www.vita.virginia. gov 1 Information Security Awareness Month Activities Peggy Ward Chief Information Security Officer & Internal Audit Officer www.vita.virgin ia.gov 1
www.vita.virginia.gov 1
Information Security Awareness Month Activities
Peggy WardChief Information Security Officer & Internal Audit Officer
www.vita.virginia.gov 1
www.vita.virginia.gov 2
Commonwealth Information Security Awareness Activities
• Governor Timothy Kaine issued a proclamation designating October as Information Security Awareness Month.
– To encourage citizens to learn about information security and to put the knowledge to practice.
www.vita.virginia.gov 3
Commonwealth Information Security Awareness Activities
• Framed & displayed the proclamation in a prominent location in the office & at Information Security Officer Advisory Group (ISOAG) meetings in September & October.
• Provided copies of the proclamation with the seal to agencies & localities.
www.vita.virginia.gov 4
Commonwealth Information Security Awareness Activities
• Presentations
Oct. 17: Commonwealth Security Information Resource Center presentation at the Cyber Security 2008 Conference, hosted jointly by Virginia Commonwealth University & the Federal Bureau of Investigations' InfraGard chapter
Oct. 21: Commonwealth Information Security Initiatives presentation at the Hampton Roads Cyber Security Awareness Conference
www.vita.virginia.gov 5
Commonwealth Information Security Awareness Activities
• Presentations
Oct. 22:Commonwealth Information Security Collaboration presentation at the Association of Government Accountants Technology & Fraud Conference
Oct. 24: Chief Information Officer & Chief Information Security Officer remarks at the Chesterfield County Cyber Security Awareness Event
www.vita.virginia.gov 6
Commonwealth Information Security Awareness Activities
• Internet Activities
The state portal, www.virginia.gov, has displayed a prominent graphic banner promoting Information Security in the "focal point" area, which links to the online guide on the VITA site
Online e-government services on the portal now include the citizens' awareness banner provided by Commonwealth Security
www.vita.virginia.gov 7
Commonwealth Information Security Awareness Activities
• Internet Activities
New content has been added to the Information Security Awareness Toolkit, thanks to COV agencies & MS-ISAC. The printing of materials from the toolkit was coordinated through DMV to leverage resources
www.vita.virginia.gov 8
Commonwealth Information Security Awareness Activities
• Security Awareness Video
Produced by VITA Commonwealth Security & VITA Communications
Available in early November in the Knowledge Center, the Information Security Resource Center & YouTube
Available in late November on DVD
www.vita.virginia.gov 9
VITA Information Security Awareness Activities
• VITA Information Security Awareness activities are implemented to promote simple changes in behavior that strengthen the security of Commonwealth information.
– Hosted lunch time presentations– Conducted raffle giveaways for presentation attendees
• Giveaways items were provided by vendors from conferences.
– Provided VITA branded resource materials from MS-ISAC• Brochures, Booklets, Bookmarks, Calendars, Posters
– Conducted a fill in the blank puzzle contest
www.vita.virginia.gov 10
Lunch Time Presentations
• Event 1-Oct.1– “Defending the Castle- How to Secure you Home Network”
Bob Baskette, Commonwealth Security Incident Engineer Virginia Information Technologies Agency
• Event 2-Oct 22– “Protecting Your Money, Our Role and Yours”
Chris Saneda, Senior Vice President /Chief Information Officer Virginia Credit Union
– “The Tale of Three Hackers”Victor “Jake” Olesen, Special Agent, Federal Bureau of Investigation
www.vita.virginia.gov 11
Questions/Discussion
Douglas G. Mack
DMV IT Security Director (ISO)[email protected]
(804) – 367 - 2221
CIO - CAO Meeting October 28, 2008
Information Security Awareness Month at DMV
“Information security
is a people,
rather than a technical, issue.”
Mark B. Desman
The Ten Commandments of Information Security Awareness Training
Three Groups to Address
• Everyone – DMV classified, wage, contractors
• Executive Staff
• Information Technology Services (ITS) Staff
• MSISAC provided 4 security awareness poster designs.
