Fall 2021: The Climate Issue

Page 47

What the Chief Information Security Officer Wants the Executive to Know By Karen R. Pratt, Cyber Security Officer, Washington County

Know That Cybersecurity is a Team Sport •

First and foremost know that EVERYONE has a role. Even the individual that may not have access to a computer, but is an employee who let’s someone in, provides company information to someone on the telephone, or provides unauthorized access to equipment – all are part of the cybersecurity team. Know that you have a responsibility to secure the information the organization holds. Individuals in the organization generate, process and store information that other people want for malicious reasons. You have a role and knowing about cybersecurity is important in your organization. Know that the CISO is a partner (and at times a coach) and wants to help you move the organization forward and achieve the organizational goal.

Know What the Organization Has and Who Has Access to It •

Know what the organization has, the importance of it, and the impact should the organization lose it or it’s stolen. If you don’t know what you have and are not managing it, it’s a risk.

Know that the organization should inventory ALL computer software and hardware. This is a huge undertaking but know what you have and its purpose. You don’t know if you have lost something or don’t know if you are minimizing the risk, if you don’t know what you have to start with.

Know the kind of information the organization has (such financial records, contact information, address information, payroll information, social security, home addresses, phone numbers, email addresses personal and work, purchasing history), and what it will mean if it got in the hands of someone who wanted to do the organization harm. Know who has access to your data and equipment including your vendor community/3rd parties. Does your 3rd party

use a 4th party? Do you know where they are storing your data, who has access to it, how are they accessing it and how they are protecting it? •

Know what is critical to your operation. The more critical it is, the more important it is to protect it.

Know that NYS Technology Law requires municipalities to have a breach notification policy in place documenting procedures to take in the event there has been unauthorized access of private information compromising the security, confidentiality, or integrity of the information.

Know That You Need to Invest and Dedicate Resources Protection is not free. Yes, there are some services offered by state and federal partners that are, but not everything. You will need to dedicate funding and TIME for employee training – remember they are the gatekeeper. In many cases they are the one that is standing between securing organizational data and allowing malicious actor access to organizational data. Why not train them what to look for? You will need to invest in tools to scan for anomalies. You will need to invest to make sure your systems are updated so that malicious individuals do not take advantage of publicly known vulnerabilities. And there’s more tools, training and policies, but know that you will need to invest for the future of the organization.

Know Where You Are in Your Cyber Journey •

Vulnerability Assessment – if there’s one thing that all counties should be familiar with is the NCSR (National Cyber Security Review), and the CIS Top 18 Controls framework. Both are tools that are easy to use, and a great framework to adopt. It displays your cyber maturity and progress, strengths, weaknesses and areas of improvement.

Remember it’s a journey. The needle will move a little at time, but know that what you do today, will improve your cyber posture for tomorrow.

NYSAC News | www.nysac.org

47


Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Finding Common Ground on Renewable Energy Projects

6min
pages 50-53

County Administrators and Managers Lead

6min
pages 56-60

How we Can Live and Thrive While the Climate Changes

3min
pages 54-55

American Rescue Plan Act

4min
pages 42-43

What the CISO Wants the Executive to Know

4min
pages 47-49

Protecting NY Forests from Invasive Species

4min
pages 38-39

Assessing Climate Vulnerability in Erie County

6min
pages 32-35

The Miners Next Door

3min
pages 44-46

Building Climate Resiliency Along Lake Ontario

4min
pages 36-37

Climate Resilient Farming

4min
pages 40-41

Tri-County EV Shared Services Purchasing Initiative

3min
pages 27-31

Warren County Honored for Being ‘Climate Smart’

2min
page 26

Planning For Net Zero In Your Community

3min
pages 20-21

‘Charging’ Ahead on a Green Fleet in Tompkins County

7min
pages 22-25

Preparing for Climate Change While We Work to Prevent It

2min
page 17

The Pandemic's Impact on County Sales Tax

5min
pages 12-13

Accomplishments, Challenges and Change

5min
pages 10-11

A Make-or-Break Moment to Lead the Green Economy

6min
pages 14-16

Top Environmental Priorities for Counties

3min
pages 18-19
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.