Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General...
-
Upload
pamela-conley -
Category
Documents
-
view
212 -
download
0
Transcript of Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General...
![Page 1: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/1.jpg)
Dodi Smith C.P.A., C.I.S.AInformation Security Manager
Michigan Office of the Auditor General
Information Security & The Auditor
![Page 2: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/2.jpg)
– Overview of Michigan– Information Security, Why Should We Care– Michigan’s Ongoing Information Security
Efforts– Information Security:
• Before an Audit• As We Audit• Finishing An Audit
Program Outline
![Page 3: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/3.jpg)
A little about Michigan…
State of Michigan– 18 Executive Branch Departments – 47,000+ state employees – $48.7 billion budget– 1.6 million recipients of food assistance– 1.9 million residents in the Medicaid program– 13,000 children in foster care– 1.6 million pupils– 5 million individual income taxpayers– 43,000+ prisoners– 530,000 customers in the retiree system
![Page 4: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/4.jpg)
A little more about Michigan…
Michigan Office of Auditor General– 136 employees – $20 million budget– Audits FY 2014 thru August• 20 financial/single audit• 33 performance • 6 follow-up reports • 17 contract audits
![Page 5: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/5.jpg)
A little about me…
– My role includes…• Develop overall security strategy• Develop policy and procedure• Designated liaison with state departments
for information exchange • Security Awareness
![Page 6: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/6.jpg)
What is the big deal about information security?
According to PrivacyRights.org, to date in 2014, government agencies are
responsible for 19 known data breaches.
![Page 7: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/7.jpg)
Breaking down the numbers
72,358 is the number of KNOWN records that contained either bank information, credit card information, and/or ssn
The 72,358 records came from only 6 of the breaches. The other 13 breaches they were not able to measure the number of records or individuals impacted
![Page 8: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/8.jpg)
Information is our Business
The ability to obtain and analyze data has improved our audit efficiency.
Data Analytics:– Better Quantify Issues– Gain a better understanding of risk– Increase/strengthen audit coverage– Facilitate discussion
But we need data to realize these improvements.
![Page 9: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/9.jpg)
With the Information Access Comes GreatER Responsibility.
![Page 10: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/10.jpg)
Understand & Accept Responsibilities:
• Trustworthy Custodians• Consistent interpretation and application
of policies & procedures• Endorse good data management practices• Appropriate Disclosure
![Page 11: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/11.jpg)
Behind the Scenes
Office of Information Technology• Firewalls• Encryption• Anti-virus• Spam filters• Monitoring Tools• Security Awareness
![Page 12: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/12.jpg)
Information SecurityBefore We Audit
• Research applicable laws governing the data
• Access forms and security agreements• Only request the data you need• Process if you are denied access to data
![Page 13: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/13.jpg)
Information SecurityAs We Audit
• Follow policies and procedures• Ensure safe handling, storage, access, and
transfer• Immediately report any security incidents
![Page 14: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/14.jpg)
Information SecurityFinishing An Audit
• Ensure only necessary information is retained
• Ensure appropriate destruction of data• Ensure all system access is removed• Provide any required destruction
notifications
![Page 15: Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.](https://reader035.fdocuments.in/reader035/viewer/2022080917/56649ec55503460f94bd06d7/html5/thumbnails/15.jpg)
Ongoing Challenges
• Increased Threats• Maintaining the balance security and
productivity• Keeping Information Security Fresh