Department of Public Health
|
|
- Morgan Francis
- 6 years ago
- Views:
Transcription
1 PAGE 1 of 13 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: CISSPCISSP/C Distribution: DPH-wide Other: n/a phil.mcdown@sfdph.org 1. POLICY INTENT This document establishes the policy for assembly, functions and organizing a San Francisco Department of Public Health (SFDPH) Information Technology Division Security Incident Response Team. It creates a mechanism and defines roles for responding to serious breaches of Information Security at SFDPH. This policy is intended to comply with those sections of the Code of Federal Regulations that govern HIPAA requirements for Information Security. The section that relates to Security Incident Response is CFR (a)(6). POLICY SCOPE This policy is intended to complement the existing Malicious Software Prevention and Surveillance policy and the Disaster, Contingency and Business Continuity Planning policies. It is also intended to define the mechanism for investigating and remediating security incidents that require actions in excess of day-to-day I.T. operations management and employee disciplinary procedures (refer to the Security Violation, Discipline and Sanctions Policy). History has shown that a malware incident that exceeds local I.T. staff s ability to control and remedy is the most likely type of event to require Enterprise-wide action. For this reason, the text of this policy reflects the assumption that a malware crisis is the type of event to be dealt with. However the roles, procedures and actions defined and specified are adaptable to other types of crisis and would be part of SFDPH-IT s overall response to a natural disaster or other pervasive event. DEFINITIONS Unusual Occurrence: Any event that is considered to be out of the ordinary or disruptive to the normal
2 PAGE 2 of 13 conduct of business affairs, that should be reported and investigated to determine the facts and the appropriate response. For the purposes of this document, Unusual Occurrences (UO s) that can be normally reported and dealt with under other existing policies and regulations (e.g., JCAHO) or which can be dealt with using day-to-day I.T. operations management, trouble-shooting and employee disciplinary procedures, are excluded from this policy. Developing Situation: For the purposes of this policy, a Developing Situation is an IT related UO that persists in the face of normal remedial measures or which is duplicated in more than one portion of the Enterprise (e.g., at SFGH and LHH simultaneously). It may be an OU that is spreading or has negative impacts beyond localized or initial ones. Developing Situations require increased surveillance and communications support and decision-making beyond the I.T. staff s normal scope. Malware Alert: For the purposes of this policy a Malware Alert Situation is one where actual Malware activity has been detected or a widespread vulnerability to a particular threat has been identified. In such situations central communications and coordination of the Enterprise-wide remediation efforts is the primary need. Emergency: For the purposes of this policy an Emergency is a Developing situation has escalated to the point where local, limited efforts to control, contain or stop it no longer work and major negative impacts on Enterprise business operations are being experienced or a Malware Alert Situation that impacts the entire Enterprise and the remedial activities to mitigate it will require coordination of efforts throughout the Department. If a coordinated division-wide approach becomes necessary is the point at which Incident Response shifts into the mode of Emergency Response and may include Disaster Recovery. C 3 : Command, Communications and Control The critical functions necessary to operate in response to an incident that has evolved into a situation, emergency or disaster. 2. POLICY STATEMENTS The SFDPH Information Technology Division shall create and maintain rosters of Incident
