infrastructure and Internet Service Provider for the medical campus will serve as the coordinating body for the enterprise Security Collaborative.

The Affiliated Security Collaborative is a multi-organizational structure formed to facilitate information sharing and coordination of effort to expedite an organized response to security events. 


Affiliated Enterprise Model:Information Security

UMB Information Security

UM Medicine IT Network

  • SOM

Information Security Working Group

UMB

Affiliated Enterprise Services

  • UMMS

  • FPI


Primary objectives of the affiliated security collaborative

Primary Objectives of the Affiliated Security Collaborative

Collaboratively assess, identify, and report on any information security risk or vulnerability;

Define common areas of risk as they relate to information security at appropriate operational intersections;

Share information security strategies, processes and practices that adhere to local, state, and federal regulatory rules and requirements in order to avoid duplication of effort;

Share technology platforms and information security knowledge among technology professionals in order to broaden knowledge and expertise;

Collaborate on the improvement and strengthening of information security policies, practices, and solutions, and ensure coverage across the enterprise;

Develop a global communication strategy to promote and expand information security awareness across the UMB affiliated enterprise.


Umb and um medicine it network information security structure
UMB and UM Medicine IT Network Information Security Structure

  • Execution of Assessment Plan and Activities

Continuous Security Monitoring


Assessment plan and activities

Assessment Plan and Activities Structure

Include:

Announcing and communicating the Information Security Collaborative and Assessment Plan;

Forming the Information Security Working Group (ISWG)

Members of the ISWG will work to:

Develop an inventory of information technology and data assets;

Apply a uniform classification category for each data asset;

Run network scans to identify any existing vulnerability;

Investigate servers and computers to determine if they contain sensitive data: SSNs, PHI, PCI;

Check network and server/computer configuration and firewall rules to determine if they comply with security standards.


Assessment plan and activities cont

Assessment Plan and Activities (cont.) Structure

Include:

Conducting a thorough and complete risk/vulnerability assessment, using a detailed checklist, for any found sensitive, high-risk data on computers or servers;

Work with the operational leaders to determine the existence of any non-electronic, hardcopy records that contain sensitive data, e.g., SSNs, PHI, PCI;

Analyzing the information collected to determine the actual risk to the critical assets and propose appropriate mitigation for areas identified as weak or procedures not implemented;

Preparing a report of the findings; including a list of assets, threats and vulnerabilities; risk determination; recommended controls; and cost benefit analysis; to be shared with each organization’s executive leadership

Performing a final review of information security best practices, processes and procedures with the unit.


Estimated timeline

Estimated Timeline Structure

Announce the information security affiliated collaborative initiativeApril 2014

Develop a high-level plan for the affiliated enterprise-wide information May 2014

security collaborative; and create the information security

working group

Initiate the assessment plan and activities in UMB schools, June 2014

and UM Medicine IT network

Complete the assessment plan and activities for UMB central offices:

Registrar; Institutional Research and Accountability; Financial Aid; Financial

Services; Human Resource Services; Sponsored Projects Accounting and

Compliance; Public Safety; Parking ServicesAugust 2014

Complete the Assessment Plan and Activities in Schools and UM Medicine IT Network TBD


Questions

Questions Structure


ad