Findings and Recommendations City of Berkeley: Digital Strategic Plan and Cost Allocation Plan
October 17, 2016 v5.1
Cyber Security The DSP project, and specifically the IT Focus Groups, revealed that cyber security and
resiliency is a large liability for the City of Berkeley. According to City staff this result in the following: Malware and ransomware are present.
Reactive response to security risks and events Don’t have anyone to do PCI penetration testing. No Security Incident Event Monitoring system in place. No one monitoring security logs and doing cyber risk assessment Solutions: Add an FTE to the IT organization to handle this function. Redo class specifications for all IT staff to include scope for today’s technology needs and cyber security needs to be a key element in this Security training for city employees (now a requirement for PCI compliance) Include security as a key requirement in all IT classifications. Implement more security tools, develop cyber security/resilience master plan. Benefits: The City would be better at managing risks. Security damage would not be as significant as it might. Would be proactive in managing security risks. Better compliance PCI/HIPAA and DOJ requirements. Business Continuity Plan Findings: The DSP project revealed that the City does not have a Business Continuity Plan. This is a city-wide challenge. According to City staff this result in the following: Lack of a Business Continuity could shut down certain segments of the City. A recent power outage revealed that the existing generator (back-up power supply) was not sufficient for current needs. (It could only support 2 computers in 311 and 2 in Computers in Ops.) When the power went out, staff thought they could go home. UPS in remote sites will not last more than 1 hour. Inconsistent emergency operations response. Risk to City’s Information Systems. Could impact service delivery. Could impact public safety resulting in increased liability and costs. Risk in the event of a disaster. Recommendations: Retain a professional organization to develop a Business Continuity Plan. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.
Digital Strategic Plan: Findings & Recommendations
© 2016 108 ThirdWave Corp 11400 W. Olympic Blvd. Suite 200 Los Angeles CA 90064 310.914.0186 V 310.312.9513 F
Made with FlippingBook HTML5