• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Risk Management PowerPoint Presentation
 

Risk Management PowerPoint Presentation

on

  • 1,314 views

 

Statistics

Views

Total Views
1,314
Views on SlideShare
1,313
Embed Views
1

Actions

Likes
0
Downloads
28
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Risk Management PowerPoint Presentation Risk Management PowerPoint Presentation Presentation Transcript

    • Office of the Chief Information Officer Information Technology Strategic Plan Quic kT ime™ and a T IFF (Uncompress ed) decompress or are needed to s ee this pi cture. Refresh Project Risk Management Initiatives July 10, 2007
    • Office of the Chief Information Officer Approach • Strategic initiatives examined to determine – What has been accomplished – What has not been accomplished – What remains to be accomplished – Next steps and new directions • Meetings to be held through autumn – Leadership initiatives covered on May 21 – Go to http://cio.osu.edu/planit/refresh07.html for podcast, transcript and meeting summary
    • Office of the Chief Information Officer Subsequent Meetings  Network Access and Storage -
Network Access and Quality and Research Administration and Infrastructure  Learning Environments -
eLearning, Learning Environments, and Knowledge Bank  Training and Support
- Information Literacy,User IT Support, Faculty IT Support, and Staff Education and Training  Enterprise Resource Planning (ERP) Systems - 
Data Warehouse and Student Information Systems
    • Office of the Chief Information Officer Business Continuity Planning • Create a new program to plan for the recovery and resumption of normal academic and business operations following an adverse event.
    • Office of the Chief Information Officer Achievements • In FY 04 OBR awarded $216,000 to Ohio State and University of Cincinnati for disaster recovery; $257,000 from Third Frontier in FY 05 • Provided OU, Toledo, Shawnee State, Miami, Wright State, Youngstown State, Akron and Cleveland State with ―warm‖ site space • Upgraded data storage for eMaterials • Completed major power upgrade at KRC
    • Office of the Chief Information Officer Achievements • Offered off-site backup service to university • Began hosting services for colleges and departments • Implemented a redundant data network • Upgraded disk storage facilities
    • Office of the Chief Information Officer Achievements • CIO received $100,000 cash for business continuity startup planning from FY04 new funding • FY05 funded $208,000 in cash and added staff • Deployed Strohl planning software and launched work groups for individual BCPs – Business and Finance, CFAES, Lima Campus, Newark Campus, Office of the CIO, Office of Human Resources, Student Affairs, and others
    • Office of the Chief Information Officer Achievements • Assisted with the university’s pandemic planning initiative, including three large- scale tabletop exercises • Completed pandemic flu plans for CIO areas • Led effort to form BCP Federation of nine Ohio IUC Universities
    • Office of the Chief Information Officer OSU Enterprise Continuity Management
    • Office of the Chief Information Officer Primary Objectives • Save lives, revenue, reputation • Control chaos; improve reactions • Limit negative effect of damages • Reduce recovery time / costs • Bottom line: Keep the University operational – (43% of businesses experiencing a major disruption never resume – 51% shut down within 2 years)* *Source: U.S. Bureau of Labor and Statistics
    • Office of the Chief Information Officer Potential Secondary Benefits* • Closer alignment with business goals • Increased credibility • Improved customer service / loyalty • Quality improvements • Expense reduction • Transparency of costs and benefits • [Team building] • [Eliminated / mitigated risks] • [Improved budget planning / justification] *Source: Continuity Insights and HP’s Executive Business Continuity Study (2005)
    • Office of the Chief Information Officer Central Program Office Integration Risk Management A Reputation Emergency Management Management E ECM CPO B Continuity Management D C Stakeholder Disaster Recovery Management Note: While each one of the areas has interactions with every other area, they are not depicted here.
    • Office of the Chief Information Officer Anticipated Planning Lifecycle FOUNDATION: BUSINESS ASSETS, RISKS, SEM Plan PROCESSES & FULL Plans (Phase 1) (Phase 2) (Phase 3) 3 months 3 months 3 months 5 — 10 departments in each phase at any given time Ongoing Maintenance  Department owns and maintains plan(s)  Department runs yearly exercises  ECM Office sends update reminders and provides support as needed
    • Office of the Chief Information Officer BCP Federation Members • Cleveland State University • Miami University • Northeastern Ohio Universities College of Medicine • Ohio University • The Ohio State University • The University of Akron (WIP) • The University of Toledo • Wright State University • Youngstown State University • {1-2 more in next two years?} New Orleans, LA Hurricane Katrina, 2005
