State of Florida - ISC

More documents

Recommendations

Info

How the State of Florida Builds Information SecurityExpertise Despite Escalating Risk and Tight Budgets.CHALLENGETraining and education have always been atop priority for the State of Florida’s Officeof Information Security (OIS) within theAgency for Enterprise Information Technology(AEIT). The (OIS) was established immediatelyfollowing the events of 9/11. Its mission? To helpthe State’s executive branch agencies addressWith training as an integral factor in thesuccess of each focus area, the OIS laid out anaggressive and detailed training and educationprogram for its information security staff. Infact, its training plan is mapped out in a comprehensivethree-year matrix that illustrateshow the State will leverage its workforce tomeet federal, state and private informationcyber security issues and to ensure statewidesecurity standards.Helping state agenciescomply with all requirements such as HIPAA,PCI, and those set forth by the U.S. Departmentof Homeland Security (DHS) is critical tothe Office and AEIT’s success.compliance with Federal and State securitystandards. Even though legislation points theefforts of the OIS toward the executive branchof government, the courts, the Florida Legislature,cities, counties and municipalities arewilling participants.With technology evolving at what seems tobe the speed of light, how does AEIT keep itsThe Office’s five focus areas related to enterpriseinformation security are:information technology staff up-to-date onbest security practices?• Policy• Training• Risk management• Incident responseAnd in light of budget cuts, how does AEITmaintain its expertise in protecting critical,proprietary information?• Survivability1
SOLUTIONEstablish GoalsFirst, AEIT worked with the Information SecurityManager community within state agenciesto identify business requirements that needto be addressed, such as staff professionaldevelopment goals.“One of the most valuable education programsthe State has engaged in has been CISSP ® CBK ®Review Seminars and examinations,” said Russo.“We stress this certification because it requiresour experienced managers to have a deepunderstanding of the latest, up-to-date informationon the full spectrum of security-relateddevelopments and topics.”“We determined which standards and certificationswould best meet our needs and puttogether a program that would take us there,”said Mike Russo, CISSP, and Chief InformationSecurity Officer (CISO) for the State of Florida.The State began offering CISSP CBK ReviewSeminars to a select group of its professionalstaff in 2004. This year, it contracted with(ISC) 2® to provide a CISSP Review Seminarand examination for 25 employees from many“We are constantly on the watch for emergingareas that require staff training. “In fact,” saidRusso, “the State of Florida was one of theof the State’s executive agencies, as well asLegislative, Inspector General and AuditorGeneral offices.first to offer training for ethical hacking andincident response.”“If we had more domestic security grant funds,we would have doubled the number of participants,”said Russo. “It’s critical for all of ourtechnologists, and those who fund, regulate andaudit them, to understand what the latest bestpractices are, and why we do what we do.”Russo says that the State’s security educationprogram focuses on national and internationalcertifications because they provide a globallyrecognized, independent and objective demonstrationof an individual’s level of competence.Finding Funding“We try to help staff attain credentials in manyareas. It takes a well-rounded body of knowledgeto function effectively.”Millions of dollars of federal security funds areavailable to every state through the DHS, butthere is no uniformity in how states go about2
Page 1: September 2010
Page 5 and 6: “CISOs need to be excellent advoc

State of Florida - ISC

Create successful ePaper yourself

Delete template?

Save as template?