Sponsored By: The CA Information Security Office The Governor’s Office of Emergency Services...
10
California Security Jumpstart Project Sponsored By: The CA Information Security Office The Governor’s Office of Emergency Services Presented by: The California Security Jumpstart Project Team – Francoise Le, Colin Stevens, Ashish Kumar, Annette Coopwood, Blanca Mendoza, Cesar Ramirez, David Wanjiru, John Cramer, Chris Rushkin, Chitra Chitturri, Kathy Vaughn, Alice Silvestri, Hugo Mercado, Gina Zayas, Jack Ell 1 CONTACT INFORMATION: [email protected]
-
Upload
jonas-charles -
Category
Documents
-
view
215 -
download
0
description
The security challenge Why CA Security Jumpstart? What will the project provide? Benefits to you How will we reach our goals? Project timeline 3CONTACT INFORMATION:
Transcript of Sponsored By: The CA Information Security Office The Governor’s Office of Emergency Services...
1
California Security Jumpstart Project
Sponsored By: The CA Information Security Office The Governor’s Office of Emergency Services
Presented by: The California Security Jumpstart Project Team – Francoise Le, Colin Stevens, Ashish Kumar, Annette Coopwood, Blanca Mendoza, Cesar Ramirez, David Wanjiru, John Cramer, Chris Rushkin, Chitra Chitturri, Kathy Vaughn, Alice Silvestri, Hugo Mercado, Gina Zayas, Jack Ell
CONTACT INFORMATION: [email protected]
2
WHAT IS ITLA?The Information Technology Leadership Academy is a nine-month program for state IT professionals with a focus on developing leadership skills. Participants in the academy are selected from state agencies and departments that work in information technology programs. Individuals with a vision for enterprise-wide thinking, strong potential for career advancement, and experience carrying out their organization’s mission and vision are ideal candidates for acceptance into this program.
The ITLA 23 is delivering two projects with statewide impact: The California Security Jumpstart and The California Mentor Program.
We represent the California Security Jumpstart Project.
INTRODUCTIONS
CONTACT INFORMATION: [email protected]
3
The security challengeWhy CA Security Jumpstart?What will the project provide?Benefits to youHow will we reach our goals?Project timeline
AGENDA
CONTACT INFORMATION: [email protected]
4
Findings from the State Auditor Report 2015-611: More than 40% of reporting state department
certified in 2014 that they have yet to comply with all the security standards.
More than 1/3 of survey respondents indicated they did not understand all the requirements in security standards.
Reporting entities noted deficiencies in their controls over information asset and risk management.
The security challenge
CONTACT INFORMATION: [email protected]
5
The CA Security Jumpstart is needed to help departments to improve security requirements for IT systems because:
Cyber security attacks are becoming more sophisticated, more organized, and more costly.
Advances in technology are growing too fast for the state to keep up.
State departments face challenges in recruiting skilled cyber security employees, making it difficult to articulate requirements.
State departments have a fiduciary duty to protect Californians’ sensitive information and ensure the confidentiality, integrity, and availability of state systems.
Why CA Security Jumpstart?
CONTACT INFORMATION: [email protected]
6
A detailed guide that will help departments classify and categorize their information assets.
A menu of security requirements that will help departments select the right requirements for the IT systems they build.
A repository of educational security materials that will help the state ensure the confidentiality, integrity, and availability of IT systems.
Improved preparedness and response to potential cyber-attacks for state departments by building in security earlier in the project lifecycle.
What will the project provide?
CONTACT INFORMATION: [email protected]
7
Make it easier for small and medium sized departments to properly classify and categorize their information assets.
Enable departments’ business users to more easily craft solid business and technical security requirements for IT projects.
Collaboration among state departments will help develop and share best practices, improving overall information security.
Departments with robust security programs will be recognized for their role in improving the state’s cyber security.
Benefits to you
CONTACT INFORMATION: [email protected]
8
The Security Jumpstart Project will: Reach out to departments with robust security
programs to get input and collaboration.
Leverage successful procurements to extract solid security requirements that map to NIST, SAM, and FIPS security controls.
Provide easy to use tools and examples to demystify information asset classification and categorization.
Develop an informational website for one-stop shopping of security information.
How will we reach our goals?
CONTACT INFORMATION: [email protected]
9
Milestones Delivery DatesProject Initiation 11/30/2015Security Control Requirements Delivery
4/1/2015
Information Asset Management Delivery
4/1/2015
Outreach, Education and Awareness
Continuous throughout project cycle
Information Website Delivery 4/22/2016Final Project Presentation 5/11/2016Project Closure 5/27/2016
Project Time Line
CONTACT INFORMATION: [email protected]
