Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 April 12, 2010 Information Security Officer Meeting.

Similar presentations

Presentation on theme: "1 April 12, 2010 Information Security Officer Meeting."— Presentation transcript:

1 1 April 12, 2010 Information Security Officer Meeting

2 2 Welcome

3 Meeting Agenda

4 4 Chris Cruz E-Mail Directory and Collaboration Services

5 5 OCIO Technical Architecture Baseline (T.A.B.) Collect detailed inventory data for 93% of the state- owned hardware and software Two methods of collection: onsite or remote collection Scans will not touch customer data Phase I is a discovery only scan (ICMP Ping) Phase II is a more detailed scan requiring access credentials (WMI, SSH, SNMP) Access to the department’s detailed inventory data will be provided For more information, you may contact P.J. Bajwa with the OCIO

6 6 Governor’s Executive Order S-03-10

7 7 Agency and Department Compliance Reporting Status

8 8 U.S. Department of Homeland Security (DHS) Federal Grants Awarded and Proposed

9 9 DHS Federal Grants Awarded Statewide Information Security Awareness Training Incident Reporting Automation Effort Enterprise Risk Management Program Secure DNS

10 10 Coming in August 2010 Basic Information Security Awareness Training Will be available for a nominal fee to any state agency and local county and city government entities, for the widest spectrum of technical environments. Satisfies the annual security and privacy training requirement for employees and contractors; it is appropriate for the audience, and is user friendly.

11 11 Enterprise Risk Management Program FSR Development Proposed Solution

12 12 Risk Management Grant Cyber Security Risk Assessment –Business Problem: There is no standardized process for implementation or review of risk management or assessment programs within departments or agencies –Solution: Develop and implement a standardized risk assessment framework with the instructions, tools, methods and roll out.

13 13 Secure Domain Name System – Grant E Thirty three (33) month project to begin ASAP … align the State of California with the domain security objectives and provide a trail of authentication and data integrity throughout the city/ domain zones for trustworthy and reliable e-government communications and operations. All entities that have been issued a “” TLD will play a role in this project. A request will be sent to each CIO to identify their DNS administrator.

14 14 DHS Federal Grant Proposals California Computer Incident Response Team CA-CIRT California information Sharing and Assurance Center CA-ISAC

15 15 Social Media ITPL and Standard State Information Management Manual Section 85 A. Conduct a formal risk assessment Formally document management’s acceptance, mitigation, and handling of the risks involved Disable Internet access to Social Media websites … until authorized by agency management … Users shall connect to, and exchange information with, only those Social Media websites that have been authorized by agency management …

16 16 Tele-work Media ITPL and Standard Connection/ Application Two-Factor Authentication Use of State- Owned Equipment Use of Personally- Owned Equipment Network-level (e.g., IPSec VPN) Required Only Allowed Under Exception Process Web-based connections for email only (e.g., OWA, Novell, Lotus Notes) Not Required Allowed Web-based connections for other applications (e.g., Citrix) RequiredNot RequiredAllowed

17 17 Tele-work Media ITPL and Standard

18 18 Cyber Exercises State and Federal CIAS Tabletop Exercise 2, Sacramento Community; April 15, 2010 CIAS Tabletop Exercise 2, Palo Alto Community; May 5, 2010 CIAS State Cyber Exercise; August 12, 2010 GH Cyber Cabinet Level Executive Tabletop Exercise; September 15, 2010 Cyberstorm III (International DHS/FEMA sponsored); September 2010

19 19 Questions

Download ppt "1 April 12, 2010 Information Security Officer Meeting."

Similar presentations

Ads by Google