Presentation on theme: "1 April 12, 2010 Information Security Officer Meeting."— Presentation transcript:
1 April 12, 2010 Information Security Officer Meeting
4 Chris Cruz Directory and Collaboration Services
5 OCIO Technical Architecture Baseline (T.A.B.) Collect detailed inventory data for 93% of the state- owned hardware and software Two methods of collection: onsite or remote collection Scans will not touch customer data Phase I is a discovery only scan (ICMP Ping) Phase II is a more detailed scan requiring access credentials (WMI, SSH, SNMP) Access to the department’s detailed inventory data will be provided For more information, you may contact P.J. Bajwa with the OCIO
6 Governor’s Executive Order S-03-10
7 Agency and Department Compliance Reporting Status
8 U.S. Department of Homeland Security (DHS) Federal Grants Awarded and Proposed
9 DHS Federal Grants Awarded Statewide Information Security Awareness Training Incident Reporting Automation Effort Enterprise Risk Management Program Secure DNS
10 Coming in August 2010 Basic Information Security Awareness Training Will be available for a nominal fee to any state agency and local county and city government entities, for the widest spectrum of technical environments. Satisfies the annual security and privacy training requirement for employees and contractors; it is appropriate for the audience, and is user friendly.
11 Enterprise Risk Management Program FSR Development Proposed Solution
12 Risk Management Grant Cyber Security Risk Assessment –Business Problem: There is no standardized process for implementation or review of risk management or assessment programs within departments or agencies –Solution: Develop and implement a standardized risk assessment framework with the instructions, tools, methods and roll out.
13 Secure ca.gov Domain Name System – Grant E Thirty three (33) month project to begin ASAP … align the State of California with the Federal.gov domain security objectives and provide a trail of authentication and data integrity throughout the city/agency.ca.gov domain zones for trustworthy and reliable e-government communications and operations. All entities that have been issued a “ca.gov” TLD will play a role in this project. A request will be sent to each CIO to identify their DNS administrator.
14 DHS Federal Grant Proposals California Computer Incident Response Team CA-CIRT California information Sharing and Assurance Center CA-ISAC
15 Social Media ITPL and Standard State Information Management Manual Section 85 A. Conduct a formal risk assessment Formally document management’s acceptance, mitigation, and handling of the risks involved Disable Internet access to Social Media websites … until authorized by agency management … Users shall connect to, and exchange information with, only those Social Media websites that have been authorized by agency management …
16 Tele-work Media ITPL and Standard Connection/ Application Two-Factor Authentication Use of State- Owned Equipment Use of Personally- Owned Equipment Network-level (e.g., IPSec VPN) Required Only Allowed Under Exception Process Web-based connections for only (e.g., OWA, Novell, Lotus Notes) Not Required Allowed Web-based connections for other applications (e.g., Citrix) RequiredNot RequiredAllowed
17 Tele-work Media ITPL and Standard
18 Cyber Exercises State and Federal CIAS Tabletop Exercise 2, Sacramento Community; April 15, 2010 CIAS Tabletop Exercise 2, Palo Alto Community; May 5, 2010 CIAS State Cyber Exercise; August 12, 2010 GH Cyber Cabinet Level Executive Tabletop Exercise; September 15, 2010 Cyberstorm III (International DHS/FEMA sponsored); September 2010