3 PAGE 3 of 13 Response roles to be assumed by its staff when responding to a Security Incident or larger scale disaster situation. The roles on the roster are to be filled by volunteers and management-selected staff who have the particular skill-sets required to perform the role for which they have volunteered or been assigned. During Incident or Emergency Response training or drills, these staff members will rehearse the roles for which the roster has them designated. When assigning the roles on the roster, each role must have at least two staff assigned to perform it and that at least one of those staff members resides where there is direct surface travel access to the Data Center (i.e., with no intervening bridges or ferry travel). 2.1 Developing Situation Roles: Developing Situations require increased surveillance, communications support and decision-making beyond the I.T. staff s normal scope. This requires that certain staff members assume roles outside of their normal I.T. operational responsibilities Data Collection, Analysis and Communication Collecting information about a developing malware situation and using various reporting mechanisms (e.g., Help Desk tickets), tools (logs, IDS/IPS, Qualys scans) and industry alerts to track developments and trends and to inform and alert management or a Command Center when a worsening trend appears to be occurring. This is essentially an extension and enhancement of the day-to-day malware prevention and surveillance process (refer to the Malicious Software policy) and may use the same staff Decision Making I Management Determination of: Which and how many resources to reallocate to the response. When a developing situation exceeds the capabilities of local response. Whether to declare an Emergency. 2.2 Malware Alert Situation Roles: When Malware activity or a significant widespread vulnerability are detected, a Malware Alert occurs, such situations require surveillance,
4 PAGE 4 of 13 investigation/decision-making, notification/communication and focused remedial activities that are within the I.T. staff s normal scope but become higher than each staff member s normal dayto-day top priorities Surveillance/Detection Malware activity and vulnerabilities are either detected by one or more of the existing surveillance tools (e.g., Trend, Qualys-Scan, Damballa etc.) or by system behavior that is reported to IT Technical Staff or the Help Desks Investigation Assigned staff research the extent of the activity and readily available remedial steps or tools Notification A select group of senior technical staff have been designated to be the Malware First Response team (refer to Appendix A) who are alerted by the Surveillance Team, who maintain and monitor the Detection tools. Depending on whether the detected activity or threat is localized, the Surveillance team notifies specific locations team members or sends out an Enterprise alert via , with follow-up by phone as appropriate Remediation On-site staff locate the affected devices and perform the recommended remedial actions (e.g., patching, disconnecting from the network, re-imaging etc.) and report back to the Incident Response team leads Communication Following issuing an alert, the Surveillance team, led by the Information Security Taskforce Chair person, coordinates the remediation efforts and collects results reports. 2.3 Emergency Response Roles: Developing Situations can evolve unpredictably into true emergency situations which require more frequent decision making, coordination of diverse activities, enhanced communications support and monitoring of the situation s extent and rate/direction of change - this will require that most I.T. staff members assume roles utilizing skill sets that may not be in their normal job description (Refer to the All-Hands list in Appendix A):
5 PAGE 5 of Decision-Making II Management assumes control of the Incident Response effort and determining: Whether to declare an emergency. When to activate other Incident Response Roles. When to initiate 24 by 7 and/or 12-hour shift operations Centralized Response Communication and Coordination Collecting, collating and analyzing information from malware-response related activities throughout the Enterprise. Communicating with vendors and consultants. Disseminating (as a single authoritative source) information on news, tools found and recommended, current virus/patch/repair engine versions, where to obtain them and other necessary information. Retaining a record of communications including s so that the events can be reconstructed after the fact Affected Device Detection and Targeting Compiling the available information and reporting it to the decision-maker(s), including: Determining which devices, nodes, applications, subnets etc. are affected. How the infestation is manifesting. The affected devices Anti Virus, patch etc. status. The affected devices identification (device name, device type, IP address, MAC address, subnet location, etc.). The affected devices physical location, network connection and operational status.
