1 User Awareness User Awareness Information Forum Information Forum Theresa A. Masse, State Chief Theresa A. Masse, State Chief Information Security Officer Information Security Officer Department of Administrative Services Department of Administrative Services Enterprise Security Office Enterprise Security Office
34
Embed
1 User Awareness Information Forum Theresa A. Masse, State Chief Information Security Officer Department of Administrative Services Enterprise Security.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
User AwarenessUser AwarenessInformation ForumInformation Forum
Theresa A. Masse, State Chief Information Theresa A. Masse, State Chief Information Security OfficerSecurity Officer
Department of Administrative ServicesDepartment of Administrative ServicesEnterprise Security OfficeEnterprise Security Office
2
Opening RemarksOpening Remarks
Kris Kautz, Interim DirectorKris Kautz, Interim Director
Department of Administrative Department of Administrative ServicesServices
3
AgendaAgenda
Welcome and introductionsWelcome and introductions Employee Security PolicyEmployee Security Policy Security Awareness ResourcesSecurity Awareness Resources
Recommended Level of Security Awareness Recommended Level of Security Awareness modulesmodules
Enterprise Learning Management SystemEnterprise Learning Management System Information Security Resource CenterInformation Security Resource Center
Q&AQ&A Demonstration of toolsDemonstration of tools
4
Employee Security PolicyEmployee Security Policy
5
Employee Security Policy Employee Security Policy
Recommended Level of Security Recommended Level of Security Awareness (RLSA) modules are Awareness (RLSA) modules are designed to meet the requirements designed to meet the requirements of the policyof the policy
Assessment conducted in 2006Assessment conducted in 2006 Project to research, plan, and Project to research, plan, and
implement a core program, targeted at implement a core program, targeted at numerous audiences, available to numerous audiences, available to multiple agenciesmultiple agencies
Recommended minimum level of Recommended minimum level of information security knowledge for a information security knowledge for a typical state employee with access to typical state employee with access to information technology or sensitive information technology or sensitive informationinformation
Designed to be delivered electronically Designed to be delivered electronically (over the Web) to reach the largest (over the Web) to reach the largest audienceaudience
Interagency work group oversaw the Interagency work group oversaw the development of the course material and development of the course material and look-and-feellook-and-feel Judicial, Administrative Services, Consumer Judicial, Administrative Services, Consumer
and Business Services, Treasury, Lottery, and Business Services, Treasury, Lottery, Secretary of State, and JusticeSecretary of State, and Justice
9
RLSARLSA
DesignDesign Cover at least 80% of state staffCover at least 80% of state staff Not meant to cover agency-specific Not meant to cover agency-specific
business requirements, policies or business requirements, policies or regulationsregulations
30 minute “seat time” per module30 minute “seat time” per module InteractiveInteractive Benefit users in both work and home Benefit users in both work and home
situationssituations
10
RLSARLSA
ModulesModules Six modules created in initial suiteSix modules created in initial suite Can be customized to meet agency-Can be customized to meet agency-
specific requirements using a readily-specific requirements using a readily-available course authoring toolavailable course authoring tool
One “refresher” course per yearOne “refresher” course per year
11
RLSA - ModulesRLSA - Modules IS101 – An Introduction to IS101 – An Introduction to
Information SecurityInformation Security What is information securityWhat is information security Basic principlesBasic principles Policies, standards and proceduresPolicies, standards and procedures
12
RLSA - ModulesRLSA - Modules IS201 – Securing Your Computer – IS201 – Securing Your Computer –
Part 1Part 1 Computer virusesComputer viruses SpywareSpyware
IS202 – Securing Your Computer – IS202 – Securing Your Computer – Part 2Part 2 Choosing strong passwordsChoosing strong passwords Protecting your passwordsProtecting your passwords Safe use of the InternetSafe use of the Internet Physically secure your computerPhysically secure your computer
13
RLSA - ModulesRLSA - Modules IS203 – Using E-MailIS203 – Using E-Mail
IntroductionIntroduction E-mail content and etiquetteE-mail content and etiquette Keeping your e-mail privateKeeping your e-mail private E-mail from other peopleE-mail from other people
14
RLSA - ModulesRLSA - Modules IS204 – Dealing with DocumentsIS204 – Dealing with Documents
Basic document securityBasic document security Requests for informationRequests for information Retaining documentsRetaining documents Destroying documentsDestroying documents
15
RLSA ModulesRLSA Modules
IS205 – When You’re Out of the IS205 – When You’re Out of the OfficeOffice IntroductionIntroduction General guidelinesGeneral guidelines Mobile devicesMobile devices
RLSA - DemonstrationRLSA - DemonstrationAn Introduction to Information An Introduction to Information
SecuritySecurity
We handle a great deal of sensitive information We handle a great deal of sensitive information every day: customers' account numbers, Social every day: customers' account numbers, Social Security numbers and credit card details; as well as Security numbers and credit card details; as well as internal information such as health records, payroll internal information such as health records, payroll data, network information, ... data, network information, ...
