Download presentation
Presentation is loading. Please wait.
Published byLydia Chandler Modified over 6 years ago
1
Enterprise Cybersecurity Upgrade Initiation Department of Information Technology Maria Sanchez, Acting State CIO November 13, 2018
2
Project Overview Agency Mission Business Need Project Purpose
DoIT provides IT leadership for the State, performs oversight for IT projects and procurements, and delivers enterprise IT services to the State’s executive agencies Business Need While, cybersecurity must underlie everything that IT does in the state, dedicated resources, time and money are hard to come by. Cybersecurity threats are more frequent, more complex, and have greater potential to deliver damage than ever before. Cybersecurity incidents currently are identified and remediated on a case-by- case basis, often at the individual agency level. Project Purpose Strengthen the state’s cybersecurity posture and support the effort to operationalize security policies, procedures, and activities across the State’s enterprise.
3
Project Objectives Objectives
Strengthen the state’s security workforce by retaining new talent and growing the pipeline of cybersecurity professionals; Create a robust CISO office by leveraging multiple vendor contracts; Create an enterprise library of security policies; Mature the state’s incident response abilities in partnership with vendors and state agencies; and, Utilize enterprise solutions across the state, with strong executive support for all-agency participation.
4
PRODUCTS and DELIVERABLES
Approach PHASE WORK TO BE PERFORMED PRODUCTS and DELIVERABLES PHASE I Initiation and planning Charter Project Management Plan Risk Assessment Contract Requirements CISO Plan PHASE II Planning for foundational cybersecurity framework for the enterprise Current State Assessment Stakeholder/Partner Approach Define Governance Structure Outline Policy Library PHASE III Implementation for initial enterprise concept of operations; policy library; operationalize governance structure and partnership plan Enterprise Cybersecurity Governance Policies and Procedures Library Security Operations Center Threat/Monitoring Tools PHASE IV Standardization and stabilization Fully operationalized cybersecurity enterprise framework
5
Approach (cont’d) Initial focus on current state assessment and planning to build robust enterprise framework, including external communities (Higher Education, other partners) Contractor support coupled with in-house involvement Project management State CISO search, supported by multi-vendor Virtual CISO (VCISO) while CISO is recruited Incident Response team Schedule to be developed during Initiation phase
6
Funding and Certification
Requested $3 million for project; $1 million appropriated Requesting initiation certification and approval for $80,500 Project management support (initiation phase) Virtual CISO resources Develop schedule and initiation documents FUNDING FISCAL YEAR FUNDING SOURCE AMOUNT 2018 Laws of 2018, Chapter 73, Section 7 (11) $1,000,000 TOTAL
7
Enterprise Cybersecurity Initiative
DoIT requests initiation certification for the Enterprise Cybersecurity Initiative
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.