6 PAGE 6 of 13 Locally responsible parties. Retaining a record of communications including s so that the events can be reconstructed after the fact Situation Status Monitoring and Reporting Compiling and reporting the information to the decision-maker(s) and central communications and coordination for determining progress in the response effort, including: Monitoring overall trends - number of existing infestations cleaned up, new ones appearing etc. Hot spots Operational impacts and priorities Retaining a record of communications including s so that the events can be reconstructed after the fact Response Strike Team Personnel who are organized and dispatched to specific locations to reinforce local efforts and/or to complete one or more response-related tasks, such as: Mass cleaning/removing of malware and restoration of operating systems and applications Mass (re)hardening of devices that requires hands-on intervention Providing technical skills or knowledge not present in the local I.T. staff Providing coordination and communication of strike team activities 2.4 Post Response Roles: After the Incident or Emergency has been controlled or alleviated, systems reimaged, several other actions need to take place: Decision Maker(s) Need to determine when and how to declare an end to the incident
7 PAGE 7 of STANDARDS or emergency Role Players Especially those with data collection, communication, tracking and coordinating duties; need to assemble the event history data, perform a post-mortem analysis of causes and vulnerabilities that were exploited and report their findings to management and the Security Taskforce Strike Teams May be required to continue clean-up and restoration activities until the entire environment has been restored to stability and complete functionality Duties of Response Team: As required by the circumstances of the incident, the Response Team may be required to do any or all of the following: Initial Evaluation and Damage Control Rapid determination of the general nature and extent of the malware incident: changes in functionality, loss of data, system damage or malfunction and taking immediate action to halt or limit the effects and/or stop them from spreading Diagnosis More detailed analysis of the problem, focusing on precise determination of the nature, cause and extent of the problem and location and evaluation of options for remediating it or preventing it from spreading to unaffected systems Forensics Reconstruction and analysis of the events and symptoms (electronic and/or physical) that led to the determination that an incident was occurring or had occurred. The primary focus of this activity is to identify the vulnerabilities that permitted the incident to occur and define remedial and/or preventative actions to be taken to avoid recurrences. The secondary focus is the identification of causative persons or agencies in order to take appropriate action to deter reoccurrences Solution Investigation and Communications Using vendor contacts, the internet and
8 PAGE 8 of 13 other resources to seek out and obtain diagnostic and cleaning tools, patches and procedures Cleaning, Repair and Restoration The process of removing malware, bringing the system up to a properly hardened state (refer to the Anti-malware Policy), repairing the malware induced damage and restoring or improving systems and data to their state of currency, functionality and integrity prior to the incident Follow-up and Reporting Debriefing the team and other participants who responded to the incident or were involved in the incident response and recovery activities. Reporting to management: The conditions and vulnerabilities that led to the incident and its probable cause. The timeline and events of the incident and the response. The resolution of the incident what was done and the final result. Lessons learned. Recommendations for prevention of repetition Makeup of Response Team: As required for the actions appropriate to the circumstances of the incident (see 3.1), Response Team(s) may include any or all of the following classifications or personnel: An overall Response Effort commander to run the Command Center and direct and coordinate communications and the activities of the local and strike team response activities An onsite leader for local or strike team operations The System and Network Engineers and Administrators responsible for the hardware, software and network components involved in the incident.
9 PAGE 9 of Other System and Network Engineers, Administrators, Analysts and other I.T. staff with needed skill sets or experience or representing other involved or concerned sites (As appropriate) A representative of the system and network hardware vendor(s) (As appropriate) A representative of the application software vendor (As appropriate) A representative of the (current) Hardware Maintenance contractor (As appropriate) A representative of the Firewall Security contractor Makeup of Extended Response Staff - An Extended Staff may be required in extreme circumstances, and may include persons from other agencies as warranted by the incident circumstances, such as: 4. RESPONSIBILITIES Representative(s) of SFDT if the incident involves, or potentially involves City-wide systems or data Representative(s) of HR and/or the City Attorney s Office if severe personnel sanctions and/or civil legal action is a possibility Representatives of the Police Department if the incident may have been caused by or result in criminal action Representatives of the FBI or the Homeland Security Agency if the incident may have been caused by or result in interstate or international illegal, criminal or terrorist action(s) SFDPH Executive Management is responsible for:
