Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chief Information Security and Privacy Officer King County, Washington

Published byDerick Rice Modified over 7 years ago

Similar presentations

Presentation on theme: "Chief Information Security and Privacy Officer King County, Washington"— Presentation transcript:

1 Chief Information Security and Privacy Officer King County, Washington
Developing and Implementing Best-Practice Solutions for Security and Privacy Issues Across County Agencies Ralph Johnson Chief Information Security and Privacy Officer King County, Washington

2 Ralph Johnson, CISSP, HISP, CISM, CIPP/US
Chief Information Security and Privacy Officer – King County Washington Past, Governance Board President, Holistic Information Security Practitioner Institute (HISPI) Member, MS-ISAC Executive Committee Co-Chair, MS-ISAC Education and Awareness Committee Member, MS-ISAC Trusted Purchasing Alliance Product Review Board Former, Adjunct Instructor – ITT Technical Institute, Seattle

3 October Halloweeen

4 King County, Washington
Population: 2,044,000 13th Most Populous County in the United States Employees: 13,000 428 IT Staff (Executive Branch) 2 Information Assurance Staff

5 Critical Success Factors for Information Security
Business Continuity Management Incident Management Management Support Risk Management Metrics Security Policy Framework Training An effective information security awareness training and education program informing all employees and relevant parties of their information security obligations set forth in the information security policies and standards and motivating them to act accordingly. Security policy, objectives and activities that aligned with business objectives. An approach and framework for designing, implementing, monitoring, maintaining and improving security consistent with the organizations culture. An understanding of information asset protection requirements achieved through an application of information security risk management. Visible support and commitment from all levels of management, especially top management. An effective information security incident management process A measurement system used to evaluate performance in information security management and feedback suggestions for improvement. An effective business continuity management approach.

6 Challenges to Success of Information Security in Government
Legacy organizational structures Separation of powers Changes in elected officials Public Disclosure/Freedom of Information (FOIA) Information Security is more than just information stored in electronic format. Established policies and procedures for paper records IT focusses on information in electronic format Information Security reports to IT Fragmented across departments/agencies

7 Why Should We Even Meet The Challenges?
Information is currency. We have a duty of care to protect the information in the hands of governments. Our residents expect us to protect information. There are no neighborhoods, time zones or borders in cyberspace. No single entity is solely responsible for securing the Internet. If we are to maximize the convenience, speed, and future potential of a digital society, we must protect the resource that makes it possible.

8 Meeting the Challenges
IT Organizational Structure Governance Collaboration and Communication

9 Organizational Structure
Electorate of King County County Assessor County Council Elections County Executive Prosecuting Attorney District Court Superior Court County Sheriff 10 IT Staff 2 IT Staff 3 IT Staff 5 IT Staff 3 IT Staff 6 IT Staff 12 IT Staff 9 Council Members 25 Judges 53 Judges Office of Economic and Financial Analysis Clerk of the Court Public Defense Information Technology Community and Human Services Permitting and Environmental Review Executive Services Natural Resources and Parks Public Health Transportation Adult and Juvenile Detention Judicial Administration 428 IT Staff 4 IT Staff Office of the CIO Information Assurance

10 Department of Information Technology (KCIT) Our Service Model
Chief Information Officer/ Department Director Operations Enterprise Business Services Deputy Chief Information Officer Finance Information Assurance Production Operations PMO Service SDM - Public Defense SDM - Executive Services Human Resources IT Governance Customer Solutions Service Business Solutions Service SDM - Community and Human Services SDM - Natural Resources and Parks Communications Strategic Planning Regional Services E-Government Service SDM - Permitting and Environmental Review SDM - Public Health KCIT Internal Services Network Services Business Analysis Service SDM - Transportation SDM - Adult and Juvenile Detention Engineering and Architecture Service

11 King County IT Governance
Strategic Advisory Council Business Management Council Technology Management Board Project Review Board

12 Strategic Advisory Council
Acts in an advisory capacity to the King County Executive in developing long-term strategic objectives and planning and implementing for information technology deployment countywide. Chair: King County Executive Membership: King County Executive 2 representatives of the King County Council King County Sheriff King County Prosecuting Attorney King County Assessor King County Elections Director King County Chief Information Officer Presiding judge of King County Superior Court Presiding judge of King County District Courts 3 – 5 External advisors from the private and public sectors

13 Business Management Council
Acts in an advisory capacity to the county’s Chief Information Officer in carrying out duties related to: Developing short-term, mid-term and strategic objectives for information technology countywide Recommending information technology proposals for funding Developing standards, policies and guidelines for implementation. Chair: Chief Information Officer Membership: King County CIO and agency deputy directors or business managers designated by each agency’s director

14 Technology Management Board
Acts in an advisory capacity to the county's Chief Information Officer on technical issues including: Policies and standards for information security, applications, infrastructure and data management. Chair: Chief Information Officer Membership: King County CIO and agency information technology directors or managers designated by each agency's director and familiar with that agency's technology needs and operations.

