Building a Privacy and Security Program for Your Non-Profit
Create a culture that recognizes employees as the main threat vector. Implement data governance practices, identify and protect data, follow information security best practices, and enhance cyber security awareness to safeguard information assets for your non-profit organization.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Raf Portnoy SVP, Technology BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT Steve Sheinberg General Counsel SVP, Privacy & Security
THINKING ABOUT DATA GOVERNANCE Create employee policies and build a culture that recognizes that employees are the main threat vector. Teach employees, especially about social engineering. Talk to the CIO. Get your board onboard. Get good agreements with vendors and key employees. Plan well and strive for Cyber Resiliency. Update software, install patches, remove non-approved software and hardware. Follow the principle of least privilege. Use two-factor authentication. Ensure that your physical security is sufficient. Encrypt all data, period. Segregate differing data onto separate networks. Monitor network traffic. {Most of this is policy, not tech, driven} Sheinberg and Portnoy | 2
Asking: who is storing what information and where IDENTIFY the data you have DETERMINE which data you need to protect GOVERN follow information governance best practices Consider the risk of loss: Political, Ethical, Social, Legal How will you protect your data going forward?
Mission Mission: The mission of the Information Security and Privacy Program is to provide exceptional, secure infrastructure support and innovation in the delivery of information technology security products and services to Your Organization staff and clients. Improve cyber security awareness and data asset management. Protect information and systems to ensure that the confidentiality, integrity, and availability of all information is consistent with mission needs, internal and external threats, information value, and industry compliance.
Information Security Needs The number and complexity of information security threats are increasing. Advanced Persistent Threats (APTs) have penetrated environments that were previously thought to have been adequately secured and can remain unnoticed for extended periods of time. Data system growth is compounding the need for increased security attention. Additionally, mobile security, cloud security, big data security, and social media security are now today s problems.
Information Security Needs How do we know this is enough? We are employing cybersecurity best practices We are following the recommendations made by our IT auditors. We are following recommendations by our Security Compliance consultants.
Information Security Program Integrity Confidentialit y Availability Security Policy & Procedures Identity & Access Management Security Culture & Awareness Security Strategy & Communication Confidentiality Client, Employee and Organizational information Integrity Consistent and accurate data Availability - Easily and safely accessible information
Information Security Program Information Security Program Confidentiality Traditional Cyber Security Triangle Confidentially Integrity Availability Integrity Availability Identity & Access Management Security Strategy & Communication Security Policy & Procedures Cybersecurity Framework core: Identify Protect Detect Recover Restore Security Culture & Awareness
Information Security Measures Network Vulnerability Assessment Annual independent analysis that identifies and quantifies security vulnerabilities on network systems Private Printing Secure printing to most network printers Single Sign-On Access multiple application with one credential IT Systems Disaster Recovery Well-defined, documented policies and procedures on how to establish access to IT services in case of the disaster Secure Remote Access Secure and seamless remote access Desktop and Server Management Patch and update desktops and servers Software deployment and configuration management Network access and files monitoring Real-time email alerts and logs upon changes to confidential folders, or user accounts E-Mail Encryption Secure messages and information Restricted Access to Client Management Systems (CMS) Access restricted to within the organization s network Mobile Device Management Manage mobile devices ensuring secure data on mobile devices Cybersecurity Awareness Program Training and Communiques
Thank you! Questions?
