The Direction of Information Security and Privacy in 信息安全和隐私的方向.pptVIP

CA State Information Security Office The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State Information Security Office March 2007 CA State Information Security Office Our Vision? Leading the way to secure the States information assets Our Mission? To manage security and operational recovery risk for the States information assets by providing statewide direction and leadership Proposal to Move the SISO Governor’s Budget Proposal Consolidate SISO and Office of Privacy Protection Move to State and Consumer Services Agency Completed legislative trailer bill language establishing our authority Completed a BCP to increase the SISO by two additional positions Status – Discussions occurring in Senate hearings Top Risks for State Government Inadequate statewide policies, standards, and guidelines Inability to stay current with existing policies and laws Failure to comply with policies, regulations, and laws Limited training and education for employees and contractors Increased risks, threats, and vulnerabilities 2006 Accomplishments Re-engineered our internal processes Updated incident notification and reporting requirements Provided educating and training to state agency staff to improve their security/privacy programs Issued monthly newsletters Developed risk management best practices tool Unveiled our new Web site at Major Initiatives for 2007 Ensuring that the legislative language is established in Government Code (11019.11) Updating and revising existing policies Continuing education and training awareness for information security and privacy Developing more tools for risk self-assessment Developing ISO roles and responsibilities guidelines Developing Internet usage policy and guidelines Coordinating efforts to align operational recovery and business continuity plans Developing a repository for templates, sample language, and tools Establishing Octo