Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.

Published byAshlynn Johnston Modified over 8 years ago

Similar presentations

Presentation on theme: "The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State."— Presentation transcript:

1 The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State Information Security Office March 2007

2 www.infosecurity.ca.gov CA State Information Security Office 2 Our Vision Our Vision Leading the way to secure the State's information assets Leading the way to secure the State's information assets Our Mission Our Mission To manage security and operational recovery risk for the State's information assets by providing statewide direction and leadership To manage security and operational recovery risk for the State's information assets by providing statewide direction and leadership

3 www.infosecurity.ca.gov CA State Information Security Office 3 Proposal to Move the SISO Governor’s Budget Proposal Governor’s Budget Proposal Consolidate SISO and Office of Privacy ProtectionConsolidate SISO and Office of Privacy Protection Move to State and Consumer Services AgencyMove to State and Consumer Services Agency Completed legislative trailer bill language establishing our authority Completed legislative trailer bill language establishing our authority Completed a BCP to increase the SISO by two additional positions Completed a BCP to increase the SISO by two additional positions Status – Discussions occurring in Senate hearings Status – Discussions occurring in Senate hearings

4 www.infosecurity.ca.gov CA State Information Security Office 4 Top Risks for State Government Inadequate statewide policies, standards, and guidelines Inadequate statewide policies, standards, and guidelines Inability to stay current with existing policies and laws Inability to stay current with existing policies and laws Failure to comply with policies, regulations, and laws Failure to comply with policies, regulations, and laws Limited training and education for employees and contractors Limited training and education for employees and contractors Increased risks, threats, and vulnerabilities Increased risks, threats, and vulnerabilities

5 www.infosecurity.ca.gov CA State Information Security Office 5 2006 Accomplishments Re-engineered our internal processes Re-engineered our internal processes Updated incident notification and reporting requirements Updated incident notification and reporting requirements Provided educating and training to state agency staff to improve their security/privacy programs Provided educating and training to state agency staff to improve their security/privacy programs Issued monthly newsletters Issued monthly newsletters Developed risk management best practices tool Developed risk management best practices tool Unveiled our new Web site at www.infosecurity.ca.gov Unveiled our new Web site at www.infosecurity.ca.gov www.infosecurity.ca.gov

6 CA State Information Security Office 6 Major Initiatives for 2007 Ensuring that the legislative language is established in Government Code (11019.11) Ensuring that the legislative language is established in Government Code (11019.11) Updating and revising existing policies Updating and revising existing policies Continuing education and training awareness for information security and privacy Continuing education and training awareness for information security and privacy Developing more tools for risk self-assessment Developing more tools for risk self-assessment Developing ISO roles and responsibilities guidelines Developing ISO roles and responsibilities guidelines Developing Internet usage policy and guidelines Developing Internet usage policy and guidelines Coordinating efforts to align operational recovery and business continuity plans Coordinating efforts to align operational recovery and business continuity plans Developing a repository for templates, sample language, and tools Developing a repository for templates, sample language, and tools Establishing October as National Cyber Security month with a special executive management event Establishing October as National Cyber Security month with a special executive management event

7 www.infosecurity.ca.gov CA State Information Security Office 7 Long-Range Initiatives Developing a strategy for establishing policies, standards, and guidelines Developing a strategy for establishing policies, standards, and guidelines Elevating departmental ISO role Elevating departmental ISO role Enhancing project documents (FSRs, SPRs, PIERs)Enhancing project documents (FSRs, SPRs, PIERs) Ensuring IT classifications include security componentsEnsuring IT classifications include security components Developing an ongoing training curriculum for ISOsDeveloping an ongoing training curriculum for ISOs

8 www.infosecurity.ca.gov CA State Information Security Office 8 Direction of the State’s Security Program Policy Policy Developing, issuing, and maintaining statewide policy, standards, and guidelinesDeveloping, issuing, and maintaining statewide policy, standards, and guidelines Assistance/Advisory Assistance/Advisory Providing assistance and adviceProviding assistance and advice Providing training and educationProviding training and education Providing tools, templates, and samplesProviding tools, templates, and samples Compliance Compliance Ensuring statewide compliance through monitoring, reviews, and auditsEnsuring statewide compliance through monitoring, reviews, and audits

