state data center oregon consumer identity theft protection act information forum october 31, 2007
TRANSCRIPT
State Data CenterState Data Center
Oregon Consumer Identity Theft Protection Oregon Consumer Identity Theft Protection ActAct
Information ForumInformation ForumOctober 31, 2007October 31, 2007
SB 583 Technical RequirementsSB 583 Technical Requirements
Assess risks in network and software Assess risks in network and software designdesign
Assess risks in information processing, Assess risks in information processing, transmission and storagetransmission and storage
Test and monitor key controls, systems Test and monitor key controls, systems and proceduresand procedures
Detect, prevent and respond to intrusionsDetect, prevent and respond to intrusions
Protecting Personal InformationProtecting Personal Information
Agencies own their data, including Agencies own their data, including personal information, and are responsible personal information, and are responsible for protecting it and reporting breachesfor protecting it and reporting breaches
Technical architecture at the State Data Technical architecture at the State Data Center can assist agencies in protecting Center can assist agencies in protecting personal informationpersonal information
State Data Center Role in State Data Center Role in AssessmentAssessment
Provide input to the risk assessment Provide input to the risk assessment process regarding:process regarding: Network designNetwork design Network security controlsNetwork security controls Storage architectureStorage architecture Location of applicationsLocation of applications
State Data Center Role in State Data Center Role in Monitoring and Intrusion DetectionMonitoring and Intrusion Detection
System monitoring tools can be set up to System monitoring tools can be set up to alert on key failuresalert on key failures
Log aggregation tools can provide alerting Log aggregation tools can provide alerting on key eventson key events
Network intrusion detection can alert on Network intrusion detection can alert on attempts to access key systems from the attempts to access key systems from the InternetInternet
How State Data Center efforts How State Data Center efforts will benefit agencieswill benefit agencies
New technical environment, “Shared New technical environment, “Shared Services,” provides granular network Services,” provides granular network controlcontrol
Increased network intrusion detectionIncreased network intrusion detection
Standard technical security controls on Standard technical security controls on systemssystems
Next steps …Next steps …
Convene a work group of SDC staff and Convene a work group of SDC staff and state agency representatives to:state agency representatives to: Develop a common framework for assessing Develop a common framework for assessing
technical riskstechnical risks Develop a set of best practices for applying Develop a set of best practices for applying
technical safeguards to protect personal technical safeguards to protect personal informationinformation
Identify opportunities to apply consistent Identify opportunities to apply consistent controls to personal information accesscontrols to personal information access
Contact informationContact information
Marshall Wells, Security ManagerMarshall Wells, Security ManagerState Data CenterState Data Center(503) 373-0949(503) 373-0949
Al Grapoli, Network Services ManagerAl Grapoli, Network Services ManagerState Data CenterState Data Center(503) 378-3338(503) 378-3338