GTA's Office of Information Security (OIS) strives to continuously improve, advance and mature the overall security posture of the state of Georgia. We aim to ensure the trust of Georgians by:
- Providing statewide cyber strategic direction and leadership in the protection of the state's information assets.
- Safeguarding the confidentiality, integrity and availability of state systems and applications.
- Fostering a culture of security awareness throughout Georgia state agencies.
Our vision is to be a nationally recognized leader in information security and privacy protection for the state's information assets, whereby all citizens and state employees can work, learn and confidently utilize the Internet and Georgia's online services.
What we do
Under the leadership of State Chief Information Security Officer Stanton Gatewood, OIS operates in a manner similar to a central information security program as defined by the National Institute of Standards and Technologies (NIST), Special Publication 800-12, An Introduction to Computer Security: The NIST Handbook.
In our commitment to secure the state's information assets to build and maintain the trust of Georgians, we collaborate with federal, state, local and private-sector partners in the areas of governance, risk management, security education, awareness and preparedness to offer the following core proficiencies:
- Security Governance
- Strategic Planning
- IS and ITSec Policy and Compliance
- IT/IS Risk Management
- Security Awareness, Training and Education, Professional Development and Cyber Workforce Development
- Continuity of Operations Planning (COOP)
- Cyber Fusion and Threat Information
- Cybersecurity Consulting and Advisory Services
- Support of the Governor's Cyber Security Board
Each state agency is required to run its own information security program in compliance with the Information Technology Policies, Standards and Guidelines issued by GTA. Service offerings are described in our Services Catalog.
OIS is comprised of two departments: (1) Cyber Fusion and Threat Information and (2) Risk Management Consulting.