Information Security To effectively counter cyber threats from various domestic and international sources, Allegheny County requires a strong information security infrastructure and culture. The Department of Information Technology continues to implement and tune its security program to address the three main components of information security: People, Data, and Infrastructure. Firstly, an effective security program conveys to all users that Information Security is everyone’s responsibility and ingrains this culture within the organization’s business processes and workflows. DIT decided upon a wholistic approach to provide training and awareness to our user community. Regular communication between Department- Directors and Technology-Leads enumerates current security goals/responsibilities, elicits current security concerns, and shares forthcoming initiatives. An IT advisory board—comprised of key stakeholders—has been initiated so that DIT can strategically align security services rather than attempting to retrofit security controls. In tandem with director-level coordination, downstream workers within departments receive communication and resources related to information security. DIT has identified and assigned online security and awareness trainings to county personnel and continues to operate phishing awareness campaigns. The launching of a Risk Management Office adds a new resource to enhance security culture. Risk management specialists draft modern, applicable information-security policies, including: Acceptable Use Policy, Email Policy, Social Media Policy, Remote Access Policy, and Bring Your Own Device policy. A newly created risk-register is continually refined in order to identify potential risks. Additionally, risk management processes are now included in all IT purchases and acquisitions.
The second tenet of information security is data. While county entities other than DIT help manage its data, DIT plays a significant role in implementing encryption standards. These standards manage resources at rest or in transit, effectively filter internet traffic, and secure Email communication. DIT sets system documentation standards and now works with various county entities to ensure systems are properly documented and analyzed from a security perspective. The final pillar of Information Security is infrastructure. In 2023, DIT implemented and upgraded numerous infrastructure assets. Newly deployed firewalls provide network segmentation and limit exposure of sensitive information. Multi-Factor authentication now underlies most enterprise applications and technologies, offering enhanced organization-level security. With more solutions employing cloud-based or SaaS (Software as a Service) deployments, DIT bolstered its tools and skillsets to secure both on- premise and remote technologies.
120
Made with FlippingBook Digital Proposal Creator