1 / 5

IT Security in the Commonwealth

IT Security in the Commonwealth. Sam A. Nixon Jr. Chief Information Officer of the Commonwealth Michael Watson Commonwealth Chief Information Security Officer Virginia Cyber Security Commission June 11, 2014. www.vita.virginia.gov. 1. VITA Is Statutorily Responsible for IT Security.

nolen
Download Presentation

IT Security in the Commonwealth

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IT Security in the Commonwealth Sam A. Nixon Jr. Chief Information Officer of the Commonwealth Michael Watson Commonwealth Chief Information Security Officer Virginia Cyber Security CommissionJune 11, 2014 www.vita.virginia.gov 1

  2. VITA Is Statutorily Responsible for IT Security • CIO responsible for security of government information (§ 2.2-2009 of the Code of Virginia) • Risk management, audits, security measures • Applies to all branches of state government • VITA performs overall incident response • Share intel & information (FBI, DHS, etc) • CIO & VITA have limited authority • Direct oversight limited to NG infrastructure • No direct authority over agency applications, agency infrastructure, & data

  3. VITA/NG Provision IT Infrastructure • VITA/NG protect security of IT infrastructure • 60k PCs, 3k servers, 1.5 petabytes data, 2k circuits • Firewalls, intrusion monitors, encryption, compartmentalization, antivirus, spam filters, security operations center, authentication • 95.5 million attack attempts in CY 2013 • 86 of 89 executive branch agencies protected by transformed environment • However, primary attack vector is against applications not the infrastructure • Agencies remain responsible for applications & data

  4. Cyber Security Challenges • State agency staffing constraints impede security gap correction & limit auditing • Only 33% of agencies meet minimum requirement to audit their sensitive systems every 3 years • VITA needs cyber intelligence program to analyze threats & attacks • Additional security efforts are required • SSL VPN, more frequent password resets, two-factor authentication, hard drive encryption • Agility needed to support evolving threats

  5. Questions? Samuel A. Nixon Jr. sam.nixon@vita.virginia.gov (804) 416-6004 Michael Watson michael.watson@vita.virginia.gov (804) 416-6030

More Related