Enterprise Cybersecurity Initiative Department of Information Technology Vince Martinez, State CIO, Executive Sponsor Lorenzo Ornelas, Managing Director.

Slides:

Advertisements

Similar presentations

1 The IT Service Management Performance Challenge IT Service Management in the Federal Sector – A Case Study.

Advertisements

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,

1 1 State of Oregon Identity and Access Management John Radford, State Controller Department of Administrative Services State Controllers Division.

Program design overview Pre-contract to post-program year Office on Volunteerism and Community Service.

1 General Services Department State Purchasing Division ePROCUREMENT PHASE II Project Certification – Initiation/Planning Phase October 28, 2009.

Data Warehouse External Data Loads Initiation Certification April 22, 2009 Project Certification Committee April 22,

1 New Mexico E-911 Network Project New Mexico E-911 Program.

Data Warehouse External Data Loads Implementation Certification May 27, 2009 Project Certification Committee May 27,

Department of Information Technology Trusted Network Initiation Certification Request Dave Dikitolia, Andrew Griego

YES New Mexico Enterprise Eligibility System

TECH Project Company X Documentation Plan Champion/Define Phase

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Delivery Business Solutions April 29, Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.

Adjusting EPLC to your Project Colleen Robinson & Teresa Kinley Friday, February 6, 2009.

Module 2.1 Finance and Administration Cabinet Organizational Changes and Agency Impact March

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

1 Community-Based Care Readiness Assessment and Peer Review Team Procedures Overview Guide Department of Children and Families And Florida Mental Health.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

FAPPO Meeting Ft. Lauderdale April 20, 2004 State Purchasing.

Use of Oregon Statewide Electronic Records Management Systems (ERMS) Price & Services Agreements (PSA) DAS SPO Representative Lena Ferris DAS EISPD Representatives.

National Cohesive Wildland Fire Management Strategy Background and Progress Update – March 2012 Dan Smith, Fire Director, National Association of State.

DHS/ODP OVERVIEW The Department of Homeland Security (DHS), Office for Domestic Preparedness (ODP) implements programs designed to enhance the preparedness.

July 27, Brain Works Consulting, LLC 1.

Data Management Program Introduction

Thomas A. Baden Jr. | Commissioner and State Chief Information Officer

Information Security Review Panel Report

PMI Chapter, IT Governance, Portfolio and Project Management in State Government Chris Cruz, Chief Information Officer, California Department of Food and.

National Emergency Communications Plan Goal 2

Background. The landscape. DTS Consolidation. 2 State Data Centers

9/16/2018 The ACT Government’s commitment to Performance and Accountability – the role of Evaluation Presentation to the Canberra Evaluation Forum Thursday,

STATE OF NEW MEXICO STATE PERSONNEL OFFICE (SPO)

New Mexico Business Portal Closeout Department of Information Technology Estevan Lujan, Acting Cabinet Secretary September 26, 2018.

Digital Government Initiative Initiation Department of Information Technology Estevan Lujan, Acting Cabinet Secretary Susan Pentecost, Managing Director,

Royalty Accounting and Revenue Processing System (RAPS) Certification

Parent Resources Public education department

Department of Information Technology VINE3 UPGRADE Project Planning Request David Dikitolia, Sr. Project Manager Bernadette Garcia, IT Business Analyst/Public.

General Services Department

New Mexico Law Enforcement telecommunications System (NMLETS) Upgrade

ONGARD Modernization Closeout Certification Presentation for PCC Energy, Minerals and Natural Resources Department State Land Office Taxation and Revenue.

P25 Digital Statewide Public Safety Radio System Initiation Department of Information Technology Estevan Lujan, Acting Cabinet Secretary Michael Rohrbacher,

ISD2 Replacement Project (ISD2R)

New Mexico Environment Department The E-Enterprise Integrated Identity Solution Project– Closeout Presented to the NM DoIT Project Certification Committee.

Special Education Maintenance of Effort

Enterprise Cybersecurity Upgrade Initiation Department of Information Technology Maria Sanchez, Acting State CIO November 13, 2018.

Continuity Guidance Circular Webinar

Website Content Management System (CMS)

Compliance Toolbox.

