1

ISOAG Meeting December 7, 2016

Welcome to CESC

www.vita.virginia.gov

2

Welcome and Opening Remarks

Michael Watson

December 7 , 2016

www.vita.virginia.gov 2

3

ISOAG December 7, 2016 Agenda I. Welcome & Opening Remarks Mike Watson, VITA

II. Data Governance Zacc Allen, DOC

III. Social Media Records Retention Glenn Smith, LOV

IV. Central ISO IT Security Audit Services Ed Miller, VITA

V. Upcoming Events Mike Watson, VITA VI. Partnership Update Northrop Grumman

4

ISOAG December 7, 2016 Agenda

Presentation for Zaac Allen, DOC Will be posted after today’s meeting.

Social Media Records: What’s There to Manage and Secure??

Glenn Smith

Records Management Analyst

- VITA ISOAG 2016.12.07

What is a public record? . . . documents a

transaction or activity . . .

Regardless of physical form or characteristic . . .

. . . is produced, collected, received or retained in pursuance of law or in connection with the transaction of public business.

COV § 42.1-77

What is an electronic record? A record created, communicated, and/or stored by

automated means and that requires a system to render it comprehensible by humans.

Formats include: Word processing files Databases Spreadsheets PowerPoint presentations E-mail Scanned images Web sites Multimedia files

Storage Media Include: Hard Drives Floppy Disks 8”, 5 ¼, 3 ½ CDs / DVDs Optical Disks Tape: Magnetic / Optical Networked Servers

e-Recs

websites

Databases

PowerPoint

Scanned images

Multimedia files

Digital Pix

Responsibility for electronic records

The agency shall be responsible for ensuring that its public records are preserved, maintained, and accessible throughout their lifecycle, including converting and migrating electronic records as often as necessary so that information is not lost due to hardware, software, or media obsolescence or deterioration. Any public official who converts or migrates an electronic record shall ensure that it is an accurate copy of the original record. The converted or migrated record shall have the force of the original. COV § 42.1-85

~Stephano493

Electronic records challenges • Platform obsolescence (think Myspace)

• Ensuring record integrity

• Maintaining records in a way that will enable

retrieval of all information relevant to an activity/interaction

• Select which record series is appropriate

Metadata

• Data describing context, content, and structure of records and their management through time

• Loss through screen-shotting SM

Discoverability and liability

• SM records subject to the same accessibility requirements as other public records. • Exempt from access by the public only if they fall within the exemptions provided under FOIA.

Questions?

Glenn Smith Records Management Analyst glenn.smith@lva.virginia.gov

All forms and schedules, as well as additional

resources, available at: www.lva.virginia.gov/agencies/records

15

Central ISO & IT Security Audit Services

Ed Miller Director IT Security Governance

16

Central Services • To date, we have 29 agencies signed up for

services.

• We have hired a Director Centralized IT Security Audit Services.

• The Director for ISO Services was previously posted and we were not able to fill it. It has been re-posted thru Dec 16th. If you previously applied, please apply again if you’re still interested.

17

Central Services • Also posted or soon to be posted:

• 2 Central IT Security Audit staff positions • 2 Central ISO staff positions • 1 IT Security Governance Analyst position • 1 IT Risk Management Analyst position • 1 Incident Response Analyst • 1 Web Vulnerability Scan Analyst

18

Central Services Audits:

• We have signed an SOW with an auditing firm.

• 3 agencies are now in the process of audits for

their sensitive systems thru this SOW.

• The Central IT Audit Director is in the process of scheduling & prioritizing the rest of the audits

19

Central Services ISO Services:

• Centralized ISO Services will complete the NCSR

surveys for all enrolled agencies

• The small-agency analyst has already been working with several of the agencies that have enrolled.

• We have also hired an IT security contractor who will start to work soon.

20

Central Services Summary

• Audits have started

• ISO work has started

• Hiring is underway

• We will be contacting you soon for scheduling

21 www.vita.virginia.gov 21

Upcoming Events

22

SANS Winter Buy Window The SANS Winter Buy Window runs from Dec 1, 2016

through Jan 31, 2017.

During this time, you’ll be able to take advantage of the Center for Internet Security’s (CIS) partnership with

SANS.

SANS training is available during the buy-window at up to 70% off the regular price.

http://www.sans.org/partnership/cis

23

IS Orientation

When: Thursday, December 8, 2016 Time: 9:30 – 11:30 am Where: CESC , Room 1221 Presenter: Bill Freda Register here: http://vita2.virginia.gov/registration/Session.cfm?MeetingID=10

24

Future ISOAG

January 4, 2017 1:00 - 4:00 pm @ CESC

Speakers: John Musgrove, VITA

ISOAG meets the 1st Wednesday of each month in 2016

25

OSIG Training Course: Integrating Cybersecurity in SDLC

Instructor: David Cole / SysAudits Inc. Location: CESC

Dates: Feb 14-15, 2017 CPE: 16.0 hours

Price: $350

https://osig.virginiainteractive.org

26

SAVE THE DATE

Contact: CovSecurityConference@vita.virginia.gov

27

ADJOURN THANK YOU FOR ATTENDING

Picture courtesy of www.v3.co.uk