The Office of the Chief Information Security Officer (OCISO) is responsible for IT security functions. The Office works with the entire enterprise to establish the best security practices and risk management processes, and deploys strategies aimed at protecting and securing the Commonwealth's data. The Office also plays a major role in promoting security awareness.
Branch Manager: Elwyn Rainer, II
The Compliance Branch participates in 20+ audits annually that have an IT component. This ranges from the annual audits conducted by the Auditor of Public Accounts to audits conducted by regulatory entities such as the Internal Revenue Service and Social Security Administration. Enterprise level audits and those specific to COT are part of the work effort of this Branch. Agency specific audits are billed to the agency at the security consulting rate. This Branch works with agencies to ensure compliance with the Enterprise Control Framework and conducts assessments to measure effectiveness. This Branch drives the enterprise risk assessment conducted bi-annually to ensure ongoing compliance with the NIST framework and industry best practices to develop an ongoing strategic roadmap for security. Development of Enterprise Security Policy and processes are within the scope of responsibility of the Compliance Branch
DIRECTORY SERVICES BRANCH
The Directory Services Branch is responsible for the establishment and management of an enterprise directory infrastructure that will provide effective and efficient state-wide authentication for computing resources. This includes the management of enterprise directory system level policies that ensure the appropriate application of security controls to protect enterprise identities, as well as identity federation to allow the Commonwealth to conduct business and interact with external entities and systems.
FORENSICS INVESTIGATIONS BRANCH
The Forensics Investigations Branch performs analysis of enterprise and agency level security events to determine method of attack and actions taken. This Branch provides feedback to the Security Operations Branch to help develop ongoing protection strategies based on the findings. The Branch gathers information for employee investigations to support personnel actions based on employee acceptable use violations. Investigations with a criminal component are referred to the Kentucky State Police and this Branch coordinates activities with law enforcement. For agencies outside of COT, this is a billable service at the forensic consulting rate. The Branch also conducts activities to pull electronic records for Open Records and Litigation Requests. Information is filtered based on the required criteria and provided to the agency legal counsel for further review and filtering based on sensitivity and applicability. For agencies outside of COT, this is a billable service at the forensic consulting rate.
SECURITY ADMINISTRATION BRANCH
The Security Administration Branch is responsible for the development and management of an Enterprise Identity Management System, which consists of the implementation of Automated and Manual Processes for Provisioning and De Provisioning Enterprise User Identities Including; Active Directory Account, user home folders, Lyne (Instant Messaging and Collaboration), email accounts, organization-based distribution list membership, access to enterprise level applications such as Enterprise Business Intelligence, security forms processing for exemptions, reviews, and assessments, management of multi-factor-authenticators.
SECURITY OPERATIONS BRANCH
Branch Manager: Terry Terrell
The Security Operations Branch is a tactical operations center that provides 24 hour per day monitoring of enterprise sources, to include data center physical security and environmental conditions, infrastructure stability monitoring, security incident monitoring, enterprise security incident management, enterprise risk and threat management, and security architecture and infrastructure management.
Please visit the "Security Services" web page for additional information.