S tate t echnology a nnual r eport r egister starr saiso security systems security training
This presentation is the property of its rightful owner.
Sponsored Links
1 / 59

Training Agenda PowerPoint PPT Presentation


  • 113 Views
  • Uploaded on
  • Presentation posted in: General

S tate T echnology A nnual R eport R egister (STARR) SAISO Security / Systems Security Training. Training Agenda. STARR Overview Training STARR Purpose What is STARR STARR Roles STARR Data Collection Timeline Responding to a Questionnaire (Video) STARR Role Based Training

Download Presentation

Training Agenda

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


S tate t echnology a nnual r eport r egister starr saiso security systems security training

State Technology Annual Report Register (STARR) SAISO Security / Systems Security Training


Training agenda

Training Agenda

  • STARR Overview Training

    • STARR Purpose

    • What is STARR

    • STARR Roles

    • STARR Data Collection Timeline

    • Responding to a Questionnaire (Video)

    • STARR Role Based Training

      • SAISO (Security / Systems Security)

    • STARR Dashboards

    • Helpful Tips

    • When to Contact Agency Super User

    • Questions


Starr overview training

STARR Overview Training


Starr purpose

STARR Purpose

O.C.G.A. 50-25-4(8), (13) & 50-25-7.10, the State CIO is responsible for collecting and publishing an information technology report that covers the state’s current and planned use of technology for the purpose of making recommendations on the needs and opportunities for the enterprise.

Governor’s Executive Order on March 2008 requires agencies to report on the status of their agency information security program.


What is starr

What is STARR

  • STARR serves as a data repository for State IT, Security and supports the annual report

  • Replaces the existing tool

    • Information Technology Governance Report (ITGR) with a tool where the majority of data will be entered via questionnaires (similar to Survey Monkey)

  • Uses web based questionnaires to enter and validate data

  • STARR questionnaires are targeted to specific roles

    • Standard Questions encompassing role-specific questions (I.e.. BCP, IT Security, BO)

    • Entity Questionnaire targeting (I.e.. Agency Super User, Systems Security, CIO, CFO)


What is starr1

What is STARR

  • The majority of the questionnaires will be pre-populated with pre-existing ITGR data

  • Provides enhanced Reporting and Dashboard capability


Starr roles

STARR Roles


Starr roles 1 of 3

STARR Roles (1 of 3)

  • Business Owner (BO)

    • answers questionnaire on Secure, Reliable, and Sustainable Maturity (SRS Maturity)

  • Agency Super User

    • agency point of contact for STARR

    • responsible for the agency profile questionnaire

    • has the ability to produce reports

  • Business Continuity Planner (BCP)

    • answers questionnaire regarding business continuity planning


Starr roles 2 of 3

STARR Roles (2 of 3)

  • Chief Information Officer (CIO )

    • answers questionnaire regarding business application inventory

    • answers questionnaire about agency IT Spend

    • answers questionnaire on Secure, Reliable, and Sustainable Maturity (SRS Maturity)

  • Senior Agency Information Security Officer (SAISO)

    • answers questionnaires regarding agency IT systems and security


Starr roles 3 of 3

STARR Roles (3 of 3)

  • Chief Financial Officer (CFO)

    • answers questionnaire on the agency IT Spend

  • Agency Head / Commissioner

    • will receive a questionnaire to validate agency IT information


Starr data collection timeline

STARR Data Collection Timeline


Starr training questionnaire distribution schedule

STARR Training & Questionnaire Distribution Schedule


Responding to starr questionnaires

Responding to STARR Questionnaires


Responding to starr questionnaires video

Responding to STARR Questionnaires Video

Please note:

The STARR Tool is a SaaS (Software as a Service) Solution. The video you are about to review was produced by our vendor CAI for their tool AMI. Therefore during the videoyou may hear the term “AMI” being used throughout.


Responding to starr questionnaire video

Responding to STARR Questionnaire (Video)


Security saiso questionnaire notice

Security - SAISO Questionnaire Notice


Sample security saiso email notice

Sample Security – SAISO Email Notice

State Technology Annual Report Registry (STARR)

[email protected]

Identifies the email as a STARR Questionnaire

Identifies your organization

Identifies Questionnaire Type

Questionnaire due date

Link to launch Questionnaire


Sample security saiso questionnaire

Sample Security - SAISO Questionnaire

You may click “Save progress and exit” to save your work and exit the questionnaire. You can then return later to complete your questionnaire by clicking on the link in the previous email notification

Clicking on the previous email link will

launch the Security – SAISO questionnaire

start page

You may also click on “Discard answersand exit” the questionnaire. You can then return later to restart your questionnaireby clicking on the link in the previous emailnotification


Sample security saiso questionnaire1

Sample Security - SAISO Questionnaire

To begin your questionnaire click on “Begin Assessment” to start addressing your questions


