Cyber Information Security Solution, Data Governance within the - PowerPoint PPT Presentation

Cyber Information Security Solution, Data Governance within the Transportation Industry

Speakers Eric Toler Nicole Cliff David Allen Jeff Hill Sam Blaney Executive Director, Cyber Security State Chief CIO, Information Group Vice President of Georgia Cyber Center Program Manager, Information Security Technology, Georgia Cyber Incident Georgia Cyber Center Officer, Georgia Department of Response Management Technology Authority Transportation - SunTrust

An Unprecedented Investment Mission: Cultivate an ecosystem where the combined talent of government, academia, and private industry will…… Purpose: to WIN! Deliver affordable and relevant Develop the training/education region’s cyber- Solve complex security Workforce cybersecurity Offer unbiased advice challenges to policy-makers

Ransomware is the greatest cyber threat facing state government Key Takeaways: 1. Identify and document (off-net) mission critical systems and data. Georgia 2. Technical security training for Security AND IT personnel. Technology 3. Software patching/updating for operating systems, endpoints, and detection agents. Authority 4. Segment your networks! 5. Store ADMIN credentials in a MFA PW management system. 6. Audit and monitor log events for critical assets. David Allen - 7. Restrict remote shell usage and local admin State CISO accounts. 8. Implement continuous vulnerability management. 9. Exercise business continuity and disaster recovery plans. 10. Refer to the CIS Top 20 security controls!

External Data Sources

Data Governance

PIR Change Request in Respect to Data Governance Configuration Operational Review Executive Data Information Technology User Community Committee Office Head Management Governance Committee IT will process the approved The user community has The Configuration The Executive Data Committee members are PIR through the SDLC and both the responsibility of Management Team has overall comprised of the Office Heads Governance Committee is the communicates to the responsibility for each PIR. focal point for all data initiation and justifying a of each of the departments department what changes They act as the research arm governance related issues. It particular PIR. They are in who have knowledge, are being worked on, when of the Operational Review is comprised of the Director charge with supplying the authority and responsibility for they are scheduled for Configuration Management Committee (ORC) gathering of each operating business related system implementation and the Team and the Operational and documenting the Impact improvements.. Office/Division of GDOT. They impact the change will have Analysis Report. set and enforce policies, Review Committee with any (based on PIR). Where procedures and standards and all needed information needed, IT will engage the that apply to data concerning the PIR they Office of Communications to submit. governance. handle any department wide communications. Commissioner The Commissioner directs IT

Questions ?

Thank You Jeff Hill (404) 217-5504 jhill@dot.ga.gov