Document 7843195

Download Report

Transcript Document 7843195

Office Updates

• ORP-COOP/COG Alignment • SAM/SIMM Restructure • New/Revised SIMM Forms and Instructions January 10, 2008 Presented by Rosa Umbach www.infosecurity.ca.gov/ 1

ORP-COOP/COG Alignment

• Publication of Workgroup Products – Revised SIMM 65A Instructions – New SIMM 70D – Definitions – Internal Checklist (coming soon) Pending – Working with OES • COOP/COG definitions • Updating of the COOP/COG Instructions January 10, 2008 www.infosecurity.ca.gov/ 2

SAM/SIMM Restructure

• Phase I – Restructure SAM 4840-4845 – Working with DGS to publish in SAM – Developing Management Memo for releasing new structure • Phase II – Perform Policy Gap Analysis • Phase III – Prioritize and begin establishing new policy January 10, 2008 www.infosecurity.ca.gov/ 3

SAM Restructure

NOTE: SAM restructure from 4840-4845 to Section 5300 is still in draft. We recommend making no changes until the Management Memo is released.

January 10, 2008 www.infosecurity.ca.gov/ 4

SAM Restructure (Continued)

NOTE: SAM restructure from 4840-4845 to Section 5300 is still in draft. We recommend making no changes until the Management Memo is released.

January 10, 2008 www.infosecurity.ca.gov/ 5

Revised SIMM Forms

• Agency Designation Letter (SIMM 70A) – Director can identify individual to sign as designee – Identification of other agencies that agency supports • Agency Operational Recovery Plan Certification (SIMM 70B) – New Office Name • Agency Risk Management and Privacy Program Compliance Certification (SIMM 70C) – Certifies full Risk Management Program is in place or the Agency provides remediation plan to become compliant.

January 10, 2008 www.infosecurity.ca.gov/ 6

SIMM 70A

January 10, 2008 www.infosecurity.ca.gov/ 7

SIMM 70C

January 10, 2008 www.infosecurity.ca.gov/ 8

Risk Management Certification

• Remediation Plan should include: – List of activities which the agency is not yet compliant with – Timeline for completing each activity – Method for validation of completion – Method of verification of compliance – Contact for remediation plan January 10, 2008 www.infosecurity.ca.gov/ 9

NEW SIMM Form

• Agency Operational Recovery Plan Transmittal Letter (SIMM 70D) January 10, 2008 www.infosecurity.ca.gov/ 10

Questions?

January 10, 2008 www.infosecurity.ca.gov/ 11