Security

About

The Security Office is responsible for establishing and leading cybersecurity strategy designed to ensure reasonable information security while empowering the State’s adoption, integration, and protected use of technology.

Vision

To empower the State of West Virginia’s adoption, integration, and protected use of technology.

Values

Leadership: As the State faces a significant challenge in the arena of cyber security, success will be achieved through empowering leadership.

Knowledge: Cyber security decisions must be based in risk management, ensuring adequate protection without unnecessary waste. Knowledge is the key component of successful risk management.

Service: Cyberspace is a fast-changing environment that requires dedicated experts willing to continually learn, teach, and lead.

Mission

The mission of the Cyber Security Office is to provide leadership, knowledge, and service, in order to safeguard the confidentiality, integrity, and availability of the information and information systems entrusted to the State of West Virginia.

Goals

• Cyber Risk

  • Establish an executive-level cybersecurity steering committee to lead strategic cybersecurity initiatives

  • Implement an enterprise approach to cybersecurity, designed to leverage shared resources and economies of scale

  • Make change recommendations of State law and policy, adapting to the advancing cyber threat, and changing legal landscape resulting from technological advancements

• Cyber Outreach

  • Engage internal and external organizations, both private and public, seeking synergistic partnerships to foster innovation, collaboration, and information sharing

  • Engage Education (K-12 & Higher Ed) to drive further development of cyber education programs designed to develop a cyber workforce

  • Implement a comprehensive cyber outreach program designed to cultivate a cyber-aware culture

• Cyber Protection

  • Adapting to an enterprise approach to cybersecurity, implement standardization policies governing procurement and configuration of broadly used hardware devices and software applications

  • Update cyber access management policies and procedures, by implementing advanced cybersecurity technology

  • Implement a cyber network architecture policy governing designed to standardize configuration and management of the Office of Technology’s network infrastructure

  • Implement the advanced cyber boundary protection plan designed to create visibility and provide control capabilities

• Cyber Operations

  • Engage private and public critical infrastructure partners to develop, implement, and test a cyber disruption response plan

  • Invest technological resources to advance cybersecurity operations into proactive detection and response capability

  • Develop a proactive cyber operations response capability designed to improve the State’s cyber resiliency

Results

• A risk-based approach to cyber security designed to ensure reasonable protection to that what matters most

• A cyber-aware culture prepared and empowered to provide protected digital government services

• To equip the State with the capabilities of supporting and protecting the cyber assets critical to government operations

Security Operations Center

The Security Operations Center (SOC) provides operational security services by proactively monitoring the enterprise for potential cyber threats. The SOC’s services include application layer firewall services, advanced threat detection services, Security Information and Event Management services, endpoint protection services, web filtering services, and investigation services. The SOC is involved in the configuration and segmentation of resources when appropriate (wireless networks) and reviews operational change requests for Networking, EOC, and System Management. The SOC is involved with multiple protocol and configuration enhancements including Sender Policy Framework (SPF) in the mail system, DNS firewall, public DNS migration and GPO configurations with System management group. The SOC processes threat intelligence from multiple sources including DHS, the Fusion center, MS-ISAC, and FireEye to assist in protection. Finally, the SOC serves in a lead role for cyber incident handling, by requesting additional information and providing response guidance.

These areas break down as follows:

• Cyber Security Operations:

  • Application Layer Firewall Services (Palo Alto Networks Next Generation Firewall)

    • Application level filtering

    • Web URL filtering (in development)

    • Port/Protocol monitoring

    • Threat detection, containment, and mitigation

  • Advanced Threat Detection Services (Wildfire)

    • Dynamic threat detection leveraging advanced virtualization techniques used to determine if files or websites pose a malicious threat

  • Security Information and Event Management (SIEM Services)

    • Network monitoring tool

  • Endpoint Protection Services (Microsoft System Center Endpoint Protection)

    • Endpoint malware detection, containment, and remediation

  • Web Filtering Servers (Netsweeper)

    • Provide internet web filtering services

  • Digital Forensic

• Investigations utilize several tools:

  • Internet Evidence Finder

  • Access Data E-Discovery and Forensics

  • Access Data Summation

  • Forensic Falcon Imaging Units (Hardware)

  • Cellular Phone Imaging and Investigation Tools

  • Spector360 –desktop recording

This group can be contacted via email at SOC@wv.gov

CSO – Audit and Compliance “Cyber Admin”

The Cyber Security Office's Cyber Admin Team is a very flexible team that deals with a wide variety of security issues. The goal of the team is to continually audit, assess, and assist WVOT and customer agencies with cybersecurity. The team accomplishes this by maintaining enterprise cyber security policy; conducting audits and risk assessments, providing vulnerability management services; maintaining cybersecurity metrics; and coordinating outreach activities. Additionally, the team works in close coordination with other state offices such as BRIM and the State Privacy Office.

Cyber Risk Assessments and Audits

•Risk assessments and audits are designed to identify areas presenting the highest degree of risk, and where risk mitigation will provide the greatest potential benefit to the Executive Branch. The Audit Program also reviews internal controls within the WVOT operations, and will conduct audits of selected 3rd party providers. Enterprise Policies:

•The WVOT has implemented enterprise-level cyber security policy, for the Executive Branch of West Virginia government. Agencies may establish more stringent policy supplements, but duplication of content should be avoided.

CyberSecurity Training

•The State of West Virginia utilizes a learning management system to deploy required and annual cyber security training to all employees of the Executive Branch. Electronic security tips and awareness training are released on a regular basis.

Vulnerability Management Program

•The Vulnerability Management Program currently scans over 95% of the Executive Branch's systems. Vulnerabilities are identified and agencies are guided on the process to test and update their systems in relation to risk.

Team’s Primary Responsibilities: All team members are responsible for helping with outreach activities. Outreach activities range from hosting conferences; organizing multi-agency group meetings to discuss security issues (GEIST, Cyber Counsel, etc.); presenting at conferences and agency events; and participating at cyber events.

This group can be contacted via email at WVOTITAudit@wv.gov