IT Compliance Coordinators

IT Compliance Coordinators Kick-Off Meeting May 19, 2008

Agenda • Welcome and Introductions • Jim Davis • Ed Pierce • Amy Blum • Goals and Responsibilities • Metrics and Reports • What do you need? • Website • Training • Information • Tools • Open Discussion on roles and expectations

Robert Kilgore College Bob Park Athletics Mitra Ashtari SumSes/CO/SA Eric Chang UNEX Andrea Korn External Affairs Tito Deveyra TFT Kamran Mehdian ASUCLA Mike Kusunoki Anderson Sean Pine Law Jackson Jeng Research Grant Yano Dentistry Terry Ryan Library Julie Austin SEAS Ann Chang Medical Bill Jepson A&A Tom Phelan SSC David Snow Medical/SPH Don Worth Admin Mike Schilling Admin Max Kopelovich Phys Sci Dave Curry Internal Audit Peter Kovaric GSEIS Bryant Ng Nursing Harold Shin Humanities C. Cunningham OIT Mark Jenkins Cap. Programs Kaya Mentesoglu Internat. Inst Vincent Riggs SPA Babak Saberi Life Sciences Amy Blum Resource, Legal Ross Bollens Resource, OIT Kent Wada Resource, OIT Jim Davis Sponsor Ed Pierce Sponsor ITCC Membership

Oversight Committee Internal Audit and Controls • Expectations of Committee - Ed Pierce • Security standing agenda item • Report on security through OIT & in partnership with the medical enterprise • ITCC formal campus entity for institutional regulatory practice in a federated environment • Reporting, education, communication, institutional practice, meaningful policy implementation

ITCC Broad in Scope • Security practice • Web accessibility • Privacy • E-discovery • Records retention • Public Records Act • HIPAA

IT Security Categories • IDs & PWs, authorized practice • Cyber attacks • Loss through individual responsibility

IT Security Practice • Management: credentialing, IDs & PWs, authorized behaviors • Prevention: policy, protocols, culture, incentives, monitoring, tracking, scanning • Incident Response: detection, protocol, mitigation, reporting

Initial Metrics Ideas • % of systems that are 401 compliant 2. % of critical assets or functions residing on compliant systems 3. % of systems hold sensitive/restricted data that are compliant 4. % of above systems that are monitored or have activity logs • % of machines and peripherals that meet standards for secure disposal • Number of people in your unit without a UCLA email address & number not in directory

IT Compliance Website (DRAFT) • Contents • Tone • Critical Link Locations http://safecomputing.ucla.edu/new.htm

Security Administrator Topics • April – Web Vulnerabilities (+ follow-up) • May – eEye • June – Secure Disposal • July – Secure Server Configurations • August – Implementing NAC • Future: • Cisco • Patchlink • Macafee • Secure Macs • RSA/Verisign/2-Factor security

IT Compliance Coordinators

IT Compliance Coordinators

Presentation Transcript

Bilingual Coordinators

Primary IT Coordinators Workshop

PRODUCTION COORDINATORS

Tutor Coordinators

OLYMPUS Coordinators

Evolving IT Framework Standards (Compliance and IT)

Diversity Coordinators

Technical coordinators

Coordinators Day

Welcome Coordinators

Coordinators :

Sustainable IT Compliance for iSeries

Keeping it legal: compliance issues

Coordinators

Wintellisys - IT security & compliance

IT Hipaa Compliance West Palm Beach

IT Audit and Compliance - Steppa

COORDINATORS BRIEFING

GRAMMAR: COORDINATORS

Coordinators

Coordinators

LCIF Coordinators