• About GTA
  • Board of Directors
  • GTA Leadership
  • Career Opportunities
• News & Information
  • Headlines
  • IT for State Executives
  • Multimedia
  • GTA in the News
  • GTA Blogs
  • GTA e-Newsletters
• Services
  • Data Sales
    • Bulk Corporations Data
    • Dealer Internet Inquiry
    • Georgia Felon Search
    • LicenseMatch
    • Motor Vehicle Reports
  • IT Infrastructure Services
  • Managed Network Services
  • Professional Services
  • Unified Messaging
    • Unified Messaging FAQs
• Initiatives & Programs
  • State Technology Transformation (GAIT 2010)
    • Contracts Overview
    • Service Management Organization (SMO)
    • Service Transition Planning
    • Assessment Briefings - 2007
    • Procurement Briefings - 2008
    • Definitions of Terms
    • FAQs - GAIT 2010
    • Related GAIT 2010 Documents
  • IT Expenditures Report
  • Wireless Communities Georgia
  • State Portal
• Procurement
  • Hardware Contracts
    • 2-Way Radio
    • Apple Computer
    • Digital Copiers
    • Network
    • RISC Workstation
    • Video Conferencing Equipment
    • WSCA
  • Services Contracts
    • Employee Time and Attendance Management Solution
    • On-Site Computer Equipment Maintenance (PC Maintenance)
    • Two-Way Radio Maintenance
    • Wireless Communications Devices and Services
  • Software Contracts
    • Oracle Enterprise License Agreement
  • All Contracts - Alphabetical Index
• Governance & Planning
  • Enterprise Information Security
  • Enterprise Policy, Standards & Architecture
    • Application Development
    • IT Management
    • Operations
    • Security
    • All Policies and Standards
  • Enterprise Strategic Planning
  • Enterprise Program and Project Management Office
    • Agency Project Requests
    • Project Management Training
    • Project Management Methodology Library
    • Enterprise Performance Life Cycle
    • Project Assurance and Independent Verification & Validation (IV&V)
    • Portfolio Management
• Contact Us
  • Driving Directions
  • Find Your Service Delivery Consultant

Search gta.georgia.gov

Search
Advanced Search

Related Links

• GA-ISAC
• Information Security Policies, Standards and Guidelines

Home > Governance & Planning > Enterprise Information Security

Plans of Action and Milestones

1.   Non-responsive Agency
All 113 organizations will either report or decline to participate by the report due day for FY 2009.

2.   Formalize Participation by Outsourcing Agencies
All outsourcing agencies should have formal agreements for this arrangement or be operating their own security program by June 30, 2009.

3.   Classify Agencies by Impact Categorizations
Agencies should be classified according to the highest impact rating of the systems operated by the agency by March 31, 2009.

4.   Security Awareness Training
Ninety-five percent of all state workers will receive security awareness training by June 30, 2009.

5.   System Inventories
All Complex agencies will provide or update their inventories, including impact categorizations, during FY 2009.

6.   System Security Plans
Seventy-five percent of all high impact systems and 25% of all moderate impact systems will have approved security plans by June 30, 2009.

7.   Desktop Security
One hundred percent of all security plans will expressly address workstation security issues by June 30, 2009.

8.   System Security Assessments
Seventy-five percent of all high-impact systems will undergo independent third-party assessments during FY 2009.

9.   Disaster Planning
One hundred percent of all systems with an availability impact rating of high will have availability or DR plans that support those requirements by June 30, 2009.

10.   Business Continuity Planning Participation
One hundred percent of the agency security activity participation agreements (see Plan of Action and Milestone 2) should explicitly state whether it includes BCP functions by June 30, 2009.

11.   Business Continuity Planning
One hundred percent of the agencies will have a minimal BCP by June 30, 2009.

12.   Incident Response Planning
All agencies with high-impact or moderate-impact information must have approved security incident management and response plans approved by GTA by June 30, 2009.

13.   Strategy
GTA will evaluate the state’s existing security strategy and make adjustments where necessary, including extending it to include four years, by December 31, 2008.

Print this