Idaho Cybersecurity Task Force Department of Administration 16 Sep 2015

Overview Existing Security Protocols Data Mapping Assess needs, identify best practices

Existing Security Protocols PoliciesStandardsGuidelines

Cybersecurity Physical Infrastructure 1.Layered security a)Agency specific compliance b)Protection between agencies 2.Protection and Detection a)Firewall; Intrusion Detection; Anti-bot b) inspection; Web filtration; Data Loss Prevention c)Endpoint and Server anti-virus

Cybersecurity Policies 1.ITA authority (I.C ) a)Primarily initiated and coordinated by Admin b)Coordinated with agencies through ITA subcommittee 2.Policies, Standards, Guidelines a)29 directly addressing cybersecurity b)E.g. Incident reporting; cloud based file storage; data cleansing methods

Policy Highlights 1.P-4110: requires agency cybersecurity coordinator 2.P-4510: defines cybersecurity incident and requires reporting 3.G-580: defines cybersecurity breach; provides foundation for data mapping

Data Mapping

Categorize Select ImplementAssessAuthorizeMonitor Security Life Cycle - Federal -

Data Mapping

Assess Needs and Identify Best Practices

Assess Needs Idaho Technology Authority Manage Risk

Best Practices NIST (Fed) v. ISO Education Vulnerability Scanning/ Penetration Testing

Best Practices Build Relationships Improve Oversight

Technical Steps Mobile Devices End Points

Technical Steps Authentication