Data Security Initiative Progress

Post

I. Develop and document systems and practices to protect our data including Governance, Risk Management, Cyber Security, Identity and Access.

  2018-2019 2019-2020 2020-2021
Update Administrative Regulation 6006 Approved by ITAC
Spring 2019
Project Adoption
Fall 2019
 

II. Implement standards as adopted and developed by the CCC Security Center:

  2018-2019 2019-2020 2020-2021
Information security policies, regulations, and business processes will be adopted, derived and aligned with the currently adopted CCC’s Information Security Standard.
CCC Information Security Standard Adopted
Fall 2018
   
CCC Data Classification Standard Adopted
Fall 2018
   
Best Practices and Procedures for Sharing Files and Folders in OneDrive Implemented
Spring 2019
   
Best Practices for Password Creation Updated to better align
with current standards
Spring 2019
   
Procedures for Dealing with PII in Outlook and OneDrive Implemented
Summer 2019
   

III. Utilize the tools and services offered by the CCC Security Center, including:

  2018-2019 2019-2020 2020-2021
Splunk: Correlates real-time data for threat analysis. Baseline Implemented
Fall 2018
Phased Rollout
Fall 2019
 
Tenable Security Center: Provides real-time vulnerability scanning. Baseline Implemented
Fall 2018
Rollout
Fall 2019
 
Spirion: Provides data loss prevention (scans for SSN, credit card numbers, etc.). Baseline Implemented
Spring 2019
Phased Rollout
Fall 2019
Complete Rollout
Spring 2021
Vulnerability Assessments.   Schedule Assessment
Fall 2019 / Spring 2020
Annual Assessment
Fall 2020 / Spring 2021
Phishing Assessments.   Test
Fall 2019
 

IV. Request funds, purchase and implement various industry recognized tools and services designed to support the policies and standards adopted above:

  2018-2019 2019-2020 2020-2021
Microsoft SCCM: Expand the use of applicable security-related features. Implemented a Local
Administrative
Password Solution
Spring 2019
Ongoing Ongoing
Microsoft Outlook and OneDrive: Provide data loss prevention for email and file storage. Completed
Fall 2018
   
Jamf: Automate patching, upgrades, audit security events and hardening for Apple computers.   Implementation Planned
Spring 2020
 
PortalGuard: Provide 2-factor authentication, single sign-on, and self-service password resets. Self-service Password
Implemented
Spring 2019
2-Factor Authentication/
Single Sign-on
Planned
Fall 2019
 
Research and implement a next generation antivirus solution. Cylance Implementation Completed:
Administrative Network
Spring 2019
Implementation Planned:
Computer Labs
Spring 2020
 
Research the value of a network monitoring service to detect high level attacks. SecureWorks Baseline Implemented
Spring 2019
Projected Completion
Fall 2019
 
Appsian (previously Greyheller) Application Firewall: Provides various security layers for PeopleSoft data.   Implementation Planned
Fall 2019 / Spring 2020
 
Research the value of endpoint snapshot tools for instant recovery.     Implementation Planned
Fall 2021
Research and implement next-generation firewall for intrusion prevention.   Palo Alto Implmented @ PCC
Summer 2019/
Implementation Planned @ LAC
Fall 2019
 
Research and implement a Password Access Management (PAM) solution to manage administrative accounts.   Researching Solutions
Summer 2019
 
Security Awareness Training. CCC Product Determined to be Insufficient –
Researching New Vendors
Summer 2019
Phased Rollout
Fall 2019/ Spring 2020
Complete Rollout
Fall 2020/ Spring 2021