Sunday, April 23, 2017

Information Security Office (ISO)

The Information Security Office (ISO) is responsible for providing overall network and data security for the County of Riverside which is based on business requirements and State/Federal Statutes. The goal of the ISO is to eliminate external attacks to our networks and to minimize internal data leakage and service/network disruptions that will result in a seamless and transparent service.

Following are ISO core services:

  • Governance
    • Information Security Policy, Standards, Specifications, Guidelines, Training, Education, and Awareness

  • Risk
    • Security Risk Analysis and Assessment, Vulnerability Assessment Scanning and Reporting, Application Security and System Penetration Testing

  • Compliance
    • Board of Supervisors Policies A-50 and A-58, California Breach Notification Law (Civil Code Sections 1798.29 and 1798.82), Department of Justice (DOJ) Criminal Justice Information Services (CJIS) Division and California Law Enforcement Telecommunications System (CLETS) Policies, Payment Card Industry Data Security Standard (PCI DSS)

  • Security Monitoring
    • Anti-Malware System, Centralized Log Management System, Cyber Attack and Threat Detection System, Data Leakage/Loss Prevention System, Email Security (SPAM and Phishing), Internet Access, Intrusion Detection and Prevention Systems (IDS/IPS), Physical Access Control Systems, Remote Access/Virtual Private Network (VPN) Systems, Security Information and Event Management (SIEM) System, Patch and Vulnerability Management Systems, Wired and Wireless Network Access Control Systems, Video Surveillance Systems

  • Incident Response
    • First Responders for Cyber Security Breaches/Incidents, Business Continuity and Disaster Recovery Planning, Tabletop Exercises

  • Digital Forensics & eDiscovery
    • HR Investigations, Public Records Requests, Legal Holds, eDiscovery Requests, Digital Forensics Incident Response (DFIR)

Field level help.