Information security is critical to business at the Information security is critical to business at the State of Oregon. In addition, learning about State of Oregon. In addition, learning about information security will also help you to keep information security will also help you to keep yourself safe at home as identity theft and fraud yourself safe at home as identity theft and fraud become increasingly common.become increasingly common.
17
ImplementationImplementation
Agencies have access to source files, and to Agencies have access to source files, and to versions compiled in SCORM, LM-Light versions compiled in SCORM, LM-Light and HTML formatsand HTML formats
Can customize content using a readily-Can customize content using a readily-available course authoring toolavailable course authoring tool
Can be integrated into learning Can be integrated into learning management systems, which will then track management systems, which will then track student completion and generate reportsstudent completion and generate reports
Courses also can be run on an intranet with Courses also can be run on an intranet with student completion tracked manuallystudent completion tracked manually
1818
RLSA – Modifying the RLSA – Modifying the ContentContent
Dr. Steve AddisonDr. Steve Addison
Cosaint, Inc.Cosaint, Inc.
Mount Vernon, WAMount Vernon, WA
19
Modifying the ContentModifying the Content
Our aim is to use one common set of Our aim is to use one common set of source files to generate courses in source files to generate courses in multiple formats:multiple formats: SCORMSCORM LM-LightLM-Light HTMLHTML
19Source files stored in the RLSA Warehouse at https://or.cosaint.net
2020
Modifying the ContentModifying the Content
We achieve this by using a commercial We achieve this by using a commercial e-learning authoring tool called Lectorae-learning authoring tool called Lectora
Lectora is an easy-to-use tool that Lectora is an easy-to-use tool that allows you to develop/change content allows you to develop/change content without a detailed knowledge of HTML, without a detailed knowledge of HTML, JavaScript, etc.JavaScript, etc.
Can handle static and dynamic contentCan handle static and dynamic content Can develop/modify tests and quizzesCan develop/modify tests and quizzes
Department of Administrative Department of Administrative Services Services
Human Resources ServicesHuman Resources Services
24
eLMS InitiativeeLMS Initiative
Business CaseBusiness Case Deliver the “right” training at the “right” Deliver the “right” training at the “right”
timetime Leverage technology to help identify learning Leverage technology to help identify learning
needs at the individual and organizational needs at the individual and organizational level and deliver training which is directly level and deliver training which is directly tied to skill gaps tied to skill gaps
Support Workforce Development effortsSupport Workforce Development efforts Position learning as a critical component of Position learning as a critical component of
an organization’s ability to respond to an organization’s ability to respond to changing workforce demandschanging workforce demands
25
eLMS - What’s in it for eLMS - What’s in it for me?me?
As a student:As a student: Access a robust on-line course catalog Access a robust on-line course catalog
enrollments/completionsenrollments/completions Receive real-time class notifications Receive real-time class notifications
(registration confirmation, and (registration confirmation, and reminder emails)reminder emails)
Transcript tracking Transcript tracking
26
eLMS - What’s in it for eLMS - What’s in it for me?me?
As a manager:As a manager: Track key workforce metrics in real-Track key workforce metrics in real-
time time Manage the entire performance Manage the entire performance
management process (IDP/360 reviews) management process (IDP/360 reviews) Efficiently track training expenditures Efficiently track training expenditures
across the entire agencyacross the entire agency
27
RLSA – Accessing the RLSA – Accessing the ModulesModules
Courses are available today on the Courses are available today on the oregon.gov intranet:oregon.gov intranet: https://intranet.egov.oregon.gov/egov/https://intranet.egov.oregon.gov/egov/
myportalmyportal Select the “State” tabSelect the “State” tab
28
RLSA – Accessing the RLSA – Accessing the ModulesModules
29
Other ResourcesOther Resources Information Security Resource Information Security Resource
CenterCenter Public-facing Web sitePublic-facing Web site Links to many resources on a variety of Links to many resources on a variety of
information security topicsinformation security topics Can be used to supplement training and Can be used to supplement training and