2020 prioritization of cybersecurity legacy modernization
play

2020 Prioritization of Cybersecurity & Legacy Modernization - PowerPoint PPT Presentation

Mar 20, 2023 •350 likes •827 views

2020 Prioritization of Cybersecurity & Legacy Modernization Projects July 14, 2020 Transforming How Texas Government Serves Texans AGENDA Introductions Background & Purpose Content Overview SPECTRIM Demonstration

  1. 2020 Prioritization of Cybersecurity & Legacy Modernization Projects July 14, 2020 Transforming How Texas Government Serves Texans

  2. AGENDA • Introductions • Background & Purpose • Content Overview • SPECTRIM Demonstration • Process & Submission • Q&A Transforming How Texas Government Serves Texans

  3. INTRODUCTIONS Chief Technology Office • John Hoffman | Interim State CIO, Chief Technology Officer • Krishna Edathil | Director, Enterprise Solution Services • Robert Benejam | Enterprise Architect, Enterprise Solution Services Office of the Chief Information Security Officer • Nancy Rainosek | State Chief Information Security Officer • Matt Kelly | Governance, Risk, & Compliance Program Manager Transforming How Texas Government Serves Texans

  4. Overview & Purpose John Hoffman Nancy Rainosek Transforming How Texas Government Transforming How Serves Texans Texas Government Serves Texans

  5. OVERVIEW Section 2054.069, Government Code entitled Prioritized Cybersecurity and Legacy Systems Projects Report requires the Texas Department of Information Resources (DIR) to report on state agency cybersecurity projects and projects to modernize or replace legacy systems, as defined by Section 2054.571, Government Code to the Legislative Budget Board (LBB) no later than October 1 of each even-numbered year. Transforming How Texas Government Serves Texans

  6. STATUTE Sec. 2054.069. PRIORITIZED CYBERSECURITY AND LEGACY SYSTEM PROJECTS REPORT. (a) Not later than October 1 of each even-numbered year, the department shall submit a report to the Legislative Budget Board that prioritizes, for the purpose of receiving funding, state agency: (1) cybersecurity projects; and (2) projects to modernize or replace legacy systems, as defined by Section 2054.571. (b) Each state agency shall coordinate with the department to implement this section. (c) A state agency shall assert any exception available under state or federal law, including Section 552.139, in response to a request for public disclosure of information contained in or written, produced, collected, assembled, or maintained in connection with the report under Subsection (a). Section 552.007 does not apply to information described by this subsection. Added by Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 12, eff. September 1, 2019. Transforming How Texas Government Serves Texans

  7. PURPOSE • The PCLS Project Questionnaire provides agencies with the opportunity to demonstrate the risks and potential impacts of not funding cybersecurity or legacy systems modernization projects. • DIR will use the responses provided in the PCLS Project Questionnaire along with the Application Portfolio Management (APM) assessment responses of the business applications associated with the project in determining the project prioritization that will be sent to the LBB by October 1, 2020. Transforming How Texas Government Serves Texans

  8. BACKGROUND • Legacy Systems Study, HB 1890 (84R) 2014 • 1 st PCLS (Reported for 85R) 2016 • 2 nd PCLS (Reported for 86R) 2018 • APM Assessments w/ IRDR • 3 rd PCLS ( Reporting for 87R) • PCLS Codified 2020 Transforming How Texas Government Serves Texans

  9. QUESTIONNAIRE COMPONENTS • Part 1: General Information • Part 2: Associated Business Applications • Part 3: Cybersecurity Issues and Controls • Part 4: Legacy Issues • Part 5: Probability Determination • Part 6: Impact Determination • Instructions Document Transforming How Texas Government Serves Texans

  10. General Information Part 1 – All Projects Krishna Edathil Transforming How Texas Government Serves Texans

  11. PART 1 – GENERAL INFORMATION • 18-24 questions • Project Narrative • Project Type • LAR/Funding Information • Project Characteristics Transforming How Texas Government Serves Texans

  12. PROJECT TYPE Cybersecurity Projects must possess at least one of the following criteria: ► The project’s primary purpose must be improving the organization’s cybersecurity or enhancing the organization’s capability to identify, detect, protect, respond, or recover from cybersecurity threats and vulnerabilities. ► The project must have clear objectives that will improve the organization’s cyber maturity as measured in the biennial information security plan. Legacy Modernization Projects must possess at least one of the following criteria: ► The project’s primary purpose must be modernizing the agency’s legacy systems as defined in Sec. 2054.571, Government Code. “Legacy system" means a computer system or application program that is operated with obsolete or inefficient hardware or software technology. ► The project must also be intended primarily to support continued systems currency through monitoring the agency’s application portfolio and IT infrastructure. NOTE: Projects for the 87 th legislature are now either one or the other. Transforming How Texas Government Serves Texans

