October 10, 2007 1

Better Together – The Road to Responsible

Information Management

Presented by Colleen Pedroza, State Information Security Officer

October 10, 2007 2

Office of Information Security & Privacy

ProtectionComing Soon!SB 90 creates new Office in State & Consumer Services Agency

• Effective 1/1/08• Government Code 11549

Mission: Uniting consumer privacy protection with the oversight of government’s responsible management of information to ensure the trust of Californians

October 10, 2007 3

Office of Information Security & Privacy

Protection

Office of Privacy Protection

Executive

State InformationSecurity Office

Consumer Focused•Consumer Assistance•Information & Education•Best Practice•Recommendations

Government Focused•Policy, Standards, Guidance•Assistance & Advice•Education & Awareness•Compliance Monitoring

October 10, 2007 4

Responsible Information Management

Blueprint for comprehensive approach to management of information– Personal, confidential, and sensitive information– Critical infrastructure – Information assets – People, processes, and technology– Physical and cyber security together

October 10, 2007 5

Did Henry Ford think about safety?

October 10, 2007 6

The World’s First Home Computer

1954

October 10, 2007 7

Car Safety 1960s- 1990s

October 10, 2007 8

Records Management of the 1960s - 1990s

October 10, 2007 9

The Road Most TraveledSilos common Viewed as a tactical function Old forms never dieISOs and Privacy Officers not always taken seriouslyMisnomer that it applies only to ITViewed as “$ecurity = $$$$” and a “bolted on” optionNew laws and regulations make compliance difficultLimited employee and contractor trainingIncident numbers growing

October 10, 2007 10

The Road to Responsible Information ManagementBe an advocate - It must start at the top!Recognize the information your agency has is a strategic enabler for mission accomplishmentAchieve compliance with laws and regulationsCreate a governance structure - Enlist all departmental resources Collaborate with other agencies Work with the Office of Information Security and Privacy Protection

October 10, 2007 11

What’s In It for You as an Executive?

Increased business success/resiliencePerformance improvementsOnline (e-government) initiatives can be realizedSecurity is integrated into your business processesDecreased risk to operations and business

October 10, 2007 12

What’s In It for Californians?

Increased public confidence and trust– They can’t take their business elsewhere– The knowledge that Government is taking this

seriously

California Government must be a leader in responsible information managementCalifornians are counting on you to manage our information responsibly

October 10, 2007 13

Nirvana – Better Together!

Be a leader in the paradigm shift Be proactive vs reactive – embrace responsible information managementImplement concepts as part of the core business principlesEmpower your ISO and Privacy Officer! Make it a department-wide effort!Start small, lay out a plan, and continuously improveBe a model for others

October 10, 2007 14

Don’t Forget to visit the Sponsor and Exhibitor Booths!