isoag meeting december 7, 2016...welcome to cesc 2 welcome and opening remarks michael watson...
TRANSCRIPT
1
ISOAG Meeting December 7, 2016
Welcome to CESC
www.vita.virginia.gov
2
Welcome and Opening Remarks
Michael Watson
December 7 , 2016
www.vita.virginia.gov 2
3
ISOAG December 7, 2016 Agenda I. Welcome & Opening Remarks Mike Watson, VITA
II. Data Governance Zacc Allen, DOC
III. Social Media Records Retention Glenn Smith, LOV
IV. Central ISO IT Security Audit Services Ed Miller, VITA
V. Upcoming Events Mike Watson, VITA VI. Partnership Update Northrop Grumman
4
ISOAG December 7, 2016 Agenda
Presentation for Zaac Allen, DOC Will be posted after today’s meeting.
Social Media Records: What’s There to Manage and Secure??
Glenn Smith
Records Management Analyst
- VITA ISOAG 2016.12.07
What is a public record? . . . documents a
transaction or activity . . .
Regardless of physical form or characteristic . . .
. . . is produced, collected, received or retained in pursuance of law or in connection with the transaction of public business.
COV § 42.1-77
What is an electronic record? A record created, communicated, and/or stored by
automated means and that requires a system to render it comprehensible by humans.
Formats include: Word processing files Databases Spreadsheets PowerPoint presentations E-mail Scanned images Web sites Multimedia files
Storage Media Include: Hard Drives Floppy Disks 8”, 5 ¼, 3 ½ CDs / DVDs Optical Disks Tape: Magnetic / Optical Networked Servers
e-Recs
websites
Databases
PowerPoint
Scanned images
Multimedia files
Digital Pix
Responsibility for electronic records
The agency shall be responsible for ensuring that its public records are preserved, maintained, and accessible throughout their lifecycle, including converting and migrating electronic records as often as necessary so that information is not lost due to hardware, software, or media obsolescence or deterioration. Any public official who converts or migrates an electronic record shall ensure that it is an accurate copy of the original record. The converted or migrated record shall have the force of the original. COV § 42.1-85
~Stephano493
Electronic records challenges • Platform obsolescence (think Myspace)
• Ensuring record integrity
• Maintaining records in a way that will enable
retrieval of all information relevant to an activity/interaction
• Select which record series is appropriate
Metadata
• Data describing context, content, and structure of records and their management through time
• Loss through screen-shotting SM
Discoverability and liability
• SM records subject to the same accessibility requirements as other public records. • Exempt from access by the public only if they fall within the exemptions provided under FOIA.
Questions?
Glenn Smith Records Management Analyst [email protected]
All forms and schedules, as well as additional
resources, available at: www.lva.virginia.gov/agencies/records
15
Central ISO & IT Security Audit Services
Ed Miller Director IT Security Governance
16
Central Services • To date, we have 29 agencies signed up for
services.
• We have hired a Director Centralized IT Security Audit Services.
• The Director for ISO Services was previously posted and we were not able to fill it. It has been re-posted thru Dec 16th. If you previously applied, please apply again if you’re still interested.
17
Central Services • Also posted or soon to be posted:
• 2 Central IT Security Audit staff positions • 2 Central ISO staff positions • 1 IT Security Governance Analyst position • 1 IT Risk Management Analyst position • 1 Incident Response Analyst • 1 Web Vulnerability Scan Analyst
18
Central Services Audits:
• We have signed an SOW with an auditing firm.
• 3 agencies are now in the process of audits for
their sensitive systems thru this SOW.
• The Central IT Audit Director is in the process of scheduling & prioritizing the rest of the audits
19
Central Services ISO Services:
• Centralized ISO Services will complete the NCSR
surveys for all enrolled agencies
• The small-agency analyst has already been working with several of the agencies that have enrolled.
• We have also hired an IT security contractor who will start to work soon.
20
Central Services Summary
• Audits have started
• ISO work has started
• Hiring is underway
• We will be contacting you soon for scheduling
21 www.vita.virginia.gov 21
Upcoming Events
22
SANS Winter Buy Window The SANS Winter Buy Window runs from Dec 1, 2016
through Jan 31, 2017.
During this time, you’ll be able to take advantage of the Center for Internet Security’s (CIS) partnership with
SANS.
SANS training is available during the buy-window at up to 70% off the regular price.
http://www.sans.org/partnership/cis
23
IS Orientation
When: Thursday, December 8, 2016 Time: 9:30 – 11:30 am Where: CESC , Room 1221 Presenter: Bill Freda Register here: http://vita2.virginia.gov/registration/Session.cfm?MeetingID=10
24
Future ISOAG
January 4, 2017 1:00 - 4:00 pm @ CESC
Speakers: John Musgrove, VITA
ISOAG meets the 1st Wednesday of each month in 2016
25
OSIG Training Course: Integrating Cybersecurity in SDLC
Instructor: David Cole / SysAudits Inc. Location: CESC
Dates: Feb 14-15, 2017 CPE: 16.0 hours
Price: $350
https://osig.virginiainteractive.org
27
ADJOURN THANK YOU FOR ATTENDING
Picture courtesy of www.v3.co.uk