2018 ELECTION SECURITY PLAYBOOK
• Building a “Human Firewall” by providing cybersecurity training, providing awareness and holding individuals accountable.
• Configure our firewall and other security settings to be more restrictive.
These countermeasures are items we will be continually reviewed in order to effectively protect systems and networks from cyber-based attacks. Although defense in depth measures do not (and cannot) protect all vulnerabilities and weaknesses in an environment, they are part of the larger, overall strategy. Incident Response Plan Cyber Incident Management in Orange County utilizes a lifecycle approach. The Cyber Incident Management Lifecycle is composed of serial phases: preparation, identification, containment, eradication, recovery, and follow-up. It is also composed of ongoing parallel activities: analysis, communication, and documentation. This lifecycle is derived from many standardized cyber incident response processes such as those published by NIST, as well as other authorities. The following are descriptions of those actions that comprise OCROV’s Cyber Incident Management Lifecycle:
• Preparation - Maintaining and improving cyber incident response capabilities.
• Identification - Confirming, categorizing, scoping, and prioritizing suspected cyber incidents.
• Containment - Minimizing loss, theft of information, or service disruption.
• Eradication - Eliminating the threat.
• Recovery - Restoring computing services quickly and securely.
• Follow-Up - Assessing response to better handle future incidents through utilization of reports, “lessons learned” and after-action activities, in addition to mitigation of exploited weaknesses to prevent similar incidents from occurring in the future.
ORANGE COUNTY REGISTRAR OF VOTERS 24
Made with FlippingBook Digital Proposal Creator