• DMV’s Senior Graphic Designer branded the posters and added Mark Desman’s quote to each design.
• DMV Printing Services printed the posters.
• One of each design of the poster was sent to DMV’s Customer Service Centers and Weigh Stations at the end of September.
• One of each design of the poster was displayed on each floor of DMV Headquarters.
• Throughout the year, once or twice a month the ISO writes and publishes an IT Security Note.– Single Topic– Brief– Diagrams, Screen Prints, Pictures
• DMV’s intensive security awareness activities for October focus on the Cyber Security Awareness Week.
• A new IT Security Note was published each day of Cyber Security Awareness Week.
• DMV has a Cyber Security Awareness Week each October.
• Topics of the Notes for the Week:– (Monday) Cyber Security Puzzle– (Tuesday) Acceptable Use– (Wednesday) A Bit of Computer Humor– (Thursday) Protecting Sensitive Data– (Friday) Recognizing and Avoiding Email
Scams at Home
• MSISAC’s Information Security Executive Brief was sent to each member of the Executive Staff on the first day of the week.
• “It’s important to note that information security is not a technology issue, but rather a management issue requiring leadership, expertise, accountability,
due diligence and risk management. Information security needs to be addressed in a coordinated, enterprise approach, and factored into program decisions.”
• A PowerPoint Presentation was developed that covered some of the significant changes in SEC501-01, specifically:– Data Protection– Application Security
• DMV wanted to provide more IT focused awareness training for Information Technology Services (ITS) staff.
• The Presentation was sent out on October 2 to all ITS staff.
• ITS staff have been given until November 14 to review the presentation
and return the completion certificate to the ISO.
• As of October 22, 44 out of 176 staff members have completed the review.
Final Note
CIO-CAO Meeting
October 28, 2008
Rosario Igharas, Information Security Officer
Information Security Awareness :First Line of Defense Against Social
Engineering
VCSP: Who we are• An independent state agency• Operate Virginia’s Section 529 Programs which
provide funds for higher education
• Largest 529 plan in the country• Over 1.8 million account owners• About $25 Billion in assets under management
• Recognized by Morningstar, Inc (April 2008) which ranked 2 of VCSP’s programs among the BEST Five college savings plans in the country
Current Savings Programs
Information In Our Custody
• Customer Information• Name, address, birthday • Social Security Number• Account Numbers • Student ID
• Employee Information
• Agency Information
• Partner Information
Investment Managers
• Capital Guardian Trust• Century Capital Management• Chase Investment Counsel• Donald Smith & Co., Inc.• Dreyfus• Franklin Templeton• Invesco• LSV Investment Management• NWQ Investment Management
Company• Piedmont Investment Advisors,
LLC
• Pier Capital• Rothschild Asset Management• Sands Capital• Tattersall Advisory (Wachovia)• Thompson, Siegel & Walmsley,
Inc.• Utendahl Capital Management,
LP• Vanguard• Virginia Dept. of Treasury• Western Asset (Legg Mason)• Westfield Capital Management
Information Security is Important to Us
• We respect our customers’ right to privacy and recognize their trust in us to keep information about them secure and confidential.
• Comply with laws and regulations
• Avoid Embarrassment
Technology Investment
People: KEY to Security
“ The security infrastructure is only as good as its weakest link.” Info ~Tech Research Group
Train the Organization
• Technical training
• End user awareness training should not fall behind
• Awareness training has to be ongoing
Thank You, VITA Security Services!
Thank You, DMV!
Bringing it Close to Home
Scary Halloween Stories
• Real-life scary security stories
• Highlight local incidents
http://www.networkworld.com/podcasts/panorama/2007/102507pan-scary-security.html
Final Thoughts
• Information Security Awareness month is just the beginning
• Investment in IT Security Technology is not enough
• Train the organization• Develop a culture of security• Tone at the top
Questions ?
Virginia College Savings Plan
Toll free 1-888-567-0540
www.Virginia529.com