Foiling Attacks With Policy

Hopefully you have heard of the Information Technology Security Policy (ITSP), but do you know why it's so important? The ITSP provides the backbone for our State cyber security. Each policy within it is based upon three principles.

• Confidentiality ensures that individuals can only view information pertinent to their defined responsibilities.
• Integrity ensures the consistency, accuracy, and trustworthiness of information. 
• Availability ensures that the technology infrastructure and the services built upon that infrastructure are not intentionally disrupted, and are available for use in a dependable and reliable manner.

Last year the State suffered more than 13 million cyber security attacks. The ITSP provides us with one of the first lines of security defense by establishing the rules that ensure security controls are implemented properly. These security controls make sure that government data is protected no matter where it's housed. Did you know that the State has over 200 internal applications that contain high impact Personally Identifiable Information (PII) or Personal Health Information (PHI)? This makes each one of those 200+ applications a high value target for attackers.

Information is a valuable asset. Last year the average cost of a public-sector data breach was $110 a record, with the average data breach size at over 28,500 records. This means that just one average size breach can cost millions.

To safeguard the State from this type of breach, the ITSP provides a way to achieve consistent and complete security across all the State technology infrastructure.

You can find the ITSP on your desktop, or by clicking here.