1 / 7

Policy, Standards and Guidelines Breakout

Policy, Standards and Guidelines Breakout. Co-Chairs. Victor Hazlewood OCIO Cyber Security, ORNL. Kim Milford ISO, University of Rochester. Summary of discussions. Commend NSF for putting security plan in agreements!!  Good step forward

pridek
Download Presentation

Policy, Standards and Guidelines Breakout

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Policy, Standards and GuidelinesBreakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester

  2. Summary of discussions • Commend NSF for putting security plan in agreements!!  Good step forward • It is recognized the wide range of projects that NSF supports – large, medium, small • Protection of data and risk based analysis is the key for the planning • Security planning requires thought of how security is to be implemented and thought about the associated costs follows as well • It is suggested that awardees and NSF program officers will need guidance

  3. Summary of discussions con’t • Recommendations: • Get more guidance from NSF on security plan • Security frameworks and best practices templates(e.g. NIST, educause, ISC2, etc) • Program officer security plan checklistNeed checklist based on risk • Engaging security experts to help awardees and program officers/reviewers • Incident response planning guide, flowcharts, resources(examples from Teragrid, Yale, etc.) • Acceptable Use Policy examples

  4. Summary of discussion so far • Encourage dialogue between awardees and Program Officers • Start discussion about development of protocol for notification about cyber security incidents with program officers (and other events that effects the program)

  5. Security Plan • Language in CA says must have a security plan with, but not limited to, • Policy and procedures • Roles and responsibilities • Risk assessment* • Awareness and training • Incident notification procedures • Technical safeguards • Administrative safegards • Physical safeguards* - ones we discussed in the breakout

  6. Others Policies of Interest Suggested List • Acceptable Use Policy* • Media Protection* • Incident response* • Access Control • Audit and Accountability • Security Assessment • Configuration Mgmt • Contingency Planning • Identification and Authentication

  7. Discussions so far… Policies • System Acquisition Policy and Procedures • System and Communication Protection • System and Information Integrity • Personnel Security • System Maintenance

More Related