Keeping you Running Part II Developing Your Own

Keeping you Running Part II Developing Your Own Local Government Cyber Security Plans Stan France & Mary Ball stan@co. schoharie. ny. us

Outline • • • Working with municipal boards Working with municipal staff and officials Policies and procedures Gathering information Turning information into plans Initiating changes for continuity and security

Working with Municipal Boards Initial Buy in Talking Points • Continuity • Cases of fire, oil spills, floods • Citizen needs • Cyber security • Information protection – (State Comptroller, E-Ticket) – Personal identity information disclosure law • Public embarrassment • Loss of work time • Cost to repair

Working with Municipal Boards Need for Policy and Procedures • Establish roles when a response is needed • Identify impact of changes on operations – Different personnel – Different operations • Make clear government resource usage

Working With Municipal Staff and Officials • Establish what needs to be accomplished – Continuity – Cyber security • Establish roles for the process – Utilize existing strengths – Coordination – Information gathering

Policies and Procedures • • Model Continuity of Operations Policy Model Continuity of Operations Plan Model Cyber Security Policy Model Acceptable Use Policy

Gathering Information • Basic information gathering form • Remote operations requirements form • Continuity of Operations by Function form

Turning Information Into Continuity Policy and Plans • Model continuity of operations policy – Purpose – Scope – Policy • Model Continuity of operations Plan – Overall responsibility – Priorities – Plans and procedures by function

Model Cyber Security Policy • • • Responsible person Physical protection Access control Information protection Incident reporting Training Media Disposal Acceptable use policy Policy review

Initiating Changes • • Information Security Officer (ISO) role Regular security software updates Regular back-up and offsite storage Annual review