Information Security Office
The Information Security Office (ISO) is responsible for evaluating and responding to cyber risks to the City’s technical estate.
The ISO, created in 2013, performs enterprise security monitoring and response. The ISO works in a “Shared Services” model, evaluating and addressing risks and vulnerabilities within the City. This model creates a center of excellence within ISO and results in significant operational efficiencies cost savings and risk reduction over department driven responses.
ISOs Key Objectives:
- Develop and enforce an information security strategy, framework, polies and procedures that align City of Chicago business need, legislative and regulatory requirements and industry best practices to deliver best-in-class cybersecurity capabilities
- Assist City of Chicago IT projects and functional areas with the development of efficient processes that are required to meet requirements as defined by the Information Security Office and/or regulatory standards
- Develop and support a NIST 800-53 security, privacy and risk management framework to be used in information security solutions and asset prioritization
- Develop a security awareness program to ensure that City of Chicago users understand their responsibility in protecting City of Chicago assets and information
- Ensure that information security controls assist privacy efforts
- Provide information security consulting and support to City of Chicago agencies in the area of compliance review, requirements definition, security risk assessment/measurement, security architecture and operational processes
- Monitor and measure information security vulnerabilities and incidents and provide timely response to ensure confidentiality, integrity, availability and accountability of City of Chicago
- Communicate the occurrence of significant security incidents, news, Information Security Office decisions and actions with City of Chicago
Perform review of access rights to ensure proper governance and control.
Provide secondary approval and segregation of duties (SoD) to firewall change request process.
Perform review of rules and configuration to ensure proper governance and control
Identify, respond and remediate suspicious or malicious cyber activity.
Build and maintain the City’s Information Security policy set which governs direction and minimum technical requirements
Monitor and Respond to suspicious and malicious network based traffic.
Validate technical security controls through active testing (aka whitehat hacking).
Assess the City’s current risk posture against targeted risk posture. Provide feedback on existing, mitigated and accepted risks.
Review Request For Proposal (RFPs) and Task Order Requests (TORs) partnering with Project and Technical teams to review proposed solutions to ensure alignment to Policies and Best Practices.
Provide security specific awareness and education training to user and technical community.
Constant monitoring and communication of cyber threat landscape and evaluation of internal technical readiness.