1 / 19

Information Security Officer Meeting

April 12, 2010. Information Security Officer Meeting. Welcome. Meeting Agenda. Chris Cruz E-Mail Directory and Collaboration Services. OCIO Technical Architecture Baseline (T.A.B.). Collect detailed inventory data for 93% of the state- owned hardware and software

phuc
Download Presentation

Information Security Officer Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. April 12, 2010 Information Security Officer Meeting

  2. Welcome

  3. Meeting Agenda

  4. Chris Cruz E-Mail Directory and Collaboration Services

  5. OCIO Technical Architecture Baseline (T.A.B.) • Collect detailed inventory data for 93% of the state- owned hardware and software • Two methods of collection: onsite or remote collection • Scans will not touch customer data • Phase I is a discovery only scan (ICMP Ping) • Phase II is a more detailed scan requiring access credentials (WMI, SSH, SNMP) • Access to the department’s detailed inventory data will be provided • For more information, you may contact P.J. Bajwa with the OCIO

  6. Governor’s Executive Order S-03-10

  7. Agency and Department Compliance Reporting Status

  8. U.S. Department of Homeland Security (DHS) Federal Grants Awarded and Proposed

  9. DHS Federal Grants Awarded • Statewide Information Security Awareness Training • Incident Reporting Automation Effort • Enterprise Risk Management Program • Secure DNS

  10. Coming in August 2010Basic Information Security Awareness Training • Will be available for a nominal fee to any state agency and local county and city government entities, for the widest spectrum of technical environments. • Satisfies the annual security and privacy training requirement for employees and contractors; it is appropriate for the audience, and is user friendly.

  11. Enterprise Risk Management Program • FSR Development • Proposed Solution

  12. Risk Management Grant • Cyber Security Risk Assessment • Business Problem: • There is no standardized process for implementation or review of risk management or assessment programs within departments or agencies • Solution: • Develop and implement a standardized risk assessment framework with the instructions, tools, methods and roll out.

  13. Secure ca.gov Domain Name System – Grant E • Thirty three (33) month project to begin ASAP • … align the State of California with the Federal .gov domain security objectives and provide a trail of authentication and data integrity throughout the city/agency .ca.gov domain zones for trustworthy and reliable e-government communications and operations. • All entities that have been issued a “ca.gov” TLD will play a role in this project. A request will be sent to each CIO to identify their DNS administrator.

  14. DHS Federal Grant Proposals • California Computer Incident Response Team • CA-CIRT • California information Sharing and Assurance Center • CA-ISAC

  15. Social Media ITPL and Standard State Information Management Manual Section 85 A. • Conduct a formal risk assessment • Formally document management’s acceptance, mitigation, and handling of the risks involved • Disable Internet access to Social Media websites … until authorized by agency management … • Users shall connect to, and exchange information with, only those Social Media websites that have been authorized by agency management …

  16. Tele-work Media ITPL and Standard

  17. Tele-work Media ITPL and Standard

  18. Cyber Exercises State and Federal • CIAS Tabletop Exercise 2, Sacramento Community; April 15, 2010 • CIAS Tabletop Exercise 2, Palo Alto Community; May 5, 2010 • CIAS State Cyber Exercise; August 12, 2010 • GH Cyber Cabinet Level Executive Tabletop Exercise; September 15, 2010 • Cyberstorm III (International DHS/FEMA sponsored); September 2010

  19. Questions

More Related