Statewide IT, InfoSec and Privacy Update S eptember 2019 Re c e - PowerPoint PPT Presentation

Statewide IT, InfoSec and Privacy Update S eptember 2019

Re c e nt Suc c e sse s o f Sha re d Se rvic e s  $71,000 pe r ye ar for age nc ie s as we ll as $1.2 million in c ost avoide d by not ope r ating the DT O Pr int and Mail fac ility.  Inte r ne t and Ne twor k  Up to 67 pe r c e nt savings for DT O Inte r ne t se r vic e ;  Up to 25 pe r c e nt savings for DT O Me tr oNe t se r vic e ;  Up to 78 pe r c e nt savings for DT O Me tr oNe t MPL S se r vic e .  SL E D and DIS par tne r ship to e nhanc e se c ur ity  E mail Standar d

I T Se lf-Se rvic e Po rta l Ne w I T Se lf-Se rvic e Po rtal  Ove r vie w:  OT I S is c urre ntly pilo ting a ne w IT Se lf- Se rvic e Porta l.  T his will a llo w se le c te d Ag e nc y I T ro le s to submit IT re que sts a nd issue s dire c tly into Se rvic e Now witho ut c o nta c ting the DT O Se rvic e De sk b y pho ne o r e ma il.  T his will a lso a llo w a c c e ss to vie w ope n tic ke ts a nd history fo r the a g e nc y.  Be ne fits:  E asy ac c e ss fo r se lf-se rvic e  T e nc y fo r c he c king sta tus r anspar  F oundation fo r future po rta l c a pa b ilitie s: fo rms a uto ma tio n, kno wle dg e , e tc .

I T Se lf-Se rvic e Ca pa b ilitie s Sub mit and Update T ic ke ts Dire c tly I nto Se rvic e No w  Por tal F unc tionality  Submit ne w I T Re q ue sts o nline with simple inte rfa c e .  Re port a ny I T issue s witho ut ha ving to c a ll o r e ma il DT O se rvic e de sk.  Che c k Sta tus o f a ny o pe n tic ke ts a c ro ss the Ag e nc y.  Vie w History a nd do wnlo a d pa st Ag e nc y I nc ide nt / Re q ue st info rma tio n.  Se e a ny Announc e me nts a b o ut Ma jo r I nc ide nts / Outa g e s.  Use Quic k L inks to re se t pa sswo rds.

Se rvic e L e ve l Re po rting  Ove r vie w:  OT I S ha s b e e n b uilding o ut the ne xt g e ne ra tio n a ppro a c h fo r e xpa nding se rvic e le ve l c a pa b ilitie s.  E a rlie r e ffo rts fo c use d o n ide ntifying prio ritie s fo r se rvic e le ve l c o ve ra g e fro m ARM Bo a rd me mb e rs.  Ba se d o n this input a nd a va ila b le da ta , ne w da shb o a rd mo de ls ha ve b e e n b uilt o ut.  Be ne fits Pr ovide :  A data dr ive n a ppro a c h to ha rve st Se rvic e No w a nd mo nito ring info rma tio n.  Visibility fo r se rvic e pe rfo rma nc e a nd tre nds.  Automation to re duc e ma nua l da ta a g g re g a tio n a nd re po rting .

Re a lizing I T Sha re d Se rvic e s Be ne fits  Utilizing IT Shar e d Se r vic e s — IT Shar e d Se r vic e s Vide o  South Car olina De par tme nt of Public Safe ty

I nfo Se c Upda te  Syste m Configur ation Base line  Purpose  The primary goal of the State’s System Configuration & Baseline Standards Program: Re d  Leverage industry-recognized standards Ha t Google  Alignment to system data classification  Consistent approach to system hardening Mic r osoft Cisc o  Objectives VMWa re  The objectives are to: IBM Industry  Establish a minimum system configuration baseline sta nda rd c o nfig ura tio  Reduce risks inherent to system default configurations n g uide line s  Implement continuous monitoring for security, compliance and assurance Ora c le Mozilla

Audit & Asse ssme nt Pro g ra m  T he prima ry g o a l o f the Audit a nd Asse ssme nt (A&A) Appro a c h a nd Pro c e dure is to e sta b lish a n A&A pro c e ss tha t is:  Sta nda rdize d  F ra me wo rk a g no stic  I nte g ra te d with risk ma na g e me nt  Ada pta b le a c ro ss Ag e nc ie s o f va rying size s, type s, a nd ma turity le ve ls  DI S will use the pro g ra m to a sse ss a g e nc y c o mplia nc e sta rting this F isc a l Ye a r

Priva c y Upda te  Priva c y Asse ssme nt T o o l (PAT )  We b b a se d c e ntra l re po sito ry fo r priva c y impa c t a sse ssme nts (PI As)  Auto ma te d wo rkflo w  Ava ila b le a t no c o st to a g e nc ie s  Co nta c t the E nte rprise Priva c y Offic e a t priva c y.o ffic e @ a dmin.sc .g o v  Priva c y T ra ining o n SCE I S MySCL e a rning  Ava ila b le no w  I nfo rma tio n Priva c y Ba sic s fo r Sta te E mplo ye e s  Co nta c t SCE I S fo r de plo yme nt to yo ur a g e nc y’ s wo rkfo rc e .

Multifa c to r I mple me nta tio n (DUO)  I mple me nta tio n a c ro ss multiple pla tfo rms  SCE I S  DT O pro vide d se rvic e s  De skto p; E ma il; VPN; E T C.  Re pla c e s Sa fe ne t VPN se rvic e s  F e de ra te d mo de l will b e a va ila b le to a ll sta te a g e nc ie s  Co mmunic a tio ns will sta rt so o n with imple me nta tio ns sta rting e a rly 2020

Clo ud Se rvic e s  State ’s Bac kgr ound and Obje c tive s  De ve lo p a sta nda rd a ppro a c h fo r c lo ud ma na g e me nt  I nc re a se re silie nc y a nd re lia b ility  Put in a me tho do lo g y fo r o n-b o a rding sta te a g e nc ie s  E nha nc e fina nc ia l tra nspa re nc y a nd a c c o unta b ility a ro und the c o nsumptio n o f I T se rvic e s a nd Se c urity po sture s

Clo ud Pla tfo rm Ro a dma p Strategic Implementation Operations • Team Mobilization • Enterprise Service Provider Build • Support of the Cloud Brokerage System • Discovery Interviews & Workshops • Security Requirements Build • Execution of System Enhancement Requests • Create Target State • Broker Platform Build Activities • Gap Analysis (including 3 rd party tools) • Continuous Monitoring • Cloud Operation Organization Design • Project Risk Assessment • Process Development & Modifications • Preliminary Application Suitability Analysis • Communications • Organizational Readiness Assessment • Training Build • Design Meetings & Workshops • Documentation Build • Target State • Working Cloud Brokerage Platform • Financial Reporting Deliverables • Gap Analysis • Azure & AWS Enterprise Cloud Services • Security Reporting • Implementation Designs • Operational Run Books • Provisioning of Cloud Environments • Implementation Project Plan • Broker Client Training / Onboarding • Performance Management • Project Roles & Responsibilities Matrix • Training Curriculum • Cloud Operations Organization Design • Agreed Upon Solution Design • Functioning State Cloud Broker Capability • Cloud Operational Excellence Outcomes • Prioritized Implementation Roadmap • State Capability Awareness for Agencies • High Agency Satisfaction Levels • Cross Functional Alignment Between Work Groups • Cloud Governance and Transparency • NIST 800-53 Moderate

Questions?