    • Office of the Chief Information Officer Brief OSU ECM History • External auditors: OSU must undertake enterprise continuity planning • Planning software: – Purchased in 2003 – Customized and put into production 2004 • Pilot groups started 09/04 • Key operational units started 04/05 • Pandemic flu planning initiative 05/06 • President’s Cabinet 4-year rollout recommendation 01/07 • Current staffing = 2 FTEs • Current budget = $250,000 all-cash, annually funded – Software (total cost shared by members of BCP Federation) – Salaries (portion of cost shared by members of BCP Federation)
    • Office of the Chief Information Officer On Deck (next quarter) Phase One Phase Two Phase Three Active Maintenance / Exercise SA SA IT SA SA Student Services Student SA Bus SA HR Blackwell CIO KRC CIO TNC Advocacy (Including Health Services / Pfahl Center BuckID) Services SA SA CFAES Career Counslng CIO Main & CIO ATS Connecti & Consult TELR Wooster on Services SA OHR OHR OHR Housing Payroll HRITS Benefits OHR OHR Child Lima Campus Executive OHR Central Care Leadership MHCS Admin Center SA SA Dining Hospitalit Services y - Drake On Deck (in discussion) Total Number of Current Groups = 21 RF RF SA SA ULAR TBD Pilot Schott Facilities (Maximum number of work groups for 2FTEs with no additional SA SA responsibilities = 40) OSC / CFAES Sports Sports OARNet County and Rec and Rec Central Satellite Square = Dashed 4 hours circle = SA OHR every 2 Train the Hospitalit UR / FYE Consultat weeks trainer y- TTT ion Fawcett Rectangle = 8 hours every 2 weeks
    • Office of the Chief Information Officer
    • Office of the Chief Information Officer Business Continuity Planning: Where to go from here? • What has not been accomplished • What remains to be accomplished • Next steps and new directions
    • Office of the Chief Information Officer Cybersecurity • Part 1 - Increase campus awareness of security issues, practices, professional ethics and responsibility. • Part 2 - Develop and implement campus Cybersecurity and Cyberresponsibility strategies and guidelines to secure the campus network and protect critical information technology resources, assets, and processes. • Part 3 - Better secure the central Ohio State University data network from both external and internal threats.
    • Office of the Chief Information Officer Achievements Resource Re-Alignment • Changed reporting lines for Network Security staff and appointed director of cybersecurity • Provided a staff member to Internet2 to develop Shibboleth and SAML - key to identity federation
    • Office of the Chief Information Officer Achievements Part 1 (Awareness) • CIO launched safecomputing.osu.edu in 2003 • CIO reallocated resources to start security training workshops and hired a Security Outreach Specialist • Began offering Security for Non-IT Managers • Sponsored annual Cybersecurity Days • Brought in SANS to conduct a class on secure web application development • Supplying faculty and staff with concrete instructions to improve security
    • Office of the Chief Information Officer Achievements Part 1(Awareness) • Launched the BuckeyeSecure initiative – SSN inventory, user training, approval processes – Identity Management – SSN removal/remediation on commonly used centrally provided resources • Sponsored Shredfest – Paper records and unusable hard drives shredded
    • Office of the Chief Information Officer Achievements Part 2 (Strategies and Guidelines) • Led federal HIPAA security regulation compliance for University • Developed or participated in the development of policies: – Credit Card security compliance (PCI-DSS) – Deployment and Use of Wireless Data Networks – Disclosure or Exposure of Personal Information – Institutional Data • In conjunction with the distributed IT community developed and implemented the Minimum Computer Security Standard (MCSS)
    • Office of the Chief Information Officer Achievements Part 3 (Improved Security) • Assisted OHR with paperless pay security issues • Implemented anti-virus and anti-spam controls on the central e-mail servers • Hired ISS to conduct penetration test of selected central servers • Increased vulnerability scanning frequency on central servers • Improved Intrusion Detection hardware and software at the border • Provided low-cost departmental firewalls and consulting
    • Office of the Chief Information Officer Cybersecurity: Where to go from here? • What has not been accomplished – Your observations? • What remains to be accomplished – Your observations? • Next steps and new directions – Your observations?
    • Office of the Chief Information Officer Cybersecurity: Some thoughts on where to go from here • What remains to be accomplished – Implementation of remaining standards: • Critical, Database and Webserver • Next steps and new directions – Improved outreach and assistance to faculty, students – Pay more attention to internal threats • Detection • Remediation
    • Office of the Chief Information Officer If you have further thoughts or comments….. itsecurity@osu.edu morrow-jones.2@osu.edu