So what is the State of Colorado doing to stay on top of this?
Secure Colorado is a multi-year phased plan focusing on the 20 Critical Security Controls and other security improvements to reduce risk across the state. The plan is based on a layered security approach, and Colorado is one of only two states to have demonstrated a “solid and robust” understanding of the importance of integrating cyber security in their strategic IT plans.
What have we done so far?
The first two years of Secure Colorado focused on:
- Alignment of the team to proactively address security and manage risk
- Establishment of a risk and audit committee to perform risk assessments, track risks, and manage security in a consistent manner across all agencies
- Remediation of audit findings
- Implementation of the “first five” critical security controls resulting in an inventory of connected devices and deployed software, as well as an estimated 75 percent reduction in malware events
- Establishment of metrics
- Implementation of next generation firewall technology for better filtering for individual agency needs and to provide increased visibility and automated prevention for advanced threats
- Creation of a SECURE system development life cycle (S-SDLC) for application code reviews at appropriate times in the implementation and change process
As a progressive and innovative state, our security team continues to evolve and embrace new technologies. Coloradans are demanding mobile applications, social media interaction and other new ways of interacting with state government — and we have to include security in these innovations from the very beginning in order to stay ahead of attacks.
Here’s what we have coming up with Secure Colorado:
- Continuing to implement detective and preventative tools
- Training teams to respond quickly to contain ANY type of event
- Implementing and refining tools to filter security events through intelligence information — so that we can more quickly identify targeted attacks
- Creating the next iteration of Secure Colorado to ensure that the state continues to improve security
Want to know more about Secure Colorado?
Join me and Rick Howard, Chief Security Officer for Palo Alto Networks, for a free webinar — A Safer Colorado through Security Excellence — Thursday, May 21, at 12 noon MDT.
|Debbi Blyth: Chief Information Security Officer. Colorado native (almost!), beach lover, deep sea diver, Sunday school teacher. I'm the queen of keeping Colorado safe online. Find me on Twitter at @debbiblyth.|