DAS-ITE UTILITY SERVICES DAS Custo me r Co unc il F Y 13 AND F Y 14 Utility Se rvic e Upda te s Aug ust 17, 2012
Key Information Ne w F Y’13 a nd F Y’14 Utility se r vic e s: • o r e ma in billa ble only a s a g e nc ie s use the se r vic e o a s the se a r e de fine d a s a “utility” a g e nc ie s will not pur sue a lte r na tive solutions without pr ior c onve r sa tion with the Sta te CIO o c ontinue with tr a nsitioning IT infr a str uc tur e se r vic e s a nd me e ting Iowa Code Cha pte r 8A.202 o All IT E Se r vic e s Ag e nc y Billing s: • F Y’12 to F Y’13: 7% de c r e a se • F Y’13 to F Y’14: .2% de c r e a se o T wo se r vic e s out of 21 Utilitie s ha s a r a te inc r e a se a nd out of a tota l of 64 tota l IT E se r vic e s
Authentication & Authorization • User authenticated access to applications • 250+ applications supported Secure Sign On • Average of 382,367 authentications (monthly) Software Migrations • Software replacement • Server upgrades (FY 13 & 14 Increase) • Two part fee structure • Base fee Fee Structure • Utilization per transaction
Information Security Office (ISO) ISO Utility Functions Additional Security Services Se c urity Polic ie s & Vulne r ability Sc anning • • Sta nda rds We b Applic ation • Disa ste r Pre pa re dne ss: IT • Sc anning Syste ms Continuity E mail E nc r yption • Complia nc e a nd Risk • E nc r ypte d Por table • Ma na g e me nt De vic e s Se c urity Awa re ne ss, • Intr usion De te c tion E duc a tion a nd Outre a c h • Syste m E ve nt and Inc ide nt Pre ve ntion, • • De te c tion a nd Re sponse Inc ide nt Manage me nt
ISO Utility Functions • Establish and maintain an enterprise-wide information security framework through security standards, procedures and best practices Security Policies and Standards • 15 Enterprise Security Standards, reviewed and updated every 2 years Disaster Preparedness: IT Business • 47 Agencies, 50% updating outdated 2008 plans, 1 National exercise, 9 agency exercises • Replaced outdated equipment, backing up data, disaster recovery capable Continuity • Web accessible in the event of a disaster • Rate is based on reduced average FTE count (FY14 Increase) • Annual risk assessments for 64 state entities, including industrial control system • 1 County risk assessment and Vendor risk assessment Compliance & Risk Management • Web based security training - 40 agencies and 6905 users since Oct, 2011 Security Awareness, Education & • 275 security alerts sent, 1066 security news items, • 19,618 security materials distributed, postage costs only. Outreach • 41 reported incidents Incident Prevention, Detection & • 6 forensic reviews Response
Additional Security Services • 25 agencies, 5 counties, 2 cities participating since Dec 2011 Vulnerability Scanning • 5400 network scans since Dec 2011 • 29 agencies participating, 170% increase in FY12 Web Application Scanning • 166 applications, 240% increase in FY12 • 187 Critical and High Vulnerabilities identified • 26 agencies participating Email Encryption • 3,260 users added since May, 2011 • SSN, Credit Card numbers, and other confidential data scanned • 40 agencies participating Encrypted Portable Devices • 75 devices deployed since July 2011 • 27 agencies, 200% increase in coverage Intrusion Detection System • 527% increase in proactive detection of malware (compromised computers) • Automated alerting for 27 agencies System Event & Incident • 3 large data centers logging and evaluating significant events • 550 servers / network devices logging Management • 30% increase in FY12
New Utility Calculations F Y’12 base d on : • June 2012 a g e nc y b illing s x 12 mo nths o F Y’13 base d on : • July 2012 a g e nc y b illing s x 12 mo nths o 12 ne w b undle d se rvic e s o Adjuste d ra te s fo r I SO a nd A&A Utilitie s o F Y’14 base d on : • July 2012 a g e nc y b illing file s x 12 mo nths o 5 ne w se rvic e s o Ra te a djustme nts fo r I SO a nd A&A Utilitie s o FY ‘12 FY’13 FY14 # Utilities 4 Utilities 16 Utilities ( 12 new ) 21 Utilities ( 5 new ) 0 # services bundled 13 fewer individual services now From FY13, an additional 6 fewer and part of the cost bundled into the new 12 Utilities individual services now bundled in of the new utility the new five Utilities 29 service now bundled into 16 35 services now bundled into 21 services services
Recommend
More recommend