Data Security
Being RESPECTFUL of our information

Post

“Information security refers to the protection of information, information systems, equipment, software, and people from a wide spectrum of threats and risks. Implementing appropriate security measures and controls to provide for the confidentiality, integrity, and availability of information, regardless of its form (electronic, optical, oral, print, or other media), is critical to ensure business continuity, and protect information assets against unauthorized access, use, disclosure, disruption, modification, or destruction.”
   –California Department General Services

Strategies

  1. Develop and document systems and practices to protect our data including Governance, Risk Management, Cyber Security, Identity and Access.
  2. Implement standards as adopted and developed by the CCC Security Center.
    1. Information security policies, regulations, and business processes will be adopted, derived and aligned with the currently adopted CCC’s Information Security Standard.
  3. Utilize the tools and services offered by the CCC Security Center, including:
    1. Splunk – correlates real-time data for threat analysis.
    2. Tenable Security Center – provides real-time vulnerability scanning.
    3. Spirion – provides data loss prevention (scans for SSN, credit card numbers, etc.).
    4. Vulnerability Assessments.
    5. Security Awareness Training.
    6. Phishing Assessments.
  4. Request funds, purchase and implement various industry recognized tools and services designed to support the policies and standards adopted above:
    1. Microsoft SCCM – expands the use of applicable security-related features.
    2. Microsoft Outlook – currently provides data loss prevention for email.
    3. Jamf – automates patches, upgrades, audits security events, etc. for Apple computers.
    4. PortalGuard – allows 2-factor authentication, single sign-on, and self-service password resets.
    5. Research and implement a next generation antivirus solution.
    6. Research the value of a network monitoring service to detect high level attacks.
    7. Research the value of endpoint snapshot tools for instant recovery.
    8. GreyHeller Application Firewall – provides various security layers for PeopleSoft data.