10 PAGE 10 of Developing, reviewing, approving and publishing Incident Response policy and its associated standards and guidelines Delegating authority to the Response Team to use specified management powers and prerogatives in the course of their duties Establishing Standards and Guidelines for the Enterprise-wide application of this policy, including but not limited to: Composition of the Team, including authorizing previously undefined job descriptions and classifications Types of situations requiring team response Specific sanctions for parties found culpable in security incidents Coordinating Incident Response Procedure development and implementation efforts across divisional lines DPH Chief Information Officer/Chief Information Security Officer is responsible for: Reviewing and recommending to management all exceptions to Security Incident Response policy In the absence of a separately appointed person performing the role of Incident Response Team Leader (see 4.4) Directing and overseeing the development of standards and procedures for Incident Response activities: Ensuring the technical security of the SFDPH Data Network. He/she is responsible for implementing Incident Response policy and providing the detailed monitoring, and
11 PAGE 11 of 13 enforcement tools and procedures Performing or delegating the role of Incident Response Team Leader or general oversight of ad-hoc Incident Response Teams which are composed of technical staff Overseeing the maintenance of the Incident Response Roles Roster and determining the assignment of DPH-IT staff to fill the roles in the event of and Incident Directing the development, planning and staging training, practices and drills to prepare DPH-IT staff for actual Incident Response when called for SFDPH Information Technology (DPH-IT) is responsible for: Providing the personnel for implementing Security Incident Response Policy including providing the system engineers and other technical members of the team Appointing Authority / Local-Unit Management is responsible for: Assigning workforce members job duties: Including avoiding security policy violations, preventing security incidents and reporting possible incidents that they may become aware of First-level investigation and reporting of possible incidents reported by their staff Establishing local operational standards and procedures for the avoidance, detection and reporting of malware incidents Workforce members are responsible for: Protection of the information that has been entrusted to their care. The avoidance, detection and reporting of security incidents as part of their day-to-day responsibilities..
12 PAGE 12 of Participating in SFDPH provided training and orientation sessions and events regarding Security Incident detection and reporting Vendors or Contractors are responsible for: Instructing their SFDPH workforce members of their responsibilities to comply with the goals of the SFDPH internal security policies Permitting necessary access to their workforce and facilities to the Response Team. 5. PENALTIES FOR VIOLATIONS: 5.1. General Workforce Violations: Violation of published Information Security Policy, standards, guidelines, rules or procedures are subject to the same progressive discipline processes and sanctions as any other violation of the terms and conditions of employment at SFDPH Individual Non-Employee and Third Party Workforce Violations: Violation of published Information Security Policy, standards, guidelines, rules or procedures by persons employed through a third party or otherwise not subject to the progressive discipline processes and sanctions of the terms and conditions of employment at SFDPH are subject to the sanctions provided under the terms and conditions of the agreement(s) whereby their services are provided Trusted Workforce member Violations: Managers, System Engineers, System Administrators and other classifications who are given greater than routine access to and control of critical information systems and data may be subject to stricter standards of security behavior and more abrupt and stringent penalties in the case of violations 5.4. Contractor and Third Party Entity Violations: In addition to the individual sanctions noted in 2.1 and 2.2 above, third party organizations, business entities and others who are contractually required to comply with SFDPH Security Policies and standards may be subject to specified monetary fines or penalties or termination of the agreement as required for by the written
13 PAGE 13 of 13 contract and criminal penalties provided for in the applicable laws and regulations. 6. ATTACHMENTS: Procedures to be developed and documented 6.1. Appendix A Incident Response Team Composition and Escalation Procedures. This appendix, for reasons of keeping up-to-date with staffing additions and removals as well as changing role assignments, is maintained in a separate document.