  13. Related Business Applications Part 2 – All Projects Robert Benejam Transforming How Texas Government Serves Texans

  14. PART 2 – RELATED BUSINESS APPLICATIONS A Business Application name is the high-level label used by an agency to easily identify a group of functions provided by one or more systems to accomplish the specific business needs of the agency. A Business Application is typically a combination of integrated hardware and software (including data and applications), internally developed custom systems, commercial off the shelf (COTS) applications, and/or customized third-party systems. Transforming How Texas Government Serves Texans

  15. PART 2 – RELATED BUSINESS APPLICATIONS Information Resources Application Portfolio Prioritization of Cybersecurity and Deployment Review Management Assessments Legacy Systems Projects March 31 Prior to PCLS Submission Agency LAR Due Date IRDR APM PCLS  Inventory applications  Complete application APM  Associate applications to  Determine applications to assessments as determined relevant project questionnaires assess Transforming How Texas Government Serves Texans

  16. PART 2 – RELATED BUSINESS APPLICATIONS All applications associated with a PCLS project must… 1. have an APM assessment completed within the last four years and 2. have the required fields completed in the application record Directly Related • the business applications related to the project are directly impacted by the project (replaced, modernized, consolidated, improved, etc.). Indirectly Related • the business applications that receive a secondary benefit from the project. Transforming How Texas Government Serves Texans

  17. PART 2 – RELATED BUSINESS APPLICATIONS Transforming How Texas Government Serves Texans

  18. Cybersecurity Issues & Controls Part 3 – Cybersecurity Projects Only Matt Kelly Transforming How Texas Government Serves Texans

  19. PART 3 – CYBERSECURITY ISSUES & CONTROLS Cybersecurity Issues • Narrative of the existing issues, challenges, and future considerations concerning cybersecurity as it relates to the project. What’s the problem? Cybersecurity Controls • Narrative of the current safeguards/countermeasures in place that would lower the probability or lessen the impact of security incidents if the project is not funded. How’s it handled now? Transforming How Texas Government Serves Texans

  20. Legacy Issues Part 4 – Legacy Projects Only Krishna Edathil Transforming How Texas Government Serves Texans

  21. PART 4 – LEGACY ISSUES • 14-16 questions • Modernization Benefits • Cost-Benefit Analysis & Methodology • Modernization Scope (servers & software) • System Characteristics Transforming How Texas Government Serves Texans

  22. COST-BENEFIT ANALYSIS – BUSINESS CASE WORKBOOK Transforming How Texas Government Serves Texans

  23. COST-BENEFIT ANALYSIS – BUSINESS CASE WORKBOOK Transforming How Texas Government Serves Texans

  24. Probability & Impact Determination Parts 5 & 6 – Cybersecurity Projects Only Matt Kelly Transforming How Texas Government Serves Texans

  25. PART 5 – PROBABILITY DETERMINATION PART 6 – IMPACT DETERMINATION 7 questions 8 questions • Threat Capability • Reputational Impacts • Incentive • Operational Impacts • Control Effectiveness • Physical Impacts • Control Reliability • Legal Impacts • Threat Event Frequency • Financial Impacts • Asset Exposure Probability Impact Transforming How Texas Government Serves Texans

  26. SPECTRIM PCLS DEMO Collection Tool Matt Kelly Transforming How Texas Government Serves Texans

  27. Logging in

  28. Navigation

  29. Support Request

  30. New PCLS Record

  31. Delegating a Record

  32. Transforming How Texas Government Serves Texans

  33. Looking up Business Applications

  34. Return to Existing Record

  35. Submitting a Record

  36. Exporting a Questionnaire

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How to Perfect Your Legacy Strategy: A Mainframe Modernization Case Study Galen Silvestri, Senior

How to Perfect Your Legacy Strategy: A Mainframe Modernization Case Study Galen Silvestri, Senior

How to Perfect Your Legacy Strategy: A Mainframe Modernization Case Study Galen Silvestri, Senior Solutions Engineer GigaSpaces October 29 th , 2020 Mainframes Are Here to Stay Assembly of IBM 1401, Circa 1960 COBOL is Still Among Us Reuters

471 views • 19 slides
Predictive Prioritization Focusing On What Matters First Tas Jalali, CISSP, CISM, CEH

Predictive Prioritization Focusing On What Matters First Tas Jalali, CISSP, CISM, CEH

