Unit 1: Global Citizenship Characteristics of Global Citizenship.
State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship...
Transcript of State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship...
![Page 1: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/1.jpg)
State of Jeffco Information SecurityJanuary 28th BOE study session
Brett T Miller Chief Information OfficerChris Paschke Director Information SecurityT.O. Owens TDPAC Chair
![Page 2: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/2.jpg)
Agenda
´ Background Information
´ Information Security in Jeffco, the State and Nation
´ State of Data Security
´ Technology & Data Privacy Advisory Committee (TDPAC) update
´ Questions
![Page 3: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/3.jpg)
Developing a Secure Network
´ Goals:´ Access - role based authentication
´ Confidentiality - information remains private
´ Integrity - information has not been modified
´ How we meet these Goals:´ Security Appliances
´ Policies
´ Data Governance
´ User Awareness & Training
![Page 4: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/4.jpg)
Data Security in Jeffco, State & the Nation
´ Technology advances blending work/life´ Mobility, cloud based services, global classroom´ Jeffco Security team formed in 2006
![Page 5: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/5.jpg)
What’s Happening at the State & Federal Level
´ Concern that the state is gathering too much student data without measurable goals or objectives
´ Pressure from parents to reform data collection and provide more transparency
´ Movement from legislature and the state board to better protect student data
´ Jeffco involvement in work to better protect students’ data
![Page 6: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/6.jpg)
What Jeffco is Doing
´ Building security requirements into software RFPs
´ Measuring the security and privacy associated with purchased software, websites, and apps
´ Teaching staff members how to choose a tool keeping privacy in mind
´ Working to become more transparent with parents
![Page 7: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/7.jpg)
What other Districts are Doing
´ Huge differences in district action ranging from:´ Ignoring
´ Waiting for passed legislation
´ Focusing on user awareness
´ Focusing increasing security efforts
´ De-identify student data
![Page 8: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/8.jpg)
Challenges
´ We are a school District with:
´ Public buildings
´ Diverse user groups
´ Curious students
´ Innovative staff
´ Collaboration
![Page 9: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/9.jpg)
Cha
llenges
![Page 10: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/10.jpg)
Evolution of Information Security
´ Infrastructure – switches, firewalls, and servers
´ Incident Response – Providing resources and guidance when things go wrong
´ Online Collaboration – Keeping students and staff safe when working together online
´ The Cloud – Helping to manage the risk now that everything is connected
´ Privacy – Need to hold the District, District Departments, our partners, and cloud providers accountable
´ Oversight – Creating policies and processes, monitoring the environment for abnormalities, and auditing for compliance
´ Application Security – Ensuring that applications and tiers of systems are designed and implemented securely
![Page 11: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/11.jpg)
Themes
´ Boundary Definition ´ We need clear definitions of what we are protecting to set expectations for the
District and our community
´ Measurable Standards ´ We must find ways to measure our success and prioritize need for improvements
´ Transparency´ Our work assists decision making for the IT department staff District leadership
while providing visibility for the community
![Page 12: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/12.jpg)
Threats
´ Viruses
´ Ransom ware
´ Advanced persistent threats
´ Phishing
´ Watering hole attacks
´ Equipment loss
´ Social engineering
´ Cloud services
´ Encryption
´ Mobile apps
´ User error
![Page 13: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/13.jpg)
Mitigation Strategies
![Page 14: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/14.jpg)
Information Security policies
´ Foundational ´ EH - Data Management, EHAA - Computer Security, EHBA - Electronic Signatures, EHR -
Data Classification, EHAA-E - Incident Handling, EHAA-R4 - Risk Assessment
´ Configuration Management ´ EHA - Internet DMZ, EHAC - Exception Management, EHA-E1 - Linux Server Hardening,
EHA-E2 - Windows Server Hardening, EHA-E3 - Network Hardening, EHA-R Key Escrow, EHAA-R-1 - Audit, EHAA-R3 - Encryption, EHAC-E - Exception Request, GBEE-R -Elevated Privileges
´ Vendor Management ´ EHB - Cloud Vendor Assessment, EHB-E - Cloud Vendor Questionnaire
´ Acceptable Use´ GBEE - Staff Use of Internet, JS - Student Use of Internet, JSA - Student BYOD
![Page 15: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/15.jpg)
Network Architecture
PrincipalsSchool NursesCounselors Financial Sec
TeachersAids
LabsStudent useGuests
Ed Center +
Quail
Data Center
+ Disaster
Recovery
![Page 16: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/16.jpg)
Layering Security Controls Within Network Boundaries´ Building unique security requirements based on risk associated with the role
instead of one size fits all.
