Idaho Cybersecurity Task

Force

Department of Administration16 Sep 2015

Overview

• Existing Security Protocols

• Data Mapping

• Assess needs, identify best practices

Existing Security Protocols

Policies

Standards

Guidelines

Cybersecurity Physical Infrastructure

1. Layered securitya) Agency specific complianceb) Protection between agencies

2. Protection and Detectiona) Firewall; Intrusion Detection; Anti-botb) Email inspection; Web filtration; Data Loss

Preventionc) Endpoint and Server anti-virus

Cybersecurity Policies1. ITA authority (I.C. 67-5745)

a) Primarily initiated and coordinated by Adminb) Coordinated with agencies through ITA

subcommittee

2. Policies, Standards, Guidelinesa) 29 directly addressing cybersecurityb) E.g. Incident reporting; cloud based file

storage; data cleansing methods

Policy Highlights1. P-4110: requires agency

cybersecurity coordinator

2. P-4510: defines cybersecurity incident and requires reporting

3. G-580: defines cybersecurity breach; provides foundation for data mapping

Data Mapping

Categorize

Select

Implement

Assess

Authorize

Monitor

Security Life Cycle - Federal -

Data Mapping

Assess Needsand

Identify Best Practices

Assess NeedsIdaho Technology Authority

Manage Risk

Best PracticesNIST (Fed) v. ISO

Education

Vulnerability Scanning/Penetration Testing

Best Practices

Build Relationships

Improve Oversight

Technical Steps

Mobile Devices

End Points

Technical Steps

Authentication