Predictive Prioritization Focusing On What Matters First Tas Jalali, CISSP, CISM, CEH Principal Security Engineer Vulnerability Management In Brief A Assess Legacy and A Modern Assets Remediate Intelligent R Prioritization M R

256 views • 21 slides
MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in

MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in

MARK 10:1-31 SPIRITUAL LEGACY SPIRITUAL LEGACY Legacy in Marriage v. 1-12 Legacy in Children v. 13-16 Legacy in Eternity v. 17-31 LEGACY IN MARRIAGE 2 Schools of thought 1. Rabbi Sammai- Strict interpretation. Divorce only

775 views • 9 slides
KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

7/17/2020 KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing Attacks Malware/Ransomware Hacking Imposter Scams 1 7/17/2020 KACo Cybersecurity Training BEWARE OF Phishing Phishing attacks

248 views • 6 slides
HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT

HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT

HHS // IHS HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT Modernization Project is sponsored by the U.S. Department of Health and Human Services Office of the Chief Technology Officer (HHS OCTO)

712 views • 13 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
BOARD March 17, 2015 AGENDA > Call to Order > HR/P Modernization Update > UW-IT Service

BOARD March 17, 2015 AGENDA > Call to Order > HR/P Modernization Update > UW-IT Service

IT SERVICE INVESTMENT BOARD March 17, 2015 AGENDA > Call to Order > HR/P Modernization Update > UW-IT Service Portfolio Expenditures and Strategic Allocation > UW-IT Project Prioritization Approach Teaching & Learning

720 views • 38 slides
Prioritization 6.0 Workgroup Meeting #8 April 29, 2019 Desired Meeting Outcomes Reach

Prioritization 6.0 Workgroup Meeting #8 April 29, 2019 Desired Meeting Outcomes Reach

Wireless Access: RTPguest (May have to open web browser) Prioritization 6.0 Workgroup Meeting #8 April 29, 2019 Desired Meeting Outcomes Reach consensus on Aviation scoring Reach consensus on Highway Modernization Weights

883 views • 59 slides
IT Project Prioritization February 2020 IT Project Requests Overview 23 Project Requests 11

IT Project Prioritization February 2020 IT Project Requests Overview 23 Project Requests 11

IT Project Prioritization February 2020 IT Project Requests Overview 23 Project Requests 11 - IT Recommended Prioritization 4 - Outside Resource Scope 3 - Educational Technology Services 5 - Withdrawn ITS Committee Recommended

212 views • 8 slides
Steps to better cybersecurity in 2020 1. 1. Sele lect correct tools 2. 2. Monitor 3. 3.

Steps to better cybersecurity in 2020 1. 1. Sele lect correct tools 2. 2. Monitor 3. 3.

Steps to better cybersecurity in 2020 1. 1. Sele lect correct tools 2. 2. Monitor 3. 3. Cross analyse Sprawling Cybersecurity Tools Is Issue More tools, more problems. Companies have between 8 to 30 cybersecurity tools

453 views • 17 slides
Predictive Prioritization Focusing On What Matters First Elena Sergeeva Security Engineer

Predictive Prioritization Focusing On What Matters First Elena Sergeeva Security Engineer

Predictive Prioritization Focusing On What Matters First Elena Sergeeva Security Engineer VULNERABILITY MANAGEMENT TODAY Vulnerability Management In Brief A Assess Legacy and A Modern Assets Remediate Intelligent R

840 views • 19 slides
Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy

Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy

Legacy Yen Tu Live the legacy Deeply rooted in Vietnams history, the Tran dynastys legacy and the spirit of Truc Lam Yen Zen Buddhism, the Legacy Yen Tu is an inspiring journey into the past. It offers travelers a stay filled with storied

688 views • 32 slides
TV Rhienland Cybersecurity Trends 2020 And the case for real-time cyber risk management in

TV Rhienland Cybersecurity Trends 2020 And the case for real-time cyber risk management in

TV Rhienland Cybersecurity Trends 2020 And the case for real-time cyber risk management in operational technology Cybersecurity in Aluminium Workshop February 27 th , 2020 McKinsey Global Institute predicts the global workforce will peak by

481 views • 9 slides
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides
Welcome and Opening Remarks Richard Bailey Assistant Commissioner, DOS March 6, 2020 Agenda

Welcome and Opening Remarks Richard Bailey Assistant Commissioner, DOS March 6, 2020 Agenda

