1. Idaho Cybersecurity Task Force Department of Administration 16 Sep 2015

2. Overview Existing Security Protocols Data Mapping Assess needs, identify best practices

3. Existing Security Protocols PoliciesStandardsGuidelines

4. Cybersecurity Physical Infrastructure 1.Layered security a)Agency specific compliance b)Protection between agencies 2.Protection and Detection a)Firewall; Intrusion Detection; Anti-bot b)Email inspection; Web filtration; Data Loss Prevention c)Endpoint and Server anti-virus

5. Cybersecurity Policies 1.ITA authority (I.C. 67-5745) a)Primarily initiated and coordinated by Admin b)Coordinated with agencies through ITA subcommittee 2.Policies, Standards, Guidelines a)29 directly addressing cybersecurity b)E.g. Incident reporting; cloud based file storage; data cleansing methods

6. Policy Highlights 1.P-4110: requires agency cybersecurity coordinator 2.P-4510: defines cybersecurity incident and requires reporting 3.G-580: defines cybersecurity breach; provides foundation for data mapping

7. Data Mapping

8. Categorize Select ImplementAssessAuthorizeMonitor Security Life Cycle - Federal -

9. Data Mapping

11. Assess Needs and Identify Best Practices

12. Assess Needs Idaho Technology Authority Manage Risk

13. Best Practices NIST (Fed) v. ISO Education Vulnerability Scanning/ Penetration Testing

14. Best Practices Build Relationships Improve Oversight

15. Technical Steps Mobile Devices End Points

16. Technical Steps Authentication