9 www.infosecurity.ca.gov CA State Information Security Office 9 Privacy Component Work with Office of Privacy Protection to implement: Establish state agency privacy programEstablish state agency privacy program Guidance on privacy policy statementsGuidance on privacy policy statements IPA rules of conductIPA rules of conduct Privacy officer roles and responsibilitiesPrivacy officer roles and responsibilities Privacy awareness program elementsPrivacy awareness program elements Privacy contents for internal auditors’ checklist and trainingPrivacy contents for internal auditors’ checklist and training

10 www.infosecurity.ca.gov CA State Information Security Office 10 Statewide Outreach Efforts Establishing our Office as the centralized point for dispersing information about threats, vulnerabilities, and important issues Establishing our Office as the centralized point for dispersing information about threats, vulnerabilities, and important issues Establishing ongoing trusting relationships with our partners Establishing ongoing trusting relationships with our partners Conducting meetings, presentations, special events Conducting meetings, presentations, special events Being accessible via phone, e-mail, and in person Being accessible via phone, e-mail, and in person

11 www.infosecurity.ca.gov CA State Information Security Office 11 External Outreach Efforts Sharing with federal and local governments, universities and colleges, and other communities of interest Sharing with federal and local governments, universities and colleges, and other communities of interest Acting as California’s contact for the Multi- State Information Sharing and Analysis Center (MS-ISAC) Acting as California’s contact for the Multi- State Information Sharing and Analysis Center (MS-ISAC) Establishing a “Partners in Learning” at GTC 2007 West Establishing a “Partners in Learning” at GTC 2007 West Participating in presentations, discussions, committees, boards, and other activities Participating in presentations, discussions, committees, boards, and other activities

12 www.infosecurity.ca.gov CA State Information Security Office 12 Contact Us colleen.pedroza@dof.ca.gov colleen.pedroza@dof.ca.gov colleen.pedroza@dof.ca.gov rosa.umbach@dof.ca.gov rosa.umbach@dof.ca.gov rosa.umbach@dof.ca.gov Phone - (916) 445-5239 Phone - (916) 445-5239 General e-mail - security@dof.ca.gov General e-mail - security@dof.ca.govsecurity@dof.ca.gov Web site - www.infosecurity.ca.gov Web site - www.infosecurity.ca.govwww.infosecurity.ca.gov

Download ppt "The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State."

Similar presentations

Ways to Improve the Hazard Management Process

Ways to Improve the Hazard Management Process
1 NORTH CAROLINA COUNCIL OF INTERNAL AUDITING October 31, 2007.

1 NORTH CAROLINA COUNCIL OF INTERNAL AUDITING October 31, 2007.
Information Technology Awareness Wayne Donald IT Security Officer.

Information Technology Awareness Wayne Donald IT Security Officer.
January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.

January 10, 2008www.infosecurity.ca.gov/1 Role, Responsibility and Authority of New Office Presented by Colleen Pedroza, State Chief Information Security.
Conservation District Supervisor Accreditation Module 6: Responsibilities and Duties of A Supervisor.

Conservation District Supervisor Accreditation Module 6: Responsibilities and Duties of A Supervisor.
1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.

1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.

Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.
Internal Audit Awareness

Internal Audit Awareness
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Community Services Block Grant (CSBG) Program Federal Monitoring Update James Gray Program Specialist.

Community Services Block Grant (CSBG) Program Federal Monitoring Update James Gray Program Specialist.
Security Controls – What Works

Security Controls – What Works
1 July 08, 2010 Information Security Officer Meeting.

1 July 08, 2010 Information Security Officer Meeting.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Supplier Ethics: Program Checklist

Supplier Ethics: Program Checklist
Environmental Management Services

Environmental Management Services
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing

Similar presentations

Ads by Google