1 / 21

Local Governments Cyber Security & Continuity Plans: A Practical Approach

Learn from Stan France & Mary Ball's experiences helping local governments develop cyber security & continuity plans. Understand the grant process, project outline, and recommendations for addressing rural county challenges.

askelton
Download Presentation

Local Governments Cyber Security & Continuity Plans: A Practical Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Experiences in Helping Local Governments Develop Cyber Security and Continuity Plans and Procedures Stan France & Mary Ball stan@co.schoharie.ny.us Keeping you Running Part I

  2. Outline • Background • Grant • Process • Experiences • Recommendations

  3. Background • Rural county of 32,000 population • Board of Supervisors • 16 towns • 6 villages • County Data Processing department provides services without charge to towns and villages

  4. Local Reasons for Addressing • Corrupted machines • Lost information • Lost work time • Effort required by County to support and remedy • Physical threat experience • Courthouse fuel oil spill • Planning for potential dam break

  5. Broader Reasons for Addressing • CSCIC coordination • Local Government Cyber Security Committee • Non-Technical Guide • Additional resources • Alert distribution • Problem reporting • Overall records retention • Incorporating into County emergency planning • Model for replication

  6. The Grant • State Archives Local Government Records Improvement Fund $50k • Provided for • Consultants to evaluate cyber security protection strategies • Acquisition and installation of protection software • Development of model policies and procedures • Consultant to work with municipal staff • Creation of an internet based back-up application

  7. Establish Initial Contact • Five minute presentation to municipal board • Get motion to participate • Leave folder with Guide, model policies, data gathering forms • Identify an initial contact person

  8. Initial Work with Municipal Offices • Review purpose • Identify continuity functions • Identify workflows and resources needed • Forms • Paper documents • Hardware • Software • Skills

  9. Follow Up Work with Municipal Offices • Consolidate needs and develop plans • Provide training in use of Internet backup • Review model policies and establish local versions to recommend to municipal board • Install protective software and train on use

  10. Project Consolidation Process • Calculate number of backup machines, printers, faxes, desks, phones, etc. needed • Identify coordinated alternate sites • Track machine protection reports • Integrate with County emergency plans

  11. Project Experiences • Project Handout Development • Board Meetings • Initial Staff Meetings • Plan Development • Follow up • Software installation • Backup site • Training

  12. Project Handouts • Power point (5 pages on project details) • Local Government Cyber Security: Getting Started Guide • Model policies, plans, and procedures • Business Continuity Policy • Business Continuity Plan and Procedures • Cyber Security Policy • Acceptable Use Policy (Internet Use)

  13. Board Meetings • Presentation to the Board of Supervisors • 22 Towns and Villages • 6 to 9 members on each board • Project handout given to each board member • Presentation took about 5 minutes • Question and answer period • Motion to Participate

  14. Commonly Asked Questions from the Board • Cost or future cost to the municipality • Internet connections (dial up issues) • Backup site • Server location • Security of stored information • Software protection

  15. Initial Meeting with StaffPlan Development • Reviewed workflow • Categorized work functions • Significant, Essential, and Non-essential • Identified office requirements • Hardware, software, equipment, forms, etc. • Documented purchasing and replacement information • Reviewed current backup methods • Discussed files and documents for back-up site • Establish temporary work location(s)

  16. Discovery Process Follow Up • Continuity Issues • Backup usually stored on premises • Physical storage desperately needed • Make more forms available on-line to public • Dial up issues for rural areas • Discussed improvements • Continuity and cyber security • Other County programs used by municipalities

  17. Protective Software • MacAfee software • Easy on-line installation • Scan computers for possible threats or virus • In-house monitoring • AVG on Windows 98

  18. Backup Site • On-line Access • User name and password log-in • Ability to “Add” • Not a working folder • Stored for emergency restoration • Zip program • User friendly, easy to use

  19. Training • Cyber security • Recognizing threats and reporting • Protective software • Backup site • Access the site • Zip files and send to server • Develop backup schedule

  20. Recommendations • It’s not rocket science • Develop the support base before going for formal approval • Know what information to gather before starting gathering • Come to Part II this afternoon

More Related