Working together to reduce the risk of a data breach
State and local governments must prepare for the worst
Across the U.S., more than 94 million citizens' records, under the care of government agencies, are estimated to have been lost or breached since 2009. Multiply this figure by $194, which is the average cost per compromised record for organizations in the United States, according to the Ponemon Institute's Annual Study, and the numbers become astronomical: nearly $18.2 billion dollars' worth of damage.
The extraordinary amount of personal data collected by public entities makes them attractive targets for cybercriminals and hacktivists, and they face risks from simple human error and disgruntled employees. Unfortunately, the cybersecurity posture of governments is typically lower than commercial enterprises.
The Cyber Oregon initiative is an effort to help government organizations across the state get access to the information and resources they need to safeguard citizens’ data – from undertaking risk assessments, increasing stakeholder collaboration and investing in cybersecurity talent.
Gary Johnson, Chief Information Security Officer, State of Oregon
Gary has over 25 years of experience in technology management and overseeing teams of managers, technical, and non-technical staff. He has a solid background in network administration and security, application development, and managing global and domestic teams. Gary has spent the last 10 years in the public sector with the State of Oregon and is currently the Department of Revenue’s Chief Information Officer and Division Administrator, an organization of over 200 staff. Gary’s state experience also includes working for Enterprise Technology Services (ETS) where he had the opportunity to establish positive connections with many of Oregon's State agencies. He also spent some time with the Oregon Youth Authority as interim CIO.
Governor Kate Brown’s Executive Order 16-13, “Unifying Cyber Security in Oregon” (EO 16-13) and SB 90 (2017) represent a fundamental shift in how the state of Oregon approaches IT security. The Enterprise Security Office (ESO) is responsible for enterprise security policy, security monitoring of the state network, enterprise incident response, and enterprise security architecture, as well as dissemination of security training, policy, and best practices across state government.
MS-ISAC (Multi-State Information Sharing & Analysis Center)
A focal point for cyber threat prevention, protection, response and recovery.
FBI Cyber Investigations
Information and resources from the FBI on fighting cyber crime.
NASCIO (National Association of State Chief Information Officers)
Resources on cybersecurity awareness and more.
Stop. Think. Connect.
Cybersecurity information from the U.S. Department of Homeland Security.
Cybersecurity information from the U.S. Computer Emergency Readiness Team
smartphones, laptops, and tablets. This includes locking your computer when you step away from your desk at work. You may not always know the people walking around your office and what their intentions are. Encrypt data and use two-factor authentication where possible.
2. Regularly scan your computer for viruses and spyware and keep your software up to date.
3. Dispose of sensitive information properly and according to your organization’s policies.
4. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
5. Take advantage of cybersecurity training offered by your department or agency.