IT Security. Chip Moore State Chief Information Security Officer Chris Estes State Chief Information Officer

Transcription

1 IT Security Chip Moore State Chief Information Security Officer Chris Estes State Chief Information Officer

2 Chip Moore State Chief Information Security Officer

3 Introduction IT Security is a growing issue in both public and private sectors Threats are increasing because of increased sophistication and mobile devices Smart phones, tablets Staying ahead of the threat curve

4 Multiple points of entry and risks Warm Closets = Physical Risks Information Security Outdated Desktops State s backbone network and POPs (Points of Presence)

5 Threats and Motivations Organized crime Profit Hacktivists State-sponsored hackers To make a point, political motive, embarrassment of an organization Destabilizing a government or program Black hat Pride, bragging rights Script kiddies Demonstrating a level of expertise

6 Techniques Fake Exploiting software vulnerabilities Hacking, including web defacements Interruptions to Internet service (Denial of Service attacks) Viruses

7 Challenges Workforce demanding to use personal devices for work Insider threats Timely removal of confidential data at the end of its usefulness Data is everywhere Human behavior Password management Business demands for data sharing

8 Defenses Technical security controls antivirus, firewalls, intrusion detection and monitoring, encryption Layered approach Physical security badge access, physical barriers to buildings Training and Awareness monthly training newsletters to executive branch agencies ITS has mandatory annual training for all employees Information sharing - relationships with Homeland Security and the FBI to receive and provide information for ongoing investigations Audits State Auditor, federal government and private industry all audit for regulatory compliance. Annually update security standards based on international security standards.

9 Chris Estes State Chief Information Officer

10 Balancing Risk and Cost Risk Cost

11 Security touches everything Enterprise Architecture By unifying technology, we share data more efficiently and increase security. Information Architecture Business Architecture Application Architecture Technical Architecture Infrastructure Architecture Integration Architecture Security Architecture

12 Where do we start? Governor s IT Reserve Fund Project Work Stream R NR R NR Total Total Total Focus Prepare $ - $ 250,000 $ - $ - $ 250,000 $ - $ 250,000 Fix Plan $ 2,020,807 $ - $ 2,239,512 $ - $ 2,020,807 $ 2,239,512 $ 4,260,319 Build $ 2,057,353 $ - $ 2,882,254 $ - $ 2,057,353 $ 2,882,254 $ 4,939,607 Remediation $ - $ 1,100,000 $ - $ 600,000 $ 1,100,000 $ 600,000 $ 1,700,000 Security $ 71,394 $ 1,500,000 $ 142,788 $ 250,000 $ 1,571,394 $ 392,788 $ 1,964,182 Network Simplification $ - $ 3,000,000 $ - $ 2,250,000 $ 3,000,000 $ 2,250,000 $ 5,250,000 Desktop $ - $ 16,000,000 $ - $ 13,300,000 $16,000,000 $13,300,000 $ 29,300,000 MS Office $ 4,000,000 $ 3,615,000 $ 2,300,000 $ - $ 7,615,000 $ 2,300,000 $ 9,915,000 Foundation Operate $ 185,446 $ 800,000 $ 185,446 $ 500,000 $ 985,446 $ 685,446 $ 1,670,892 Customer Data $ - $ 400,000 $ - $ 1,000,000 $ 400,000 $ 1,000,000 $ 1,400,000 Secure Sign-On $ - $ - $ 3,070,000 $ 3,280,000 $ - $ 6,350,000 $ 6,350,000 Innovation Innovation Center $ - $ - $ - $ - $ - $ - $ - Citizen Portal $ - $ - $ - $ - $ - $ - $ - Revised Request $8,335,000 $26,665,000 $10,820,000 $21,180,000 $35,000,000 $32,000,000 $67,000,000

13 Layering IT Security Governor s IT Reserve Fund Project Work Stream R NR R NR Total Total Total Focus Prepare $ - $ 250,000 $ - $ - $ 250,000 $ - $ 250,000 Fix Plan $ 2,020,807 $ - $ 2,239,512 $ - $ 2,020,807 $ 2,239,512 $ 4,260,319 Build $ 2,057,353 $ - $ 2,882,254 $ - $ 2,057,353 $ 2,882,254 $ 4,939,607 Remediation $ - $ 1,100,000 $ - $ 600,000 $ 1,100,000 $ 600,000 $ 1,700,000 Security $ 71,394 $ 1,500,000 $ 142,788 $ 250,000 $ 1,571,394 $ 392,788 $ 1,964,182 Network Simplification $ - $ 3,000,000 $ - $ 2,250,000 $ 3,000,000 $ 2,250,000 $ 5,250,000 Desktop $ - $ 16,000,000 $ - $ 13,300,000 $16,000,000 $13,300,000 $ 29,300,000 MS Office $ 4,000,000 $ 3,615,000 $ 2,300,000 $ - $ 7,615,000 $ 2,300,000 $ 9,915,000 Foundation Operate $ 185,446 $ 800,000 $ 185,446 $ 500,000 $ 985,446 $ 685,446 $ 1,670,892 Customer Data $ - $ 400,000 $ - $ 1,000,000 $ 400,000 $ 1,000,000 $ 1,400,000 Secure Sign-On $ - $ - $ 3,070,000 $ 3,280,000 $ - $ 6,350,000 $ 6,350,000 Innovation Innovation Center $ - $ - $ - $ - $ - $ - $ - Citizen Portal $ - $ - $ - $ - $ - $ - $ - Revised Request $8,335,000 $26,665,000 $10,820,000 $21,180,000 $35,000,000 $32,000,000 $67,000,000

14 Roadmap Plan IT Multi-Generational Plan MGP Current Bright Light PPM/APM Tool Active Directory Hosted Virtual Desktop Consolidation Archiving & ediscovery Focus Listen Prepare Focus Fix Plan Build Operate Remediate Fix Security Simplify Network Desktop MS Office Foundation Secure Sign-on Customer Data Business One-Stop Vendor Management Risk/Reward Foundation Innovation Innovation Center Portal Innovation Innovate Current Operations & Initiatives

15 Questions? Contact Amy Blinson (919)