2018 ELECTION SECURITY PLAYBOOK
• Critical and security updates, and patch management – Applying security patches is a basic security measure. • Legacy workstations – Minimizing the use of outdated Operating Systems and software, as well as replacing legacy systems. • User account management – Immediately disabling unused accounts is a standard security practice. • Center for Internet Security (CIS) benchmarks – We review their recommendations and utilize them when possible to harden our systems. • Enforce strong passphrase policy – We enforce password complexity for user accounts. Website Security • Encrypted web communication – The website is viewed over a secure connection. Forms submitted by users are encrypted using SHA-xxx Cryptographic Hash Algorithm and utilizes SSL Web Security Certificates (Cryptographic Hash Management Latest Security Certificates). • SQL injection – Web applications are periodically checked for SQL injection vulnerabilities. Training and Personnel • Employee hiring and separation procedures – Background checks are performed on new employees, and all are required to receive security training. Separated employees’ accounts are promptly disabled, and badges are deactivated. • Phishing campaign simulation – Phishing campaign with OCROV staff are periodically simulated in order to test the efficacy of our training. • Cybersecurity training program – All employees must complete a professionally created cybersecurity training program. Supplemental training is also provided, and security updates are routinely given in staff meetings. • Physical security accountability – Personnel are held accountable for enforcing physical security practices.
ORANGE COUNTY REGISTRAR OF VOTERS 12
Made with FlippingBook Digital Proposal Creator