2018 ELECTION SECURITY PLAYBOOK
attempt to address each of these categories of controls. This helps to ensure we are approaching physical and cybersecurity from a comprehensive perspective. Examples of Specific Security Controls Listed below are examples of specific security controls in place, which include examples of administrative, technical and physical controls. Voting System • “Air gap” mitigation – An “air gap” refers to the idea that the voting system is not connected to any other network at any other time, including local networks and the internet. Our office uses an “air gap” with our voting system, which is one of the most effective ways of mitigating security risks. • Ballot creation security – The ballot creation team is located in a room with limited security access, multi-factor badge access, surveillance systems, and no network connections. The printed ballot contains a tint and watermark. • Chain of custody – Strict chain of custody controls are in place for ballots and voting components. • Ballot printing - Ballot printing is conducted in-house, mitigating the risk of relying on a vendor for ballot production. Network Security • Security Information and Event Management (SIEM) system – SIEM includes intrusion detection, vulnerability assessment, asset discovery and inventory, behavioral monitoring, and log management.
• Physical Security – Strict badge access control and alarm monitoring are important components of our physical security.
• Firewalls – Firewalls are used to protect our networks.
• Intrusion Detection/Prevention Systems – Intrusion detection and prevention systems help to detect attempts of unauthorized access. • User login security controls – Requiring password complexity, and using least privileged access are important user security controls.
ORANGE COUNTY REGISTRAR OF VOTERS
11
Made with FlippingBook Digital Proposal Creator