1

Guide to Cybersecurity and Information Security

#FFFFFF

What is my role in cybersecurity?

When online, keep this in mind: Stop. Think. Connect.

 Stop for a moment.

 Think about how you will take care of your information and personal data before acting.

 Connect responsibly.


Executive Branch Technology Users

Understand cybersecurity requirements and the state’s acceptable use policy and ensure you report any suspected cybersecurity incidents to the OIT Service Desk.

How We Can Help You


Leadership

Security is everyone’s responsibility but is most effective when a commitment to cybersecurity is demonstrated to be coming from department and agency leaders. Know what you can do to ensure the systems and people you are responsible for leading are secure and that security is top of mind for all planned changes.

How We Can Help You

  • Audit support - Learn about compliance requirements and get guidance on what to expect during audits
  • Risk assessment and management - Get a risk assessment against critical and essential systems 
  • Compliance services
  • Security risk management framework

Contact: Jane Rosenthal at jane.rosenthal@state.co.us


Product and System Owners, Project Managers, Business Analysts, Vendor Partners

Know what cybersecurity (Compliance) requirements and controls are for existing and planned systems and ensure those requirements are being met by each person or team for the systems being worked on. Work with the OIS team to understand all requirements and options and partner to ensure all involved stakeholders understand and can adhere to cybersecurity requirements.

How We Can Help You

  • Security standards and policies
  • Audit support - Learn about compliance requirements and get guidance on what to expect during audits
  • Risk assessment and management - Get a risk assessment against critical and essential systems 
  • Compliance services
  • Security risk management framework

Contact: Jane Rosenthal at jane.rosenthal@state.co.us


System Administrators, Application Developers, Cloud Infrastructure Administrators

Work in collaboration with OIS to understand and follow all applicable cybersecurity policy as it relates to the systems they support.

How We Can Help You

  • Architecture and design validation and consultation
  • Secure application architecture design and consultation
  • Web application security architecture design and consultation
  • Secure infrastructure architecture design and validation (CIS controls and system hardening) 
  • Firewall change requests - project and operational security risk assessment

Contact: Mohamed Malki at mohamed.malki@state.co.us


Technology Purchasers & Procurement Services

Partner with OIS to understand technology purchase requirements and how to stay compliant.

How We Can Help You

  • Contract language review and requirements documentation for contracts, statements of work and amendments

Contact: Jane Rosenthal at jane.rosenthal@state.co.us


Local Governments

Local, county and state governments maintain an enormous amount of personal data and records on their citizens in order to provide the services the citizens depend on, as well as confidential government information, making them frequent targets.

Yet many government entities are challenged with insufficiently secured infrastructure, lack of awareness, and competing funding and resource priorities. Better security helps government bodies provide reliable services to the public, maintain citizen-to-government communications, and protect sensitive information. 

How We Can Help You

Here are some free or low-cost resources to help: Security Guidance and Resources for Local Governments (PDF). 


Everyone

It’s important for everyone to recognize the different types of risks that exist in the online world.


Phishing: Phishing uses email or malicious websites to solicit personal or financial information. This can take the form of an email, seemingly from a reputable credit card company or financial institution, that requests account information. When users respond with the requested information, fraudsters can use it to gain access to the accounts. Do not open messages or attachments from unknown sources. Use spam filters to prevent unwanted and dangerous email.


Spyware: The two important things to know about spyware programs are that 1) they can download themselves onto your computer without your permission when you visit an unsafe website and 2) they can take control of your computer. Keep your computer up to date—especially your operating system, web browsers, and antivirus/anti-spyware protection.


Password protection: Choose strong passwords that are not easy to guess. Avoid your address, pet’s name, or a child’s name. Think of creating a password by using the first letter of each word of a favorite saying. Substituting capital letters and/or numbers for some of those letters will strengthen the passwords even further. Make sure to change your passwords regularly. 


Social media: Although social media can be a fun experience and can help you stay connected, it can also create an opportunity for information leakage or even compromise personal identity and safety. Be smart with your identity on social media sites. Make sure to review and use privacy settings. Keep all tagged photos private. Do not share information that can help people steal your personal identity.


Plan ahead: Prepare for worst-case scenarios. Keep copies of family photos. Review financial and personal credit records on a regular basis. Backup critical data. Have a fall-back plan for businesses, schools, and government bodies. 


How We Can Help You