Chief Information Security and Privacy Officer King County, Washington

Slides:



Advertisements
Similar presentations
Ministry of Interior of Montenegro,,The Fight against corruption and organized crime in Montenegro Ministry of Interior of Montenegro,,The Fight against.
Advertisements

Back to the Drawing Board Summary of the work of the Human Services Redesign Committee from May 2012 forward.
Doug Couto Information Systems and Technology Committee (ABJ50) Washington, DC January 25, 2011.
Statewide Children’s Wraparound Initiative COSA Conference Presenters: Erinn Kelley-Siel Mary Lou Johnson Larry Sullivan.
Ad Hoc Committee Meeting June 17, Meeting Topics State WIB Examples Brookings Update WIA Reauthorization.
International Country Cooperation and Coordination in Implementing the Palermo Protocol Ruby Marks Chief Director: Gender Department of International Relations.
High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.
GRC©bridgegroupllc. The Challenge PoliticalAdministrative.
David A. Brown Chief Information Security Officer State of Ohio
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
SEM Planning Model.
© Prentice Hall CHAPTER 1 Managing IT in an E-World.
OHIO OFFICE OF INFORMATION TECHNOLOGY. Even the agents are suffering…
Roles and Responsibilities Local Agencies and Responders.
CSU Chico Web Site A Unified approach to Governance, Management, and Accessibility.
Alabama GIS Executive Council November 17, Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
ZHRC/HTI Financial Management Training
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Peer Information Security Policies: A Sampling Summer 2015.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Top Level Structure of WaTech OCIO Operations Security & Privacy.
1 1 BRANCH: CORPORATE AFFAIRS 1. CORPORATE MANAGEMENT SERVICES To provide financial and strategic support services that enhance service delivery by the.
IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.
Roles and Responsibilities
BEFORE TRAILS AFTER TRAILS 75 total miles 50 connected miles 250 mile vision.
Selection of the Cabinet Cabinet 15 secretaries Advise the president Administrators of large bureaucracies Vice President Other top officials.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
Northern Michigan Cross Jurisdictional Sharing Team National Association of Local Boards of Health Salt Lake City, Utah August 14, 2013 Shelley Pinkleman,
Briefing on Progress made with regard to Prevention and Management of Child Abuse and Neglect Especially Child Sexual Abuse Presentation at the Portfolio.
Organization, Roles and Responsibilities of the National CIO Office Karen S. Evans Administrator, Office of E-Government and Information Technology United.
Electronic Records Management: A New Understanding of Policy, Compliance, and Discovery Robert J. Sobie, Ph.D. Director Information Systems Department.
Organizational Structure Organizational Structure House of Delegates is comprised of 116 delegates Currently, there are 58 Chapters (one at each.
WHO EURO In Country Coordination and Strengthening National Interagency Coordinating Committees.
NEACS: CRO Perspective William Feher Vice President, Internal Audit and Chief Risk Officer October 27, 2015.
Pre-Decisional Involvement
Information Security IBK3IBV01 College 3 Paul J. Cornelisse.
Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
1 Federal Emergency Management Agency Charlie Hoffman Disaster Operations Directorate Chief, DEC Programs Disaster Emergency Communications National Public.
CHB Conference 2007 Planning for and Promoting Healthy Communities Roles and Responsibilities of Community Health Boards Presented by Carla Anglehart Director,
Building a Public Health Informatics Division. OSDH Public Health Informatics Division Identify the needs Develop the proposal Establish division Reality.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
LEARNING ROUTE   Development and Modernization of Rural Micro-Financial Institutions in Cambodia and Vietnam 19 to 23 June, Cambodia.
Higher Education Information Security Council
CT’s DCF-Head Start Partnership Working Together to Serve Vulnerable Families & Support the Development of At-Risk Children Presenters: Rudy Brooks Former.
Updating the Value Proposition:
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Understanding the Policy-Making Bodies of the Texas Judicial Branch
THE SELECT COMMITTEE ON LOCAL GOVERNMENT AND ADMINISTRATION
IT Governance at the SCO
Responding to Times of Challenge ATMCH Meeting March 5, 2006 Jeffrey G
Securing Critical Assets: Arizona’s Security & Privacy Initiatives
PRESENTATION OF MONTENEGRO
Responsibilities & Tasks Week 2
Clinical Engineering Lecture (3).
Senior Management Leadership Programme Review and next steps
Loddon Campaspe Integrated Transport Strategy
Texas A&M IT Who we are in brief…
I’m a Workforce Board Member. Now, What Do I Do?
Electro Federation of Canada
By Jeff Burklo, Director
Loddon Campaspe Integrated Transport Strategy
About The Federal Data Architecture Subcommittee (DAS) 2008
Cyber Security professions Overview
MCA-MALI FOSTERS GOOD GOVERNANCE & TRANSPARENCY
Biosurveillance and the National Health IT Agenda
Roadmap for Health in All Policies in Sudan
Security Policies and Implementation Issues
Presentation transcript:

