2018 ELECTION SECURITY PLAYBOOK
Cybersecurity Training & Awareness Program The OCROV has adopted the County policy of a mandated IT security and awareness training program, which is required to be completed by all employees on an annual basis. This provides employees with basic knowledge and tools that are instrumental in helping the County as a whole to combat cyber threats, including threats that have a social engineering component. The topics covered under the training program include:
• Ransomware
• Password Guidelines
• Safe Election Security and Protection Against Nation State Intrusions
• Social Engineering
• Phishing
• Physical Security
• Privacy
• Mobile Device Usage
• Malware
• Social media Human Firewall
In any organization, cybersecurity is everyone’s responsibility. Human error or targeted spear phishing has consistently been the root cause of publicized cyber attacks, and it is up to the OCROV leadership teams to weave security awareness into the culture of the organization. The term “Human Firewall” means employees, through education and cybersecurity training, are trained to detect, recognize, and report threats. The “Human Firewall” is the human shield of defense against possible social engineering attacks. Our approach is structured to change human behavior by thoroughly training our employees, including volunteer poll workers, to be cautious, and to be trained to recognize and report cybersecurity incidents. The decisions humans make are just as important as the software they use; therefore, the best approach consists of a clear employee cybersecurity program that includes awareness and focuses on continuous
ORANGE COUNTY REGISTRAR OF VOTERS
21
Made with FlippingBook Digital Proposal Creator