October 10, 2007 1

Better Together – The Road to Responsible

Information Management

Presented by Colleen Pedroza,

State Information Security Officer

October 10, 2007 2

Office of Information Security & Privacy

ProtectionComing Soon!

SB 90 creates new Office in State & Consumer Services Agency

• Effective 1/1/08• Government Code 11549

Mission: Uniting consumer privacy protection with the oversight of government’s responsible management of information to ensure the trust of Californians

October 10, 2007 3

Office of Information Security & Privacy

Protection

Office of Privacy Protection

Executive

State InformationSecurity Office

Consumer Focused•Consumer Assistance•Information & Education•Best Practice•Recommendations

Government Focused•Policy, Standards, Guidance•Assistance & Advice•Education & Awareness•Compliance Monitoring

October 10, 2007 4

Responsible Information Management

Blueprint for comprehensive approach to management of information– Personal, confidential, and sensitive information– Critical infrastructure – Information assets – People, processes, and technology– Physical and cyber security together

October 10, 2007 5

Did Henry Ford think about safety?

October 10, 2007 6

The World’s First Home Computer

1954

October 10, 2007 7

Car Safety 1960s- 1990s

October 10, 2007 8

Records Management of the 1960s - 1990s

October 10, 2007 9

The Road Most Traveled

Silos common Viewed as a tactical function Old forms never dieISOs and Privacy Officers not always taken seriouslyMisnomer that it applies only to ITViewed as “$ecurity = $$$$” and a “bolted on” optionNew laws and regulations make compliance difficultLimited employee and contractor trainingIncident numbers growing

October 10, 2007 10

The Road to Responsible Information ManagementBe an advocate - It must start at the top!

Recognize the information your agency has is a strategic enabler for mission accomplishment

Achieve compliance with laws and regulations

Create a governance structure - Enlist all departmental resources

Collaborate with other agencies

Work with the Office of Information Security and Privacy Protection

October 10, 2007 11

What’s In It for You as an Executive?

Increased business success/resilience

Performance improvements

Online (e-government) initiatives can be realized

Security is integrated into your business processes

Decreased risk to operations and business

October 10, 2007 12

What’s In It for Californians?

Increased public confidence and trust– They can’t take their business elsewhere– The knowledge that Government is taking this

seriously

California Government must be a leader in responsible information management

Californians are counting on you to manage our information responsibly

October 10, 2007 13

Nirvana – Better Together!

Be a leader in the paradigm shift

Be proactive vs reactive – embrace responsible information management

Implement concepts as part of the core business principles

Empower your ISO and Privacy Officer!

Make it a department-wide effort!

Start small, lay out a plan, and continuously improve

Be a model for others

October 10, 2007 14

Don’t Forget to visit the Sponsor and Exhibitor Booths!