Information Security Office
Our Mission
The mission of the Information Security Office (ISO) is to provide leadership in the development, delivery, and maintenance of an information security program by safeguarding the state's information assets against unauthorized use, disclosure, modification, damage, or loss to support Colorado’s mission to provide secure and sustainable services.
The ISO is directly aligned with the goals and objectives of nationally recognized security organizations to protect Colorado's information, IT technology and systems. Working closely with federal, state, local, and private sector partners, the OIS actively gathers and analyzes information on cyber threats and vulnerabilities that present risk to the state's information systems or the critical information managed within.
Core Services
Security Architecture
The Security Architecture team produces and adopts security technology standards, Application Security architecture and best practices, IT Infrastructure architecture, and design.
What We Do
- Architecture and design validation and consultation
- Secure Application architecture design and consultation
- Web Application security (Owasp Foundation) architecture design and consultation
- Secure Infrastructure architecture design and validation (CIS Controls and system hardening, CIS Center for Internet Security)
- Firewall Change Requests
- Project and Operational Security Risk Assessment
Contact the Security Architecture Team: Mohamed Malki at mohamed.malki@state.co.us
Security Risk and Compliance
We assist consolidated state agencies to identify, manage, and reduce risk to the state. We also help agencies and OIT internal teams to understand their compliance requirements for systems and data and work with outside auditors.
What We Do
- Metrics and Reporting
- Audit Support - Educate agency customers on compliance requirements and provide guidance on what to expect during audits
- Risk Assessment and Management - Perform risk assessments against critical and essential systems for agency customers
- Compliance services
- Security Risk Management Framework
Contact the Security Risk and Compliance Team: infosec@state.co.us
Security Governance
The Security Governance team advocates for and communicates security policy on behalf of the Chief Information Security Officer. We also ensure cybersecurity awareness training including workshopping incident response tabletop exercises, and security program strategic planning.
What We Do
- Colorado Information Security Policies - Glossary of Terms (PDF)
- Enterprise Cyber Security Planning
- Security consultation and alignment of resources
- Process Documentation
- Security Awareness Training for State Employees (SOC Learns) and for Vendor Partners (Colorado Cyber Training)
- Incident Response Planning/training - Table Top and technical IR exercise mentoring and proctoring - Incident Response Template (PDF)
Contact the Security Governance Team: infosec@state.co.us
Our Leadership
Jill Fraser
Chief Information Security Officer
Jill Fraser joined OIT as the Senior Director of Security Operations in January 2023, was appointed interim Chief Information Security Officer (CISO) in September 2023, and then was named the state's CISO in February 2024. Believing we are only as successful as the relationships we foster, Jill advocates for cross-organizational collaboration and the development of programs that improve the collective ability of governments to secure their data and services.