Embed Size (px)
Citation preview
Idaho Cybersecurity Task
Force
Department of Administration16 Sep 2015
Overview
• Existing Security Protocols
• Data Mapping
• Assess needs, identify best practices
Existing Security Protocols
Policies
Standards
Guidelines
Cybersecurity Physical Infrastructure
1. Layered securitya) Agency specific complianceb) Protection between agencies
2. Protection and Detectiona) Firewall; Intrusion Detection; Anti-botb) Email inspection; Web filtration; Data Loss
Preventionc) Endpoint and Server anti-virus
Cybersecurity Policies1. ITA authority (I.C. 67-5745)
a) Primarily initiated and coordinated by Adminb) Coordinated with agencies through ITA
subcommittee
2. Policies, Standards, Guidelinesa) 29 directly addressing cybersecurityb) E.g. Incident reporting; cloud based file
storage; data cleansing methods
Policy Highlights1. P-4110: requires agency
cybersecurity coordinator
2. P-4510: defines cybersecurity incident and requires reporting
3. G-580: defines cybersecurity breach; provides foundation for data mapping
Data Mapping
Categorize
Select
Implement
Assess
Authorize
Monitor
Security Life Cycle - Federal -
Data Mapping
Assess Needsand
Identify Best Practices
Assess NeedsIdaho Technology Authority
Manage Risk
Best PracticesNIST (Fed) v. ISO
Education
Vulnerability Scanning/Penetration Testing
Best Practices
Build Relationships
Improve Oversight
Technical Steps
Mobile Devices
End Points
Technical Steps
Authentication
