Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 July 9, 2009 Information Security Officer Meeting.

Published byLauren Thomas Modified over 8 years ago

Similar presentations

Presentation on theme: "1 July 9, 2009 Information Security Officer Meeting."— Presentation transcript:

1 1 July 9, 2009 Information Security Officer Meeting

2 2 Katrina Yang Reaching Us… No change to mailing address No change to phone numbers Change to email addresses security@state.ca.govsecurity@state.ca.gov mark.weatherford@state.ca.govmark.weatherford@state.ca.gov rosa.umbach@state.ca.govrosa.umbach@state.ca.gov michele.robinson@state.ca.govmichele.robinson@state.ca.gov katrina.yang@state.ca.govkatrina.yang@state.ca.gov Office closures due to mandated furloughs

3 3 Mark Weatherford OCIO/OIS Organizational Update GRP Transition OIS Vacancies and recruitment efforts Impact on OIS’ ability to meet prior service level expectations Also on the move…

4 4 Rosa Umbach ITPL 09-02, Security Segment Security Survey

5 5 Michele Robinson Incident Management FSR Project Update Grant funded feasibility study Stakeholder (owner and user) interviews were conducted Information security regulations, policies, standards, and guidelines were researched Market research was performed

6 6 Michele Robinson Problem and needs were validated Alternatives were identified Based on overall cost/benefit a proposed alternative was selected FSR is close to completion (August 2009 )

7 7 Michele Robinson Alternatives Leverage Existing Remedy Service Desk Software Acquire a Custom-off-the-Shelf (COTS) Solution Partner with CalEMA RIMS (Response Information Mgmt System) Replacement Project

8 8 Michele Robinson Benefits of Partnership with CalEMA Establishes a unified and coordinated approach between COIS, CHP, and CalEMA Consolidation of separate existing (and conceptual) systems into a single system Scalable and can be extended to local governments Greater security of data Implementation is expedited by leveraging an approved FSR Less costly

9 9 Michele Robinson Benefits of Partnership with CalEMA Alignment with: National strategy “The government, working with key stakeholders, should design an effective mechanism to achieve a true common operating picture that integrates information from the government and private sector and serves as the basis for informed and prioritized vulnerability mitigation efforts and incident response decisions.” – Cyberspace Policy Review http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf Key objectives derived from: Cyberspace Policy Review National Strategy to Secure Cyberspace National Strategy for the Physical Protection of CI/KR

10 10 Michele Robinson Benefits of Partnership with CalEMA Alignment with: State IT Strategic Plan: –“Information technology support for the Executive Branch of California State Government will operate as a seamless enterprise, delivering consistent, cost-effective, reliable, accessible and secure services that satisfy the needs of its diverse public and private customers, including the People of California, its business communities and its public sector agencies.” - California State Information Technology 2006 Strategic Plan, pg 5 State IT Capital Plan: –“Facilitate improvements in internal business processes and financial management through IT investments and enhance and promote enterprise data sharing through IT investments.“ – 2009 ITCP Overview http://www.itsp.ca.gov/Capital_Plan/http://www.itsp.ca.gov/Capital_Plan/

11 11 Michele Robinson Telework Policy and Security Standards Update DGS Telework Policy –DGS Telework Advisory Group (TAG) OIS Telework Security Standards –DPA will facilitate meet and confer with labor

12 12 Michele Robinson Twitter Vulnerabilities Month long campaign/project entitled the “Month of Twitter Bugs” or “MoTB” Began July 1, 2009 Focus on ways to utilize the Twitter website and third-party Twitter applications to distribute malicious code. Malicious code may be used to exploit other third-party programs with a similar codebase as Twitter May result in automated programs being written to take advantage these known vulnerabilities.