Department of Public Health O F S A N F R A N C I S C O
PAGE 1 of 7 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 9 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationStandard for Security of Information Technology Resources
MARSHALL UNIVERSITY INFORMATION TECHNOLOGY COUNCIL Standard ITP-44 Standard for Security of Information Technology Resources 1 General Information: Marshall University expects all individuals using information
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationINFORMATION SECURITY-SECURITY INCIDENT RESPONSE
Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 9 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationContingency Planning
Contingency Planning Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill Procedures are required that will permit
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Contingency Planning Jan 22, 2008 Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationTSA/FTA Security and Emergency Management Action Items for Transit Agencies
TSA/FTA Security and Emergency Management Action Items for Transit Agencies AACTION ITEM LIST Management and Accountability 1. Establish Written System Security Programs and Emergency Management Plans:
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationINFORMATION SECURITY- DISASTER RECOVERY
Information Technology Services Administrative Regulation ITS-AR-1505 INFORMATION SECURITY- DISASTER RECOVERY 1.0 Purpose and Scope The objective of this Administrative Regulation is to outline the strategy
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationComputer Security Incident Response Plan. Date of Approval: 23-FEB-2014
Computer Security Incident Response Plan Name of Approver: Mary Ann Blair Date of Approval: 23-FEB-2014 Date of Review: 31-MAY-2016 Effective Date: 23-FEB-2014 Name of Reviewer: John Lerchey Table of Contents
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationSeven Requirements for Successfully Implementing Information Security Policies and Standards
Seven Requirements for Successfully Implementing and Standards A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information
More informationIntegrating HIPAA into Your Managed Care Compliance Program
Integrating HIPAA into Your Managed Care Compliance Program The First National HIPAA Summit October 16, 2000 Mark E. Lutes, Esq. Epstein Becker & Green, P.C. 1227 25th Street, N.W., Suite 700 Washington,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationIncident Response. Is Your CSIRT Program Ready for the 21 st Century?
Incident Response Is Your CSIRT Program Ready for the 21 st Century? Speaker Bio Traditional Response Concepts Technical Incidents Requiring Technical Responses Virus/ Malware Network Intrusion Disaster
More informationMember of the County or municipal emergency management organization
EMERGENCY OPERATIONS PLAN SUUPPORT ANNEX B PRIVATE-SECTOR COORDINATION Coordinating Agency: Cooperating Agencies: Chatham Emergency Management Agency All Introduction Purpose This annex describes the policies,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationIncident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationLakeshore Technical College Official Policy
Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationT11: Incident Response Clinic Kieran Norton, Deloitte & Touche
T11: Incident Response Clinic Kieran Norton, Deloitte & Touche Incident Response Clinic Kieran Norton Senior Manager, Deloitte First Things First Who am I? Who are you? Together we will: Review the current
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More information2 ESF 2 Communications
2 ESF 2 Communications THIS PAGE LEFT BLANK INTENTIONALLY Table of Contents 1 Introduction... 1 1.1 Purpose and Scope... 1 1.2 Relationship to Other ESF Annexes... 1 1.3 Policies and Agreements... 1 2
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationPROCEDURE COMPREHENSIVE HEALTH SERVICES, INC
PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC APPROVAL AUTHORITY: President, CHSi GARY G. PALMER /s/ OPR: Director, Information Security NUMBER: ISSUED: VERSION: APRIL 2015 2 THOMAS P. DELAINE JR. /s/ 1.0
More informationCyber Resilience - Protecting your Business 1
Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationPTLGateway Data Breach Policy
1 PTLGateway Data Breach Policy Last Updated Date: 02 March 2018 Data Breach Policy This page informs you of our policy which is to establish the goals and the vision for the breach response process. This
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationINFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES
INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES 1. INTRODUCTION If you are responsible for maintaining or using
More informationInformation Security Data Classification Procedure
Information Security Data Classification Procedure A. Procedure 1. Audience 1.1 All University staff, vendors, students, volunteers, and members of advisory and governing bodies, in all campuses and locations
