Embed Size (px)
Citation preview
Presentation to ISSD Task Force
INFORMATION SYSTEMS SECURITY DIVISION
Reorganization Study
Prepared: May 6, 1991 Revised: May 7, 1991
I. Proposed Reorganization (Security Automation Division)
II. Why Merger of Fraud Detection and ISS Divisions
III. ISSD Staff Reduction• Service & Project Assumptions • ISS-WA Organization & Service Reductions • 155-LA Organizations & Service Reductions • 155-AZ Temporary Organization
IV. Cost Reduction SummaryV. Action Summary VI. ISSD Functions Summary
• Reduction in Cost • Infusion of Expert System Knowledge into Security Function• Centralized Supervision & Administration of Security Technical
Functions WHY J XXXXXXX AS DIVISION MANAGER• Significantly More Technical and Managerial Depth
- 30 years of Technical and Managerial Data Processing Experience - Development and Systems Assurance Management Experience - Data Center Production and Operations Management Experience - Security (RACF) Project Experience - Expert Systems Project Experience - Commercial and M Application & Architecture Design Experience - Business Resumption and Data Processing Contingency Planning
Experience
• SAD with the Support of SPAC performs Security Product Reviews
• SPBA accepts decentralized Branch Security Administration. AZ Security Service will be provided without local presence (no reduction in service anticipated)
• SPAC-NW will use their current system as basis for SPC Online Request Processing and therefore have responsibility for SPC Security Architecture
ELIMINATE • Security Boiler Plate Contributions to Legal
Documents
REDIRECT • MVS Request Processing • Physical Security Reviews • Security Product Research
REDUCE • New Business Research • Procedure and Guideline Writing • Security Awareness Program • Department & Division Administrative
Documentation
ELIMINATE • Security Boiler Plate Contribution to Legal
Documents
REDIRECT • PC/Virus Software Distribution• Physical Security Reviews
REDUCE • Security Product Research • New Business Research • Procedure & Guideline Writing • Security Awareness Program • Department & Division Administrative
Documentation
REDIRECT • Procedure & Guideline Writing • TANDEM Request Processing, and
Violation Reporting & Review
CONSOLIDATE ELSEWHERE INTO SAD • MVS Environment Management (WA) • MVS Request Processing (LA) • Cryptographic Key Management (LA) • Audit Response (WA)
TRANSFER TO USERS • Thirty Plus Internal Security
Applications
• 2 ND QUARTER 1991- Layoff Division Manager - Layoff Mainframe Technical Consultant In LA - Layoff Midrange Technical Consultant In LA - Move Data Security Analyst from WA to LA
(add TANDEM skills to LA)
• 4 TH QUARTER 1991 - Complete Conversion of Arizona Processing to
Common Architecture
• 1 ST QUARTER 1992- Transfer(Layoff) AZ Manager - Layoff AZ Data Security Analyst
KEPT AT CURRENT LEVEL OF EFFORT • SPC Security Architecture Development • Mainframe & Tandam Security Request Processing (Consolidated) • Mainframe & Tandem Security Technical Support • Midrange, LAN, and PC Security Technical Support • Network Security Support • Online Security Request Processing System Development • Wire Transfer Security Support • Cryptographic Key Management • MAC Security Request Processing (CA) • Database and Tracking of Waiver, Virus, and Security Incident Events • Information Systems Security Committee (ISSC) Support • Information Systems Security Manual (ISSM) Policy Development • Application Project (such as BDS) Security Consulting
REDUCED LEVEL OF EFFORT • Security Procedure and Guideline Writing (Consolidated) • Security Awareness Program • Security Product Reviews (with SPAC) • New Business Research Assistance • Department and Division Administrative Documentation
OVERALL PURPOSE The purpose of this position is to provide support to the Corporate Security Department objectives in:
- Managing and coordinating of computer security plans, projects, and policies; - Developing external fraud detection and prevention applications; - Administering passwords and users identifications for productions and development operations. - Identify and monitor emerging technology in the fields of information security and expert systems products
REQ UIREM ENTS - Minimum of 20 years of data processing background with a thorough understanding of computer
operating systems and networks. The major emphasis is in database computer environments supported in different geographic locations.
- Ability to interact with senior management to gain concurrence on security related methods and production processing.
- Possess technical skills to interact, make decisions, and implement security methods consistent with business and technical requirements.
- Proven record of knowledge based application development and installation. RESPONSIBILITIES
- Provide technical direction and leadership to apply and create access controls to meet Federal, State, CCC, NBE, and internal audit requirements. Additionally, provide risk versus exposure analysis and recommendations.
- Provide security direction in the SPC dynamic technical and business environments. - Work with AC in the creation of security related technology, products, procedures, systems, and
concepts. The position requires the ability to innovate and to manage innovative projects. - Ensure that the security needs/requirements of the corporation are maintained and established
with consideration to the amount of risk or exposure to electronic assets. - Ensure and provide technical direction to mitigate security related failures and damage that
can have significant negative impact on the total organization. - Provide technical direction for the design of expert systems related to external fraud detection
and prevention. - Ability to analyze user expertise into knowledge base rules.
