Governmental systems, devices and infrastructure have become extremely desirable targets for cyber criminals due to aging infrastructure, historical lack of funding for technology and lack of staff with the necessary skill sets required to adequately protect and monitor assets. The Information Security Team was formed at the time of OTS' creation to establish a comprehensive information security program intended to align information security with operational strategy; ensure compliance with applicable federal, state and local laws and regulatory requirements; manage, monitor and mitigate information security risks and incidents; optimize information security investments; manage information security resources efficiently; and monitor the ongoing effectiveness of the Information Security Program.
Information Security Policies and Forms
The Information Security Policy was established through the diligent work and support of many individuals from multiple agencies with a focus on aligning policy, mitigating risk and attention to technical requirements to create processes that add value to all agencies.
The Information Security Policy (V.1.0.3) includes the following additional appendices:
- Chain of Custody
- Change Management Policy
- Criminal History Review Request
- End User Agreement
- Exception Request Form
- Incident Response Plan
- Risk Acceptance Form
- Third-Party Information Security Questionnaire
- Data Sanitization Standard
When should someone contact the Information Security Team?
- When you have any policy related comment, question or concern
- When you would like to request assistance or guidance from the Information Security Team
- When you need to report a information security event or incident
- When you have a suggestion or an idea to improve the State's Information Security Program
- If you need to request approval or exception as required by the Information Security Policy