November 13, 2008 What’s New! Presented by Colleen Pedroza.
8
1 www.infosecurity.ca.gov November 13, 2008 What’s New! Presented by Colleen Pedroza
-
Upload
colin-johnston -
Category
Documents
-
view
213 -
download
0
Transcript of November 13, 2008 What’s New! Presented by Colleen Pedroza.
1www.infosecurity.ca.govNovember 13, 2008
What’s New!
Presented by Colleen Pedroza
November 13, 2008 www.infosecurity.ca.gov 2
Policy Releases MM 08-10 - Industry Standard Terminology For
Disaster Recovery MM 08-11 - Safeguarding Against and Responding
to an Information Security Breach involving Personal Information
SIMM 65D - Security Breach Involving Personal Information: Requirements and Decision-Making Criteria for State Agencies
Forthcoming Q1 2009: MM on Incident Management for State Agencies
Add definition(s) for incident, etc Update reporting criteria and forms OISPP to provide incident management training
November 13, 2008 www.infosecurity.ca.gov 3
Current OISPP Projects Enterprise Security Strategic Plan FSR for an Automated Incident Management
System (OHS Grant Funded) Online Cyber Security and Privacy Training
(OHS Grant Funded) Policy Gap Analysis Data Exchange Agreement Guidance and
Model Templates Document Information Security Leader Academy (ISLA)
November 13, 2008 www.infosecurity.ca.gov 4
Update on 2009 Compliance Documents
DR Plans Due by October 15th 29 Disaster Recovery Plans were due 21 were filed
Form Updates SIMM 65A, 70B, 70D forms were
revised to reflect the change to Disaster Recovery from Operational Recovery.
November 13, 2008 www.infosecurity.ca.gov 5
Update on 2009 Compliance DocumentsSIMM 70A Form was revised to:
CHANGE: Reflect the change to Disaster Recovery NEW: Require a Privacy Program Coordinator back-up NEW: Require classification be provided for designated
back-ups NEW: Require an organization chart indicating the
reporting structure for the designees be attached to the Form
NEW: Safeguard language added to the footer
*Please note that the form allows for more than one individual to be an authorized designee for the Director
November 13, 2008 www.infosecurity.ca.gov 6
Update on 2009 Compliance DocumentsSIMM 70C Form was revised to: Change: Reflect the change to Disaster Recovery NEW: Check boxes added to each component of a fully
developed Risk Management and Privacy Program. Revised: Expansion of the SAM sections to address:
Date of your agency’s last Risk Assessment Date the remediation activities were completed
There are NO new policy requirements on this Form Removed: the bullet stating, “Compliance with the state
audit requirement relating to the integrity of information and security incident reporting requirements. See SAM Section 20000.”
NEW: Safeguard language added to the footer.
November 13, 2008 www.infosecurity.ca.gov 7
Update on 2009 Compliance Documents To meet the January 31, 2009 filing
requirements, agencies must file the revised: Form 70A dated November 2008. This form may be
signed by the Director or the Director’s Designee. However, if the Designee is not on file with our Office, the form will be returned with a letter indicating that it did not have the authorized signature.
Form 70C dated November 2008. It must be signed by the Director or agency head. Old forms submitted will be returned to the Director with a letter indicating that the revised form must be submitted.
November 13, 2008 www.infosecurity.ca.gov 8
Questions?
