Académique Documents
Professionnel Documents
Culture Documents
Stephen will then walk us through the latest IT Security roadmap that addresses the key action plans.
Background:
In 2015, in response to significant increase in retail security breaches, IT proactively adopted National Institute of
Standards and Technologys Cybersecurity Framework to help manage cybersecurity risk.
Although no framework is perfect, they serve as a good measuring stick. IT chose this one due to its comprehensive
nature and cybersecurity focus. It also incorporates common set of standards from multiple established IT frameworks.
After the adoption of the framework, both IT and IA performed assessments in FY15 highlighting areas with control gaps
In Q3 of this fiscal year, IT Management and IA selected a 3rd party firm, DHG, to perform an external assessment of the
current control environment at the request of the AC.
Key gaps that contributed to not reaching the desired maturity state include:
- Not knowing where all of our critical data is beyond CC data (confidential, restricted, etc. SSN, Customer
data, etc) which makes it hard to properly protect or segregate, detect it when it is shared or stolen, and
properly respond to & recover from the incident
- Regularly scanning systems for vulnerabilities and remediating them
o Vulnerability system flaws or weaknesses
- Evolution of the SOC - Effective and Comprehensive security log collection and monitoring
- BCDR This was the primary call out during the last assessment. Steering Committee meets bi-weekly to
address actions. A tool has been purchased to help build the plans and a dedicated DR resource hired. A
separate roadmap has been built for BCDR specifically. Update will be provided next quarter.