The Office of Information Security (OIS) is a component of the Enterprise Governance and Planning (EGAP) division of the Georgia Technology Authority (GTA). It operates in a similar manner to a central information security program as defined by the National Institute of Standards and Technologies (NIST), Special Publication 800-12, An Introduction to Computer Security: The NIST Handbook. Each agency of the state is required to run its own information security program in compliance with the information security policies and standards issued by GTA. To assist the agencies with this responsibility, OIS performs the following activities.
Education, Training, and Awareness
In coordination with the University System of Georgia (USG), GTA has developed a training program for agency information security staff. These classes are delivered by USG on a rotating basis and prepare the security staff to create and operate an information security program. In addition, OIS works with the agencies to develop security awareness training programs and to educate agency leadership about information security issues and responsibilities.
Policies, Standards, and Reviews
GTA has adopted the security requirements created by the Federal Information Security Management Act (FISMA) of 2002 and the FISMA Implementation Project conducted by NIST. GTA's policies and standards were developed in accordance with FISMA, and OIS conducts information security program reviews to help agencies identify and remediate deficiencies. The goal is to work with the agencies to develop appropriate security controls in protection of their IT systems.
As agencies work to improve their information security posture, they may require knowledgeable assistance. OIS has a small, experienced staff that will work with agencies on limited engagements. If an agency requires more services that OIS can offer, OIS maintains pre-negotiated contracts with best-of-breed information security vendors.
The Georgia Information Sharing and Analysis Center (GISAC) is Georgia's fusion center. Its stated mission is "...to serve as the state's focal point for the collection, assessment, analysis, and dissemination of terrorism intelligence relating to Georgia". OIS has joined this collaborative effort and will provide cyber analyst functions to support this mission.
For more information about these topics, see the following links or contact the Office of Information Security at firstname.lastname@example.org.