Cyber Security in New Jersey State Government Alfonsina

Cyber Security in New Jersey State Government Alfonsina Comune, COS/CISO, OIT

Agenda • Cyber Security Business Problems • OIT Solutions – Planning – Technology

Business Problems • With >1000 daily suspicious events being detected, ongoing concern over hacking & other cyber crimes • More frequent and potentially damaging virus attacks – For enterprise (Statewide) e-mail, >15, 000/day, 99%+ cleaned automatically – For OIT desktop Web, >50/month, 99% cleaned automatically • Currently over 60% of e-mail to OIT is Spam • Spyware is another significant, though unquantified threat

OIT Solutions – Planning Unacceptable Risk Add Controls • Information Security Program – – – Commitment Oversight Documented Policies Lifecycle security view Risk Management Non-Technical Controls Information Risk Assessment Vulnerabilities Threats Operate, Maintain, Monitor, and Train Acceptable Risk Design to Requirements Build to Design Establish Requirements Operate & Maintain Test to Requirements

OIT Solutions – Technology • • Vulnerability Assessment and Management Intrusion Detection and Prevention Virus Scanning Spam Filtering Web Filtering Agency Isolation Identity Management

OIT Solutions – Technology • Virus Scanning – Enterprise (State e-mail gateway) – Inter-departmental – OIT internal • Spam Filtering Public Tier – Enterprise • Website Filtering Secure Tier – OIT internal Core Tier Internet User Browser Based

OIT Solutions – Technology • Partnerships – Intra-state with Department of Law and Public Safety – Inter-state with nine states, three cities, the U. S. Army, and Monmouth University

Summary Through a combination of planning and technology, OIT and the State of New Jersey are addressing cyber security threats today, and with the help of partners in government, industry, and academia, will improve our effectiveness in the future.