Privacy is a right that people have; Security is the protection of that right.
Organization
The Information Security and Privacy Office (ISPO)
Our core purpose is to protect the Confidentiality, Integrity, and Availability of our information assets and systems. You may hear this referred to as the CIA triad. Wrapping the CIA triad around our data, services, and processes helps DHS/OHA achieve balance in our ability to accomplish work and protect our information
Programs
The Information Security and Privacy Office (ISPO) is a part of the Shared Services group in OHA. ISPO is charged with oversight and responsibility for guiding the both agency's information security and privacy needs in the following ways.
- Security and Privacy Consulting and Guidance to OHA/DHS Clusters
ISPO will provide guidance and direction on "what" and "how" OHA/DHS should do to support a secure environment. ISPO will actively participate in the implementation and issue resolution of information security and privacy initiatives.
- Periodic Reviews and Audits
ISPO will provide periodic review and audit of information security and privacy processes and practices.
- Security and Privacy Incident Response
ISPO will provide responses and track resolutions to privacy and information security incidents. ISPO will chair the Security Incident Response Team and the Privacy Review Committee. The incident response teams will include staff from the Clusters and OIS.
- Coordination of Security and Privacy Business Processes and Information Systems Improvements
ISPO will provide project management and coordination for improvements to information security and privacy business processes and information systems.
- Awareness and Education
ISPO provides awareness, education, and training on information security and privacy best practices.