190 likes | 297 Views
April 12, 2010. Information Security Officer Meeting. Welcome. Meeting Agenda. Chris Cruz E-Mail Directory and Collaboration Services. OCIO Technical Architecture Baseline (T.A.B.). Collect detailed inventory data for 93% of the state- owned hardware and software
E N D
April 12, 2010 Information Security Officer Meeting
Chris Cruz E-Mail Directory and Collaboration Services
OCIO Technical Architecture Baseline (T.A.B.) • Collect detailed inventory data for 93% of the state- owned hardware and software • Two methods of collection: onsite or remote collection • Scans will not touch customer data • Phase I is a discovery only scan (ICMP Ping) • Phase II is a more detailed scan requiring access credentials (WMI, SSH, SNMP) • Access to the department’s detailed inventory data will be provided • For more information, you may contact P.J. Bajwa with the OCIO
Agency and Department Compliance Reporting Status
U.S. Department of Homeland Security (DHS) Federal Grants Awarded and Proposed
DHS Federal Grants Awarded • Statewide Information Security Awareness Training • Incident Reporting Automation Effort • Enterprise Risk Management Program • Secure DNS
Coming in August 2010Basic Information Security Awareness Training • Will be available for a nominal fee to any state agency and local county and city government entities, for the widest spectrum of technical environments. • Satisfies the annual security and privacy training requirement for employees and contractors; it is appropriate for the audience, and is user friendly.
Enterprise Risk Management Program • FSR Development • Proposed Solution
Risk Management Grant • Cyber Security Risk Assessment • Business Problem: • There is no standardized process for implementation or review of risk management or assessment programs within departments or agencies • Solution: • Develop and implement a standardized risk assessment framework with the instructions, tools, methods and roll out.
Secure ca.gov Domain Name System – Grant E • Thirty three (33) month project to begin ASAP • … align the State of California with the Federal .gov domain security objectives and provide a trail of authentication and data integrity throughout the city/agency .ca.gov domain zones for trustworthy and reliable e-government communications and operations. • All entities that have been issued a “ca.gov” TLD will play a role in this project. A request will be sent to each CIO to identify their DNS administrator.
DHS Federal Grant Proposals • California Computer Incident Response Team • CA-CIRT • California information Sharing and Assurance Center • CA-ISAC
Social Media ITPL and Standard State Information Management Manual Section 85 A. • Conduct a formal risk assessment • Formally document management’s acceptance, mitigation, and handling of the risks involved • Disable Internet access to Social Media websites … until authorized by agency management … • Users shall connect to, and exchange information with, only those Social Media websites that have been authorized by agency management …
Tele-work Media ITPL and Standard
Tele-work Media ITPL and Standard
Cyber Exercises State and Federal • CIAS Tabletop Exercise 2, Sacramento Community; April 15, 2010 • CIAS Tabletop Exercise 2, Palo Alto Community; May 5, 2010 • CIAS State Cyber Exercise; August 12, 2010 • GH Cyber Cabinet Level Executive Tabletop Exercise; September 15, 2010 • Cyberstorm III (International DHS/FEMA sponsored); September 2010