Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information Security Awareness activities


Published on

  • Be the first to comment

  • Be the first to like this

Information Security Awareness activities

  1. 1. Information Security Awareness Month Activities Peggy Ward Chief Information Security Officer & Internal Audit Officer
  2. 2. Commonwealth Information Security Awareness Activities <ul><li>Governor Timothy Kaine issued a proclamation designating October as Information Security Awareness Month. </li></ul><ul><ul><li>To encourage citizens to learn about information security and to put the knowledge to practice. </li></ul></ul>
  3. 3. Commonwealth Information Security Awareness Activities <ul><li>Framed & displayed the proclamation in a prominent location in the office & at Information Security Officer Advisory Group (ISOAG) meetings in September & October. </li></ul><ul><li>Provided copies of the proclamation with the seal to agencies & localities. </li></ul>
  4. 4. Commonwealth Information Security Awareness Activities <ul><li>Presentations </li></ul><ul><ul><li>Oct. 17: Commonwealth Security Information Resource Center presentation at the Cyber Security 2008 Conference, hosted jointly by Virginia Commonwealth University & the Federal Bureau of Investigations' InfraGard chapter </li></ul></ul><ul><ul><li>Oct. 21: Commonwealth Information Security Initiatives presentation at the Hampton Roads Cyber Security Awareness Conference </li></ul></ul>
  5. 5. Commonwealth Information Security Awareness Activities <ul><li>Presentations </li></ul><ul><ul><li>Oct. 22:Commonwealth Information Security Collaboration presentation at the Association of Government Accountants Technology & Fraud Conference </li></ul></ul><ul><ul><li>Oct. 24: Chief Information Officer & Chief Information Security Officer remarks at the Chesterfield County Cyber Security Awareness Event </li></ul></ul>
  6. 6. Commonwealth Information Security Awareness Activities <ul><li>Internet Activities </li></ul><ul><ul><li>The state portal, , has displayed a prominent graphic banner promoting Information Security in the &quot;focal point&quot; area, which links to the online guide on the VITA site </li></ul></ul><ul><ul><li>Online e-government services on the portal now include the citizens' awareness banner provided by Commonwealth Security </li></ul></ul>
  7. 7. Commonwealth Information Security Awareness Activities <ul><li>Internet Activities </li></ul><ul><ul><li>New content has been added to the Information Security Awareness Toolkit, thanks to COV agencies & MS-ISAC. The printing of materials from the toolkit was coordinated through DMV to leverage resources </li></ul></ul>
  8. 8. Commonwealth Information Security Awareness Activities <ul><li>Security Awareness Video </li></ul><ul><ul><li>Produced by VITA Commonwealth Security & VITA Communications </li></ul></ul><ul><ul><li>Available in early November in the Knowledge Center, the Information Security Resource Center & YouTube </li></ul></ul><ul><ul><li>Available in late November on DVD </li></ul></ul>
  9. 9. VITA Information Security Awareness Activities <ul><li>VITA Information Security Awareness activities are implemented to promote simple changes in behavior that strengthen the security of Commonwealth information. </li></ul><ul><ul><li>Hosted lunch time presentations </li></ul></ul><ul><ul><li>Conducted raffle giveaways for presentation attendees </li></ul></ul><ul><ul><ul><li>Giveaways items were provided by vendors from conferences. </li></ul></ul></ul><ul><ul><li>Provided VITA branded resource materials from MS-ISAC </li></ul></ul><ul><ul><ul><li>Brochures, Booklets, Bookmarks, Calendars, Posters </li></ul></ul></ul><ul><ul><li>Conducted a fill in the blank puzzle contest </li></ul></ul>
