Security at the Forefront - Coordinated Countywide Effort

Charlie Haase, Chief Information Officer, Information Services and Technology

Security at the Forefront - IST will establish a Countywide security culture emphasizing that information security is every County employee’s responsibility.

Strategy 1: Create a comprehensive information security program based on industry best practices.

Action

Create and staff the role of Information Security Officer, dedicated to establishing and enforcing security policies.

Metrics

Information Security Officer role established and staffed within the next year.

Action

Formalize security incident management and response procedures for County employees as well as within IST.

Metrics

IST Security incident procedure adopted within the next year.

Action

Develop and adopt a comprehensive set of Countywide security policies.

Metrics

Security policies adopted within the next two years.

Strategy 2: Educate all County employees about the importance of information security best practices and their role in protecting County assets.

Action

Make online security awareness training available to all County employees for completion every two years and include this training as part of the onboarding process for all new County employees.

Metrics

Online security awareness training compatible with County’s TalentQuest online training system implemented within the next two years.

Action

Reinforce ongoing security awareness education through newsletters, blogs and other social media.

Metrics

  • Monthly Multi-State Information Sharing and Analysis Center (MS-ISAC) security newsletters published within the next six months.
  • Develop and implement a process for notifying County employees about imminent threats
  • Information Security Officer publishes security awareness blogs within the next two years.