Risk Management Services
The Risk Management Services program is responsible for administering overarching information technology risk management activities for OIT. Risk Management Services evaluates the options for mitigating risks and works with functional areas throughout OIT to decide upon and then implement controls, which appropriately and proactively respond to these risks. Risk Management Services is ultimately responsible for coordinating all endeavors within OIT which seek to avoid, prevent, detect, correct, or recover from threats to information or information systems.
The following are representative of the activities Risk Management Services is involved in at the OIT and statewide levels:
- OIT Initiatives: Policies, procedures, standards, IT planning, network vulnerability assessments, compliance monitoring (auditing), IT risk management, business continuity planning, disaster recovery, service level agreements, and crisis management
- Statewide Initiatives: Network vulnerability assessments, cyber security workshops, and crisis management
- ISO 27001 Security Assessment
- Cabinet Agency Network Vulnerability Assessment
- OIT Business Resumption Plan - Phase 1 (FY08)
- ISO 27001 Security Controls - Phase I
- OIT Business Resumption Plan - Phase II (FY08)
- Open Systems Disaster Recovery Process
- Cyber Security Planning Workshops
- OIT Business Resumption Plan - Revision (FY09)
- Statewide Cyber Security Plan
- Cabinet Agency Network Vulnerability Assessment