Download presentation
Presentation is loading. Please wait.
Published byClaud Cannon Modified over 6 years ago
1
Securing Critical Assets: Arizona’s Security & Privacy Initiatives
This domain is the most complex in terms of understanding how we mange data and information and the systems supporting such data. The intent is to develop a representation of IT reality as it applies to the agency, COI’s and the enterprise. Most Internet-based services in the State are developed and presented separately, according to jurisdictional boundaries of an individual agency rather than being integrated cooperatively according to lines of business or function
2
Background Arizona has been Identity Theft Capital of U.S. for past 4 years AZ Government has Decentralized Service Delivery & IT Infrastructure Management Increasing Our Security Risks Citizens have ready access to public data (Web Portal, Google partnership, Arizona 2-1-1, etc.) All States subject to Federal Privacy Mandates: Health Insurance Portability and Accountability Act (HIPAA) Federal Information Security Management Act of 2002 (FISMA) Family Educational Rights and Privacy Act (FERPA) Pending Data Security Breach (Privacy Disclosure), etc.
3
AZ Security & Privacy Initiatives
Our Security & Privacy Activities have focused on: State Legislation Executive Policies State Initiatives
4
Legislative Actions GITA Duties as Statewide Strategic IT Planning and Oversight Agency Notification for Compromised Personal Information. Identifies appropriate information practices and protection of all personal information collected from its citizens and consumers. ***Current Pending Legislation - S.B – Proposes Statewide Information Security and Privacy Office to be Placed in GITA & Baseline Statewide Security Risk Assessment***
5
Executive Policy IT Enterprise Architecture developed in 2003 included Statewide IT Security & Privacy Policies, Standards and Practices (PSP). Project Investment Justification (PIJ) Process, Consulting & Monitoring Functions Cover Security & all other IT Areas. Advisory & Oversight Boards: Emergency Preparedness Oversight Council (EPOC) IT Security Advisory Committee (ITSAC) CIO Council (CIOs of largest State agencies) Program Participation: Multi-State Information Sharing & Analysis Center (MS-ISAC) Participation HIPAAZ Program
6
State Security & Privacy Initiatives
Annual Standards Compliance Assessment (TISA) Gap Closure Process Training & Awareness Linkage with BCPs & IT DR IT Security Training & Awareness Annual CIO Standards Awareness Training Annual BCP Coordinator Training (includes IT/DR) DES Training Pilot Business Continuity Planning IT Disaster Recovery Critical Business Function Resource Mapping Statewide Infrastructure Protection Center (SIPC) Incident Reporting Event Management
7
Resource References Arizona’s Statewide IT Enterprise Architecture, Quality Assurance, and IT Security Standards: GITA’s online assessment tools (PARIS, ISIS & TISA) allow streamlined IT planning, standards compliance assessment, and inventory reporting: Business Continuity/IT Disaster Recovery Planning guide:
8
Lessons Learned Privacy protection should drive IT Security standards.
Business Leaders must drive BCP, IT/DR, IT Planning & Standards Compliance for effective implementation. Risk Management should be tailored to level of risk: 30 “Group 1” BCP agencies (large, critical) 70 “Group 2” BCP agencies, boards, commissions) Different compliance & training for each group Business Impact Analysis (BIA) should target Critical Business Function (CBF) mapping. Agencies need actionable, documented & tested workaround procedures. Statewide Central Oversight & Control is needed in decentralized environments for security protection to be effective.
9
Government Information Technology Agency (GITA)
Questions/Comments Chris Cummiskey State CIO & Director Government Information Technology Agency (GITA)
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.