1 / 10

The Eight Schools Association Security Policy Development

The Eight Schools Association Security Policy Development. INFORMATION SECURITY PRACTICES . Information Assurance Security Technology Security Integration 24x7 Support Training Managed Services. FishNet Security Overview.

foy
Download Presentation

The Eight Schools Association Security Policy Development

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Eight Schools Association Security Policy Development INFORMATION SECURITY PRACTICES Information Assurance Security Technology Security Integration 24x7 Support Training Managed Services

  2. FishNet Security Overview FishNet Security is a focused Information Security Solutions Provider (ISSP). FishNet Security creates solutions that mitigate risk while enabling business. • Fourteen years of experience delivering enterprise solutions and comprehensive service offerings • Established relationships with “best-of-breed” information security partners and vendors • Provide a full suite of information security services • National Security Consulting Organization

  3. FishNet Security – A National Footprint 30 Office Locations Nationwide Western Region Michelle Torrey, EVP Sales Northwest Territory Seattle District San Francisco District Southwest Territory Phoenix District Los Angeles/San Diego District 350 Employees Federal Region David Gilden, EVP Public Sector Neil Van Duinen, VP Sales Eastern Region Holly Thillet, EVP Sales Northeast Territory New York District Boston District Ohio Valley Territory Columbus District Ft. Wayne/Indianapolis District Detroit District Southeast Territory Atlanta District Charlotte District Washington DC District National Infrastructure Group Julio Sanchez, EVP National Infrastructure Group Central Region Mike Bossert, EVP Sales North Central Territory Denver District Chicago District Minnesota District Omaha District South Central Territory Kansas City District St. Louis District Dallas District Houston District Southern Region Mark Tuszynski, EVP Sales South Territory Tallahassee District Tampa District West Palm Beach District

  4. Practice Areas & Solution Offerings FishNet’s practice-based solutions integrate a comprehensive portfolio of security technology services and products, enabling its customers to manage their full lifecycle of information security and risk management needs. Information Assurance: Risk Management & Compliance Security Assessments Identity and Access Management Security Integration: Staff Augmentation Implementation Architecture & Design Reviews Training: Certified Product Vendor Training CISSP Security Awareness Training 24x7 Support/Managed Services: Multi-Product Vendor Phone Support On-site Engineering Support Managed Security Services Security Technologies: Best-of-breed Technologies

  5. Information Security Policy Development Policy Framework Adocumented set of broad guidelines, formulated after an analysis of all internal and external factors that can affect an organization's objectives, operations, and plans. Generally approved by the organization's board of directors, the policy lays down the organization’s planned response to known and knowable situations and circumstances. It also determines the formulation and implementation of strategy, and directs and restricts the plans, decisions, and actions of the organization’s officers in achievement of its objectives.

  6. Information Security Policy Hierarchy

  7. Information Security Policy Development Approach • Our experience has shown that out-of-the-box security policies typically fail for numerous reasons: • They fail to take into account the goals and objectives of the organization. • They are not built in a manner consistent with the organization’s “culture”. • Not involving key stakeholders in the development and approval process lessens the effectiveness of information security policies. • Policies developed in a vacuum limit the ability to audit and enforce compliance.

  8. Information Security Policy Development Approach (con’t) • Key areas for policy development success: • Focus on Best Practice (ISO 27002) • Ensure that regulatory, state law and other requirements are met • FERPA, PCI DSS, Mass 201.CMR17, HIPAA, IRS 990, FTC Red Flags • Ensure stakeholder input and acknowledgement • Develop full policy maintenance lifecycle process • Ownership • Review • Updating • Awareness • Ensure supplementary documentation exists to support policies (e.g. procedures)

  9. Gather executive sponsorship and identify requirements and authoritative sources (i.e., laws, regulations, standards) • Rationalize or harmonize sources and controls Document policies and standards Socialize, approve, and publish Educate the organization via training and awareness campaigns Assess, review, and update sources, policies, and standards Developing Policies and Standards

  10. Open Discussion

More Related