Converting policy to reality building campus security programs
Download
1 / 6

- PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

Converting Policy to Reality Building Campus Security Programs. Karl Heins -- Director of IT Audit Services Office of the University Auditor UC Office of the President. Converting Policy to Reality Building Campus Security Programs. Why Security Programs Are Important New Legal Requirements

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - elam


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Converting policy to reality building campus security programs l.jpg
Converting Policy to RealityBuilding Campus Security Programs

Karl Heins -- Director of IT Audit Services

Office of the University Auditor

UC Office of the President

UCCSC


Converting policy to reality building campus security programs2 l.jpg
Converting Policy to RealityBuilding Campus Security Programs

Why Security Programs Are Important

  • New Legal Requirements

    • CA Privacy Law -- SB1386

    • HIPAA

    • SOX

  • Increasing Threats Trends

    • Automation; speed of attack tools

    • Increasing sophistication of attack tools

    • Faster discovery of vulnerabilities

    • Increasing permeability of firewalls

    • Increasing asymmetric threat

    • Increasing threat from infrastructure attacks

  • Increasing Use of Technology

UCCSC


Converting policy to reality building campus security programs3 l.jpg
Converting Policy to RealityBuilding Campus Security Programs

COSO Components for Governance

  • Control Environment

    • Board, Management and Employee commitment to internal controls

  • Risk Assessment

    • Identification and analysis of risk exposures

  • Control Activities

    • Detective Controls

    • Preventive Controls

  • Information and Communication

    • Information is captured and reported timely

  • Monitoring

    • Oversight and evaluation of control effectiveness

    • Reporting and acting on deficiencies

UCCSC


Converting policy to reality building campus security programs4 l.jpg
Converting Policy to RealityBuilding Campus Security Programs

Audit’s Role -- Security’s Role

  • Auditors – Evaluating the effectiveness of control systems, and contribute to ongoing effectiveness. Often a significant monitoring role. Chartered by Board

  • Management, including Security Professionals are responsible for the system of internal controls. As delegated by Board

UCCSC


Converting policy to reality building campus security programs5 l.jpg
Converting Policy to RealityBuilding Campus Security Programs

Work of Auditors

  • Focus on Controls

    • Financial Controls

    • Compliance with Laws, Regulations and Policy

    • Efficiency and Effectiveness

  • Types of Work

    • Audits

    • Investigations

    • Advice and Consultation

UCCSC


Converting policy to reality building campus security programs6 l.jpg
Converting Policy to RealityBuilding Campus Security Programs

Where you do not have Authority, tips to Influence

  • Standing

  • Logic

  • Outside Expert

  • Passion

UCCSC


ad