Data Security
Being RESPECTFUL of our information

Post

“Information security refers to the protection of information, information systems, equipment, software, and people from a wide spectrum of threats and risks. Implementing appropriate security measures and controls to provide for the confidentiality, integrity, and availability of information, regardless of its form (electronic, optical, oral, print, or other media), is critical to ensure business continuity, and protect information assets against unauthorized access, use, disclosure, disruption, modification, or destruction.”
   –California Department General Services

Strategies

  1. Develop and document systems and practices to protect our data including Governance, Risk Management, Cyber Security, Identity and Access.
    1. Update Administrative Regulation 6006
  2. Implement standards as adopted and developed by the CCC Security Center.
    1. Information security policies, regulations, and business processes will be adopted, derived and aligned with the currently adopted CCC’s Information Security Standard.
      • CCC Information Security Standard
      • CCC Data Classification Standard
      • Best practices for sharing files and folders in OneDrive
      • Best practices for password creation
  3. Utilize the tools and services offered by the CCC Security Center, including:
    1. Splunk: Correlates real-time data for threat analysis.
    2. Tenable Security Center: Provides real-time vulnerability scanning.
    3. Spirion: Provides data loss prevention (scans for SSN, credit card numbers, etc.).
    4. Vulnerability Assessments.
    5. Security Awareness Training.
    6. Phishing Assessments.
  4. Request funds, purchase and implement various industry recognized tools and services designed to support the policies and standards adopted above:
    1. Microsoft SCCM: Expand the use of applicable security-related features.
    2. Microsoft Outlook and OneDrive: Provide data loss prevention for email and file storage.
    3. Jamf: Automate patching, upgrades, audit security events and hardening of images for Apple computers.
    4. PortalGuard: Provide 2-factor authentication, single sign-on, and self-service password resets.
    5. Research and implement a next generation antivirus solution.
    6. Research the value of a network monitoring service to detect high level attacks.
    7. Research the value of endpoint snapshot tools for instant recovery.
    8. Appsian (previously GreyHeller) Application Firewall: Provides various security layers for PeopleSoft data.
    9. Research and implement next-generation firewall for intrusion prevention.
    10. Research and implement a Password Access Management (PAM) solution to manage administrative accounts.