january 8, 2009 what’s new! presented by colleen pedroza
TRANSCRIPT
1www.infosecurity.ca.govJanuary 8, 2009
What’s New!
Presented by Colleen Pedroza
January 8, 2009 www.infosecurity.ca.gov 2
Little Hoover Commission ReportRecommendation – Move information security component of
OISPP under OCIO. Privacy component will remain with State
and Consumer Services Agency Reasoning: to ensure the state can
integrate a standard strategy for information security throughout all of its IT programs and streamline the approval process for technology projects.
January 8, 2009 www.infosecurity.ca.gov 3
OISPP’s Email Distribution OISPP’s Email Distribution List – Subject Line StructureList – Subject Line StructureSubject line introductions and examples for their use: FYI – forms updates, guidance documents, newsletters SITUATIONAL AWARENESS – Early warning about actual or
potential threats ACTION REQUIRED – SIMM follow-up/due, remediation
supplemental/status required IMMEDIATE ACTION REQUIRED – Critical and out of Band
updates, patches, vulnerabilities NO ACTION REQUIRED – Acknowledgement receipts,
Disaster Recovery Plan submission meets requirement POLICY ANNOUNCEMENT – New or revised policy releases TRAINING ANNOUNCEMENT – Training
January 8, 2009 www.infosecurity.ca.gov 4
Data Exchange Policy Enhancement and GuideResults from a state and local government workgroup Proposed policy enhancements will require state
agencies to establish agreements for data exchange/use systems interconnections service levels
Establishing Agreements for Data Exchange (SIMM 65E) will provide guidance and model templates
Vetting proposed MM, policy enhancements, and SIMM 65E.
Anticipated implementation date: February/March 2009
January 8, 2009 www.infosecurity.ca.gov 5
Recent Information Sheets Telework Security Considerations Does Your Agency Implement Forced
Password Changes? Forthcoming:
Refresher Course on Password Use Security Considerations for Multi-Function
Devices (MFD) Don’t forget about the Secure Coding
Guidance, too
January 8, 2009 www.infosecurity.ca.gov 6
Information Security Leader Academy (ISLA) OISPP Collaboration with
Sacramento State University Scheduled for May 2009 Six Months Long – 2 days per month 60% Technical / 40% Leadership Class Project Many Benefits
January 8, 2009 www.infosecurity.ca.gov 7
Training Opportunities January 21, 2009 - DTS Quarterly Security Forum February 5, 2009 - 9:30-11am - Ethical Hacking March 16th – 20th, 2009 – CISSP CBK Review Coming Soon – More Federally Sponsored Training
Incident Response Incident Detection and Deterrence
MS-ISAC Cyber Security Computer-Based Training Community Cyber Security Maturity Model (CCSMM)
Opportunity
January 8, 2009 www.infosecurity.ca.gov 8
Questions?