Office of Cyber Security
The Office of Cyber Security (OCS) is responsible for managing all information security related events within the enterprise and ensuring proper administrative and technical controls are implemented to safeguard the State of Missouri’s information systems. OCS promotes and provides expertise in information security management for all state agencies and supports national and local homeland information security efforts.
Chief Information Security Officer
The Chief Information Security Officer (CISO) provides guidance and oversees information security efforts throughout state government. The CISO also manages the Office of Cyber Security.
Security Operations Center
Due to the increased awareness of information security related events and insight into the network and endpoints as the result of expanding its capabilities, OCS has created a Security Operations Center (SOC). The SOC, as the name implies, is responsible for monitoring all information security operations within the enterprise. The SOC is also responsible for managing all information security related incidents for the enterprise, ensuring they are properly identified, analyzed, communicated, remediated, and reported.
The citizens of Missouri benefit greatly from the SOC as the core mission of the SOC is to ensure that citizens’ data remains private and secure. The SOC also mitigates the potential liability caused by data breaches. A single data breach could cost Missouri taxpayers approximately $20-$40 million dollars based on similar sized government breaches and data lost. The SOC also assists in the enablement and continuity of state government processes. The intelligence gathered by the SOC is distributed throughout state government so that appropriate controls and proper threat awareness are achieved. Additionally, the SOC takes action on incidents that could lead to significant downtime if left unattended.
The Security Infrastructure team is responsible for administering the State of Missouri’s network, endpoint, and cloud security controls. The Security Infrastructure team applies industry best practices within day-to-day operations and coordinates very closely with the SOC.
The Audits team manages and coordinates internal and external IT security audit and compliance efforts. The Audits team provides security guidance during the planning, design, and implementation phases of application development.
Guiding Principles of the Office of Cyber Security
- We enable government services, not prevent them.
- We are the protectors and enablers of government services, not the owners.
- We will respond quickly and effectively to all security incidents regardless of the owner.
- We will continuously monitor the efficacy of all existing tools and processes.
- We will heighten the awareness of state government and other supported entities through great communication and education programs.
- The threat intelligence we collect through investigations does not belong to us; it belongs to our close partners.
- Any worthwhile security effort is not a project with an end date; it is a program that lasts indefinitely.
- Technology changes with the needs of business; core security principles rarely do.
- Don't be content with what you know and do today.
- Above all else, have fun; life is short.
Awards and Accolades
The State of Missouri’s Office of Cyber Security is being recognized for its outstanding end-user awareness program that combines short and focused lessons with phishing assessments. The awards ceremony will take place in Scottsdale, AZ.
The SANS Institute calls out Michael Roling for his advancement of security policy in the public sphere.
Missouri has made significant strides tech- and cybersecurity-wise in recent years, and it has three individuals in the C suite to thank: Acting CIO Rich Kliethermes, Deputy CIO Steve Siegler and CISO Michael Roling.
The State of Missouri’s Office of Cyber Security launched a program in May 2016 to identify vulnerable, Internet connected systems belonging not just to state and local governments, but also to businesses, utilities, and academic institutions across the State of Missouri.
The Office of Cyber Security’s Portal was honored with the “Innovation of the Year” award from StateScoop.
The winner of the Overall Excellence in Cyber Security Award has tools and systems in place to prevent and mitigate risks; has established best practices in cybersecurity across their organization; has provided end-user awareness training and certification to ensure that its employees know and support IT security and risk management plans; and has helped their IT security professionals to better address components of their IT security and risk management plans, such as secure coding, vulnerability management and incident response, and computer forensics.