Agency for State Technology



Similar documents
A Final Report for City of Chandler Strategic IT Plan Executive Summary

Office of Information Technology. County of Dallas FY2014 FY2018 Information Technology Strategic Plan

Cybersecurity Enhancement Account. FY 2017 President s Budget

ENTERPRISE COMPUTING ENVIRONMENT. Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE

2015 Strategic Business Plan Franklin County Data Center Ishreth Sameem, CIO

Information Technology Report MTA IT Department. MTA Finance Committee June 2015

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

Technology Services Strategic Plan

The multisourcing approach to IT consolidation

Instructional and Information Technology Strategic Plan Update. June 1, 2015

DHS IT Successes. Rationalizing Our IT Infrastructure

Enterprise Exchange . Category: Enterprise IT Management Initiatives. State: Nebraska

State of Montana Strategic Plan for Information Technology 2014

Information Resources Management (IRM) Strategic Plan

Red Hat Cloud, HP Edition:

Information Technology Strategic Plan

e Governance ULB Level Reform

Strategies for assessing cloud security

Enterprise Security Tactical Plan

Cybersecurity in the States 2012: Priorities, Issues and Trends

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

Strategic Plan FY

Small Business. Leveraging SBA IT resources to support America s small businesses

Iowa State University Proposal for HR-01 ISU HR Operating Model

How To Transform It Risk Management

IRM FY Information Resources Management Strategic Plan

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO

Information Technology Strategic Plan

U.S. Nuclear Regulatory Commission

California Information Technology Strategic Plan

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

Information and Communications Technology Strategy

IT service management solutions Executive brief. Making ITIL actionable in an IT service management environment.

Office of the Chief Information Officer

University of Hawaii Information Technology Services Strategic Plan May 22, Looking Forward to 2020 and Beyond [V15-1]

Table of Contents CYBER SECURITY STRATEGIC PLAN VERSION 1.0

IT Governance Overview

DEFENSE SECURITY SERVICE

Strategic Plan for the Enterprise Portfolio Project Management Office Governors Office of Information Technology... Ron Huston Director

Preventing and Defending Against Cyber Attacks November 2010

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

Project Governance Plan Next Generation Project Oregon Military Department, Office of Emergency Management, Program (The OEM 9-1-1)

How To Protect Your Network From Attack From A Network Security Threat

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE

Information Technology Strategic Plan Final Presentation

Department of Technology Services

Cybersecurity Framework: Current Status and Next Steps

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Strategic Plan Network Optimization & Transport Services

INFORMATION SECURITY STRATEGIC PLAN

PRESENTATIONS BY Mr. Richard Sanchez CIO, Chief Information Office Los Angeles County. December 2, 2010

Systems Development Life Cycle (SDLC)

September 24, Mr. Hogan and Ms. Newton:

Physical Infrastructure Management Solutions

Risk & Audit Committee California Public Employees Retirement System

DoD Strategy for Defending Networks, Systems, and Data

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Guidelines. for setting up. Dedicated Project Team. Page 1 of 14

INFORMATION TECHNOLOGY GOVERNANCE IN PENNSYLVANIA. Executive Summary

Information Technology Strategy

Health Care Solutions

County of Hanover. Board Meeting: May 28, Presentation - Information Technology Department Strategic Plan

Team A SaaS Strategy

NASCIO 2014 State IT Recognition Awards

To the Men and Women of the Coast Guard:

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Information Systems Security Line of Business (ISS LoB)

MEMORANDUM FOR THE HEVEXECUTIVE DEPARlMENTS AND AGENCIES

Concept of Operations for Line of Business Initiatives

SOA Governance and the Service Lifecycle

Achieving Business Agility Through An Agile Data Center

Cloud Computing and Data Center Consolidation

Released December 18 th, 2007

Technology Strategy April 2014

Service Integration. Ensuring the best IT service providers deliver the best IT service

Federal Enterprise Architecture Using EA to Design Future-Ready Agencies and Implement Shared Services

Eastern Illinois University information technology services. strategic plan. January,

California Enterprise Architecture Framework

University of Wisconsin - Platteville UNIVERSITY WIDE INFORMATION TECHNOLOGY STRATEGIC PLAN 2014

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

UNIVERSITY OF MIAMI SCHOOL OF BUSINESS ADMINISTRATION MISSION, VISION & STRATEGIC PRIORITIES. Approved by SBA General Faculty (April 2012)

