Wisconsin National Governor s Association: Call To Action

Similar documents
2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

What keep the CIO up at Night Managing Security Nightmares

State Governments at Risk: The Data Breach Reality

Cyber Security An Exercise in Predicting the Future

Who s Doing the Hacking?

Data Management & Protection: Common Definitions

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

SCAC Annual Conference. Cybersecurity Demystified

CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA

CYBER SECURITY GUIDANCE

Information Security Program CHARTER

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

Top 10 Baseline Cybersecurity Controls Banks Aren't Doing

The Heart of the Matter:

Personal Security Practices of the CAO

STATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO

Data Breach Response Planning: Laying the Right Foundation

OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON

Big Data, Big Risk, Big Rewards. Hussein Syed

Cyber Security. John Leek Chief Strategist

AGENDA HIP Ho AA w i rivacy d The B reach Happen? I P nc AA Secu dent R rit esp y o nse Corrective Action Plan What We Learned ACRONYMS USED

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

The Computerworld Honors Program

Cybersecurity in the States 2012: Priorities, Issues and Trends

The Cybersecurity Threat Protecting Big Data

Cyber Risks in the Boardroom

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Water Security in New Jersey: Partnership and Services

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

Cyber Incident Response

CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia

How to Lead the People in a Program Based Environment

NASCIO 2014 State IT Recognition Awards

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

Cybersecurity. Are you prepared?

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

Portal Storm: A Cyber/Business Continuity Exercise. Cyber Security Initiatives

Vendor Risk Management Financial Organizations

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

STATE OF NEW JERSEY Security Controls Assessment Checklist

Addressing Evolving Threats & Responses in a MITA 3.0 World Robert Myles, CISSP, CISM

Top Ten Technology Risks Facing Colleges and Universities

GAO. INFORMATION SECURITY Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing

Modular Network Security. Tyler Carter, McAfee Network Security

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

National Cybersecurity & Communications Integration Center (NCCIC)

MARYLAND. Cyber Security White Paper. Defining the Role of State Government to Secure Maryland s Cyber Infrastructure.

Professional Services Overview

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Oil & Gas Cybersecurity

Cloud Security. DLT Solutions LLC June #DLTCloud

INFORMATION TECHNOLOGY POLICY

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli

Into the cybersecurity breach

Certified Secure Computer User

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

QUESTIONS & RESPONSES #2

Client Security Risk Assessment Questionnaire

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Who s Regulating Whom & What are the Requirements: Banks As Payment Services Providers

Italy. EY s Global Information Security Survey 2013

The Business Case for Security Information Management

The Evolution of Application Monitoring

Developing National Frameworks & Engaging the Private Sector

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

Department of Homeland Security

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Hawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity

State of South Carolina Policy Guidance and Training

Information Security Summit 2005

Maturation of a Cyber Security Incident Prevention and Compliance Program

ISE Northeast Executive Forum and Awards

PACB One-Day Cybersecurity Workshop

Information Security Officer Meeting. November 10, 2009

Cybersecurity: What CFO s Need to Know

El Camino College Homeland Security Spring 2016 Courses

Designing & Building an Information Security Program. To protect our critical assets

What Directors need to know about Cybersecurity?

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

How To Write A National Cybersecurity Act

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

State of South Carolina Initial Security Assessment

About Our 2015 WTA Cyber Security Speakers and Sessions

A Cybersecurity Strategy

All Eyes: A Security Breach Exercise. Disaster Recovery/Security and Business Continuity Readiness

Emerging risks for internet users

GAO. INFORMATION SECURITY Additional Guidance Needed to Address Cloud Computing Concerns

south dakota enterprise cyber security operations 2014 NASCIO Recognition Award Nomination Category: Cybersecurity Initiatives

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Actions and Recommendations (A/R) Summary

Logging In: Auditing Cybersecurity in an Unsecure World

ITU National Cybersecurity/CIIP Self-Assessment Toolkit. Background Information for National Pilot Tests

U.S. Cyber Security Readiness

Transcription:

Wisconsin National Governor s Association: Call To Action David Cagigal Chief Information Officer State of Wisconsin 101 E. Wilson St, 8th Floor Madison, WI 53703 608.261.8406 May 14, 2014

Cybersecurity Governance & Authority Authority: Department of Administration shall: 16.971 (2) (k) Ensure that all state data processing facilities develop proper privacy and security procedures and safeguards. 16.973 (5) Utilize all feasible technical means to ensure the security of all information submitted to the department for processing by agencies, local governmental units and entities in the private sector. Governance: IT Executive Steering Committee Established by Executive Order No. 99 on April 26, 2013 Consensus approach to IT Homeland Security Council Re-established by Executive Order No. 101 on May 3, 2013 CIO one of 16 members advises on Cyber Preparedness CIO Chairs the Wisconsin Cyber Working Group

