Investor Presentaiton
Security Assessment Approach
.
•
Step 1: Planning
Developed TASKA
project plan
Arranged for necessary
logistics (technical and
managerial)
Collected relevant
policies, procedures, and
guidelines documents
Step 2: Security
risk evaluation
Conducted vulnerability
assessments for three
agencies
-Analyzed 63GB of log
files
- Scanned a range of
about 200,000 IP
addresses
-Assessed 58 applications
-Reviewed the
configuration of seven
network devices
Conducted three agency-
level information security
risk assessments
- Conducted 37 interviews
with agency
representatives to assess
risks and existence of
managerial, operational
and technical controls
-Reviewed 134 supporting
documents of existing
policies or evidence of
existing controls
Step 3: Governance
strategy/recommendation
"
•
Recommended a
governance model based
on:
-Interviews with three
state Chief Information
Security Officers in
states with either a
federated or centralized
security governance
model
- Reviews of
recommendations from
the SIG report and
findings from the 2012
Deloitte NASCIO
Cybsersecurity Study of
national trends
- Discussions with the
Budget Control Board
Developed a roadmap for
the Information Security
program
Developed FY14 budget
estimates based on the
foundational aspects of
the INFOSEC roadmap
Step 4: Reporting
•
.
Documented
observations and
remediation options
Reviewed individual
agency risk
assessments and
vulnerability
assessment results with
Directors of respective
agencies
Reviewed SFY14
budget, governance,
and INFOSEC roadmap
with Trustees and
Director of B&CB
Summarized the
recommendations that
were developed on the
assessments,
governance, INFOSEC
roadmap, and budget
which are included in
this initial report
2
This presentation is intended solely for the information and internal use of the State of South Carolina, and is not intended to be and should not be used by any other person or entity. No other
person or entity is entitled to rely, in any manner, or for any purpose, on this draft presentation.View entire presentation