The Security Program is based on the National Institute of Standards and Technology (NIST) Framework to form 5 Pillars:
Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
Develop and implement appropriate safeguards to ensure delivery of critical services.
Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Security Operations primary responsibility is to select, maintain, and monitor the tools that identify and defend against threats to the organization’s information systems. That includes participating in the identification of threats, the management of vulnerabilities, and the response to security incidents.
Information Assurance supports Travis County justice, health, and safety services systems by defining the level of security controls to protect systems and information against unauthorized access, disclosure, modification or destruction, whether accidental or deliberate, as well as assure the confidentiality, integrity, and availability of information.
The TRAVIS COUNTY INCIDENT RESPONSE PLAN documents the policy, procedure and response in detail.
WHAT is an incident and WHY report it?
An IT security incident includes suspected activity with:
We can help resolve an incident and aid in the recovery of accounts, data assets and/or mitigate the risk impacts to them.
Travis County falls under several electronic data regulatory and standards regimes, it is Travis County policy to report IT security incidents; see TC-ITS-125, Security Incident Procedures Policy
HOW TO REPORT
Report security incidents as soon as possible to the ITS Helpdesk
If aspects of the incident pose physical danger, call 911 to contact law enforcement authorities immediately.
Phone: 512-854-9175
Email: ITS.Helpdesk@traviscountytx.gov
Web: Online request form (in-network)
Newsletters, safety tips, and optional video shorts are provided below to level-up cyber security knowledge and awareness.
STOP | THINK | CONNECT SAFETY TIPS:
KEEP A CLEAN MACHINE
PROTECT YOUR PERSONAL INFO
CONNECT WITH CARE
BE WEB WISE
BE A GOOD ONLINE CITIZEN
OWN YOUR ONLINE PRESENCE
PHISHING CAMPAIGNS
Information Security regularly conducts phishing campaigns with fake/test phishing emails to both gauge and improve the security awareness of Travis County employees. Below is a sample test that was issued in 2023.
TEST PHISHING EMAIL: | WHAT SHOULD YOU DO? | WHAT YOU WOULD SEE: |
Report the Phish! |
IF you clicked the link, you would see the following page: |
|
WHAT TO LOOK FOR: |
IF you click "Report Phish" in Outlook, you see a pop-up: |
2024 Scoreboard
Below are the phishing campaign results conducted in 2024 across all departments.
QUARTER | EMAIL RESPONSE % | OVERALL ACTIONS TO PHISH % |
Q2 | ||
Q1 |
NEWSLETTER & OPTIONAL TRAINING:
Email or Print out these posters and Newsletters to help staff stay informed of cyber security related topics.
Optional video and other related cyber training shorts are available to aid in improving staff knowledge.
! ** NOTE ** These links WILL take you externally to KnowBe4.com, just enter your work email to enter ---- !
CYBERSECURITY AWARENESS MONTH 2023 WINNERS
Contact kai.joe@traviscountytx.gov to schedule a meetup at the office to get your prize!
Congratulations to the following winners:
WEEK | CHALLENGE MODULE COMPLETED | WINNER |
---|---|---|
1 | Data Protection: Introduction to Data Protection | Nohelia Villeda |
2 | Ransomware: Beating Ransomware | Rachel Deleery |
3 | Social Media and AI: QR Codes, Spotting a Deepfake | Yarelyn Perez |
4 | You Can Make a Difference: Security Culture and You | Gaby Villatoro |
2024 SCORECARD
2023 SCORECARD
Health Information Portability and Accountability Act of 1996 (HIPAA)
The HIPAA Act requires the protection and confidential handling of protected health information.
The State of Texas has expanded requirements for the protection of personal identifiable health information beyond HIPAA.
Justice and Public Safety Information Protection
The FBI and the Texas Department of Public Safety requirements regarding the protection of CJIS systems and information assets.
Payment Card Industry (PCI)
Contacts
Information Security provides the following guidance aligned with NIST Special Publication 800-53, Revision 5: Security & Privacy Controls for Information Systems & Organizations. (NIST SP 800-53 Rev.5).
Control Code | Control Name | PolicyTech (New CMS) |
---|---|---|
AC | Access Control | 282 |
AU | Audit and Accountability Control | 280 |
AT | Awareness and Training Control | 283 |
CM | Configuration and Management Control | 284 |
CP | Contingency Planning Control | 278 |
IA | Identification and Authentication Control | 285 |
IR | Incident Response Control | 277 |
MA | Maintenance Control | 287 |
MP | Media Protection Control | 288 |
PS | Personnel Security Control | |
PE | Physical and Environmental Protection Control | 290 |
RA | Risk Assessment Control | 291 |
CA | Security Assessment and Authorization Control | 292 |
PL | Security Planning Control | 293 |
SR | Supply Chain Risk Management Control | 294 |
SC | Systems and Communications Protection Control | 295 |
SI | System and Information Integrity Control | 296 |
SA | System and Services Acquisition Control | 297 |
The Information Security Program directly and in-directly achieves the framework guidelines following set goals and initiatives.
Read more about the Information Security Program and your Accountability and Responsibility here at the County.