Sample security saiso questionnaire2

Sample Security - SAISO Questionnaire

Clicking on the “Begin Assessment” buttonwill take you to the start page of yourquestionnaire

As previously shared during the video, the assessment bar for the standard questionnaire will behigh-lighted as you progressthrough the questionnaire

The fiscal year field will be prepopulated withthe reporting fiscal year


Sample security saiso questionnaire3

Sample Security - SAISO Questionnaire

As you begin to answer the questionnaire,if you require additional information about a question, you can click on the “?” to review help text about that specific question.Note: not all questions have help text listed


Sample security saiso questionnaire4

Sample Security - SAISO Questionnaire

As you begin to answer the questionnaire,if you require additional information about a question, you can click on the “?” to review help text about that specific question.Note: not all questions have help text listed


Sample security saiso questionnaire5

Sample Security - SAISO Questionnaire

This page provides asample view of the types

Of questions you will be answering


Sample security saiso questionnaire6

Sample Security - SAISO Questionnaire

This page represents the certification page.

On this page you are certifying to the accuracyof your responses to the security questions

You have 2 options:“Yes” or “No”Your response is shared with your agency leadership

You may click “Next Page”to progress forward to the

next page

You may click “Previous Page” to navigate back to the previous page


Sample security saiso questionnaire7

Sample Security - SAISO Questionnaire

This page represents the final page of the

Questionnaire.

You may select “Return to the beginning of the assessment to reviewyour answers”

orYou may “Submit your Completed Assessment”to end your session


Sample security saiso questionnaire8

Sample Security - SAISO Questionnaire


Systems security saiso questionnaire

Systems Security - SAISO Questionnaire


Sample systems security saiso email notice

Sample Systems Security SAISO Email Notice

State Technology Annual Report Registry (STARR)

[email protected]

Identifies the email as a STARR Questionnaire

Identifies your organization

Identifies Questionnaire Type

Questionnaire due date

Link to launch Questionnaire


Sample systems security questionnaire

Sample Systems Security Questionnaire

Clicking the link in the email notice launches the Systems Security - SAISOProfile landing page for your agency

The profile page will show your “Agency ID”,“Agency Name” and “Description”.

At any time during your session, you may click onthe “Attachments” button, to retrieve important

help related documents such as “FAQs”


Sample systems security questionnaire1

Sample Systems Security Questionnaire

To move forward you must clickon the “Systems” tab to access the Systems Listing page


Sample systems security questionnaire2

Sample Systems Security Questionnaire

The empty boxes shown on this summary screen are viewing filters. You will be able to select your viewing criteria by entering your specific filter preference

Clicking on Systems tab displays all systemscurrently loaded in STARR for your agency

You may click on fiscal year to review and update information for the identified system(s)

Note: Fiscal Year must be changed to the current reporting year before submitting any of your updates

If your list of systems exceeds onepage, you have the ability to scrollpages.

You may also dictate the number of systems that are viewable on the Systems summary screen by manipulating the “Records per page” selection.


Sample systems security questionnaire3

Sample Systems Security Questionnaire

Clicking on the fiscal year on the previous screen will open up the systems information for the selected system.

You are now in view mode for the selected system. You can validate the data fields for the reporting year


Sample systems security questionnaire4

Sample Systems Security Questionnaire

In order to make any updates to your systems information you must – click on the “Edit” button to be able to update your systems data fields.

Note: You must update the fiscal year field with the current reporting fiscal year


Sample systems security questionnaire5

Sample Systems Security Questionnaire

Clicking on the Edit button will open the form up to edit mode. From this screen you will be able to make updates to your systems data fields.

1. You can now update the fiscal year with the current reporting fiscal year

2. If the system is no longer active, you can change the “System Status” indicator to “inactive”

3. You should make any other updates as appropriate

Required fields are marked withan “*”. You must enter something for all required fields


Sample systems security questionnaire6

Sample Systems Security Questionnaire

When you have completed your updates.

Clicking the “Save” button will save your updates

Clicking “Cancel will not save your updates


Sample systems security questionnaire7

Sample Systems Security Questionnaire

Click on the “Back to all” link to review the restof the systems inventory list


Sample systems security questionnaire8

Sample Systems Security Questionnaire

When Adding a System:

Clicking on Systems tab displays all systemscurrently loaded in STARR for your agency

If you need to add additional systems, you have the ability to add a new system by clicking on the “add systems” button


Sample systems security questionnaire9

Sample Systems Security Questionnaire

When you click on the “Add Systems” button on the previous screen, A blank systems form displays –

1 Begin entering your data by Enter the current fiscal year

2 Complete the remaining data fields as appropriate keeping in mind the required fields

The Systems ID must be unique within theagency, The format can be any combination of letters and/or numbers


Sample systems security questionnaire10

Sample Systems Security Questionnaire

Or you can save yourupdates by clicking on the “Save” button

Updated Data Fields

Click on “Cancel” link to exit the systemwithout saving any of your field updates.


