|
|
|
Security Assessments |
| |
Managing the security
risks associated with State government’s growing
reliance on information technology is a continuing
challenge. The OIS Security Assessment Services provide
a comprehensive risk management approach to evaluate
critical assets, identify potential threats and
vulnerabilities, and provide an operational view of
information security risk.
Risk Management includes the prioritization of risks,
categorization of recommended safeguards, analyzing the
feasibility of implementation, and identifying
alternative risk mitigation processes and solutions
within the management, operational and technical
environment.
|
|
xx
|
OIS Security
Assessment Services:
- Information Security
Risk Assessment
- Technical
Vulnerability Assessment
- Wireless Security
Assessment
|
|
Security Awareness &
Training |
| |
An important
part of our Information Security Program is OIS Security
Awareness & Training services (SAT) which provide
security education and training to State Agencies. Our
staff of instructors, technology professionals, and
education support personnel combines the expertise to
create, collaborate, and facilitate delivery of quality
education and training across the State.
In addition to the materials developed for awareness and
training, the SAT team has developed the Nevada
Information Security Professional (NISP) certification
program. NISP certification is required for positions
within the State classified as Information Security
Officers (ISO). The training is designed for Information
Technology / Security professionals; however, those
individuals who wish to seek NISP certification are
welcome to participate in the training with the
following condition: |
| |
|
All non-ISO’s that are
participating in this program are directly responsible
to ensure proper authorization from their Agency
management prior to utilizing State resources. |
|
xx |
Everyone is encouraged to
access our
Awareness materials, including OIS
newsletters, brochures, and posters.
State Employees may follow this link to access the
Online Nevada Information Security Orientation.
Follow this link for the
Nevada Information Security
Professional certification,
|
|
|
|
Disaster Recovery Planning &
Incident Management |
| |
The primary objective of a
Disaster Recovery Planning is to enable State Agencies
to survive a disaster and to reestablish normal
operations. Every State Agency must assure that critical
operations can resume normal processing within a
reasonable time frame. Therefore, the goals of a
Disaster Recovery Plan should be to: |
| |
- Identify weaknesses
and implement a risk mitigation program
- Minimize the
duration of a serious disruption to operations;
- Facilitate effective
co-ordination of recovery tasks; and
- Reduce the
complexity of the recovery effort.
|
|
xx |
OIS works with Agencies to
provide the expertise and guidance in the development
and maintenance of Disaster Recovery Plans. The OIS DRP
services designed to assist Agencies with the execution
of the disaster recovery planning process in the most
efficient manner possible. The composition of the OIS
DRP team may vary depending on the environments within
each Agency. It is important to note that each Agency is
responsible for the maintenance and testing of their
respective plans.
An Information Security incident can occur at any time.
In this event, OIS security professionals will work with
Agency staff, providing advice and assistance for the
duration of the incident. The OIS team is comprised of
specialists with years of experience in information
security and incident response.
By leveraging our extensive experience, expertise, and
best practices, OIS is able to develop effective
disaster recovery and incident management programs. |
|
|
|
Technical Security
Administration |
| |
OIS Technical Security
Administration services focus on defining technical
security controls for Agency Information systems that
build upon the existing infrastructure, systems, and
policies, and enables a consistent and best practice
level of security throughout the organization. Technical
Security assistance is available from OIS to provide
Agencies the support necessary to: |
| |
- Design security
architectures that are responsive to operational
drivers, Agency objectives, and priorities;
- Identify information
security solutions that will enable Agency
operations through the use of effective and
economical secure Information Technology;
- Maximize use of
technology while minimizing information security
risk or exposure so that the Agency can ensure
efficient operations.
|
|
xx |
OIS provides Agencies access to
expert technical advisors for support on all aspects of
information security. Our advisors participate in
technical planning meetings for the purpose of advising
the technical leadership of the Agency. The security
topics covered in consultative meetings are determined
by the Agency and can range from active input about your
Agency’s current security projects to advice about
long-term technology initiatives. |
|
|
|
Physical Security |
|
|
Perhaps the first type of security that comes to mind
when one is thinking about protecting resources is
physical security. OIS offers assistance in this area by
providing physical security assessments.
A physical security assessment encompasses a number of
areas. Generally, any system that contains or transports
data requires a physical security assessment; this
typically is conducted after a Risk and Vulnerability
Assessment is completed. The depth of the physical
security assessment depends on the classification and
legal requirements of the data. Physical security
assessments include six main categories: Structure and
perimeter; access control and CCTV; power;
HVAC/environmental controls; supporting utilities; and,
life safety. |
| |
