Information Technology Security Risk Management Program ITSRM - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Information Technology Security Risk Management Program ITSRM

Description:

Information Technology Security Risk Management Program (ITS-RM) October 7, 2004 ... requiring participation in the program is coming. For More Information... – PowerPoint PPT presentation

Number of Views:1595
Avg rating:3.0/5.0
Slides: 13
Provided by: brian630
Category:

less

Transcript and Presenter's Notes

Title: Information Technology Security Risk Management Program ITSRM


1
Information Technology Security Risk Management
Program (ITS-RM)
  • October 7, 2004
  • Brian Davis Shirley Payne
  • Office of Information Technologies
  • Security Policy

2
Whats Risk Management?
  • Formally defined
  • The total process to identify, control, and
    manage the impact of uncertain harmful events,
    commensurate with the value of the protected
    assets.

3
More simply put
  • Determine what your risks are and then decide on
    a course of action to deal with those risks.

4
Even more colloquially
  • Whats your threshold for pain?
  • Do you want failure to deal with this risk to end
    up on the front page of the
  • Daily Progress?

5
Effectively Managing Risk Means
  • Knowing what needs to be protected
  • Understanding threats and determining the level
    of risk they pose to critical assets
  • Pursuing strategies to mitigate unacceptable
    risks
  • Having a contingency plan for operating without
    critical assets temporarily

6
Why?
  • Best practice (and a good idea)
  • Reasonable approach to a complex task
  • Not just HIPAA -- other regulations
  • General process with a HIPAA component

7
Planned IT Security Risk Management Program
  • University-wide, including Medical Center
  • Information on current threats, templates,
    checklists, and other guidance provided
  • Four steps of program
  • IT Mission Impact Analysis
  • IT Risk Assessment
  • IT Mission Continuity Planning
  • Evaluation and Reassessment

8
(No Transcript)
9
Implementation Strategy
  • Design
  • involved Audit, Risk Management, Police, HIPAA
    Office, Health System Computing Services
  • HIPAA questions, RiskWatch exceptions, use of
    HSCS disaster recovery/business continuity plan
  • Roll-out
  • Concentrated effort on 10 areas this academic
    year
  • Also identifying areas with ePHI
  • Encourage other departments to get moving
  • May take three years to reach all departments

10
Its not as painful as it looks!
  • No one will be starting from scratch
  • Little is expected from those with little, more
    is expected from those with more
  • The templates are designed for the most complex
    situations but work for simple solutions, too

11
Executive Support
  • Strong executive support has been a key success
    factor at other institutions
  • Executives fully behind program at UVa
  • University policy requiring participation in the
    program is coming

12
For More Information...
http//www.itc.virginia.edu/security/riskmanagemen
t Brian Davis Shirley Payne
bdavis_at_virginia.edu payne_at_virginia.edu
243-8707 924-4165
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Technology Security Risk Management Program ITSRM" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!