´ Leverage Technologies such as:´ Access to resources
´ Encryption
´ Log collection and retention
´ Vulnerability management
´ AV
´ Advanced threat detection
![Page 17: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/17.jpg)
Monitoring the Environment
´ Log management´ Provide oversight to administrative access maintaining privacy´ Act as a repository for event logging making correlating complex activities easier
´ Malware detection´ Proactively detect malicious software before data loss or system breach
´ Vulnerability management´ Identify and measure risk associated with infrastructure and systems´ Prioritize remediation efforts based on the likelihood and impact of a vulnerability being
exploited
´ Industry trend and threat analysis ´ Monitor resources such as SANS, CERT, and other Districts
´ Incident response ´ Maintain relationships with key technical and leadership staff
![Page 18: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/18.jpg)
Monitoring Stats Example
![Page 19: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/19.jpg)
Software Purchasing Process(Cloud Vendor Assessments)
![Page 20: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/20.jpg)
Proposed State and Federal Legislation
´ Multiple competing bills including: Student Digital Privacy and Parental Rights Act, SAFE Kids Act, and FERPA rewrites.
´ Bills focus on cloud partnerships in different ways but focus on the following:´ Data collection (including metadata)
´ Contract Management
´ Increased Transparency
´ Online Advertising
´ Data Sharing (Selling)
´ Subcontractor Management
´ Penalties
´ (No Training)
![Page 21: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/21.jpg)
Software Purchasing Process
89
4
0
45
3
5 56
1415
8
6
8
67
9
Jul Aug Sept Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
Completed Assessments
![Page 22: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/22.jpg)
Why we Made These Choices
´ We want to be proactive
´ We want consistency in measuring risk
´ We want to measure our success
´ We feel that it is unfair to put educators in the position of managing risk
´ We have received feedback from concerned parents
´ We want to increase transparency
![Page 23: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/23.jpg)
Security AwarenessCentral
Staff IT
Advanced HIPAA
Principals School Secretaries
Teacher Librarians Athletics Teachers Support
Staff
Security Basics
Privileged Access
Software Purchasing
PCI Awareness
Incident Response
Advanced PCI
FERPA Basics
HIPAA Basics
Digital Citizenship Digital Citizenship
HIPAA Basics
PCI Awareness
![Page 24: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/24.jpg)
TDPAC´ Committee Members
´ Tonya Altman
´ Jennifer Butts´ Jorge “Yuri” Csapo´ Sunny Flynn´ Jill Green
´ Virge “T.O.” Owens´ Phillip Romig III´ Derec Shuler
´ John Sullivan
´ Staff Members´ Dan McMinimee
´ Brett Miller´ Syna Morgan´ Craig Hess´ Carol Eaton
´ Jeremy Felker´ Matt Flores´ Curtis Lee
´ Fran Williamson´ Mary Beth Bazzanella´ Chris Paschke´ Shawn Rhoades
´ Betty Standley
![Page 25: State of Jeffco Information Security 1-26-16file... · Digital Citizenship Digital Citizenship HIPAA Basics PCI Awareness TDPAC ´ Committee Members ´ Tonya Altman ´ Jennifer Butts](https://reader034.fdocuments.net/reader034/viewer/2022051605/60109528bf61bb42074974ea/html5/thumbnails/25.jpg)
Questions …