2018 ELECTION SECURITY PLAYBOOK
Detect We have implemented the appropriate systems to identify the occurrence of a cybersecurity event as soon as possible. The security mitigations and controls include items outlined in this document such as intrusion detection systems, and collaboration with other agencies are a part of this strategy. Respond OCROV, along with a cybersecurity joint task force, has developed a cybersecurity incident response plan. The plan addresses the appropriate actions in the event of a cybersecurity event. These actions include response planning, communications, analysis, mitigation, and future improvements learned from the incident. This plan is an internal secure document not designed for public distribution. Recover We have developed appropriate activities to restore any capabilities or services that are impaired due to a cybersecurity event or physical intrusion. A business continuity plan is also a component of this aspect of the framework. The focus is also to maintain resilience for the network and protect it from further attacks. Defense in Depth Defense in depth is an information assurance concept in which multiple layers of security controls or defenses are placed throughout network infrastructure to detect anomalies and unusual network traffic. Preparing for a breach is very important. Multiple layers of network security minimize gaps in protection. Examples of currently used protections at the OCROV are a robust firewall, intrusion prevention, and antivirus protection.
Countermeasures that are used to help defend the network are:
• Identify, minimize and secure all network connections.
• Harden systems by disabling unnecessary services, ports, and protocols.
• Enable available security features of systems used.
• Implement robust configuration management practices.
• Continually monitor and assess the security of the systems, networks, and interconnections.
ORANGE COUNTY REGISTRAR OF VOTERS
23
Made with FlippingBook Digital Proposal Creator