1 / 21

Information Security Officer Meeting

Information Security Officer Meeting. July 9, 2009. Katrina Yang. Reaching Us… No change to mailing address No change to phone numbers Change to email addresses security@ state .ca.gov mark.weatherford@ state .ca.gov rosa.umbach@ state .ca.gov michele.robinson@ state .ca.gov

kaleigh-logan
Download Presentation

Information Security Officer Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Officer Meeting July 9, 2009

  2. Katrina Yang Reaching Us… • No change to mailing address • No change to phone numbers • Change to email addresses • security@state.ca.gov • mark.weatherford@state.ca.gov • rosa.umbach@state.ca.gov • michele.robinson@state.ca.gov • katrina.yang@state.ca.gov • Office closures due to mandated furloughs

  3. Mark Weatherford OCIO/OIS Organizational Update • GRP Transition • OIS Vacancies and recruitment efforts • Impact on OIS’ ability to meet prior service level expectations • Also on the move…

  4. Rosa Umbach ITPL 09-02, Security Segment • Security Survey

  5. Michele Robinson Incident Management FSR Project Update • Grant funded feasibility study • Stakeholder (owner and user) interviews were conducted • Information security regulations, policies, standards, and guidelines were researched • Market research was performed

  6. Michele Robinson • Problem and needs were validated • Alternatives were identified • Based on overall cost/benefit a proposed alternative was selected • FSR is close to completion (August 2009)

  7. Michele Robinson Alternatives • Leverage Existing Remedy Service Desk Software • Acquire a Custom-off-the-Shelf (COTS) Solution • Partner with CalEMA RIMS (Response Information Mgmt System) Replacement Project

  8. Michele Robinson Benefits of Partnership with CalEMA • Establishes a unified and coordinated approach between COIS, CHP, and CalEMA • Consolidation of separate existing (and conceptual) systems into a single system • Scalable and can be extended to local governments • Greater security of data • Implementation is expedited by leveraging an approved FSR • Less costly

  9. Michele Robinson Benefits of Partnership with CalEMA Alignment with: • National strategy “The government, working with key stakeholders, should design an effective mechanism to achieve a true common operating picture that integrates information from the government and private sector and serves as the basis for informed and prioritized vulnerability mitigation efforts and incident response decisions.” – Cyberspace Policy Review http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf • Key objectives derived from: • Cyberspace Policy Review • National Strategy to Secure Cyberspace • National Strategy for the Physical Protection of CI/KR

  10. Michele Robinson Benefits of Partnership with CalEMA Alignment with: • State IT Strategic Plan: • “Information technology support for the Executive Branch of California State Government will operate as a seamless enterprise, delivering consistent, cost-effective, reliable, accessible and secure services that satisfy the needs of its diverse public and private customers, including the People of California, its business communities and its public sector agencies.”- California State Information Technology 2006 Strategic Plan, pg 5 • State IT Capital Plan: • “Facilitate improvements in internal business processes and financial management through IT investments and enhance and promote enterprise data sharing through IT investments.“ – 2009 ITCP Overview http://www.itsp.ca.gov/Capital_Plan/

  11. Michele Robinson Telework Policy and Security Standards Update • DGS Telework Policy • DGS Telework Advisory Group (TAG) • OIS Telework Security Standards • DPA will facilitate meet and confer with labor

  12. Michele Robinson Twitter Vulnerabilities • Month long campaign/project entitled the “Month of Twitter Bugs” or “MoTB” • Began July 1, 2009 • Focus on ways to utilize the Twitter website and third-party Twitter applications to distribute malicious code.  • Malicious code may be used to exploit other third-party programs with a similar codebase as Twitter • May result in automated programs being written to take advantage these known vulnerabilities.

  13. Michele Robinson Twitter Vulnerabilities • Month of Twitter Bugs:http://twitpwn.com/ • Aviv Rafi (Creator of "Month of Twitter Bugs" blog): http://aviv.raffon.net/2009/06/15/MonthOfTwitterBugs.aspx

  14. Michele Robinson Recommendations: • Have a policy on the appropriate use of social networking sites • Ensure users are trained on the appropriate use of social networking sites, including: • Enabling the privacy features and disabling of "Auto-Feeds" that are not approved by your organization. • Not visiting un-trusted websites or follow links provided by unknown or un-trusted sources. • Understanding the threats posed by hypertext links, especially from un-trusted sources. • Following your organization's policies for incident reporting.

  15. Michele Robinson Recommendations: • Ensure that all anti-virus software is up-to-date with the latest signatures. • Ensure that the most recent vendor patches are applied on all desktops, laptops, mobile devices and servers as soon as possible. • Deploy network intrusion detection systems to monitor network traffic for malicious activity.

  16. Michele Robinson State Direction on Departmental Use of Social Networking Media • Agency use versus all employee use • Argument for advantages of employee access • Security must help business to achievethe objectives of the directive

  17. Mark Weatherford Strategic Plan and Policy Refresh Project Update

  18. Mark Weatherford ITPL 09-05 Agency Information Officer and Department Chief Information Officer Responsibilities

  19. Mark Weatherford ITPL 09-05 Questions Q: Does this mean that all ISOs in an IT classification must report to CIO? A: Yes, that is the intent. Q: What does this mean to ISO’s in non-IT classifications? A: This is currently under consideration.

  20. Mark Weatherford What are the ISO Concerns? In Addition to Known ITPL 09-05 Concerns • Reporting to the CIO is a conflict of interest. • Security and risk issues will not get raised to my agency head as needed and expected.

  21. Mark Weatherford Closing • Please complete the feedback survey. • Thank you for your attendance and participation.

More Related