Download presentation
Presentation is loading. Please wait.
Published byAshlynn Johnston Modified over 9 years ago
1
The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State Information Security Office March 2007
2
www.infosecurity.ca.gov CA State Information Security Office 2 Our Vision Our Vision Leading the way to secure the State's information assets Leading the way to secure the State's information assets Our Mission Our Mission To manage security and operational recovery risk for the State's information assets by providing statewide direction and leadership To manage security and operational recovery risk for the State's information assets by providing statewide direction and leadership
3
www.infosecurity.ca.gov CA State Information Security Office 3 Proposal to Move the SISO Governor’s Budget Proposal Governor’s Budget Proposal Consolidate SISO and Office of Privacy ProtectionConsolidate SISO and Office of Privacy Protection Move to State and Consumer Services AgencyMove to State and Consumer Services Agency Completed legislative trailer bill language establishing our authority Completed legislative trailer bill language establishing our authority Completed a BCP to increase the SISO by two additional positions Completed a BCP to increase the SISO by two additional positions Status – Discussions occurring in Senate hearings Status – Discussions occurring in Senate hearings
4
www.infosecurity.ca.gov CA State Information Security Office 4 Top Risks for State Government Inadequate statewide policies, standards, and guidelines Inadequate statewide policies, standards, and guidelines Inability to stay current with existing policies and laws Inability to stay current with existing policies and laws Failure to comply with policies, regulations, and laws Failure to comply with policies, regulations, and laws Limited training and education for employees and contractors Limited training and education for employees and contractors Increased risks, threats, and vulnerabilities Increased risks, threats, and vulnerabilities
5
www.infosecurity.ca.gov CA State Information Security Office 5 2006 Accomplishments Re-engineered our internal processes Re-engineered our internal processes Updated incident notification and reporting requirements Updated incident notification and reporting requirements Provided educating and training to state agency staff to improve their security/privacy programs Provided educating and training to state agency staff to improve their security/privacy programs Issued monthly newsletters Issued monthly newsletters Developed risk management best practices tool Developed risk management best practices tool Unveiled our new Web site at www.infosecurity.ca.gov Unveiled our new Web site at www.infosecurity.ca.gov www.infosecurity.ca.gov
6
CA State Information Security Office 6 Major Initiatives for 2007 Ensuring that the legislative language is established in Government Code (11019.11) Ensuring that the legislative language is established in Government Code (11019.11) Updating and revising existing policies Updating and revising existing policies Continuing education and training awareness for information security and privacy Continuing education and training awareness for information security and privacy Developing more tools for risk self-assessment Developing more tools for risk self-assessment Developing ISO roles and responsibilities guidelines Developing ISO roles and responsibilities guidelines Developing Internet usage policy and guidelines Developing Internet usage policy and guidelines Coordinating efforts to align operational recovery and business continuity plans Coordinating efforts to align operational recovery and business continuity plans Developing a repository for templates, sample language, and tools Developing a repository for templates, sample language, and tools Establishing October as National Cyber Security month with a special executive management event Establishing October as National Cyber Security month with a special executive management event
7
www.infosecurity.ca.gov CA State Information Security Office 7 Long-Range Initiatives Developing a strategy for establishing policies, standards, and guidelines Developing a strategy for establishing policies, standards, and guidelines Elevating departmental ISO role Elevating departmental ISO role Enhancing project documents (FSRs, SPRs, PIERs)Enhancing project documents (FSRs, SPRs, PIERs) Ensuring IT classifications include security componentsEnsuring IT classifications include security components Developing an ongoing training curriculum for ISOsDeveloping an ongoing training curriculum for ISOs
8
www.infosecurity.ca.gov CA State Information Security Office 8 Direction of the State’s Security Program Policy Policy Developing, issuing, and maintaining statewide policy, standards, and guidelinesDeveloping, issuing, and maintaining statewide policy, standards, and guidelines Assistance/Advisory Assistance/Advisory Providing assistance and adviceProviding assistance and advice Providing training and educationProviding training and education Providing tools, templates, and samplesProviding tools, templates, and samples Compliance Compliance Ensuring statewide compliance through monitoring, reviews, and auditsEnsuring statewide compliance through monitoring, reviews, and audits
9
www.infosecurity.ca.gov CA State Information Security Office 9 Privacy Component Work with Office of Privacy Protection to implement: Establish state agency privacy programEstablish state agency privacy program Guidance on privacy policy statementsGuidance on privacy policy statements IPA rules of conductIPA rules of conduct Privacy officer roles and responsibilitiesPrivacy officer roles and responsibilities Privacy awareness program elementsPrivacy awareness program elements Privacy contents for internal auditors’ checklist and trainingPrivacy contents for internal auditors’ checklist and training
10
www.infosecurity.ca.gov CA State Information Security Office 10 Statewide Outreach Efforts Establishing our Office as the centralized point for dispersing information about threats, vulnerabilities, and important issues Establishing our Office as the centralized point for dispersing information about threats, vulnerabilities, and important issues Establishing ongoing trusting relationships with our partners Establishing ongoing trusting relationships with our partners Conducting meetings, presentations, special events Conducting meetings, presentations, special events Being accessible via phone, e-mail, and in person Being accessible via phone, e-mail, and in person
11
www.infosecurity.ca.gov CA State Information Security Office 11 External Outreach Efforts Sharing with federal and local governments, universities and colleges, and other communities of interest Sharing with federal and local governments, universities and colleges, and other communities of interest Acting as California’s contact for the Multi- State Information Sharing and Analysis Center (MS-ISAC) Acting as California’s contact for the Multi- State Information Sharing and Analysis Center (MS-ISAC) Establishing a “Partners in Learning” at GTC 2007 West Establishing a “Partners in Learning” at GTC 2007 West Participating in presentations, discussions, committees, boards, and other activities Participating in presentations, discussions, committees, boards, and other activities
12
www.infosecurity.ca.gov CA State Information Security Office 12 Contact Us colleen.pedroza@dof.ca.gov colleen.pedroza@dof.ca.gov colleen.pedroza@dof.ca.gov rosa.umbach@dof.ca.gov rosa.umbach@dof.ca.gov rosa.umbach@dof.ca.gov Phone - (916) 445-5239 Phone - (916) 445-5239 General e-mail - security@dof.ca.gov General e-mail - security@dof.ca.govsecurity@dof.ca.gov Web site - www.infosecurity.ca.gov Web site - www.infosecurity.ca.govwww.infosecurity.ca.gov
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.