Oregon Fire Service Conference Enterprise Security Office Update. October 26, 2018

Similar documents
SB 90 (2017) Implementation Update. JLCIMT. 14 November 2017

Executive Summary and Overview

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Treasury IT Overview February 14, 2019

Cyber Resilience. Think18. Felicity March IBM Corporation

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

U.S. Department of Homeland Security Office of Cybersecurity & Communications

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

TX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark

CALIFORNIA CYBERSECURITY TASK FORCE

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

The Deloitte-NASCIO Cybersecurity Study Insights from

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

2 The IBM Data Governance Unified Process

HPH SCC CYBERSECURITY WORKING GROUP

Enterprise Information Resource Management Strategy (EIRM) Accountable, Customer-centered, Collaborative and Innovative.

Department of Homeland Security Updates

PIPELINE SECURITY An Overview of TSA Programs

Building a Resilient Security Posture for Effective Breach Prevention

State of South Carolina Interim Security Assessment

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Digital Service Management (DSM)

The CIS Security Metrics & Benchmarking Service. Clint Kreitner The Center for Internet Security

Digital Service Management (DSM)

THE POWER OF TECH-SAVVY BOARDS:

Supporting the Cloud Transformation of Agencies across the Public Sector

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Turning Risk into Advantage

Better skilled workforce

Defensible Security DefSec 101

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

Implementing Executive Order and Presidential Policy Directive 21

Which Side Are You On?

Implementation Strategy for Cybersecurity Workshop ITU 2016

SOLUTION BRIEF Virtual CISO

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

UNITED STATES OFFICE OF PERSONNEL MANAGEMENT

WRI BUILDING EFFICIENCY INITIATIVE BUILDING EFFICIENCY INITIATIVE, WRI ROSS CENTER FOR SUSTAINABLE CITIES

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

Legal and Regulatory Developments for Privacy and Security

Office of Acquisition Program Management (OAPM)

State and Local Partners for a Clean and Green California

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

GOVERNMENT IT: FOCUSING ON 5 TECHNOLOGY PRIORITIES

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview

Security Survey Executive Summary October 2008

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Cyber Partnership Blueprint: An Outline

MN.IT Services and MNsure

BHConsulting. Your trusted cybersecurity partner

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Oregon Legislative Fiscal Office. Presenters: Date:

The National Network of Fusion Center: Where We Have Been and Where We are Going

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

POSITION DESCRIPTION

Sage Data Security Services Directory

REPORT 2015/149 INTERNAL AUDIT DIVISION

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

January Disrupting the B2B. Cyber Security Market WHITEHAWK, Inc. All Rights Reserved Empowering a Fearless Internet

The Government IT Profession: Embedding IT Professionalism in Your Organisation

Federal Information Sharing Resources for Small and Midsize Businesses

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Statement of Organization, Functions, and Delegations of Authority: Office of the

BOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018

Oregon Climate Authority (SB928)

An Introduction to the SEforALL Building Efficiency Accelerator Belgrade BEA Kick-off Meeting 31 October 2016 Eric Mackres,

Cyber Security Program

Analysis Item 33: Department of Administrative Services Information Technology Procurement Management Program

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Exploring Emerging Cyber Attest Requirements

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Israel and ICS Cyber Security

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

The Office of Infrastructure Protection

Connecticut Department of Department of Administrative Services and the Broadband Technology Opportunity Program (BTOP) 8/20/2012 1

The Office of Infrastructure Protection

Security and resilience in Information Society: the European approach

Federal Government. Each fiscal year the Federal Government is challenged CATEGORY MANAGEMENT IN THE WHAT IS CATEGORY MANAGEMENT?

PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM

IS4H TOOLKIT. TOOL: ICT Assessment and Costing Consultancy Terms of Reference. Department of Evidence and Intelligence for Action in Health PAHO/WHO

Cybersecurity and the Board of Directors

GREEN DEFENCE FRAMEWORK

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

SIMPLIFY IT. Transform IT with VCE and Vblock TM Infrastructure Platforms. Copyright 2011 VCE Company LLC, All rights reserved.

Transcription:

Oregon Fire Service Conference Enterprise Security Office Update October 26, 2018

2 State CIO Update Terrence Woods Interim State CIO Slide presented at August OAGTIM

3 Information Security Unify cybersecurity to improve customer service for Oregonians while ensuring those systems are secure and resilient 1. Unifying Enterprise Security Operations. Unifying cybersecurity to improve customer service for Oregonians while ensuring those systems are secure, resilient and ready for the future. 2. Cybersecurity Center of Excellence. Building a long-term multi-sector strategy that leverages the private-sector expertise of Oregon s Cyber-related industries to protect the digital lives of all Oregonians

