Planned Activities

 

ISO 27001 Security Controls - Phase I

This project will execute the project plan and strategy defined in the detailed Gap Analysis Report developed during the ISO 27001 Security Assessment project conducted in FY07. 

 

OIT Business Resumption Plan – Phase II (FY08)

This project is Phase II of a business resumption planning effort. This project will use the results of the Business Impact Analysis and Risk Assessment findings developed in “Phase I” to develop and implement an OIT Business Resumption plan that provides for the ability to continue critical IT processes and deliver essential services at an acceptable level in the event of a disruption of service and allows for the recovery of OIT IT facilities and capabilities. 

 

Open Systems Disaster Recovery Process

Assess the requirements for an open systems disaster recovery plan. Recommend and implement an architecture that will enable for the recovery of the Ohio Business Gateway and OAKS applications and the infrastructure upon which these systems reside. Implement effective processes for the plan to be tested and coordinate a successful test of that plan.

 

Cyber Security Planning Workshops

Conduct a series of specialized IT security planning workshops and presentations to develop a standardized approach to cyber security for state agencies.  These workshops will be completed using the services of reputable experts in the IT security field.  The express objectives of these planning workshops and presentations are to:

  • Cultivate a common understanding of concepts, best practices, and trends in cyber security.
  • Establish a strategy for security training that meets the needs of state agencies while ensuring confidentiality, integrity, and availability of IT systems assets to meet agency mission.
  • Define recommended approaches and courses to support security preparedness statewide.
  • Define a vulnerability assessment strategy to enable the state to proactively secure its information technology networks and systems against possible attack.

 

The workshops will provide attendees the opportunity to bring their thoughts and ideas into an open forum for discussion. The workshops are to be held in the Columbus area.

 

OIT Business Resumption Plan – Revision (FY09)

The Business Continuity Revision project will review/revise the plan to minimize the effects of an interruption to Service Delivery operations in the event of natural disaster or other disruption to one or more of Service Delivery’s critical business functions or resources. The objective of the business continuity plan is to ensure the viability of the resources that Service Delivery will need to survive a damaging event - including adequate facilities, the safety and accessibility of staff members, and IT systems.

 

Statewide Cyber Security Plan

This project is based upon recommendations in the FY06 Homeland Security Grant Guidance. The cyber security plan should address four main areas: Policy,

Training, Technology Deployment, and Vulnerability Assessment. Each of these areas supports the others, and together they meet emerging standards of due diligence in information security.

 

Cabinet Agency Network Vulnerability Assessment

OIT sponsors an annual network vulnerability program.  The program was developed in response to a recommendation of the Technology, Research, and Development subcommittee of the State of Ohio Security Task Force. The primary objective of this program is to cooperatively assess the information technology security vulnerabilities and security risks of Ohio’s cabinet agencies.