Informed Policy 3 Homeland Security Cyber Governance Information & Recommendation Due Outs (tasking) Incident Analysis Threats Preparedness Status Reports Wisconsin Homeland Security Council (3 rd Wednesday) Relevant Questions Requests & Taskings Cyber Strategy Annual Reports Cyber Annex Summit due outs CyberSec Month Wisconsin Cyber Working Group (1 st Thursday)

Risk Assessment & Resource Allocation Risk Assessments: External State of Wisconsin Evals: U.S. Department of Homeland Security Deloitte / NASCIO Survey Gartner Assessment Homeland Security: Statewide CIKR Focus Interagency Members of HSC Collaborate on Risk Assessments Quadrennial Strategy w/ Cyber Objectives Annual Strategy Reports to Governor Resource Allocation: Currently developing training for Business Impact Analysis Cyber Security Road Map Risk = Threat x Vulnerability x Cost

Event Probability 5 State of Wisconsin Risk Matrix High Mitigate or Reduce Risk Driver s Licensing Zero RPO/RTO< 4 hrs Cat. 2: Hot Site Accept Risk Recreational Permits No specific RPO / RTO Cat. 4: Wait Avoid the Risk Life, Health, Safety Zero RPO/RTO Cat.1: Data Replication EC12 (Mainframe) EXAs (STAR) Share or Transfer Risk Procurement Systems 8 Hour RPO/RTO < 1 wk. Cat. 3: Cloud Provision on Demand Facilities Services Event Impact High

Vulnerability Assessment & Mitigation Vulnerability Assessment: Intrusion detection / prevention via SNORT MS-ISAC Albert Implementing Managed Security Services Contract Ongoing dialogue with: University of Wisconsin State of Michigan Mitigation: Appliances (e.g. Iron Port) Rapidly detecting and blocking malicious actors Developing Alternate Site Fail Over Strategy (Four Categories)

State Compliance with Security Standards & Frameworks Standards: State Must Comply With Numerous Standards DOA implemented the Information Technology Infrastructure Library (ITIL) for IT operations and compiles with:. HIPAA (Health Insurance Portability and Accountability Act) PCI (Payment Card Industry) CJIS (Criminal Justice Information Services), FERPA (Family Educational Rights and Privacy Act) FTI (Federal Tax Information) SSA (Audit authority) IRS (Audit authority) Homeland Security: ISACs Play Critical Role NIST Framework represents a rational overarching approach Wisconsin law requires safeguarding Personally Identifiable Information

Creating a culture of risk awareness 2013 Security Awareness Training: 19 State Agencies 58% Have Training In Place 32% Are Planning To Introduce Training In 2014 10% Have Been Unresponsive Or Non-committal 7 Boards, Offices & Commissions 12% Have Training In Place 6% Are Planning To Introduce Training In 2014 82% Have Been Unresponsive Or Non-committal 2014 Security Awareness Training Cyber Security Awareness Training 11 Modules Moving to an enterprise approach with Single Sign on Learning Management Software

Governor s Cybersecurity Dashboard: April 2014 CYBERSECURITY PROGRAM State Cybersecurity Initiatives: Description Status Progress Cost Completion Date Next Milestone 1. Managed Security Services RFP On Track Vendor Reference Checks Complete $35,880 (Staff) Plus TBD (Vendor) 5/31/14 Award Letter Call-to-Action on State Cybersecurity: 2. Security Awareness Training On Track 1 st Single Sign On Test 4/10/2014 Approx $123,760 12/31/14 Single Sign test for non DOA domains Action Status Progress 1. Governor / State role in Cyber Crime (DOJ) With HSA March 14 3. Femrite Alternate Site RFP On Track Bid Released 4/1/14 Approx $4.42 Million 9/1/14 Proposer Meeting 2. Governor / State role in Emergency Mgmt. (WEM) With HSA 4/10/14 3. Governor / State role as a regulator (PSC) With HSA 4/18/14 4. Enterprise Identity Management On Track Initiation TBD TBD Charter Approval 4. Governor / State role as a corporate entity (DOA) With HSA 4/10/14 5. Governor / State role on public awareness (DET) With HSA 4/10/14 5. DET Disaster Response Plan (Playbook) On Track Started Key Staff Interviews TBD 12/31/14 Publish Play Cards 2. Malware & Bots 3. Web Attacks 5. Distributed Denial of Service CYBERSECURITY MONTHLY REPORT CARD 1. Phishing / SPAM Scam e-mails 4. Port Scans Top 5 Risks & Significant Threats: 1. Phishing / SPAM / scam E-Mails 2. Malware and Bots (Botnet attacking or participating) 3. Web Attacks (Brute Force and SQL Injection) 4. Port Scans 5. Distributed Denial of Service Attacks Reasonable Considerable Substantial

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information