Investor Presentaiton slide image

Investor Presentaiton

Security Assessment Approach . • Step 1: Planning Developed TASKA project plan Arranged for necessary logistics (technical and managerial) Collected relevant policies, procedures, and guidelines documents Step 2: Security risk evaluation Conducted vulnerability assessments for three agencies -Analyzed 63GB of log files - Scanned a range of about 200,000 IP addresses -Assessed 58 applications -Reviewed the configuration of seven network devices Conducted three agency- level information security risk assessments - Conducted 37 interviews with agency representatives to assess risks and existence of managerial, operational and technical controls -Reviewed 134 supporting documents of existing policies or evidence of existing controls Step 3: Governance strategy/recommendation " • Recommended a governance model based on: -Interviews with three state Chief Information Security Officers in states with either a federated or centralized security governance model - Reviews of recommendations from the SIG report and findings from the 2012 Deloitte NASCIO Cybsersecurity Study of national trends - Discussions with the Budget Control Board Developed a roadmap for the Information Security program Developed FY14 budget estimates based on the foundational aspects of the INFOSEC roadmap Step 4: Reporting • . Documented observations and remediation options Reviewed individual agency risk assessments and vulnerability assessment results with Directors of respective agencies Reviewed SFY14 budget, governance, and INFOSEC roadmap with Trustees and Director of B&CB Summarized the recommendations that were developed on the assessments, governance, INFOSEC roadmap, and budget which are included in this initial report 2 This presentation is intended solely for the information and internal use of the State of South Carolina, and is not intended to be and should not be used by any other person or entity. No other person or entity is entitled to rely, in any manner, or for any purpose, on this draft presentation.
View entire presentation