Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 July 08, 2010 Information Security Officer Meeting.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 July 08, 2010 Information Security Officer Meeting."— Presentation transcript:

1 1 July 08, 2010 Information Security Officer Meeting

2 2 Welcome

3 Meeting Agenda ----- Topics ----- Opening 10 minutes Topics:  OIS Management Changes  Cyber Exercises – Cyber Storm III  Legislation  2010 Federal Grants  DNSSEC – A technical discussion  ISO Basic Training – It’s for everyone, not just the newbie  Enterprise Information Security Awareness Web Application  Public Scorecard  Policy 90 minutes Q&A and Closing 20 minutes

4 4 OIS Management Changes

5 5 Cyber Exercises

6 6 California Cyber Exercise August 12, 2010

7 7 Cyber Exercises “The last major cybersecurity exercise conducted by DHS was held in 2008. Cyberstorm III is slated to include a number of international computer emergency readiness teams (CERTS), including representatives from Australia, New Zealand, Canada and the United Kingdom. Officials from Japan and nine European nations have also been invited to participate. Previous Cyberstorm exercises focused on attacks attempting to take down the Internet or spread malicious software on high priority government systems. Cyberstorm III is expected to test the processes and roles in place while simulating a cyberattack against the underlying control systems of country's critical infrastructure – power grids, dams and systems that protect energy facilities.” -- 15 Jun 2010 | SearchSecurity.com CyberStorm III

8 8 Legislation

9 9 Pending Legislation AB 1899 Transparency. State agencies to post specific audit information. OCIO and DGS to post specific summary information regarding contracts awarded to the state. Governor's Office to post specific financial information.

10 10 Pending Legislation AB 2091 Public Records Act (PRA) exemption. Information Security records that would reveal vulnerabilities or would increase the potential for an attack on an information system. A very limited and targeted exemption.

11 11 Pending Legislation AB 2408 Governor’s Reorganization Plan clean-up bill Codifies Executive Order S-10-03 Name change – OCIO to California Technology Agency Extends the OCIO’s sunset set date from 2013 to 2015

12 12 Pending Legislation AB 1055 State Chief Information Officer - fingerprints and criminal history checks. OCIO employees and contractors that have access to sensitive or confidential information. Conviction of crimes related to dishonesty, fraud, or deceit and is substantially related to the duties of the person. There is an appeals process.

13 13 2010 Federal Grants (Proposed)  OIS Grant Requests Threat Vulnerability Management Program Enterprise Vulnerability Assessment Service Statewide PCI Compliance CA Information Sharing and Analysis Center State and Local Government Training Content Learning Management System

14 14 2010 Federal Grants (Proposed) Online Incident Management System Enterprise Certificate Authority Enterprise Disaster Recovery Forensics Lab Enterprise Security Operations Center  Endorsement Letter for OIS Grant Request and Commitment for Joint Participation on Awarded Projects

15 15 SecureDNS - DNSSEC

16 16 SecureDNS - DNSSEC

17 17 SecureDNS - DNSSEC

18 18 SecureDNS - DNSSEC

19 19 … ca.gov … state.ca.us SecureDNS - DNSSEC The DNSSEC project is an 18+ month, $1.353 million, federally funded project that will advance the integrity and availability for California’s Internet capabilities. All entities that use one of the zones named above for either world wide web or email addressing will need to stay informed and involved.

20 20 SecureDNS - DNSSEC End-State: A functional DNS governance program and oversight committee. California DNS infrastructure that is capable of signing DNS requests. The sub-domains with “ca.gov” and “state.ca.us” will all have been vetted for appropriateness and only those approved and fully documented will remain active.

21 21 SecureDNS - DNSSEC End-State (continued): All State of California entities that host internal DNS services will have the necessary technology to support DNSSEC. A comprehensive DNS management process, complete with procedures and standards, will be operational.

22 22 SecureDNS - DNSSEC What will the project need from departments? A point of contact at your department. Where necessary, hardware refresh. Software to manage DNS signing keys. Time to test and test, then test some more. Commitment.

23 23 SecureDNS - DNSSEC This is not only a technology project, it is also an enterprise governance project. This project will impact not only state entities, it will require commitment of time from counties and cities. Testing will be the most important phase of the SDLC. Service interruptions are unacceptable.

24 24 ISO Basic Training Six to seven hours of in-person training on OIS’ expectations for all ISOs and Agency ISOs. Required for all new ISOs. Required for all current ISOs in management or supervisor classifications. The first class will be held July 15 th at 1325 J Street. This class will help establish future curriculum. There will be an annual refresher course (also required).

25 25 Enterprise Information Security Awareness Web Application

26 26 Public Scorecard

27 27 Public Scorecard http://www.cio.ca.gov/OIS/Government/activities_schedule.asp

28 28 Public Scorecard There will be no surprises. You and your management will be fully aware of the scores before publication. First Scorecard will be published on our website in late July 2010.

29 29 Future Policies Security Reporting Scorecard Policy Letter Infrastructure Consolidation Scorecard Cloud Computing Privacy

30 30 Questions

Download ppt "1 July 08, 2010 Information Security Officer Meeting."

Similar presentations

January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.

January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.
Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]
1 April 12, 2010 Information Security Officer Meeting.

1 April 12, 2010 Information Security Officer Meeting.
Chapter 43 An Act Relative to Improving Accountability and Oversight of Education Collaboratives Presentation to Board of Elementary and Secondary Education.

Chapter 43 An Act Relative to Improving Accountability and Oversight of Education Collaboratives Presentation to Board of Elementary and Secondary Education.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.

Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.
E-Security Background IT Infrastructure in Sikkim Current Status of Cyber Security& Cyber Crime in SIkkimCurrent Status of Cyber Security& Cyber Crime.

E-Security Background IT Infrastructure in Sikkim Current Status of Cyber Security& Cyber Crime in SIkkimCurrent Status of Cyber Security& Cyber Crime.
Introduction to Cyber Crime Investigation Course Conducted in English Institute for Information Industry Decision Group.

Introduction to Cyber Crime Investigation Course Conducted in English Institute for Information Industry Decision Group.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
HSGP Funding for Security Efforts Presented by Michele Robinson.

HSGP Funding for Security Efforts Presented by Michele Robinson.
Continuity of Operations Planning COOP Overview for Leadership (Date)

Continuity of Operations Planning COOP Overview for Leadership (Date)
Information Technology Assessment Review Presented to the Board of the State Center Community College District.

Information Technology Assessment Review Presented to the Board of the State Center Community College District.
1 Preparing Texas Today... Texas Preparedness Workshop November 16-17, 2005 Austin, Texas A Texas Community Partnership...for Tomorrow’s Challenges Governor’s.

1 Preparing Texas Today... Texas Preparedness Workshop November 16-17, 2005 Austin, Texas A Texas Community Partnership...for Tomorrow’s Challenges Governor’s.
Module 2.1 Finance and Administration Cabinet Organizational Changes and Agency Impact March 16-18.

Module 2.1 Finance and Administration Cabinet Organizational Changes and Agency Impact March

Similar presentations

Ads by Google