Begin Your BI Journey

Bridging the HIPAA/HITECH Compliance Gap

Transcription:

Agency for State Technology 2015-2018 Statewide Information Technology Security Plan The Way Forward Rick Scott, Governor Jason M. Allison, State CIO

Table of Contents From the Desk of the State Chief Information Officer (CIO)...3 Executive Summary...4 Strategy 1: Enhance security and privacy capabilities...5 Objective 1: Implement a cybersecurity framework policy...6 Objective 2: Improve situational awareness...7 Objective 3: Develop a robust enterprise security incident response program...8 Strategy 2: Enhance the Enterprise IT environment, including application rationalization...9 Objective 1: Invest in core enterprise enhancement...10 Objective 2: Develop application rationalization approach and begin implementation...11 Strategy 3: Define the roadmap for maturing IT Processes and Strategic Business Alignment...12 Objective 1: Strengthen project assurance and ensure project oversight...13 Objective 2: Coordinate multi-agency enterprise initiatives...14 Timeline...15 Close...16

From the Desk of the State CIO, Jason M. Allison As security becomes the focal point for all IT related initiatives, Florida is now in the best place to affect statewide change for a more secure, efficient, and effective future. Security embedded in the foundation of systems, processes, and projects will position the state for great economic and technological success. With the creation of the Agency for State Technology, the state can focus on securing state IT assets, while moving toward consolidated and standardized platforms. This three-year statewide strategic security plan lays out the roadmap to position the state to enter new markets, support hardened infrastructure, and better align Florida s strategic initiatives. This plan lays out three one year high-level strategies, followed by specific objectives. Years two and three are included in a high-level timeline, this supports growth and flexibility within the strategic plan. As AST progresses through the years while maintaining our vision, new goals will be added and new strategies formulated. Horizon-driven strategies are included in a year four brief to show how the strategies position the AST to take on more aggressive, innovative solutions over time. As IT is an ever-changing and evolving industry, our strategy must also be flexible, innovative, and adaptive. The partnerships AST is developing with Agencies will help drive the IT future for the state. This will make Florida a hub for innovation and drive economic success for the state, its citizens, and businesses. I hope you share my excitement, as Florida embarks on this journey and emerges as a competitive industry leader.

Executive Summary Safeguarding and protecting Florida s IT resources is a top priority. AST is committed to maintaining the highest level of data security, while embracing new capabilities and ensuring information protection for citizens and businesses in the state. As AST progresses toward a more hardened IT climate, this strategic IT security plan will focus on three long-term strategies spanning 2015 through 2018. Emphasis for this plan is on year one objectives which are designed to build security into the very fabric of state IT operations and processes. These are foundational strategies that will position AST to take on horizon-driven initiatives in an organized and secure manner. Each year as objectives are implemented, the strategy will remain with added objectives to show progress year-after-year. Upon full implementation of the foundational strategies, subsequent strategies will be identified, planned, and included in future strategic plans. This phased approach supports continual progress, while moving toward convergence for enterprise strategic alignment. Strategy one establishes objectives for adopting a strong cybersecurity framework, cultivating collaborative partnerships for critical response efforts, and focusing on situational awareness to empower the state workforce. Strategy two establishes objectives for assessing and enhancing the state s data center infrastructure, to include application rationalization. Strategy three establishes objectives for project assurance and oversight and promotes strategic business alignment by partnering with state agencies to understand and support their mission- specific strategies.

Strategy 1: Enhance Security and privacy capabilities Objective 1: Implement a Cybersecurity Framework Policy Objective 2: Improve Situational Awareness Objective 3: Develop a Robust Enterprise Security Incident Response Program

Objective 1: Implement a cybersecurity framework policy In support of the Governor s job and economic growth initiatives, a top priority is protecting critical IT assets. Systems and information drive delivery of services to citizens and promote effective government. The foundation to building secure IT capabilities is a sound cybersecurity framework with robust underlying processes. AST will develop a cybersecurity framework policy that guides the state s information security workforce and promotes efficient IT operations. Security rules will be mapped to the framework and promote secure and consistent practices for state computing platforms. Security considerations will be developed for all IT functions and promote risk mitigation initiatives. Framework implementation will be a rigorous multi-year effort. Each new initiative will enhance and secure the state s IT resources while consistently moving toward framework compliance. On any given day, Florida has 1.7 million visitors

Objective 2: Improve situational awareness Reliance on shared information is critical. How Florida protects and shares information has a significant impact on citizens, visitors, and businesses in the state. To ensure that we are diligent in our efforts, we are reliant on information sharing partnerships and continual education of state workers. As threats emerge and transform, AST will position itself to effectively mitigate attempts to compromise the state s information assets. AST will build partnerships with state and federal entities to support improved situational awareness and harden security practices. AST will support training and outreach campaigns that engage all workers and promote a security-centric culture, involving individuals in data protection initiatives. Florida has surpassed New York as the 3rd most populous state.

