Asylum Policy Instruction Drafting, implementing and serving asylum ...
Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.
-
Upload
muriel-greer -
Category
Documents
-
view
214 -
download
0
description
Transcript of Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.
![Page 1: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/1.jpg)
Implementing an Information Systems Security Plan
THE MONTANA OFFICE OF PUBLIC INSTRUCTION
![Page 2: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/2.jpg)
First Step - PlanningCreate a “Plan for the Plan” that describes• Why? (Policy, risk, etc.)
![Page 3: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/3.jpg)
First Step - PlanningCreate a “Plan for the Plan” that describes• Why? (Policy, risk, etc.)• What is affected? (Entire organization)
![Page 4: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/4.jpg)
First Step - PlanningCreate a “Plan for the Plan” that describes• Why? (Policy, risk, etc.)• What is affected? (Entire organization)• Who?• People keeping the plan in motion• People you need help from
![Page 5: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/5.jpg)
First Step - PlanningCreate a “Plan for the Plan” that describes• Why? (Policy, risk, etc.)• What is affected? (Entire organization)• Who?• People keeping the plan in motion• People you need help from• What is being changed? (Focus on 18 control families)
![Page 6: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/6.jpg)
First Step - PlanningCreate a “Plan for the Plan” that describes• Why? (Policy, risk, etc.)• What is affected? (Entire organization)• Who?• People keeping the plan in motion• People you need help from• What is being changed? (Focus on 18 control families)• When?• Order of action• Best estimates
![Page 7: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/7.jpg)
First Step - PlanningCreate a “Plan for the Plan” that describes• How?• Designate• Categorize• Secure
![Page 8: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/8.jpg)
First Step - PlanningCreate a “Plan for the Plan” – Other topics to include
![Page 9: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/9.jpg)
First Step - PlanningCreate a “Plan for the Plan” – Other topics to include
• Short-term mitigation considerations• i.e. current events/threats
![Page 10: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/10.jpg)
First Step - PlanningCreate a “Plan for the Plan” – Other topics to include
• Short-term mitigation considerations• i.e. current events/threats
• Targeted mitigation considerations• Market research (i.e. Verizon DBIR top threats for your industry)• Industry best practices
![Page 11: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/11.jpg)
Second Step – Get Organizational Support
Our approach: communicate, repetition• Present to Leadership• Present to Division Heads• Present to Staff
![Page 12: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/12.jpg)
Second Step – Get Organizational Support
Our approach: communicate, repetition• Present to leadership, division heads, staff• Elaborate on driving factors for security• Policy, audit, breach, reputation, etc.
![Page 13: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/13.jpg)
Second Step – Get Organizational Support
Our approach: communicate, repetition• Present to leadership, division heads, staff• Elaborate on driving factors for security• Policy, audit, breach, reputation, etc.• Explain NIST topics at a relatable level• i.e. student data at the copier, sensitive data on your desk
![Page 14: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/14.jpg)
Second Step – Get Organizational Support
Our approach: communicate, repetition• Present to leadership, division heads, staff• Elaborate on driving factors for security• Policy, audit, breach, reputation, etc.• Explain NIST topics at a relatable level• i.e. student data at the copier, sensitive data on your desk
Sample Slides:
![Page 15: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/15.jpg)
Let’s Minimize Security Risk Across OPI
NIST provides guidance on:
USB drivesStudent data at the copier
The OPI ISSP
![Page 16: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/16.jpg)
Let’s Minimize Security Risk Across OPI
NIST provides guidance on:
USB drives
Student data on your desk
Student data at the copier
Desktops
The OPI ISSP
![Page 17: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/17.jpg)
Let’s Minimize Security Risk Across OPI
NIST provides guidance on:
USB drives
Student data on your desk
Emailing sensitive information
Student data at the copier
Phones, Tablets
Traveling with a laptop
Social Engineering
Desktops
The OPI ISSP
And Many More…
Internet Use
![Page 18: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/18.jpg)
Second Step – Get Organizational Support
Our approach: communicate, repetition• Present to leadership, division heads, staff• Elaborate on driving factors for security• Policy, audit, breach, reputation, etc.• Explain NIST topics at a relatable level• i.e. student data at the copier, sensitive data on your desk
![Page 19: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/19.jpg)
Second Step – Get Organizational Support
Our approach: communicate, repetition• Present to leadership, division heads, staff• Elaborate on driving factors for security• Policy, audit, breach, reputation, etc.• Explain NIST topics at a relatable level• i.e. student data at the copier, sensitive data on your desk • Introduce your ISSP Plan
![Page 20: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/20.jpg)
Second Step – Get Organizational Support
Our approach: communicate, repetition• Present to leadership, division heads, staff• Elaborate on driving factors for security• Policy, audit, breach, reputation, etc.• Explain NIST topics at a relatable level• i.e. student data at the copier, sensitive data on your desk • Introduce your ISSP Plan• Ask for help
![Page 21: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/21.jpg)
Lessons Learned Time
![Page 22: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/22.jpg)
Lessons Learned Time Resources
![Page 23: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/23.jpg)
Lessons Learned Time Resources Buy-in
![Page 24: Implementing an Information Systems Security Plan THE MONTANA OFFICE OF PUBLIC INSTRUCTION.](https://reader036.fdocuments.net/reader036/viewer/2022070606/5a4d1b817f8b9ab0599bb44a/html5/thumbnails/24.jpg)
Next Steps for OPIUpdate Roles and Responsibilities
Categorize Systems
Project Planning for Controls• Planning family• Risk assessment family