Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Cybersecurity Initiative Department of Information Technology Vince Martinez, State CIO, Executive Sponsor Lorenzo Ornelas, Managing Director.

Published byCassandra Walsh Modified over 5 years ago

Similar presentations

Presentation on theme: "Enterprise Cybersecurity Initiative Department of Information Technology Vince Martinez, State CIO, Executive Sponsor Lorenzo Ornelas, Managing Director."— Presentation transcript:

1 Enterprise Cybersecurity Initiative Department of Information Technology Vince Martinez, State CIO, Executive Sponsor Lorenzo Ornelas, Managing Director Enterprise Services/Communications (Acting), Business Owner April 23, 2019

2 Project Overview Agency Mission Business Need Project Purpose
DoIT provides IT leadership for the State, performs oversight for IT projects and procurements, and delivers enterprise IT services to the State’s executive agencies Business Need While cybersecurity must underlie everything that IT does in the state, dedicated resources, time and money are hard to come by. Cybersecurity threats are more costly, more frequent, more complex, and have greater potential to deliver damage than ever before. Cybersecurity incidents currently are identified and remediated on a case-by- case basis, but need to be addressed on a statewide basis Project Purpose Strengthen the state’s cybersecurity posture and support the effort to operationalize security policies, procedures, and activities across the State’s enterprise.

3 Project Objectives Objectives
Complete a statewide vulnerability assessment as a baseline upon which to define near term security mitigation strategies Create a robust CISO office by leveraging multiple vendor contracts; Create an enterprise library of security policies; Mature the state’s incident response abilities in partnership with vendors and state agencies; and, Utilize enterprise solutions across the state, with strong executive support for all-agency participation.

4 PRODUCTS and DELIVERABLES
Approach PHASE WORK TO BE PERFORMED PRODUCTS and DELIVERABLES PHASE I Initiation and planning Charter Project Management Plan Vulnerability Assessment Contract Requirements CISO Plan PHASE II Planning for foundational cybersecurity framework for the enterprise Current State Assessment Stakeholder/Partner Approach Define Governance Structure Outline Policy Library PHASE III Implementation for initial enterprise concept of operations; policy library; operationalize governance structure and partnership plan Enterprise Cybersecurity Governance Policies and Procedures Library Security Operations Center Threat/Monitoring Tools PHASE IV Standardization and stabilization Fully operationalized cybersecurity enterprise framework

5 Approach (cont’d) Initial focus on current statewide vulnerability assessment and planning to build robust enterprise framework, including external communities (Higher Education, other partners) Contractor support coupled with in-house involvement Project management State CISO search, supported by multi-vendor Virtual CISO (VCISO) while CISO is recruited Incident Response team Schedule to be developed during Initiation phase

6 Funding and Certification
Requested $3 million for project; $1 million appropriated Requesting Certification Change to release $619,228.93 In support of immediate statewide vulnerability assessment Project management support (initiation phase) Develop schedule and initiation documents FUNDING FISCAL YEAR FUNDING SOURCE AMOUNT 2018 Laws of 2018, Chapter 73, Section 7 (11) $1,000,000 TOTAL

7 Enterprise Cybersecurity Initiative
DoIT requests initiation certification for the Enterprise Cybersecurity Initiative

Download ppt "Enterprise Cybersecurity Initiative Department of Information Technology Vince Martinez, State CIO, Executive Sponsor Lorenzo Ornelas, Managing Director."

Similar presentations

1 The IT Service Management Performance Challenge IT Service Management in the Federal Sector – A Case Study.

1 The IT Service Management Performance Challenge IT Service Management in the Federal Sector – A Case Study.
1 www.vita.virginia.gov IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1, 2013 www.vita.virginia.gov.

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,
1 1 State of Oregon Identity and Access Management John Radford, State Controller Department of Administrative Services State Controllers Division.

1 1 State of Oregon Identity and Access Management John Radford, State Controller Department of Administrative Services State Controllers Division.
Program design overview Pre-contract to post-program year Office on Volunteerism and Community Service.

Program design overview Pre-contract to post-program year Office on Volunteerism and Community Service.
1 General Services Department State Purchasing Division ePROCUREMENT PHASE II Project Certification – Initiation/Planning Phase October 28, 2009.

1 General Services Department State Purchasing Division ePROCUREMENT PHASE II Project Certification – Initiation/Planning Phase October 28, 2009.
Data Warehouse External Data Loads Initiation Certification April 22, 2009 Project Certification Committee April 22, 2009 1.

Data Warehouse External Data Loads Initiation Certification April 22, 2009 Project Certification Committee April 22,
1 New Mexico E-911 Network Project New Mexico E-911 Program.

1 New Mexico E-911 Network Project New Mexico E-911 Program.
Data Warehouse External Data Loads Implementation Certification May 27, 2009 Project Certification Committee May 27, 2009 1.

Data Warehouse External Data Loads Implementation Certification May 27, 2009 Project Certification Committee May 27,
Department of Information Technology Trusted Network Initiation Certification Request Dave Dikitolia, Andrew Griego 3-25-08.

Department of Information Technology Trusted Network Initiation Certification Request Dave Dikitolia, Andrew Griego
YES New Mexico Enterprise Eligibility System

YES New Mexico Enterprise Eligibility System
TECH Project Company X Documentation Plan Champion/Define Phase

TECH Project Company X Documentation Plan Champion/Define Phase
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Delivery Business Solutions April 29, 20131 Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.

Delivery Business Solutions April 29, Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.
Adjusting EPLC to your Project Colleen Robinson & Teresa Kinley Friday, February 6, 2009.

Adjusting EPLC to your Project Colleen Robinson & Teresa Kinley Friday, February 6, 2009.
Module 2.1 Finance and Administration Cabinet Organizational Changes and Agency Impact March 16-18.

Module 2.1 Finance and Administration Cabinet Organizational Changes and Agency Impact March
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
1 Community-Based Care Readiness Assessment and Peer Review Team Procedures Overview Guide Department of Children and Families And Florida Mental Health.

1 Community-Based Care Readiness Assessment and Peer Review Team Procedures Overview Guide Department of Children and Families And Florida Mental Health.
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
10/20/2015 1 The ISMS Compliance in 2009 GRC-ISMS Module for ISO 27001 Certification.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

Similar presentations

Ads by Google