Objective 3: Develop a robust enterprise security incident response program Escalation of threat-related activities has driven a change in how the state must approach incident response. AST will cultivate collaborative partnerships to support predictive and preventative cybersecurity efforts. Layered defense must support these techniques; however, when defenses are compromised AST must have a refined, robust response program and assist state agencies with execution. The program will standardize response efforts to support rapid, consistent countermeasures. Miami is among the world s Top 5 most interconnected cities.

Strategy 2: enhance the Enterprise IT environment, Including application rationalization Objective 1: Invest in Core Enterprise Enhancement Objective 2: Develop Application Rationalization Approach and Begin Implementation

Objective 1: Invest in core enterprise enhancement Information technology has quickly become an enabler, from automation to innovation, it supports trade and investment growth in the state. As technology platforms age, obsolescence introduces risk and duplication, and limits our ability to effetively transform business processes. AST will provide seamless and consistent service delivery to state agencies, so that agencies can in turn provide timely services to Florida s citizens and businesses. AST will undertake enhancements to the enterprise IT environment, supporting the move toward deploying secure, interconnected systems. Primary focus will be on replacing end-of-life equipment, standardizing computing platforms, merging operations for core services, and enhancing disaster recovery service capabilities to align with the application rationalization vision. More than 26,000 IT companies, employing close to a quarter of a mllion workers, call Florida home.

Objective 2: Develop application rationalization approach and begin implementation We can only secure what we can see. In order to properly manage the security of the enterprise environment, it is necessary to understand it. Application rationalization includes identifying application dependencies and components that have the potential to introduce security risk. Empowered with this awareness, security initiatives can be prioritized and efficiently applied where they can produce the greatest benefit. The information will also guide future initiatives to offer secure shared services that will reduce the risk, complexity and cost of new applications.

Strategy 3: define the roadmap for maturing IT Processes and Strategic Business Alignment Objective 1: Strengthen Project Assurance and Ensure Project Oversight Objective 2: Coordinate Multi-agency Enterprise Initiatives

Objective 1: Strengthen project assurance and ensure project oversight Introducing security considerations into the early stages of project initiatives is highly effective in identifying shared security services and tools, which promotes system hardening and supports cost-effective outcomes. Through collaborative efforts with state agencies, we will assist in the development and use of consistent project management standards and methodologies, facilitate project oversight and assessment, project risk, and strive for high performing IT projects across the state. These efforts will improve cost-efficiency through repeatable project success.

Objective 2: Coordinate multi-agency Enterprise initiatives Interagency collaboration promotes strategic business alignment. AST will establish enterprise relationships to identify multi-agency integration and consolidation opportunities. Solutions will focus on efficiencies, cost savings, utilizing existing information in new ways, cross-boundary solutions for shared business processes, and ways to measure success. AST will host workshops to promote the conversion of ideas into meaningful and innovative solutions. Workshops will identify data management opportunities to promote interoperability and openness. 40% of all US exports to Latin America pass through Florida.

The Way Forward FY 2014-15 Strategy 1: Enhance security and privacy capabilities FY 2014-15 Strategy 2: Enhance the Enterprise IT environment, including application rationalization FY 2014-15 Strategy 3: Define the roadmap for maturing IT Processes & Strategic Business Alignment FY 2015-16 Strategy: Complete migration to enterprise architecture; Implement enterprise hardware and software asset management and service delivery FY 2016-17 Strategy: Implement statewide IT investment and portfolio management; Strengthen these throughout the State The Way Forward: Federated Identity & Access Management Enterprise Data Exchanges Rapid, Streamlined Delivery of Systems and Services Uniform End-User Experience egovernment - anywhere, anytime, any device Digital Automation (digital forms, signatures, etc) Enterprise Application Portfolio Management

2015-2018 Statewide Strategic IT Security Plan Agency for state Technology For more information visit www.ast.myflorida.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information