2021-06-16 City Council Item No. 5.2 Information Technology Workplan for Fiscal Year 2021-2022 Presentation Regular MEETING - Additional Meeting MaterialsInformation Technology
Workplan for FY2021-22
June 16, 2021
1
•A rapidly maturing City
•Leveraging technology for service delivery
•New types of high-value information
•Results in an expanding risk exposure
Growing & Changing Requirements
Global Risk Exposure
•Excellent for “start-up”
•Work well within their sphere of expertise/focus
•Some aspects of Government Technology support prohibit
partners –require Agency staff
•“Cloud” solutions are far more difficult to address with partners
•Multiple partners to address totality of need
Vendors carry us only so far
Maturing our capabilities
Help Desk Back-up service SEIM/SOC
as-a-Service
Endpoint Protection
& Patching
Environment MonitoringSecurity & NW
Engineering
City Staff
EnterpriseBack-up service
End-Point
Protection
&Patching
SEIM/SOC +
Vulnerability
Security &
NW
Engineering
Single Partner
Environment
Monitoring & Alerting Audits
City-wide
Cyber-
Awareness
+ Policy/Risk tracking
Enhanced
Cyber-Sec
IT Techs
Service Desk
Agreement
+ separation of
PD / City data
+ Encryption
+ Geo-
Dispersion
+DR/BCP Lite
Agreement
+ 24x7 Log/
Security mon.+Named Team+24x7 Vunlerability
Scan.
+Remediation
Assistance
Solution
TBD
Testing Solution
Lack of
alerting
resulting in avoidable system
outages
EXISTING EQUIPMENT &
COSTS
Now managed by M-IT
Eliminate
single points
of failure
Ensure all licenses active
PARTIALLY
EXISTING
Now managed
by M-IT
No more
unprotected Endpoints
New Cyber-
protections
MDBR,Cal-OES,
Vuln. Mgmt,
DNS-SEC
Known-bad IPs/Domains
Prevents
unintentional
security risks
New Cyber-protections
Minimum
“Standard of
Care”
Validate Cybersecurity Posture &
Investments
New Cyber-protections
Cyber-Awareness
City-widePhishing Tests
Policy tracking
and Cyber-Risk
Management
Previous annual spend: ~$500K
FY2021-22 annual spend: ~$570k
Addresses the gaps introduced by growth in the City
April 28, 2021
Not working as advertisedNot working as advertised Not working as advertised
Not working as advertised
Menifee IT – 2021-22
Not CJIS compliant
Microsoft Office 365
Licensing
Microsoft EA
State License
Compliance
Improve
security,
records
retention,
litigation hold, and manageability
of City’s MS-
O365
environment
Not CJIS compliant
Why do we need to mature?
30-Days of threats targeting one of our sites
SEIM/SOC +
Vulnerability
Security & NW Engineering
Microsoft EAState License
EnhancedCyber-Sec
Audits
City-wide
Cyber-
Awareness
+ Policy/Risk tracking
Why do we need to mature?
30-Days of threats targeting one of our sites
One week of use-generated risk
Legitimate City-business use of City
computers for one-week results in this many
threats generated –not external attacks
•People are the first and last line of defense
•Resources to support a cyber-safe workplace
•Include cyber-safety in system selection and implementation
•Critical in “Cloud” based services
Incidents will occur –Preparation & Response is critical
Building a Cyber-Safe Culture
•Council Chamber Audio-Visual & “Menifee TV” PEG Chanel
•IT Assessment & Strategic Plan
•Delivering the GIS Strategic Plan
•Disaster Recovery/Business Continuity Plan
•City-wide Broadband Plan & Smart City Infrastructure RFP
•Financial System RFP
•Requests from all Departments
Other Major Initiatives