  10. 10. Lunch Time Presentations <ul><li>Event 1-Oct.1 </li></ul><ul><ul><li>“ Defending the Castle- How to Secure you Home Network” </li></ul></ul><ul><ul><li>Bob Baskette, Commonwealth Security Incident Engineer </li></ul></ul><ul><ul><li>Virginia Information Technologies Agency </li></ul></ul><ul><li>Event 2-Oct 22 </li></ul><ul><ul><li>“ Protecting Your Money, Our Role and Yours” </li></ul></ul><ul><ul><li>Chris Saneda, Senior Vice President /Chief Information Officer </li></ul></ul><ul><ul><li>Virginia Credit Union </li></ul></ul><ul><ul><li>“ The Tale of Three Hackers” </li></ul></ul><ul><ul><li>Victor “Jake” Olesen, Special Agent, </li></ul></ul><ul><ul><li>Federal Bureau of Investigation </li></ul></ul>
  11. 11. Questions/Discussion
  12. 12. Douglas G. Mack DMV IT Security Director (ISO) [email_address] (804) – 367 - 2221 CIO - CAO Meeting October 28, 2008 Information Security Awareness Month at DMV
  13. 13. <ul><li>“ Information security </li></ul><ul><li>is a people , </li></ul><ul><li>rather than a technical, issue.” </li></ul>Mark B. Desman The Ten Commandments of Information Security Awareness Training
  14. 14. Three Groups to Address <ul><li>Everyone – DMV classified, wage, contractors </li></ul><ul><li>Executive Staff </li></ul><ul><li>Information Technology Services (ITS) Staff </li></ul>
  15. 16. <ul><li>MSISAC provided 4 security awareness poster designs. </li></ul><ul><li>DMV’s Senior Graphic Designer branded the posters and added Mark Desman’s quote to each design. </li></ul><ul><li>DMV Printing Services printed the posters. </li></ul>
  16. 17. <ul><li>One of each design of the poster was sent to DMV’s Customer Service Centers and Weigh Stations at the end of September. </li></ul><ul><li>One of each design of the poster was displayed on each floor of DMV Headquarters. </li></ul>
  17. 18. <ul><li>Throughout the year, once or twice a month the ISO writes and publishes an IT Security Note. </li></ul><ul><ul><li>Single Topic </li></ul></ul><ul><ul><li>Brief </li></ul></ul><ul><ul><li>Diagrams, Screen Prints, Pictures </li></ul></ul>
  18. 19. <ul><li>DMV’s intensive security awareness activities for October focus on the Cyber Security Awareness Week. </li></ul><ul><li>A new IT Security Note was published each day of Cyber Security Awareness Week. </li></ul><ul><li>DMV has a Cyber Security Awareness Week each October. </li></ul>
  19. 20. <ul><li>Topics of the Notes for the Week: </li></ul><ul><ul><li>(Monday) Cyber Security Puzzle </li></ul></ul><ul><ul><li>(Tuesday) Acceptable Use </li></ul></ul><ul><ul><li>(Wednesday) A Bit of Computer Humor </li></ul></ul><ul><ul><li>(Thursday) Protecting Sensitive Data </li></ul></ul><ul><ul><li>(Friday) Recognizing and Avoiding Email Scams at Home </li></ul></ul>
  20. 21. <ul><li>MSISAC’s Information Security Executive Brief was sent to each member of the Executive Staff on the first day of the week. </li></ul>
  21. 22. <ul><li>“It’s important to note that information security is not a technology issue, but rather a management issue requiring leadership, expertise, accountability, </li></ul>due diligence and risk management. Information security needs to be addressed in a coordinated, enterprise approach, and factored into program decisions.”
  22. 23. <ul><li>A PowerPoint Presentation was developed that covered some of the significant changes in SEC501-01, specifically: </li></ul><ul><ul><li>Data Protection </li></ul></ul><ul><ul><li>Application Security </li></ul></ul><ul><li>DMV wanted to provide more IT focused awareness training for Information Technology Services (ITS) staff. </li></ul>