15 Project Review Board Acts in an advisory capacity to the county’s Chief Information Officer in implementing the project management guidelines developed by the central information technology project management office. Chair: Chief Information Officer Membership: King County CIO, the Deputy County Executive, the Director of the Office of Performance, Strategy and Budget, and the Director of the Department of Executive Services.

16 IT Security Leads (TMB Security Sub-Team)
Independently Elected Production Operation Service District Court County Assessor KCIT Services Network Services Information Assurance (Chief Information Security and Privacy Officer) Superior Court County Council Customer Support Service Engineering and Architecture Service County Sheriff Elections PMO Service E-Government Service Finance Human Resources Business Solutions Services Strategic Planning IT Governance Judicial Administration Prosecuting Attorney Business Analysis Service Communications

17 KCIT Inter-Agency Collaboration
District Court County Assessor OCIO Management Team Members Public Defense Executive Services County Executive KCIT Liaisons Superior Court County Council Community and Human Services Natural Resources and Parks Information Technology County Sheriff Elections Permitting and Environmental Review Public Health Deputy Chief Information Officer Service Delivery Managers Judicial Administration Prosecuting Attorney Transportation Adult and Juvenile Detention

18 Project Steering Committees
The key body within the governance structure which is responsible for the business issues associated with the project that are essential to the ensuring the delivery of the project outputs and the attainment of project outcomes.

19 Sometimes we need to jump back
Incident Response Major Incident Response Process Security Incident Response Process Incident Analysis Containment and Eradication Recovery Post Incident Activities Preparation Identification (Declare an Incident) Containment and Eradication Recovery (Back in Production_ Lessons Learned Sometimes we need to jump back

20 Change Moratorium Emergency Changes Routine Changes Minor Changes
Change Management Change Advisory Board Meets Weekly Coordinated by Production Operations Service Owner Chaired by volunteers Chair rotates every 6 months Change Moratorium Emergency Changes Routine Changes Minor Changes Major Changes

21 KCIT Countywide Services
Endpoint Security Vulnerability Management Datacenter Mobile Device Management Network Infrastructure Server Virtualization Cloud (Amazon Web Services) SharePoint/Office 365

22 Information Security is an Organization Wide Issue
Who is ultimately Responsible for Information Security? Everyone

23 Contact Information Ralph Johnson Chief Information Security and Privacy Officer King County, Washington Multi-State Information Sharing and Analysis Center Center for Internet Security (518)

Download ppt "Chief Information Security and Privacy Officer King County, Washington"

Similar presentations

Ministry of Interior of Montenegro,,The Fight against corruption and organized crime in Montenegro Ministry of Interior of Montenegro,,The Fight against.

Ministry of Interior of Montenegro,,The Fight against corruption and organized crime in Montenegro Ministry of Interior of Montenegro,,The Fight against.
Back to the Drawing Board Summary of the work of the Human Services Redesign Committee from May 2012 forward.

Back to the Drawing Board Summary of the work of the Human Services Redesign Committee from May 2012 forward.
Doug Couto Information Systems and Technology Committee (ABJ50) Washington, DC January 25, 2011.

Doug Couto Information Systems and Technology Committee (ABJ50) Washington, DC January 25, 2011.
Statewide Children’s Wraparound Initiative COSA Conference Presenters: Erinn Kelley-Siel Mary Lou Johnson Larry Sullivan.

Statewide Children’s Wraparound Initiative COSA Conference Presenters: Erinn Kelley-Siel Mary Lou Johnson Larry Sullivan.
Ad Hoc Committee Meeting June 17, 2014. Meeting Topics State WIB Examples Brookings Update WIA Reauthorization.

Ad Hoc Committee Meeting June 17, Meeting Topics State WIB Examples Brookings Update WIA Reauthorization.
International Country Cooperation and Coordination in Implementing the Palermo Protocol Ruby Marks Chief Director: Gender Department of International Relations.

International Country Cooperation and Coordination in Implementing the Palermo Protocol Ruby Marks Chief Director: Gender Department of International Relations.
High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.

High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.
GRC©bridgegroupllc. The Challenge PoliticalAdministrative.

GRC©bridgegroupllc. The Challenge PoliticalAdministrative.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
SEM Planning Model.

SEM Planning Model.
© Prentice Hall 2002 1.1 CHAPTER 1 Managing IT in an E-World.

© Prentice Hall CHAPTER 1 Managing IT in an E-World.
OHIO OFFICE OF INFORMATION TECHNOLOGY. Even the agents are suffering…

OHIO OFFICE OF INFORMATION TECHNOLOGY. Even the agents are suffering…
Roles and Responsibilities Local Agencies and Responders.

Roles and Responsibilities Local Agencies and Responders.
CSU Chico Web Site A Unified approach to Governance, Management, and Accessibility.

CSU Chico Web Site A Unified approach to Governance, Management, and Accessibility.
Alabama GIS Executive Council November 17, 2009. Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.

Alabama GIS Executive Council November 17, Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
ZHRC/HTI Financial Management Training

ZHRC/HTI Financial Management Training
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.

Similar presentations

Ads by Google