Idaho Cybersecurity Task Force Department of Administration 16 Sep 2015
Overview Existing Security Protocols Data Mapping Assess needs, identify best practices
Existing Security Protocols PoliciesStandardsGuidelines
Cybersecurity Physical Infrastructure 1.Layered security a)Agency specific compliance b)Protection between agencies 2.Protection and Detection a)Firewall; Intrusion Detection; Anti-bot b) inspection; Web filtration; Data Loss Prevention c)Endpoint and Server anti-virus
Cybersecurity Policies 1.ITA authority (I.C ) a)Primarily initiated and coordinated by Admin b)Coordinated with agencies through ITA subcommittee 2.Policies, Standards, Guidelines a)29 directly addressing cybersecurity b)E.g. Incident reporting; cloud based file storage; data cleansing methods
Policy Highlights 1.P-4110: requires agency cybersecurity coordinator 2.P-4510: defines cybersecurity incident and requires reporting 3.G-580: defines cybersecurity breach; provides foundation for data mapping
Data Mapping
Categorize Select ImplementAssessAuthorizeMonitor Security Life Cycle - Federal -
Data Mapping
Assess Needs and Identify Best Practices
Assess Needs Idaho Technology Authority Manage Risk
Best Practices NIST (Fed) v. ISO Education Vulnerability Scanning/ Penetration Testing
Best Practices Build Relationships Improve Oversight
Technical Steps Mobile Devices End Points
Technical Steps Authentication