About the Office of the Chief Information Security Officer (OCISO)
David Carter
Chief Information Security Officer
Robert Brooks
Deputy Chief Information Security Officer
The Office of the Chief Information Security Officer (OCISO) is responsible for IT security functions. The Office works with the entire enterprise to establish the best security practices and risk management processes, and deploys strategies aimed at protecting and securing the Commonwealth's data. The Office also plays a major role in promoting security awareness.
RISK MANAGEMENT BRANCH
The Risk Management Branch (RMB) is responsible for assisting with the identification and reporting of risks that pose security threats to both agency and enterprise systems and infrastructure. This branch ensures continued compliance with the National Institute of Standards and Technology (NIST) security control family framework, industry best practices, and assists in the development of an ongoing strategic security roadmap to improve the Commonwealth's enterprise security posture as a whole. The services offered by this branch are: Penetration Testing, Automated Web Application Testing, Enterprise Vulnerability Management, and Agency-Specific Phishing Simulations.
DIRECTORY SERVICES BRANCH
The Directory Services Branch is responsible for the establishment and management of an enterprise directory infrastructure that will provide effective and efficient state-wide authentication for computing resources. This includes the management of enterprise directory system level policies ensure the appropriate application of security controls to protect enterprise identities, as well as identity federation to allow the Commonwealth to conduct business and interact with external entities and systems.
FORENSICS INVESTIGATIONS BRANCH
The Forensics Investigations Branch performs analysis of enterprise and agency level security events to determine method of attack and actions taken. This Branch provides feedback to the Security Operations Branch to help develop ongoing protection strategies based on the findings. The Branch gathers information for employee investigations to support personnel actions based on employee acceptable use violations. Investigations with a criminal component are referred to the Kentucky State Police and this Branch coordinates activities with law enforcement. The Branch also conducts activities to pull electronic records for Open Records and Litigation Requests. Information is filtered based on the required criteria and provided to the agency legal counsel for further review and filtering based on sensitivity and applicability. For agencies outside of COT, this is a billable service at the forensic consulting rate.
SECURITY ADMINISTRATION BRANCH
The Security Administration Branch is part of the Office of the Chief Information Security Officer within the Commonwealth Office of Technology. The branch consists of the Mainframe Security team and Identity and Access Management Security team. The Security Administration Branch responsibilities are for the development and management of an Enterprise Identity Management System, which consists of the automation and manual process of provisioning and de-provisioning Enterprise User Identities including, User Active Directory Network Accounts, User Home Folders, and User M365 Cloud Mailboxes to agencies of the Commonwealth of Kentucky. In addition, the Mainframe Security team provide comprehensive security administration for user identity management, audit support, and access management to a variety of the Commonwealth's agency applications hosted on the Mainframe.
SECURITY OPERATIONS BRANCH
Branch Manager: Vacant
The Security Operations Branch is a tactical operations center that provides 24-hour per day monitoring of enterprise sources, to include data center physical security and environmental conditions, infrastructure stability monitoring, security incident monitoring, enterprise security incident management, enterprise risk and security architecture and infrastructure management.