Chief Information Security and Privacy Officer King County, Washington Developing and Implementing Best-Practice Solutions for Security and Privacy Issues Across County Agencies Ralph Johnson Chief Information Security and Privacy Officer King County, Washington

Ralph Johnson, CISSP, HISP, CISM, CIPP/US Chief Information Security and Privacy Officer – King County Washington Past, Governance Board President, Holistic Information Security Practitioner Institute (HISPI) Member, MS-ISAC Executive Committee Co-Chair, MS-ISAC Education and Awareness Committee Member, MS-ISAC Trusted Purchasing Alliance Product Review Board Former, Adjunct Instructor – ITT Technical Institute, Seattle

October Halloweeen

King County, Washington Population: 2,044,000 13th Most Populous County in the United States Employees: 13,000 428 IT Staff (Executive Branch) 2 Information Assurance Staff

Critical Success Factors for Information Security Business Continuity Management Incident Management Management Support Risk Management Metrics Security Policy Framework Training An effective information security awareness training and education program informing all employees and relevant parties of their information security obligations set forth in the information security policies and standards and motivating them to act accordingly. Security policy, objectives and activities that aligned with business objectives. An approach and framework for designing, implementing, monitoring, maintaining and improving security consistent with the organizations culture. An understanding of information asset protection requirements achieved through an application of information security risk management. Visible support and commitment from all levels of management, especially top management. An effective information security incident management process A measurement system used to evaluate performance in information security management and feedback suggestions for improvement. An effective business continuity management approach.

Challenges to Success of Information Security in Government Legacy organizational structures Separation of powers Changes in elected officials Public Disclosure/Freedom of Information (FOIA) Information Security is more than just information stored in electronic format. Established policies and procedures for paper records IT focusses on information in electronic format Information Security reports to IT Fragmented across departments/agencies

Why Should We Even Meet The Challenges? Information is currency. We have a duty of care to protect the information in the hands of governments. Our residents expect us to protect information. There are no neighborhoods, time zones or borders in cyberspace. No single entity is solely responsible for securing the Internet. If we are to maximize the convenience, speed, and future potential of a digital society, we must protect the resource that makes it possible.

Meeting the Challenges IT Organizational Structure Governance Collaboration and Communication

Organizational Structure Electorate of King County County Assessor County Council Elections County Executive Prosecuting Attorney District Court Superior Court County Sheriff 10 IT Staff 2 IT Staff 3 IT Staff 5 IT Staff 3 IT Staff 6 IT Staff 12 IT Staff 9 Council Members 25 Judges 53 Judges Office of Economic and Financial Analysis Clerk of the Court Public Defense Information Technology Community and Human Services Permitting and Environmental Review Executive Services Natural Resources and Parks Public Health Transportation Adult and Juvenile Detention Judicial Administration 428 IT Staff 4 IT Staff Office of the CIO Information Assurance