Sample systems security questionnaire11

Sample Systems Security Questionnaire

Please Note: Once you have entered all your systems updates, click on the “I’m Finished!” button to complete your session

If you need to leave and return to the questionnaire later, click on the “Close and finish later” link. You will be able to return to the questionnaire by clicking on the link in your original email notice


Sample systems security questionnaire12

Sample Systems Security Questionnaire


Starr dashboards

STARR Dashboards

The agency data reflected on the dashboard views are driven by the questionnaire responses.

Dashboard Types:

  • Dials

  • Graphs

  • Charts


It security dashboard

IT Security Dashboard

IT Security Dashboard report Agency:

  • Security Awareness Training:

    • Security Awareness Training for agency staff (Staff and Contractors)

    • Record keeping for Security Awareness Training

  • Security Governance:

    • Confirmation of a formal documented security program as required by Enterprise Information Security Infrastructure Standard (SS-08-005.01)

    • Agency's information security governance process


Sample it security dashboard

Sample IT Security Dashboard


Sample business continuity dashboard

Sample Business Continuity Dashboard

Business Continuity Dashboard reflects the Agency’s:

Q1: established guidelines on how emergency situations should be handled by the

agency and it’s personnel

Q3: documented processes that continue it’s core mission capabilities

Q5: identification of key personnel essential to support critical business processes


Application inventory dashboard

Application Inventory Dashboard

The Application Inventory Graph compiles a summary view of the Agency’s Application Inventory Data segmented by:

  • Application Spend vs. Budgeted Amount

  • Application Inventory

    • Contractor Labor Costs

    • Employee Labor Costs

  • Full Time Equivalent (FTE) Information

    • Contractor

    • Employee


Sample application inventory dashboard

Sample Application Inventory Dashboard


It agency spend dashboard

IT Agency Spend Dashboard

The IT Agency Spend Graph compiles a summary view of IT Agency Spend segmented out by Cost Categories

  • Total Infrastructure Costs

  • Total Network Costs

  • Total Application Costs

  • Total Project Costs (Fiscal Year Spend)


Sample it agency spend dashboard

Sample IT Agency Spend Dashboard


Sample srs maturity dashboard

Sample SRS Maturity Dashboard

The SRS Maturity Dashboard represent cumulative operational responses from Business Owners and CIOs input related to the current state of their agency; data, systems and IT security. The SRS Maturity dials represented on the following page identify:

  • Secure

  • Reliable

  • Sustainable

  • Overall SRS Average


Sample srs maturity dashboard1

Sample SRS Maturity Dashboard


Helpful tips

Helpful Tips:


Helpful tips1

Helpful Tips:

  • The STARR tool supports the following Browsers.

    • Internet Explorer - 7

    • Internet Explorer - 8 and 9 (Preference)

    • Firefox - 11 and higher 

    • Safari - 5 and higher 

    • Chrome - most recent production version 


Helpful tips2

Helpful Tips:

  • Prior to receiving your questionnaire, you will be notified at least a week in advance. If you do not receive the questionnaire within that week; please check your spam file

  • Make sure you complete your questionnaire prior to the expiration date

    • Contact your Agency Super User to request a reissue of your questionnaire

  • Make sure your responses are saved prior to leaving your computer for an extended length of time; In a time-out scenario, your responses will not be saved


Helpful tips3

Helpful Tips:

  • Forwarding Questionnaires:

    • You have the ability to forward a questionnaire to another responsible party prior to your final submission; once a questionnaire is completed (submitted) that questionnaire cannot be re-launched

    • If a questionnaire is forwarded to another party, your identity (original questionnaire recipient) remains linked to the questionnaire

    • If a questionnaire has expired, you will not be able to launch the questionnaire; you will need to contact your Agency Super User to request a reissue of the questionnaire


Helpful tips4

Helpful Tips:

  • Viewing Questionnaires:

    • If you have trouble seeing questionnaire wording. You can click on the magnifying glass in the lower right hand corner of the screen to increase or decrease the screen display

    • Remember to scroll to see the entire screen display

  • The following link will direct you to the presentation on the July 12, 2013

    • http://gta.georgia.gov/egap/state-annual-report-register-starr


When to contact your agency super user

When to contact your Agency Super User

  • Reissue of Expired Questionnaires

  • Resubmit of Questionnaire Attachments

  • Request Copy of Agency Reports


Gta contact information

GTA Contact Information

STARR Admin Support (Tier 1):

Tometrice Strickland - (404) 463-8474

[email protected]

STARR Admin Support (Tier 2):

Hank Oelze - [email protected]

STARR Training:

Louis Hampton - [email protected]

STARR Business Owner:

Teresa Reilly – [email protected]


Questions

Questions


  • Login