In Part 1 of the Demystifying Cal-Secure series, we understood when Cal-Secure is needed, who it applies to and so on. Now let us move to what it entails: Cal-Secure covers the people, processes, and technology that must be addressed by the executive branch.
Cal-Secure is designed to be utilized by state government agencies and entities in the development of their individual strategies and roadmaps based upon high-level priorities that will provide the tactical and operational means. This approach allows all state departments to prioritize efforts to improve security maturity regardless of their existing baseline capabilities.
People – Expand training for existing resources and/or get additional resources from outside consultants as appropriate. As an agency AIO, using the baseline, you will be able to develop clearly defined job roles, job categories, knowledge, skills, and abilities that are fundamental to a modern cybersecurity talent.
Process – Cal-Secure outlines a hybrid model that uses an empowered agency level governance structure, along with oversight by OIS. New cybersecurity and privacy policies, processes, and decisions made at the agency level are communicated and applied at the entity level.
The goal of the continuous Oversight Lifecycle is to ensure that all entities finish better than when they started in both cybersecurity maturity and organizational risk mitigation.
Technology – Cal-Secure focuses not only on reducing risks to existing systems and networks, but also on ensuring security is built into the innovation and modernization of future state efforts. It eliminates the use of unsecure technology.
Measuring progress is a key component of California’s Executive Branch Security roadmap. All initiatives and priorities in Cal-Secure directly align with the OIS Foundational Framework (Statewide Information Management Manual (SIMM) 5330-B), and the California Cybersecurity Maturity Metric (SIMM 5300-C), and the California HSS.
Anvaya Solutions is uniquely positioned to provide the cybersecurity services. Anvaya is a woman owned small business and counts multiple state agencies amongst its clientele, including Franchise Tax Board, Cal Dept of social services, California Student Aid commission, Department of Motor Vehicles, Public Employment Resources Board and California Department of Technology among others. No job is too big or too small for the cyber security experts at Anvaya Solutions. They can tackle and provide a practical remediation to any job assigned to them.