Enterprise Security Strategy 4

Roadmap & Execution 5 2017-19 Biennium 2017 2018 2019 Form new ESO, Ops review, Start on governance Establish shared services, publish enterprise plan, staff team Rule & Policy updates, metrics & reporting, 5-year planning Evaluate, course correct as needed, 2019-21 planning Positions (35) moved by HR to DAS/ESO All existing staff (14) moved to new roles in ESO Vacancies prepared for recruitment Deputy CISO hired Security risk governance foundation defined Security shared services catalog Plan for unified execution Agency minimum security requirements Unified enterprise security plan System security requirements for IT governance Key vacancies filled (10) Refresh security policy IT security rule making (update of OAR 125-800) Publish quarterly report cards Initiate 5-year planning Establish enterprise security board under ELT/EITG Finish staffing to plan (13) Independent review of program against best practice Independent technical assessment of State network Survey agency leaders on program quality & effectiveness Establish 2019-21 objectives Publish 5-year plan

Developing a post SB-90 Update 6 State CISO Guidance Near term implementation (1 July 2018-30 June 2019) of SB 90 and Enterprise Security Strategic Objectives Build on work of the Executive Order 16-13 Steering Group Set Realistic and Achievable Targets Security becomes part of DNA of the State of Oregon ESO is a trusted partner and advisor State Leadership and Agencies know value of ESO offerings Mid-Biennium Service Update released July 1 Statewide Information Security Plan released August 8 (Gap Analysis due Oct 31) System Security Plan

Key Elements & Update Structure 7 Key Elements Center for Internet Security (CIS) v7 Basic 6 State baseline and what Agencies must do Regulated data is accounted for Offerings are grouped into Security Operations and Security Enabling areas State of Oregon 5-Year Cybersecurity Strategy To be Developed collaboratively Structure Background and Overview Rule Making (OAR 125.800) Operations Enabling Metrics Looking Ahead Investments from PoP 5-Year Cybersecurity Strategy for the State of Oregon

Near Term Initiatives 8 Outreach State Government Large Agencies Mid-Size Agencies Small ABC s Oregon Municipalities Education Districts Private Sector Critical Infrastructure Resources ESO/State Counterparts MS-ISAC/US DHS/CIS Planning State of Oregon 5-Year Cybersecurity Strategy Define Governance Identify major cybersecurity Initiatives CIS Basic 6 Controls a focus Increasing SOC visibility Something big the State can agree to

Statewide Security Community Public-private cybersecurity collaboration to help all Oregonians Oregon Cybersecurity Advisory Council Actively engaging wide community in workgroups focused on education, workforce, technology, information sharing & outreach Oregon Cybersecurity Awareness Six major community events across Oregon in 2018 Five high school NW Cyber Camps conducted across Oregon CyberOregon website launched: 800-850 visitors/month & growing Oregon Cybersecurity Research Research on security needs across Oregon, public & private Top ask workforce development Consistent interest & need for services of a Center of Excellence info@cyberoregon.com https://www.cyberoregon.com

Basecamp Overview Basecamp is an IT Supply Chain Management Program Co-Sponsored by the Office of the State Chief Information Officer (OSCIO) and DAS Procurement Services. We are committed to: Making business oriented decisions Taking innovative approaches Planning strategically Embracing transparency Driving value Avoiding risk to our partners Engaging in nimble contracting Supporting public stewardship

Basecamp Overview Helping you get the IT you need: Save you time: no need for a Lengthy procurement process Save you resources: Save on Procurement and IT staff hours Vendor Management Provided: Performance is centrally managed We Leveraged Expertise: Multi-organization contributions Support Purchaser Community: Find other purchasing organizations Interoperability: Products and Services can integrate www.oregon.gov/basecamp

Basecamp offerings Need Cyber Security Services? 8 Vetted Vendors Full Cyber Security Services Risk Assessments Training Monitoring & Detecting Response & Recovery Planning Incident Response And More www.oregon.gov/basecamp

Basecamp offerings Cyber Security, Everything you need to get started Buyers Guide Service Matrix Selection Process Consultant link General information http://www.oregon.gov/das/procurement/guiddoc/buyersguideitsecurityservices.docx

How to Access Products & Services Cooperative Agreements: Oregon Cooperative Procurement Program (ORCPP) 50+ Fire Districts are members Leverage Statewide agreements 340+ Goods and Services available Sliding fee scale For more information Contact: info.orcpp@oregon.gov www.oregon.gov/das/procurement/pages/orcpp.aspx

How to Find more Products & Services Basecamp s IT Catalog provides quick link to the Award Summary Page basic document set. Find all Basecamp Statewide agreements Search, Sort and Filter Links to Procurement info Find purchaser data https://www.oregon.gov/basecamp/pages/it-catalog.aspx

Contact Basecamp with Questions CONTRACT ADMINISTRATOR DAS PS Lori Nordlien, IT Procurement Strategist Phone: (503) 378-6781 Email: Lori.nordlien@oregon.gov VENDOR MANAGER DAS OSCIO Jason Rood, Strategic Sourcing Specialist Phone: (503) 383-6291 Email: Jason.rood@oregon.gov

Get in touch with ESO: General questions: eso.info@oregon.gov SOC/Incidents: eso.soc@oregon.gov Malicious Hotline: 503-378-5930

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback