Statewide IT, InfoSec and Privacy Update S eptember 2019 Re c e - - PowerPoint PPT Presentation

statewide it infosec and privacy update
SMART_READER_LITE
LIVE PREVIEW

Statewide IT, InfoSec and Privacy Update S eptember 2019 Re c e - - PowerPoint PPT Presentation

May 02, 2023 196 likes •327 views

Statewide IT, InfoSec and Privacy Update S eptember 2019 Re c e nt Suc c e sse s o f Sha re d Se rvic e s $71,000 pe r ye ar for age nc ie s as we ll as $1.2 million in c ost avoide d by not ope r ating the DT O Pr int and Mail fac

slide-1
SLIDE 1

Statewide IT, InfoSec and Privacy Update

S eptember 2019

slide-2
SLIDE 2

Re c e nt Suc c e sse s o f Sha re d Se rvic e s

 $71,000 pe r

ye ar for age nc ie s as we ll as $1.2 million in c ost avoide d by not

  • pe r

ating the DT O Pr int and Mail fac ility.

 Inte r

ne t and Ne twor k

 Up to 67 pe r

c e nt savings for DT O Inte r ne t se r vic e ;

 Up to 25 pe r

c e nt savings for DT O Me tr

  • Ne t se r

vic e ;

 Up to 78 pe r

c e nt savings for DT O Me tr

  • Ne t MPL

S se r vic e .  SL

E D and DIS par tne r ship to e nhanc e se c ur ity

 E

mail Standar d

slide-3
SLIDE 3

I T Se lf-Se rvic e Po rta l

 Be ne fits:

 E

asy ac c e ss fo r se lf-se rvic e

 T

r anspar e nc y fo r c he c king sta tus

 F

  • undation fo r future po rta l c a pa b ilitie s: fo rms a uto ma tio n, kno wle dg e , e tc .

Ne w I T Se lf-Se rvic e Po rtal

 Ove r

vie w:

 OT

I S is c urre ntly pilo ting a ne w

IT Se lf- Se rvic e Porta l.

 T

his will a llo w se le c te d Ag e nc y I T ro le s to submit IT

re que sts a nd issue s dire c tly into Se rvic e Now witho ut

c o nta c ting the DT O Se rvic e De sk b y pho ne o r e ma il.

 T

his will a lso a llo w a c c e ss to

vie w ope n tic ke ts a nd history fo r the

a g e nc y.

slide-4
SLIDE 4

 Por

tal F unc tionality

Submit ne w I

T Re q ue sts o nline with simple inte rfa c e .

Re port a ny I

T issue s witho ut ha ving to c a ll o r e ma il DT O se rvic e de sk.

Che c k Sta tus o f a ny o pe n tic ke ts a c ro ss the

Ag e nc y.

Vie w History a nd do wnlo a d pa st Ag e nc y

I nc ide nt / Re q ue st info rma tio n.

 Se e a ny Announc e me nts a b o ut Ma jo r

I nc ide nts / Outa g e s.

 Use Quic k L

inks to re se t pa sswo rds.

Sub mit and Update T ic ke ts Dire c tly I nto Se rvic e No w

I T Se lf-Se rvic e Ca pa b ilitie s

slide-5
SLIDE 5

Se rvic e L e ve l Re po rting

 Be ne fits Pr

  • vide :

 A data dr

ive n a ppro a c h to ha rve st Se rvic e No w a nd mo nito ring info rma tio n.

 Visibility fo r se rvic e pe rfo rma nc e a nd tre nds.  Automation to re duc e ma nua l da ta a g g re g a tio n a nd re po rting .

 Ove r

vie w:

 OT

I S ha s b e e n b uilding o ut the ne xt g e ne ra tio n a ppro a c h fo r e xpa nding se rvic e le ve l c a pa b ilitie s.

 E

a rlie r e ffo rts fo c use d o n ide ntifying prio ritie s fo r se rvic e le ve l c o ve ra g e fro m ARM Bo a rd me mb e rs.