  23. 24. <ul><li>The Presentation was sent out on October 2 to all ITS staff. </li></ul><ul><li>ITS staff have been given </li></ul><ul><li>until November 14 to review the presentation and return the completion certificate to the ISO. </li></ul><ul><li>As of October 22, 44 out of 176 staff members have completed the review. </li></ul>
  24. 25. Final Note
  25. 26. CIO-CAO Meeting October 28, 2008 Rosario Igharas, Information Security Officer Information Security Awareness : First Line of Defense Against Social Engineering
  26. 27. VCSP: Who we are <ul><ul><li>An independent state agency </li></ul></ul><ul><ul><li>Operate Virginia’s Section 529 Programs which provide funds for higher education </li></ul></ul><ul><ul><li>Largest 529 plan in the country </li></ul></ul><ul><ul><ul><li>Over 1.8 million account owners </li></ul></ul></ul><ul><ul><ul><li>About $25 Billion in assets under management </li></ul></ul></ul><ul><ul><li>Recognized by Morningstar, Inc (April 2008) which ranked 2 of VCSP’s programs among the BEST Five college savings plans in the country </li></ul></ul>
  27. 28. Current Savings Programs
  28. 29. Information In Our Custody <ul><li>Customer Information </li></ul><ul><ul><li>Name, address, birthday </li></ul></ul><ul><ul><li>Social Security Number </li></ul></ul><ul><ul><li>Account Numbers </li></ul></ul><ul><ul><li>Student ID </li></ul></ul><ul><li>Employee Information </li></ul><ul><li>Agency Information </li></ul><ul><li>Partner Information </li></ul>
  29. 30. Investment Managers <ul><li>Capital Guardian Trust </li></ul><ul><li>Century Capital Management </li></ul><ul><li>Chase Investment Counsel </li></ul><ul><li>Donald Smith & Co., Inc. </li></ul><ul><li>Dreyfus </li></ul><ul><li>Franklin Templeton </li></ul><ul><li>Invesco </li></ul><ul><li>LSV Investment Management </li></ul><ul><li>NWQ Investment Management Company </li></ul><ul><li>Piedmont Investment Advisors, LLC </li></ul><ul><li>Pier Capital </li></ul><ul><li>Rothschild Asset Management </li></ul><ul><li>Sands Capital </li></ul><ul><li>Tattersall Advisory (Wachovia) </li></ul><ul><li>Thompson, Siegel & Walmsley, Inc. </li></ul><ul><li>Utendahl Capital Management, LP </li></ul><ul><li>Vanguard </li></ul><ul><li>Virginia Dept. of Treasury </li></ul><ul><li>Western Asset (Legg Mason) </li></ul><ul><li>Westfield Capital Management </li></ul>
  30. 31. Information Security is Important to Us <ul><li>We respect our customers’ right to privacy and recognize their trust in us to keep information about them secure and confidential. </li></ul><ul><li>Comply with laws and regulations </li></ul><ul><li>Avoid Embarrassment </li></ul>
  31. 32. Technology Investment
  32. 33. People: KEY to Security <ul><li>“ The security infrastructure is only as good as its weakest link.” Info ~Tech Research Group </li></ul>
  33. 34. Train the Organization <ul><li>Technical training </li></ul><ul><li>End user awareness training should not fall behind </li></ul><ul><li>Awareness training has to be ongoing </li></ul>
  34. 35. Thank You, VITA Security Services!
  35. 36. Thank You, DMV!
  36. 37. Bringing it Close to Home <ul><li>Scary Halloween Stories </li></ul><ul><li>Real-life scary security stories </li></ul><ul><li>Highlight local incidents </li></ul><ul><li> </li></ul>
  37. 38. Final Thoughts <ul><li>Information Security Awareness month is just the beginning </li></ul><ul><ul><li>Investment in IT Security Technology is not enough </li></ul></ul><ul><ul><li>Train the organization </li></ul></ul><ul><ul><li>Develop a culture of security </li></ul></ul><ul><ul><li>Tone at the top </li></ul></ul>
  38. 39. <ul><li>Questions ? </li></ul><ul><li>Virginia College Savings Plan </li></ul><ul><li>Toll free 1-888-567-0540 </li></ul><ul><li> </li></ul>