Purchasing & IT Security Originally Presented at Fall ACCBO

Digitization and Modernization Project

Cybersecurity ATD technical

Project Certification Committee August 28,2013 Presenters:

ONGARD Modernization Project Certification: Planning: Change Request September 17th, 2014 Tim Elsbrock, Project Manager Tony Hoffman, Director of.

Presentation to Project Certification Committee, DoIT August 24, 2008

September 27, 2017 Initiation Request

Expected Impact and Results

Strategic Planning in Dynamic Times

NMDWS Internship Portal

SHARE Special Project Enterprise Learning Management Pilot Project Planning/Implementation Certification December 17, 2014 Requesting Agency: Cassandra.

SHARE Special Project SHARE Benefits Optimization

Voice Upgrade Project Initiation Certification Request

Request for Change and Release of Funds

Nibrs Transition Presenters: Regina Chacon, Business Owner,

Human Services Department MMIS Replacement Project

NM Department of Homeland Security and Emergency Management

July 22, 2015 Sally Trigg, DoIT, Project Manager

Office of the New Mexico Secretary of State Business Filing System – Project Closeout Presented to the DoIT Project Certification Committee November.

Planning Certification – Change Request April 26, 2017

Office of the New Mexico Secretary of State Business Filing System – Phase 2 Change Request Presented to the DoIT Project Certification Committee June.

Presentation transcript:

Enterprise Cybersecurity Initiative Department of Information Technology Vince Martinez, State CIO, Executive Sponsor Lorenzo Ornelas, Managing Director Enterprise Services/Communications (Acting), Business Owner April 23, 2019

Project Overview Agency Mission Business Need Project Purpose DoIT provides IT leadership for the State, performs oversight for IT projects and procurements, and delivers enterprise IT services to the State’s executive agencies Business Need While cybersecurity must underlie everything that IT does in the state, dedicated resources, time and money are hard to come by. Cybersecurity threats are more costly, more frequent, more complex, and have greater potential to deliver damage than ever before. Cybersecurity incidents currently are identified and remediated on a case-by- case basis, but need to be addressed on a statewide basis Project Purpose Strengthen the state’s cybersecurity posture and support the effort to operationalize security policies, procedures, and activities across the State’s enterprise.

Project Objectives Objectives Complete a statewide vulnerability assessment as a baseline upon which to define near term security mitigation strategies Create a robust CISO office by leveraging multiple vendor contracts; Create an enterprise library of security policies; Mature the state’s incident response abilities in partnership with vendors and state agencies; and, Utilize enterprise solutions across the state, with strong executive support for all-agency participation.

PRODUCTS and DELIVERABLES Approach PHASE WORK TO BE PERFORMED PRODUCTS and DELIVERABLES PHASE I Initiation and planning Charter Project Management Plan Vulnerability Assessment Contract Requirements CISO Plan PHASE II Planning for foundational cybersecurity framework for the enterprise Current State Assessment Stakeholder/Partner Approach Define Governance Structure Outline Policy Library PHASE III Implementation for initial enterprise concept of operations; policy library; operationalize governance structure and partnership plan Enterprise Cybersecurity Governance Policies and Procedures Library Security Operations Center Threat/Monitoring Tools PHASE IV Standardization and stabilization Fully operationalized cybersecurity enterprise framework

Approach (cont’d) Initial focus on current statewide vulnerability assessment and planning to build robust enterprise framework, including external communities (Higher Education, other partners) Contractor support coupled with in-house involvement Project management State CISO search, supported by multi-vendor Virtual CISO (VCISO) while CISO is recruited Incident Response team Schedule to be developed during Initiation phase

Funding and Certification Requested $3 million for project; $1 million appropriated Requesting Certification Change to release $619,228.93 In support of immediate statewide vulnerability assessment Project management support (initiation phase) Develop schedule and initiation documents FUNDING FISCAL YEAR FUNDING SOURCE AMOUNT 2018 Laws of 2018, Chapter 73, Section 7 (11) $1,000,000 TOTAL

Enterprise Cybersecurity Initiative DoIT requests initiation certification for the Enterprise Cybersecurity Initiative