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationDISASTER RECOVERY PRIMER
DISASTER RECOVERY PRIMER 1 Site Faliure Occurs Power Faliure / Virus Outbreak / ISP / Ransomware / Multiple Servers Sample Disaster Recovery Process Site Faliure Data Centre 1: Primary Data Centre Data
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationLaguna Honda Hospital and Rehabilitation Center. Security Management Plan
Laguna Honda Hospital and Rehabilitation Center Security Management Plan 2018-2019 REFERENCES California Code of Regulations, Title 8, Sections 8 CCR 3203 et seq. California Code of Regulations, Title
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationMANAGEMENT OF INFORMATION SECURITY INCIDENTS
MANAGEMENT OF INFORMATION SECURITY INCIDENTS PhD. Eng Daniel COSTIN Polytechnic University of Bucharest ABSTRACT Reporting information security events. Reporting information security weaknesses. Responsible
More informationData Backup and Contingency Planning Procedure
HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationImplementing an Audit Program for HIPAA Compliance
Implementing an Audit Program for HIPAA Compliance Mike Lynch Fifth National HIPAA Summit November 1, 2002 Seven Guiding Principles of HIPAA Rules Quality and Availability of Care Nothing in the proposed
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationDATA BREACH NUTS AND BOLTS
DATA BREACH NUTS AND BOLTS Your Company Has Been Hacked Now What? January 20, 2016 Universal City, California Sponsored by Hogan Lovells Moderator: Stephanie Yonekura, Hogan Lovells #IHCC16 Panelists:
More informationTexas Health Resources
Texas Health Resources POLICY NAME: Remote Access Page 1 of 7 1.0 Purpose: To establish security standards for remote electronic Access to Texas Health Information Assets. 2.0 Policy: Remote Access to
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationInformation Security Incident Response and Reporting
Information Security Incident Response and Reporting Original Implementation: July 24, 2018 Last Revision: None This policy governs the actions required for reporting or responding to information security
More informationSecurity Incident Management in Microsoft Dynamics 365
Security Incident Management in Microsoft Dynamics 365 Published: April 26, 2017 This document describes how Microsoft handles security incidents in Microsoft Dynamics 365 2017 Microsoft Corporation. All
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More information6.6 INCIDENT RESPONSE MANAGEMENT SERVICES (INRS) (L )
6.6 INCIDENT RESPONSE MANAGEMENT SERVICES (INRS) (L.34.1.6) Qwest INRS provides Agencies with a proven, reliable set of people, processes and tools to effectively prepare for and respond to computer security
More informationHIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED
HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HEALTHCARE ORGANIZATIONS ARE UNDER INTENSE SCRUTINY BY THE US FEDERAL GOVERNMENT TO ENSURE PATIENT DATA IS PROTECTED Within
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationCIP Cyber Security Security Management Controls. A. Introduction
CIP-003-7 - Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-7 3. Purpose: To specify consistent and sustainable security
More informationTable of Contents. PCI Information Security Policy
PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology
More informationThe CISO is the owner of the vulnerability management process. This person designs the process and ensures is implemented as designed.
University of Alabama at Birmingham VULNERABILITY MANAGEMENT RULE May 19, 2017 Related Policies, Procedures, and Resources Data Protection and Security Policy Data Classification Rule 1.0 Introduction
More informationRailroad Infrastructure Security
TRB Annual Meeting January 14, 2002 Session 107 - Railroad Security William C. Thompson william.thompson@jacobs.com 402-697-5011 Thanks to: Bob Ulrich Dr. William Harris Byron Ratcliff Frank Thigpen John
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationOhio Supercomputer Center
Ohio Supercomputer Center Security Notifications No: Effective: OSC-10 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original Publication
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCOMMENTARY. Information JONES DAY
February 2010 JONES DAY COMMENTARY Massachusetts Law Raises the Bar for Data Security On March 1, 2010, what is widely considered the most comprehensive data protection and privacy law in the United States
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More informationDETAILED POLICY STATEMENT
Applies To: HSC Responsible Office: HSC Information Security Office Revised: New 12/2010 Title: HSC-200 Security and Management of HSC IT Resources Policy POLICY STATEMENT The University of New Mexico
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More information