Jan 12, 2016
PowerPoint Presentation
Security and Privacy At The Human Resources Advisory MeetingMarcos VieyraChief Information Security OfficerDivision of Information SecuritySarah MorrowChief Privacy OfficerEnterprise Privacy OfficeSouth Carolina Budget and Control Board 24Sep14
About Your Presenters
http://www.linkedin.com/pub/marcos-vieyra/2/494/54ahttps://www.linkedin.com/in/sarahdmorrow
Ask Questions at Any Time
Information Security and Privacy A Broad Perspective
State of SC Information Security and Privacy Implementation Timeline
[Sep 2014] Today [Mar 2013] B&CB Awards Deloitte Contract [Jul 2013] GA establishes DIS & EPOKEYDeloitteB&CB / DIS / DTO / EPOAgenciesSelf-Assessments Self-Assessment Life-Cycle [Jul 2015] Agency Self-Assessment, Phase 3 [Jul 2014] Agency Self-Assessment, Phase 2 [Jul 2013] Agency Self-Assessment, Phase 1ToolCreatedDIS / EPO Guidance [Mar 2015] Agency Awareness Training, Continuing [Mar 2014] Agency Awareness Training, First Cycle [Feb 2014] Plan, Pilot[Jun 2013] RFPAwareness TrainingDIS / EPO Revisions & Guidance Professional Training Life-Cycle [Jul 2015] Professional Training Phase 2 [Jun 2014] Professional Training Phase 1[Nov 2013] Staff Survey,Skills AssessmentDIS / EPO Revisions & GuidanceSecurity Professional Development Policy Revision Life-Cycle [Sep 2014] Policy Handbook Published, Agencies Implement [Mar 2014] Agency Policy Workshops[May 2013] Security Policy Devel.DIS / EPO Revisions & GuidanceSecurity Policy & Data Classification FutureFY 2016FY 2015FY 2014FY 2013 [May 2013] Deloitte May ReportRisk Assessments [Oct 2013] Interim Report [Jul 2014] Deloitte Final Report [Jun 2013] Task B 15 AgenciesTask A3 Agcy [Jul 2016] Additional Technologies [Jul 2015] Additional Technologies [Nov 2013] Initial Technologies, Overlapping/Phased Architecting, Planning, Deployment[Jul 2013]ProcuremtSecurity TechnologiesIT Security and Privacy- HR Advisory Meeting People
Professional Development Program 3 Essential QuestionsIndividual: How do I develop my information security career?Agency: How do I close my agencys information security skill gaps?State: How do I ensure South Carolina has an adequate information security workforce?Ultimate goal: Adequately protect our States information assets.IT Security and Privacy- HR Advisory Meeting People
Professional Development Program Another ViewAll Staff: Need Information Security AwarenessIT Staff: Need Information Security TrainingIS Staff: Need Information Security Career Path(s)Ultimate goal: Adequately protect our States information assets.IT Security and Privacy- HR Advisory Meeting
Employee Awareness Training 8 Courses AvailableLocated at: https://sc.thesacschools.com
IT Security and Privacy- HR Advisory Meeting
Introductory Training In the Queuehttp://www.sans.org/onsite/course/intro-information-security
IT Security and Privacy- HR Advisory Meeting
Foundational Security Training for IT Staff Delivered June 2014http://www.sans.org/onsite/course/security-essentials-bootcamp-style
IT Security and Privacy- HR Advisory Meeting
Information Privacy Traininghttps://privacyassociation.org/certify/cipp/
IT Security and Privacy- HR Advisory Meeting
Professional Development Program Work in Progress
IT Security and Privacy- HR Advisory Meeting
Professional Development Program Work in Progress
IT Security and Privacy- HR Advisory Meeting
Professional Development Program Work in Progress
IT Security and Privacy- HR Advisory Meeting
Professional Development Program Work in Progress
IT Security and Privacy- HR Advisory Meeting
Professional Development Program Work in Progress
IT Security and Privacy- HR Advisory Meeting
Thank you!http://dis.sc.govMarcos Vieyra and Sarah MorrowSouth Carolina Budget and Control Board Division of Information [email protected]@cio.sc.gov