Information Technology Security Policy Revision Overview

1
Information Technology Security PolicyRevision
Overview

• Heidi Whisman, Senior Policy and Information
  Technology Consultant, DIS/MOSTD

2
Policy Revision

• Background
• Changes From Current Policy
• Adoption Contingencies
• Next Steps
• Questions

3
Background

• Adopted in 2000 last revised in 2002
• Changes in IT landscape
• January 2006 recommendation to ISB
• Revision effort began in February 2006
• Presented to ISB November 9, 2006

4
Changes From Current Policy

• Judicial branch removed from Applies To section
• New requirement to submit audit results to ISB
• Revision of exemption for institutions of higher
  education
• Annual certification filing date change
• Washington State Digital Government Framework
  language removed

5
Adopted with Contingencies

• Agreement among the Legislative, Judicial, and
  Executive branches
• To adopt identical policies regarding securing
  information technology assets, and
• That no branch will revise their respective
  policy without agreement from the other branches
• Review of the depth and detail required of
  security audits
• Review of the exemption for academic and research
  applications at institutions of higher education

6
Next Steps

• Follow-up on contingencies
• Review and revise security standards

7
IT Security Policy Revision Overview

• Questions?