Back to Calendar
Return
|
|
Consent-General Government   # 16.
|
Board of Supervisors |
General Services   |
|
|
Subject |
Consider approval of the 2019 Yolo County Information Security Policies which supports the Information Security Program that was adopted by the Yolo County Board of Supervisors in 2018. (No general fund impact) (Yarris/Gerney) |
Recommended Action |
- Consider approval of the 2019 Yolo County Information Security Policies; and
- Direct the General Services Director and the Chief Information Security Officer (CISO) to develop associated protocol, procedures, and processes, aligned with these best practice security policies, as a technical roadmap towards making the County more secure while protecting its technology assets, data, and information.
|
Strategic Plan Goal(s) |
Operational Excellence
Advance Innovation
Safe Communities |
Reason for Recommended Action/Background |
Information security policies are the cornerstones of an Information Security Program. Chasing after vulnerabilities is a far less effective approach than proactively protecting and safeguarding against them. Providing your employees and organization with the correct policies and procedures of what is expected of them in their operational and strategic activities allows them to be prepared and proactive while reducing personal liability and risk.
In 2018, Yolo County adopted the "Yolo County Information Security Program" that was based on the best practice information security framework that was developed by "The California County Information Services Directors Association (CCISDA) Information Security Forum (ISF)." The ISF also provided a best practice ‘Countywide Information Security Policies’ framework to address the modern threat landscape and to be compliant with current Federal and State standards. It is with this recommendation, as deemed appropriate by the County IT Director and Chief Information Security Office (CISO), that Yolo County internally adopt these policies and develop a roadmap towards making the County more secure in regards to protecting its technology assets, data, and information.
These policies will assist the Yolo County Information Technology Division in establishing proven industry standards for policy implementation, and allow for the consistent procedures for use of the corresponding IT assets. They will also allow the county to harden (secure and make readily available) the County’s IT infrastructure from errors and omissions, internal and external threats and malicious code. |
Collaborations (including Board advisory groups and external partner agencies) |
The "Yolo County Information Security Policies" framework was developed collaboratively through the efforts of the Information Security Advisory Committee, the Information Technology Executive Council, as well as various key department representatives across the County. The security policies were also posted on our internal website for review and feedback by all department leaders.
Other collaborations include but are not limited to DFS, County Counsel, County Administrator's Office, and the General Services Department. |
|
Fiscal Impact |
|
Source of Funds for this Expenditure |
|
Explanation (Expenditure and/or Revenue) |
Further explanation as needed: |
No general fund impact. |
|
|
|