2018 ELECTION SECURITY PLAYBOOK
User Level Security • Improved malware detection - We are currently using endpoint protection that is pattern and behavior based. • Email encryption - We currently have the ability to send encrypted emails when necessary. • Email spam\virus filter - Systems are in place that prevent potentially malicious emails from being sent to the users. • Email links - All links received by users in emails are checked for safety before a user can open the link. • Data loss prevention - The County is in the process of enabling data loss prevention, which helps to prevent users from sending sensitive information that should not be sent. Mobile • Mobile encryption – Any mobile devices and laptops that contain sensitive data will be encrypted before deploying them outside the office. • Mobile Device Management (MDM) – Mobile devices used, including electronic poll books, will have the ability to be managed remotely, including the ability to remotely wipe the data. Public Information • Comprehensive election information – We will continue to provide accurate information to voters through multiple channels, which can be used to counteract false information. Overall Security • Third party security audit – We are using a third party to conduct a cybersecurity audit, which can help to discover additional vulnerabilities. Voting System Security Controls The voting system currently used in Orange County is a Direct Record Electronic (DRE) voting system, with a Voter Verifiable Paper Audit Trail (VVPAT). In order for a voter to access a ballot at a polling place, a four-digit random access code is used for activation. The electronic voting booth and poll worker control system possess
ORANGE COUNTY REGISTRAR OF VOTERS 14
Made with FlippingBook Digital Proposal Creator