Going Paperless & Remote File Sharing

Similar documents
Vendor Security Questionnaire

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

You ve Been Hacked Now What? Incident Response Tabletop Exercise

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Subject: University Information Technology Resource Security Policy: OUTDATED

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

SECURITY & PRIVACY DOCUMENTATION

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services

Information Security Management Criteria for Our Business Partners

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Identity Theft Prevention Policy

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Information Technology General Control Review

Cell and PDAs Policy

Information Security Incident Response Plan

Information Technology Procedure IT 3.4 IT Configuration Management

Information Security Incident Response Plan

Cybersecurity in Higher Ed

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Security and Privacy Breach Notification

HIPAA Compliance Checklist

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Credit Card Data Compromise: Incident Response Plan

Checklist: Credit Union Information Security and Privacy Policies

Security Breaches: How to Prepare and Respond

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

E-Security policy. Ormiston Academies Trust. James Miller OAT DPO. Approved by Exec, July Release date July Next release date July 2019

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.

Information Security Data Classification Procedure

IT risks and controls

Data Backup and Contingency Planning Procedure

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15

University of Pittsburgh Security Assessment Questionnaire (v1.7)

CCISO Blueprint v1. EC-Council

Business continuity management and cyber resiliency

Data Privacy Breach Policy and Procedure

Maher Duessel Not for Profit Training July Agenda

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

NMHC HIPAA Security Training Version

HIPAA and HIPAA Compliance with PHI/PII in Research

What is a Breach? 8/28/2017

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Information Security Incident

Information Security Policy

Apex Information Security Policy

Information Technology Standards

BASELINE GENERAL PRACTICE SECURITY CHECKLIST Guide

Understanding IT Audit and Risk Management

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

Red Flags/Identity Theft Prevention Policy: Purpose

Business Continuity Planning

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Department of Public Health O F S A N F R A N C I S C O

LifeWays Operating Procedures

Post-Secondary Institution Data-Security Overview and Requirements

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

HIPAA Compliance and OBS Online Backup

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

Altius IT Policy Collection Compliance and Standards Matrix

The Common Controls Framework BY ADOBE

PTLGateway Data Breach Policy

Department of Public Health O F S A N F R A N C I S C O

HIPAA RISK ADVISOR SAMPLE REPORT

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

An Introduction to the ISO Security Standards

LCU Privacy Breach Response Plan

Baseline Information Security and Privacy Requirements for Suppliers

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Information Security BYOD Procedure

Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015

Altius IT Policy Collection Compliance and Standards Matrix

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Employee Security Awareness Training Program

STATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union)

Overview of Presentation

RISK ASSESSMENTS AND INTERNAL CONTROL CIS CHARACTERISTICS AND CONSIDERATIONS CONTENTS

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

7.16 INFORMATION TECHNOLOGY SECURITY

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Internal Audit Report DATA CENTER LOGICAL SECURITY

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

CITY OF MONTEBELLO SYSTEMS MANAGER

ACM Retreat - Today s Topics:

UTAH VALLEY UNIVERSITY Policies and Procedures

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

Data Compromise Notice Procedure Summary and Guide

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Transcription:

Going Paperless & Remote File Sharing Mary Twitty Family Services Director Earnest L. Hunt-Director of Sub-recipient Monitoring Tammy Smith Program Director

Introduction Define the subject matter Move from paper files to electronic files Protection/security of electronic information State what the audience will learn Understanding of electronic filing Planning to move paperless Find out if audience members have relevant backgrounds or interests

Agenda Why go paperless TDHCA Compliance Federal Guidance Planning Who needs to get involved Security Remote File Sharing

Overview Give the big picture of the subject Explain how all the individual topics fit together TDHCA TAC Board Auditor Planning Capacity Timeline What Next

Why Would You Go Paperless Benefits Challenges

TAC(Compliance) This is the current guidance on TDHCA website for information security. It s not codified: http://www.tdhca.state.tx.us/security -guidelines.htm

TAC 10 Part 1 Chapter 5 SubChapter Rule 5.18 (a) Subrecipients are encouraged to follow the Information Technology Security Practices and Guidelines to help protect and control financial and performance data associated with the Texas Department of Housing and Community Affairs (TDHCA) programs. (b) Information Technology Security Practices and Guidelines may be obtained by accessing the TDHCA Web site at www.tdhca.state.tx.us.

TAC Title 10 Part 1 Chapter 1 Subchapter A Rule 1.25 (a) Definitions. The following words and terms, when used in this subchapter, shall have the following meanings, unless the context clearly indicates otherwise. (1) Affiliate--Shall have the meaning assigned by the specific program or programs described in this title. (2) Department--The Texas Department of Housing and Community Affairs. (3) Protected Health Information--As defined in 45 CFR 160.103. (4) Subrecipient--Includes any entity receiving funds or awards from the Department. (b) If Subrecipients or Affiliates collect or receive Protected Health Information in the course of administering Department programs, they are required to follow the procedures in Texas Health and Safety Code, Subtitle I, Chapter 181. (c) A nonprofit agency is exempt from this subchapter, unless the nonprofit's primary business is the provision of health care or reimbursement for health care services.

