IT DSP Findings & Recommendations

Findings and Recommendations City of Berkeley: Digital Strategic Plan and Cost Allocation Plan

October 17, 2016 v5.1

O 2

Cyber Security The DSP project, and specifically the IT Focus Groups, revealed that cyber security and

resiliency is a large liability for the City of Berkeley. According to City staff this result in the following:  Malware and ransomware are present.

 Reactive response to security risks and events  Don’t have anyone to do PCI penetration testing.  No Security Incident Event Monitoring system in place.  No one monitoring security logs and doing cyber risk assessment Solutions:  Add an FTE to the IT organization to handle this function.  Redo class specifications for all IT staff to include scope for today’s technology needs and cyber security needs to be a key element in this  Security training for city employees (now a requirement for PCI compliance)  Include security as a key requirement in all IT classifications.  Implement more security tools, develop cyber security/resilience master plan. Benefits:  The City would be better at managing risks.  Security damage would not be as significant as it might.  Would be proactive in managing security risks.  Better compliance PCI/HIPAA and DOJ requirements. Business Continuity Plan Findings: The DSP project revealed that the City does not have a Business Continuity Plan. This is a city-wide challenge. According to City staff this result in the following:  Lack of a Business Continuity could shut down certain segments of the City.  A recent power outage revealed that the existing generator (back-up power supply) was not sufficient for current needs. (It could only support 2 computers in 311 and 2 in Computers in Ops.) When the power went out, staff thought they could go home.  UPS in remote sites will not last more than 1 hour.  Inconsistent emergency operations response.  Risk to City’s Information Systems.  Could impact service delivery.  Could impact public safety resulting in increased liability and costs.  Risk in the event of a disaster. Recommendations:  Retain a professional organization to develop a Business Continuity Plan.  A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.

O 3

Digital Strategic Plan: Findings & Recommendations

© 2016 108 ThirdWave Corp 11400 W. Olympic Blvd. Suite 200 Los Angeles CA 90064 310.914.0186 V 310.312.9513 F

Made with FlippingBook HTML5