Paradise Valley Community College Ways to Fit Security
- Slides: 12
Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community Colleges Carol A. Myers, CISSP Director College Technology
Paradise Valley Community College Maricopa Integrated Risk Assessment (MIRA) • Enterprise Risk Management – Integrated risk framework – Not just “insurable” risks – Collaboratively identify, asses, manage future risks and opportunities individually and across the organization
Paradise Valley Community College Charge From the Chancellor • Multi-year implementation plan • Identified specific outcomes – Increased overall effectiveness and accountability – Sound business process; greater assurance of business continuity – Clear demonstrated compliance with applicable laws & regulations – Enhanced employee empowerment & pride – Reinforcement of the strong MCCCD cultural identity – Enhanced competitive advantage
Paradise Valley Community College Why OCTAVE? • Institutionally inclusive (Organizational View) – Assets – Threats – Organization (not just IT) vulnerabilities – Current security requirements
Paradise Valley Community College Why OCTAVE? • It’s the technology too – Current inventory – OS level • current patch methodology, tracking, auditing • services enabled – disabled why – Application level – Security tools
Paradise Valley Community College Why OCTAVE? • Strategize and Plan – Manage risks and Opportunities – Protect and Review plans – Mitigation strategies now and for the Future • It’s never just about the technology
Paradise Valley Community College So, how’d it work? • Maricopa-wide risk initiative (MIRA) – OCTAVE adapts best with enterprise risk management methodology, senior level buy-in and support • IT Security RA work done through subgroup of MIRA committee – Auditor, faculty member, college administrative dean, general counsel, HR director, risk manager and IT security director
Paradise Valley Community College Why Not Just Use OCTAVE As Is? • Narrowed focus primarily to operational risks and security practices – MIRA methodology supports chief-level buy-in • Technology examined only in relation to good security practices (catalog) • Protection decisions based on confidentiality, integrity and availability (for IT staff)
Paradise Valley Community College Four Simple Phases • System infrastructure analysis and documentation (IT staff) • Risk and opportunity identification (IT staff) • Mitigation strategies and costs, with management • Asset cost analysis, with management
Paradise Valley Community College Stop the Babble • Primarily forms driven – Checkboxes – Short answer • Maricopa forms are heavily OCTAVEFIED – OCTAVE forms make sense – OCTAVE forms are initially easy to understand fill out
Paradise Valley Community College Now What? • System-wide adoption of pilot – Can easily adapt to another college’s needs given the narrowed focus – Supports and reinforces the MIRA model – Encourages risk awareness
Paradise Valley Community College Contact Information Carol Myers Paradise Valley Community College 18401 N. 32 nd Street Phoenix, AZ 85032 602. 787. 7788 carol. myers@pvmail. maricopa. edu
- Memory allocation policy
- Hotels near paradise valley community college
- First fit allocation
- Moraine valley nursing program reviews
- River valley community college
- River valley community college nursing
- Aaec paradise valley
- Aaec paradise valley
- Clearance fit and interference fit
- Person-job fit and person-organization fit
- Privat security
- Coastline community college cyber security
- Romans 3:10