Paperless Process Develop a plan of action with timelines to ensure that you obtain the needed outcomes, including: Stakeholders Technological capacity New operating procedures Protection of information

Stakeholders Auditor Discuss testing requirements Board Develop a plan of action for the Board Staff Create a training plan and operating procedures.

Stakeholders-cont. Funding Sources Approval needed? Clients/participants Notification of the change in storing their information. Lose of information Commercial software vendor

Agency Capacity Technology Capacity Computers Network Software Storage Information Security

Information Technology (IT) Security Practices and Guidelines The Texas Department of Housing and Community Affairs (TDHCA) created this set of IT practices to provide subrecipients with guidance on how to safeguard financial and performance data associated with TDHCA programs. For additional information, please contact the TDHCA Information Systems Division.

Security Practices and Guidelines Disclaimer: TDHCA is responsible for safeguarding the data you enter into TDHCA systems. TDHCA is in not responsible for the hardware, software, or data owned or maintained by other organizations.

Identify Critical IT Assets First, ensure that the inventory of the software, hardware, systems, and data in your organization is up to date. Then determine what components constitute your critical IT assets. At a minimum, those components that are used to track financial and performance data associated with TDHCA programs will be considered critical IT assets.

Risk Assessment Perform a Risk Assessment: Find and document the vulnerabilities associated with critical IT assets. Some examples of vulnerabilities include: Theft or disaster. Accidental deletion of files; terminated employees purposely destroying data. Internet exploits, system hackers, viruses. Critical data stored on individual PCs, without redundant hard drives or backups maintained offsite.

Risk Assessment Site-specific vulnerabilities (i.e. available hardware, software, and personnel) dependent on an organization s cost constraints. Loss of portable computing devices such as USB flash drives, laptops, memory cards, and PDAs. Vulnerabilities associated with wireless networking.

Risk Assessment Measure your ability to control the vulnerabilities that you document, and identify areas that have a high risk of compromise Estimate the costs of minimizing risks, and conduct a cost/benefit analysis to make a determination of where you will implement security controls and where there are acceptable risks.

Establish a Written IT Security Policy Apply a written IT security policy to your software, hardware, systems, networks, data, and personnel. At a minimum, your written IT security policy should address your critical IT assets and factor in the results of your risk assessment.

IT Security Policy Your IT security policy should be tailored to the size and resources of your organization. Some policies that apply to organizations maintaining networked resources that share an Internet connection may not apply or may be different for an organization that consists of one or two people using a PC with an Internet connection. The key elements that should be considered in your IT security policy:

IT Security Policy Physical Security Account Management Passwords Patching Servers and Workstations Virus Protection Firewalls Wireless Portable Computing Devices Backup and Recovery

Federal Guidance Office of Management and Budget Memorandum # M-17-12 Preparing for and responding to a breach of Personally Identifiable Information

Breach of Information Personally Identifiable Information (PII) Information that can be used to distinguish or trace and individual's identity either alone or when combined with other information, e.g. name, address, phone number, email address, social security number, or any other identifying number or code etc.

Breach of PII The loss of control, comprise, unauthorized disclosure, acquisition or any similar occurrence where a person other than an authorized user accesses or potentially accesses personally identifiable information An authorized user accesses or potentially accesses personally identifiable information for an other that authorized purpose

Breach of PII Network intrusion Lost or stolen laptop or portable device E-mail sent to the wrong person Documents lost or stolen Selling of information by an authorized person for personal again or embarrassment.

Breach of PII Develop a Breach Response Plan A formal document that includes the agency s policies and procedures for reporting, investigating and managing a breach. Review your contract with your commercial software vendor.

Remote File Sharing Select File Sharing site Google Drive Microsoft One Drive Apple icloud Drive Idrive SugarSync Dropbox

Remote File Sharing Free Vs. Paid Free Account Size Limitations on storage Limitations on size of files, Good for a time based trial Editing Rights Cloud Based Document Search by file name Paid Account User Selects options for storage 24/7 Support No ads Multi Level Security Version Control Full text and context search

Remote File Sharing What could possibly go wrong? Human error accounts for a good deal of cloud storage tragedies, but the dropped internet connection is another common troublemaker. Ask around (or just look through our review comments), and you'll hear sad stories of how cloud storage can go wrong. One of the benefits of paying for an account is that it usually comes with additional support from the provider, so if anything does go wrong, you can get someone on the phone to help you resolve the issue.

Remote File Sharing There are many other reasons to pay for cloud storage, from getting a lot more space (a terabyte really doesn't cost all that much anymore) to being able to upload really big files. That last benefit is relevant to graphic designers, video editors, and other visual artists who often host enormous files. Other perks of paying for your cloud storage often include increased access to file-version history

Remote File Sharing (meaning you can restore an important business proposal to the version you had before your colleague made a bunch of erroneous changes), more security, or more features for collaboration and working with teams.

Implementation of Timeline Take 6-8 months to plan Develop a written plan with policies and procedures Train, Train, Train staff and Board Hire a certified IT specialist

Summary Questions

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback