Strategic Plan (PDF) - Cioarchives.ca.gov - State of California

More documents

Recommendations

Info

Goals, Objectives, and ActionsGOAL 3Ensure State Information Assets are Secured andPrivacy Protected.The State will improve interdepartmental coordination, conduct rigorous securityassessments, adopt secure architectures, mitigate security and privacy risks toits systems, infrastructure and information, and provide guidance for adequategovernance of information security.As the State’s information systems become more complex and the need for rapidcollection, storage and distribution of large amounts of data continues to grow, thechallenge for their protection becomes critically important. Catastrophic events, aswell as attacks against our technology infrastructure and systems, can have a severeimpact on business operations. We must work together to ensure California’s systemsare suffi ciently safeguarded and robust enough to support homeland security needsand to maintain business continuity of state government.Moreover, the State’s possession of signifi cant amounts of personal and confi dentialinformation, and the risk of disclosure or inappropriate use of that information, makesprivacy protection a signifi cant concern. In California, where “privacy” is expresslyprotected by our State Constitution, the State’s obligation to safeguard this informationis of paramount importance.Objective 1Adopt Statewide Security and Privacy Protection StandardsThe State will adopt statewide security and privacy protection policies and standardsconsistent with the State’s enterprise architecture, for program data access, networkconnectivity, desktop management, server confi guration, Internet connectivity, and externalaccess to technology services.Implementation of statewide security policies and standards will help ensure the eliminationof structural vulnerabilities from the State’s information technology architecture and systems,and enable more uniform and robust security measures.Actions1. By June 2007, the IT Council’s Security Committee will update the IT SecurityProgram Guidelines.2. By July 2007, the IT Council’s Security Committee will develop generalstandards or guidelines for remote access authentication implementation.19
CALIFORNIA STATE INFORMATION TECHNOLOGY STRATEGIC PLAN3. By November 2007, the State Information Security Offi cer (SISO), incollaboration with the IT Council’s Security Committee and the Departmentof Personnel Administration, will develop a general Internet acceptable usagepolicy and a related best practice guideline for agencies.4. The SISO, in collaboration with the Offi ce of Privacy Protection, will providecontinuing education and training for security and privacy protection awarenessfor state management and staff.Objective 2Assess and Mitigate Security and Privacy RisksThe State will provide tools to help departments conduct self-assessments of securityand privacy risks. These self-assessments will help agencies determine risks and properlymitigate them.Actions1. By March 2007, the IT Council’s Security Committee will survey departmentson existing and planned efforts in implementing data encryption.2. By April 2007, the SISO will implement a refi ned Information Security IncidentReporting and Notifi cation Process and ensure adequate training regardingincident reporting and notifi cation is provided to state employees.3. By August 2007, the SISO will develop a methodology and a set of tools thatdepartments can use to self-assess their IT security vulnerabilities.4. By August 2007, the State Privacy Offi cer, in consultation with the SISO, willdevelop a methodology and a set of tools that departments can use to selfassessthe privacy impact of proposed new and major modifi cations to existingIT systems that contain personal information.Objective 3Develop a Governance Structure for IT SecurityThe State will develop a governance structure for IT security that is in alignment withthe State’s other IT governance structures to help ensure that privacy protection,risk assessment, risk mitigation, and incident reporting policies and procedures areimplemented consistently and thoroughly statewide.A governance structure is also needed to ensure the State implements a securityinfrastructure that meets the collective and individual security and privacy needs of Statedepartments.20
Page 2 and 3: Message from the State CIONovember
Page 4 and 5: TABLE OF CONTENTSINTRODUCTION .....
Page 6 and 7: INTRODUCTIONThe State is moving for
Page 8 and 9: Goals, Objectives, and Actions1. Ma
Page 10 and 11: MISSIONInformation technology suppo
Page 12 and 13: GOALS, OBJECTIVES AND ACTIONSGOAL 1
Page 14 and 15: Goals, Objectives, and Actions4. By
Page 16 and 17: Goals, Objectives, and ActionsEmerg
Page 18 and 19: Goals, Objectives, and Actionsresul
Page 20: Goals, Objectives, and ActionsGOAL
Page 23: CALIFORNIA STATE INFORMATION TECHNO
Page 27 and 28: CALIFORNIA STATE INFORMATION TECHNO
Page 63 and 64: NOTES
Page 65 and 66: Arnold SchwarzeneggerGovernorState

Strategic Plan (PDF) - Cioarchives.ca.gov - State of California

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?