2018 ELECTION SECURITY PLAYBOOK
training and education. Additionally, this cybersecurity training and awareness program needs to be more than just a routine requirement; instead, the concepts should be reinforced in order to change employee behavior. For example, email continues to be a significant vector of choice for malware; therefore, it is important that our employees are trained annually, in addition to being reminded in monthly meetings, to be mindful of the many forms of phishing attacks that come through professional and personal emails. Other aspects of the “Human Firewall” include background checks and setting standards for following good security protocols. Security isn’t just a technology issue; it’s a personnel issue. Errant clicks, user error, and social engineering attacks such as phishing are some of the biggest threats. Educating and empowering our users to make safer choices is vital to creating a more sustainable and successful long-term defense. Application of the NIST Cybersecurity Framework The NIST Cybersecurity Framework is a widely adopted framework that provides an additional perspective to our approach to cybersecurity and was created by the public and private sectors working collaboratively. This framework is composed of the following five major functions:
1. IDENTIFY assets you need to protect.
2. PROTECT assets and limit the impact.
3. DETECT security problems.
4. RESPOND to an incident or be ready to respond with a plan.
5. RECOVER from an incident.
Identify Our agency, with guidance from Orange County Information Technology (OCIT) enterprise security, has developed the skills to manage the cybersecurity risk to systems, assets, data, and capabilities. This covers areas such as risk assessment, asset management, and governance. Protect We have developed and implemented the appropriate safeguards to ensure delivery of services. These security mitigations and controls are outlined throughout this document.
ORANGE COUNTY REGISTRAR OF VOTERS 22
Made with FlippingBook Digital Proposal Creator