Department of Information Technology (KCIT) Our Service Model Chief Information Officer/ Department Director Operations Enterprise Business Services Deputy Chief Information Officer Finance Information Assurance Production Operations PMO Service SDM - Public Defense SDM - Executive Services Human Resources IT Governance Customer Solutions Service Business Solutions Service SDM - Community and Human Services SDM - Natural Resources and Parks Communications Strategic Planning Regional Services E-Government Service SDM - Permitting and Environmental Review SDM - Public Health KCIT Internal Services Network Services Business Analysis Service SDM - Transportation SDM - Adult and Juvenile Detention Engineering and Architecture Service

King County IT Governance Strategic Advisory Council Business Management Council Technology Management Board Project Review Board

Strategic Advisory Council Acts in an advisory capacity to the King County Executive in developing long-term strategic objectives and planning and implementing for information technology deployment countywide. Chair: King County Executive Membership: King County Executive 2 representatives of the King County Council King County Sheriff King County Prosecuting Attorney King County Assessor King County Elections Director King County Chief Information Officer Presiding judge of King County Superior Court Presiding judge of King County District Courts 3 – 5 External advisors from the private and public sectors

Business Management Council Acts in an advisory capacity to the county’s Chief Information Officer in carrying out duties related to: Developing short-term, mid-term and strategic objectives for information technology countywide Recommending information technology proposals for funding Developing standards, policies and guidelines for implementation. Chair: Chief Information Officer Membership: King County CIO and agency deputy directors or business managers designated by each agency’s director

Technology Management Board Acts in an advisory capacity to the county's Chief Information Officer on technical issues including: Policies and standards for information security, applications, infrastructure and data management. Chair: Chief Information Officer Membership: King County CIO and agency information technology directors or managers designated by each agency's director and familiar with that agency's technology needs and operations.

Project Review Board Acts in an advisory capacity to the county’s Chief Information Officer in implementing the project management guidelines developed by the central information technology project management office. Chair: Chief Information Officer Membership: King County CIO, the Deputy County Executive, the Director of the Office of Performance, Strategy and Budget, and the Director of the Department of Executive Services.

IT Security Leads (TMB Security Sub-Team) Independently Elected Production Operation Service District Court County Assessor KCIT Services Network Services Information Assurance (Chief Information Security and Privacy Officer) Superior Court County Council Customer Support Service Engineering and Architecture Service County Sheriff Elections PMO Service E-Government Service Finance Human Resources Business Solutions Services Strategic Planning IT Governance Judicial Administration Prosecuting Attorney Business Analysis Service Communications

KCIT Inter-Agency Collaboration District Court County Assessor OCIO Management Team Members Public Defense Executive Services County Executive KCIT Liaisons Superior Court County Council Community and Human Services Natural Resources and Parks Information Technology County Sheriff Elections Permitting and Environmental Review Public Health Deputy Chief Information Officer Service Delivery Managers Judicial Administration Prosecuting Attorney Transportation Adult and Juvenile Detention

Project Steering Committees The key body within the governance structure which is responsible for the business issues associated with the project that are essential to the ensuring the delivery of the project outputs and the attainment of project outcomes.

Sometimes we need to jump back Incident Response Major Incident Response Process Security Incident Response Process Incident Analysis Containment and Eradication Recovery Post Incident Activities Preparation Identification (Declare an Incident) Containment and Eradication Recovery (Back in Production_ Lessons Learned Sometimes we need to jump back

Change Moratorium Emergency Changes Routine Changes Minor Changes Change Management Change Advisory Board Meets Weekly Coordinated by Production Operations Service Owner Chaired by volunteers Chair rotates every 6 months Change Moratorium Emergency Changes Routine Changes Minor Changes Major Changes

KCIT Countywide Services Endpoint Security Vulnerability Management Datacenter E-Mail Mobile Device Management Network Infrastructure Server Virtualization Cloud (Amazon Web Services) SharePoint/Office 365

Information Security is an Organization Wide Issue Who is ultimately Responsible for Information Security? Everyone

Contact Information Ralph Johnson Chief Information Security and Privacy Officer King County, Washington ralph.johnson@kingcounty.gov 206-263-7891 Multi-State Information Sharing and Analysis Center Center for Internet Security andrew.dolan@cisecurity.org (518) 880-0699

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.