13 13 Michele Robinson Twitter Vulnerabilities Month of Twitter Bugs: http://twitpwn.com/ http://twitpwn.com/ Aviv Rafi (Creator of "Month of Twitter Bugs" blog): http://aviv.raffon.net/2009/06/15/MonthOfTwitter Bugs.aspx http://aviv.raffon.net/2009/06/15/MonthOfTwitter Bugs.aspx

14 14 Michele Robinson Recommendations: Have a policy on the appropriate use of social networking sites Ensure users are trained on the appropriate use of social networking sites, including: –Enabling the privacy features and disabling of "Auto-Feeds" that are not approved by your organization. –Not visiting un-trusted websites or follow links provided by unknown or un-trusted sources. –Understanding the threats posed by hypertext links, especially from un-trusted sources. –Following your organization's policies for incident reporting.

15 15 Michele Robinson Recommendations: Ensure that all anti-virus software is up-to- date with the latest signatures. Ensure that the most recent vendor patches are applied on all desktops, laptops, mobile devices and servers as soon as possible. Deploy network intrusion detection systems to monitor network traffic for malicious activity.

16 16 Michele Robinson State Direction on Departmental Use of Social Networking Media Agency use versus all employee use Argument for advantages of employee access Security must help business to achieve the objectives of the directive

17 17 Mark Weatherford Strategic Plan and Policy Refresh Project Update

18 18 Mark Weatherford ITPL 09-05 Agency Information Officer and Department Chief Information Officer Responsibilities

19 19 Mark Weatherford ITPL 09-05 Questions Q: Does this mean that all ISOs in an IT classification must report to CIO? A: Yes, that is the intent. Q: What does this mean to ISO’s in non-IT classifications? A: This is currently under consideration.

20 20 Mark Weatherford What are the ISO Concerns? In Addition to Known ITPL 09-05 Concerns Reporting to the CIO is a conflict of interest. Security and risk issues will not get raised to my agency head as needed and expected.

21 21 Mark Weatherford Closing Please complete the feedback survey. Thank you for your attendance and participation.

Download ppt "1 July 9, 2009 Information Security Officer Meeting."

Similar presentations

Organizational Governance

Organizational Governance
CDCs 21 Goals. CDC Strategic Imperatives 1. Health impact focus: Align CDCs people, strategies, goals, investments & performance to maximize our impact.

CDCs 21 Goals. CDC Strategic Imperatives 1. Health impact focus: Align CDCs people, strategies, goals, investments & performance to maximize our impact.
1. 2 August 2009 - Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.

1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.
Raising the Standard for Improved Flood Risk Management in the Midwest Raising the Standard for Improved Flood Risk Management in the Midwest Interagency.

Raising the Standard for Improved Flood Risk Management in the Midwest Raising the Standard for Improved Flood Risk Management in the Midwest Interagency.
State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
State Portal Advisory Committee Kick-Off meeting 12 August 2010 Prepared by: Ivy Hoffman and George Bakolia.

State Portal Advisory Committee Kick-Off meeting 12 August 2010 Prepared by: Ivy Hoffman and George Bakolia.
California Child Welfare Co-Investment Partnership Children’s Conference Monterey, California May 29, 2008.

California Child Welfare Co-Investment Partnership Children’s Conference Monterey, California May 29, 2008.
National Infrastructure Protection Plan

National Infrastructure Protection Plan
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Office of the State CIO IT Capital Plan. Training Agenda New IT Capital Plan process How the IT Capital Plan works How to develop the IT Capital Plan.

Office of the State CIO IT Capital Plan. Training Agenda New IT Capital Plan process How the IT Capital Plan works How to develop the IT Capital Plan.
Active Directory Production Pilot Project Department of Administration Enterprise Technology Services (ETS) ETS is a customer based team that provides.

Active Directory Production Pilot Project Department of Administration Enterprise Technology Services (ETS) ETS is a customer based team that provides.
Prepared: October, 2005 1 Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.

Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
NOT FOR PUBLIC DISTRIBUTION State of Minnesota Technology Summary February 24, 2011.

NOT FOR PUBLIC DISTRIBUTION State of Minnesota Technology Summary February 24, 2011.
IT Governance and Management

IT Governance and Management

Similar presentations

Ads by Google