Welcome and Opening Remarks Richard Bailey Assistant Commissioner, DOS March 6, 2020 Agenda Cybersecurity - Foreign Travel - Risk Assessment - Software Cybersecurity Policy - Municipal Cybersecurity Update IT Strategic Planning 2

802 views • 44 slides
Who Gets Hous ho Gets Housing Fir ing First? st? Facilitated Discussion on Prioritization

Who Gets Hous ho Gets Housing Fir ing First? st? Facilitated Discussion on Prioritization

MAY 2019 Who Gets Hous ho Gets Housing Fir ing First? st? Facilitated Discussion on Prioritization following Coordinated Assessment / Validation and Psychometric Testing of the Vulnerability Index Service Prioritization Decision Assistance

538 views • 32 slides
Perturbative Unitarity Constraints On (non-)SUSY Higgs Portals Devin Walker SLAC

Perturbative Unitarity Constraints On (non-)SUSY Higgs Portals Devin Walker SLAC

Perturbative Unitarity Constraints On (non-)SUSY Higgs Portals Devin Walker SLAC arXiv:1310.8286 and in collaboration with K. Betre and S. El Hedri (to appear) A Brief History of New Physics Historically perturbative unitarity arguments

915 views • 80 slides
q P B C A D Figure F.1 (a) Loaded Portal Frame 1 BC BC M M B C BC BC T T B C

q P B C A D Figure F.1 (a) Loaded Portal Frame 1 BC BC M M B C BC BC T T B C

q P B C A D Figure F.1 (a) Loaded Portal Frame 1 BC BC M M B C BC BC T T B C BC V BC V C B CD AB T T C B CD CD V M C AB C V B AB M B F.1 (b) AB CD V V A D AB CD M M A D AB CD T T 2 A D

347 views • 5 slides
Double Drift in DUNE: Ideas for SP vertical drift CERN, 20/6/2019 F. Pietropaolo ThGEM-like

Double Drift in DUNE: Ideas for SP vertical drift CERN, 20/6/2019 F. Pietropaolo ThGEM-like

Double Drift in DUNE: Ideas for SP vertical drift CERN, 20/6/2019 F. Pietropaolo ThGEM-like readout in LAr Motivation: - In the past years a dedicated R&D program was started aiming at replacing the LAr-TPC wire chamber with perforated

438 views • 11 slides
Network Services, over Slic liced Programmable In Infrastructures Prof. Panagiotis Demestichas

Network Services, over Slic liced Programmable In Infrastructures Prof. Panagiotis Demestichas

Framework for the Desig ign, , Development and Orchestration of 5G-ready Appli lications and Network Services, over Slic liced Programmable In Infrastructures Prof. Panagiotis Demestichas Dr. Andreas Georgakopoulos 5G Summit,

768 views • 9 slides
DUNE BSM Group Meeting, April 10 th , 2018 In collaboration with KC Kong, Jong-Chul Park and

DUNE BSM Group Meeting, April 10 th , 2018 In collaboration with KC Kong, Jong-Chul Park and

Doojin Kim DUNE BSM Group Meeting, April 10 th , 2018 In collaboration with KC Kong, Jong-Chul Park and Seodong Shin Summary: Generic BDM Signatures ( ) Elastic scattering (eBDM) (cf. eBDM at DUNE [Necib, Moon, Wongjirad, Conrad ( 2016 );

728 views • 24 slides
Patient Empowerment through eHealth Portal in Bosnia and Herzegovina

Patient Empowerment through eHealth Portal in Bosnia and Herzegovina

Patient Empowerment through eHealth Portal in Bosnia and Herzegovina !"#$%&'$()*+&,"%($&,)-.$+&/$*"0&12#345$%6+&78#2%&9"#6)*+&:)5$%& :$%6)*+&;$%)(25&<$()* &

457 views • 22 slides
7 Chapter 2 Factors: How Time and Interest Affect Money Progressive Example-The Cement Factory

7 Chapter 2 Factors: How Time and Interest Affect Money Progressive Example-The Cement Factory

Chapter 1 Foundations of Engineering Economy 1.1 Engineering Economics: Description and Role in Decision Making 1.2 Performing an Engineering Economy Study 1.3 Professional Ethics and Economic Decisions 1.4 Interest Rate and Rate of Return

1.21k views • 80 slides
Web-Based Information Everyday Activity Systems The Web has primarily been people

Web-Based Information Everyday Activity Systems The Web has primarily been people

Web-Based Information Everyday Activity Systems The Web has primarily been people interacting Fall 2006 with Web applications. CMPUT 410: Web Services What about applications interacting with Web Applications? Dr. Osmar R. Zaane

438 views • 10 slides

More recommend