oregon fire service conference - ofdda.comofdda.com/wp-content/uploads/2018/10/cyber...oregon fire...
TRANSCRIPT
Oregon Fire Service Conference
Enterprise Security Office Update
October 26, 2018
2
State CIO Update
Terrence Woods – Interim State CIO
Slide presented at August OAGTIM
3
Information
Security
1. Unifying Enterprise Security Operations.
Unifying cybersecurity to improve customer
service for Oregonians while ensuring those
systems are secure, resilient and ready for
the future.
2. Cybersecurity Center of Excellence.
Building a long-term multi-sector strategy
that leverages the private-sector expertise of
Oregon’s Cyber-related industries to protect
the digital lives of all Oregonians
Unify cybersecurity to improve customer service for
Oregonians while ensuring those systems are secure
and resilient
4Enterprise Security Strategy
5
Roadmap & Execution2017-19 Biennium
2017 2018 2019
• Positions (35) moved by
HR to DAS/ESO
• All existing staff (14)
moved to new roles in
ESO
• Vacancies prepared for
recruitment
• Deputy CISO hired
• Security risk governance
foundation defined
• Security shared services
catalog
• Plan for unified execution
• Agency minimum security
requirements
• Unified enterprise security
plan
• System security
requirements for IT
governance
• Key vacancies filled (10)
• Refresh security policy
• IT security rule making
(update of OAR 125-800)
• Publish quarterly report
cards
• Initiate 5-year planning
• Establish enterprise
security board under
ELT/EITG
• Finish staffing to plan
(13)
• Independent review of
program against best
practice
• Independent technical
assessment of State
network
• Survey agency leaders on
program quality &
effectiveness
• Establish 2019-21
objectives
• Publish 5-year plan
Form new ESO, Ops review,
Start on governance
Establish shared services, publish
enterprise plan, staff team
Rule & Policy updates, metrics &
reporting, 5-year planning
Evaluate, course correct as
needed, 2019-21 planning
6
Developing a post SB-90 Update
State CISO Guidance
• Near term implementation (1 July 2018-30 June 2019) of SB 90 and Enterprise Security Strategic Objectives
• Build on work of the Executive Order 16-13 Steering Group
• Set Realistic and Achievable Targets
• Security becomes part of DNA of the State of Oregon
• ESO is a trusted partner and advisor
• State Leadership and Agencies know value of ESO offerings
• Mid-Biennium Service Update released July 1
• Statewide Information Security Plan released August 8 (Gap Analysis due Oct 31)
• System Security Plan
7
Key Elements & Update Structure
Key Elements
• Center for Internet Security (CIS) v7 “Basic 6”—State baseline and what Agencies “must do”
• Regulated data is accounted for
• Offerings are grouped into “Security Operations” and “Security Enabling” areas
• State of Oregon 5-Year Cybersecurity Strategy—To be Developed collaboratively
Structure
• Background and Overview
• Rule Making (OAR 125.800)
• Operations
• Enabling
• Metrics
• Looking Ahead—Investments from PoP
• 5-Year Cybersecurity Strategy for the State of Oregon
8
Near Term Initiatives
Outreach
• State Government
• Large Agencies
• Mid-Size Agencies
• Small ABC’s
• Oregon
• Municipalities
• Education Districts
• Private Sector
• Critical Infrastructure
Resources
• ESO/State Counterparts
• MS-ISAC/US DHS/CIS
Planning
• State of Oregon 5-Year Cybersecurity Strategy
• Define Governance
• Identify major cybersecurity Initiatives
• CIS Basic 6 Controls a focus
• Increasing SOC visibility
• Something big the State can agree to
Statewide Security CommunityPublic-private cybersecurity collaboration to help all Oregonians
Oregon Cybersecurity Advisory Council• Actively engaging wide community in workgroups focused on
education, workforce, technology, information sharing & outreach
Oregon Cybersecurity Awareness• Six major community events across Oregon in 2018
• Five high school NW Cyber Camps conducted across Oregon
• CyberOregon website launched: 800-850 visitors/month & growing
Oregon Cybersecurity Research• Research on security needs across Oregon, public & private
• Top ask – workforce development
• Consistent interest & need for services of a Center of Excellence
[email protected] https://www.cyberoregon.com
Basecamp Overview
Basecamp is an IT Supply Chain Management Program Co-Sponsored by the Office of the State Chief Information Officer (OSCIO) and DAS Procurement Services.
•Making business oriented
decisions
•Taking innovative approaches
•Planning strategically
•Embracing transparency
•Driving value
•Avoiding risk to our partners
•Engaging in nimble contracting
•Supporting public stewardship
We are committed to:
Basecamp Overview
• Save you time: no need for a Lengthy procurement process
• Save you resources: Save on Procurement and IT staff hours
• Vendor Management Provided: Performance is centrally managed
• We Leveraged Expertise: Multi-organization contributions
• Support Purchaser Community: Find other purchasing organizations
• Interoperability: Products and Services can integrate
www.Oregon.gov/Basecamp
Helping you get the IT you need:
Basecamp offerings
•8 Vetted Vendors
•Full Cyber Security Services
•Risk Assessments
•Training
•Monitoring & Detecting
•Response & Recovery Planning
• Incident Response
•And More
www.Oregon.gov/Basecamp
Need Cyber Security Services?
Basecamp offerings
Buyers Guide
• Service Matrix• Selection Process• Consultant link• General information
Cyber Security, Everything you need to get started
http://www.oregon.gov/das/procurement/guiddoc/BuyersGuideITSecurityServices.docxhttp://www.oregon.gov/das/procurement/guiddoc/BuyersGuideITSecurityServices.docx
How to Access Products & Services
Cooperative Agreements:
• 50+ Fire Districts are members
• 340+ Goods and Services available: vehicles, Radios, Tires and Office Supplies
• No Fee to join: $3 million budgets and
under)
[email protected] more information Contact:
www.oregon.gov/das/Procurement/Pages/Orcpp.aspx
Oregon Cooperative Procurement Program (ORCPP)
How to Find more Products & Services
https://www.oregon.gov/basecamp/Pages/IT-Catalog.aspx
Basecamp’s IT Catalog provides quick link to the Award Summary Page basic document set.
• Find all Basecamp Statewide
agreements
• Search, Sort and Filter
• Links to Procurement info
• Find purchaser data
Contact Basecamp with Questions
CONTRACT ADMINISTRATOR
DAS PS – Lori Nordlien,
IT Procurement Strategist
Phone: (503) 378-6781
Email:
VENDOR MANAGER
DAS OSCIO – Jason Rood,
Strategic Sourcing Specialist
Phone: (503) 383-6291
Email:
Get in touch with ESO:
General questions: [email protected]
SOC/Incidents: [email protected]
Malicious Hotline: 503-378-5930