1. Keeping you Running Part II Developing Your Own Local Government Cyber Security Plans Stan France & Mary Ball stan@co.schoharie.ny.us

2. Outline Working with municipal boards Working with municipal staff and officials Policies and procedures Gathering information Turning information into plans Initiating changes for continuity and security

3. Working with Municipal Boards Initial Buy in Talking Points Continuity Cases of fire, oil spills, floods Citizen needs Cyber security Information protection – (State Comptroller, E-Ticket) –Personal identity information disclosure law Public embarrassment Loss of work time Cost to repair

4. Working with Municipal Boards Need for Policy and Procedures Establish roles when a response is needed Identify impact of changes on operations –Different personnel –Different operations Make clear government resource usage

5. Working With Municipal Staff and Officials Establish what needs to be accomplished –Continuity –Cyber security Establish roles for the process –Utilize existing strengths –Coordination –Information gathering

6. Policies and Procedures Model Continuity of Operations Policy Model Continuity of Operations Plan Model Cyber Security Policy Model Acceptable Use Policy

7. Gathering Information Basic information gathering form Remote operations requirements form Continuity of Operations by Function form

8. Turning Information Into Continuity Policy and Plans Model continuity of operations policy –Purpose –Scope –Policy Model Continuity of operations Plan –Overall responsibility –Priorities –Plans and procedures by function

9. Model Cyber Security Policy Responsible person Physical protection Access control Information protection Incident reporting Training Media Disposal Acceptable use policy Policy review

10. Initiating Changes Information Security Officer (ISO) role Regular security software updates Regular back-up and offsite storage Annual review