 Ba se d o n this input a nd a va ila b le

da ta , ne w da shb o a rd mo de ls ha ve b e e n b uilt o ut.

slide-6
SLIDE 6

Re a lizing I T Sha re d Se rvic e s Be ne fits

 Utilizing IT

Shar e d Se r vic e s — IT Shar e d Se r vic e s Vide o

 South Car

  • lina De par

tme nt of Public Safe ty

slide-7
SLIDE 7

I nfo Se c Upda te

 Syste m Configur

ation Base line

 Purpose

 The primary goal of the State’s System Configuration & Baseline Standards Program:

 Leverage industry-recognized standards  Alignment to system data classification  Consistent approach to system hardening

 Objectives

 The objectives are to:

 Establish a minimum system configuration baseline  Reduce risks inherent to system default configurations  Implement continuous monitoring for security, compliance and assurance

Cisc o

Mic r

  • soft

Google

Mozilla

VMWa re

Re d Ha t

IBM

Industry sta nda rd c o nfig ura tio n g uide line s

Ora c le

slide-8
SLIDE 8

Audit & Asse ssme nt Pro g ra m

 T

he prima ry g o a l o f the Audit a nd Asse ssme nt (A&A) Appro a c h a nd Pro c e dure is to e sta b lish a n A&A pro c e ss tha t is:

 Sta nda rdize d  F

ra me wo rk a g no stic

 I

nte g ra te d with risk ma na g e me nt

 Ada pta b le a c ro ss Ag e nc ie s o f va rying size s, type s, a nd ma turity le ve ls

 DI

S will use the pro g ra m to a sse ss a g e nc y c o mplia nc e sta rting this F isc a l Ye a r

slide-9
SLIDE 9

Priva c y Upda te

 Priva c y Asse ssme nt T

  • o l (PAT

)

 We b b a se d c e ntra l re po sito ry fo r priva c y impa c t a sse ssme nts (PI

As)

 Auto ma te d wo rkflo w  Ava ila b le a t no c o st to a g e nc ie s  Co nta c t the E

nte rprise Priva c y Offic e a t priva c y.o ffic e @ a dmin.sc .g o v

 Priva c y T

ra ining o n SCE I S MySCL e a rning

 Ava ila b le no w

 I

nfo rma tio n Priva c y Ba sic s fo r Sta te E mplo ye e s

 Co nta c t SCE

I S fo r de plo yme nt to yo ur a g e nc y’ s wo rkfo rc e .

slide-10
SLIDE 10

Multifa c to r I mple me nta tio n (DUO)

 I

mple me nta tio n a c ro ss multiple pla tfo rms

 SCE

I S

 DT

O pro vide d se rvic e s

 De skto p; E

ma il; VPN; E T C.

 Re pla c e s Sa fe ne t VPN se rvic e s  F

e de ra te d mo de l will b e a va ila b le to a ll sta te a g e nc ie s

 Co mmunic a tio ns will sta rt so o n with imple me nta tio ns sta rting e a rly 2020

slide-11
SLIDE 11

Clo ud Se rvic e s

 State ’s Bac kgr

  • und and Obje c tive s

 De ve lo p a sta nda rd a ppro a c h fo r c lo ud ma na g e me nt  I

nc re a se re silie nc y a nd re lia b ility

 Put in a me tho do lo g y fo r o n-b o a rding sta te a g e nc ie s  E

nha nc e fina nc ia l tra nspa re nc y a nd a c c o unta b ility a ro und the c o nsumptio n o f I T se rvic e s a nd Se c urity po sture s

slide-12
SLIDE 12

Activities

  • Team Mobilization
  • Discovery Interviews & Workshops
  • Create Target State
  • Gap Analysis (including 3rd party tools)
  • Project Risk Assessment
  • Preliminary Application Suitability Analysis
  • Organizational Readiness Assessment
  • Design Meetings & Workshops
  • Enterprise Service Provider Build
  • Security Requirements Build
  • Broker Platform Build
  • Cloud Operation Organization Design
  • Process Development & Modifications
  • Communications
  • Training Build
  • Documentation Build
  • Support of the Cloud Brokerage System
  • Execution of System Enhancement

Requests

  • Continuous Monitoring

Deliverables

  • Target State
  • Gap Analysis
  • Implementation Designs
  • Implementation Project Plan
  • Project Roles & Responsibilities Matrix
  • Working Cloud Brokerage Platform
  • Azure & AWS Enterprise Cloud Services
  • Operational Run Books
  • Broker Client Training / Onboarding
  • Training Curriculum
  • Cloud Operations Organization Design
  • Financial Reporting
  • Security Reporting
  • Provisioning of Cloud Environments
  • Performance Management

Outcomes

  • Agreed Upon Solution Design
  • Prioritized Implementation Roadmap
  • Cross Functional Alignment Between Work Groups
  • Functioning State Cloud Broker Capability
  • State Capability Awareness for Agencies
  • Cloud Governance and Transparency
  • NIST 800-53 Moderate
  • Cloud Operational Excellence
  • High Agency Satisfaction Levels

Strategic Implementation Operations

Clo ud Pla tfo rm Ro a dma p

slide-13
SLIDE 13

Questions?