• Home

  • Documents

  • Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance &...
20
Who’s Policing the IT Police? Rick Krepelka, Chief Operations Officer Golden State Risk Management Authority Tommy Le, IT/IS Manager Washington Schools Risk Management Pool (WSRMP) Ritesh Sharma, Manager of Finance & Accounting Bickmore

Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Who’s Policing the IT Police?

Rick Krepelka, Chief Operations Officer

Golden State Risk Management Authority

Tommy Le, IT/IS ManagerWashington Schools Risk Management Pool (WSRMP)

Ritesh Sharma, Manager of Finance & AccountingBickmore

Page 2: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

• Prior to computer technology, “access” was managed with physical locks and keys.

• Advent of technology -> The keys became technology-based so IT became the gatekeepers.

• Technology permeates the workplace and the IT gatekeepers suddenly are very powerful…and it’s very scary.

How Did This Happen?!

Page 3: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

IT Police FrameworkKLS

Page 4: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

• Financial Management:

– Theft from internal or external agents

– Accidental errors by unqualified employees

• Data Management:

– Data breach

– Compromised information

What’s At Risk?

Page 5: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

• Operations Management:

– Critical systems failure

– Business continuity

• Any of the Above:

– Publicity nightmare

– Loss of faith

What’s At Risk? (cont.)

Page 6: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Financial

• Banking

• Accounting

• Investment

• Claims

What Systems?

Page 7: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Data

• Underwriting

• HR/Employee benefits

• Contact management/CRM

• Claims

What Systems? (cont.)

Page 8: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Operations

• Network

• Computer systems/devices

• Portals

• Intranet

What Systems? (cont.)

Page 9: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Other

• Company website

• Worksheets & documents

What Systems? (cont.)

Page 10: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

1. Identify systems and data repositories that require protection.

2. Define roles for the various parties needed access.

3. Address the issue of “primary gatekeeper(s)” of each system.

What To Do?

Page 11: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

4. Develop checks and balances to reduce risk.

5. Develop policies and procedures to manage and enforce the roles.

6. Conduct periodic review and evaluation; Engage external auditors or reviewer to evaluate systems and processes.

What To Do? (cont.)

Page 12: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Formalizing a System of Security …

A simple case study

An Example…

Page 13: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Example (Slide 1 of 6)

System of Security - > Excel

Page 14: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Example (Slide 2 of 6)

Page 15: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Example (Slide 3 of 6)

Page 16: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Example (Slide 4 of 6)

Page 17: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Example (Slide 5 of 6)

Page 18: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Example (Slide 6 of 6)

Page 19: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

• NIST Special Publication 800-14Generally Accepted Principles and Practices for Securing Information Technology Systems

• Can be done in bite-sized pieces

• Get buy-in from the top

• Share the load asap

“Where Do I Start?”

Page 20: Who’s Policing the IT Police? · 2018-04-24 · Ritesh Sharma, Manager of Finance & Accounting Bickmore •Prior to computer technology, “access” was managed with physical locks

Who’s Policing The IT Police?

Questions or Comments

Rick Krepelka

Tommy Le

Ritesh Sharma


072 ritesh

072 ritesh

Documents
Ritesh Mrp

Ritesh Mrp

Documents
Euclid and Bickmore Warehouse - Home - City of Chinocityofchino.hosted.civiclive.com/UserFiles/Servers/Server... · 2019. 6. 27. · Per the Euclid and Bickmore Warehouse Traffic

Euclid and Bickmore Warehouse - Home - City of Chinocityofchino.hosted.civiclive.com/UserFiles/Servers/Server... · 2019. 6. 27. · Per the Euclid and Bickmore Warehouse Traffic

Documents
Os Final Ritesh

Os Final Ritesh

Documents
PROJECT Coca-Cola Ritesh

PROJECT Coca-Cola Ritesh

Documents
Final Project of Ritesh

Final Project of Ritesh

Documents
Openoffice.base by ritesh dansena

Openoffice.base by ritesh dansena

Technology
PLAN Ritesh (1) Model

PLAN Ritesh (1) Model

Documents
Bickmore and Grandy 2007

Bickmore and Grandy 2007

Documents
Coperative management ritesh and group ppt

Coperative management ritesh and group ppt

Documents
John Bickmore · John Bickmore - National Commissaire: Road / Track, and MTB A December 2017 Page: 6 ( 2015 continued ) Track COM – US GP of Colorado Springs (UCI C1) (2 days)

John Bickmore · John Bickmore - National Commissaire: Road / Track, and MTB A December 2017 Page: 6 ( 2015 continued ) Track COM – US GP of Colorado Springs (UCI C1) (2 days)

Documents
Ritesh dagwar 4

Ritesh dagwar 4

Documents
Ritesh Gautam CB

Ritesh Gautam CB

Documents
Ritesh presentation on pd

Ritesh presentation on pd

Business
EE300 Final Report Ritesh Kumar s11048886

EE300 Final Report Ritesh Kumar s11048886

Documents
Ritesh dagwar 2

Ritesh dagwar 2

Documents
ritesh jain

ritesh jain

Documents
Ritesh kumar(big bazar)3

Ritesh kumar(big bazar)3

Documents
ritesh final project

ritesh final project

Documents
Economy Analysis Ritesh Arun Priyanka

Economy Analysis Ritesh Arun Priyanka

Documents
Ritesh Lee Cooper

Ritesh Lee Cooper

Business
Ritesh Final Report

Ritesh Final Report

Documents
Ritesh Go El

Ritesh Go El

Documents
The Portfolio- Ritesh Kumar

The Portfolio- Ritesh Kumar

Documents
Ritesh Ppt

Ritesh Ppt

Documents
Ritesh dagwar 3

Ritesh dagwar 3

Documents
Ritesh Harvard Hyperlink

Ritesh Harvard Hyperlink

Business
Effective Public Speaking.. A presentation by Ritesh Soni1 Effective Public Speaking Ritesh Soni

Effective Public Speaking.. A presentation by Ritesh Soni1 Effective Public Speaking Ritesh Soni

Documents
Career-Edge Magazine coverage - Ritesh Ambastha

Career-Edge Magazine coverage - Ritesh Ambastha

Education
International Bussiness Choco Ritesh

International Bussiness Choco Ritesh

Documents