Advisory Services Program

We offer valuable advisory services to state entity information security professionals and enable them to further develop their Information Security Programs and practices.

Overview

The Advisory Services Program offers a variety of services to support the state’s Information Security workforce. These services include consultations, general workshops, pre and post audit workshops, tools, training, and other resources.

Pre-audit workshops

ASP provides pre-audit workshops to assist entities in preparing for the OIS Information Security Program Audit (ISPA) engagement and help them receive the maximum benefit from the audit experience.

We cover details about the audit process, scope, coverage period, documentation requirements, and timeline including field work dates.

Post audit & assessment workshops

ASP establishes ongoing post-audit workshops with entities that have completed an OIS Information Security Program Audit (ISPA) and/or an Independent Security Assessment (ISA) providing guidance and assistance in the remediation of findings and updating RRPOAMs.

These workshops are designed to improve the maturity of entity’s information security & privacy programs and practices as they remediate their ISA and ISPA findings.

The goal is to improve the resiliency and maturity of cybersecurity across California’s state government.

Training

The Advisory Services training program is responsible for the maintenance, operation, and administration of the CA CyberScholar learning management system as well as the delivery and facilitation of the courses for Information Security Officers (ISO) and the security community, including:

  • ISO Standard Training 101
  • ISO Standard Training 102
  • Intensive Workshops
    • Risk
    • Data Classification
    • System Development Lifecycle (SDLC)
    • Independent Security Assessment (ISA) Deep Dive
    • Short-format Lessons on selected topics, such as but not limited to:
      • Password entropy
      • Cipher testing & verification

AgencyNet

The Office of Information Security (OIS) AgencyNet is a SharePoint platform that is used to share sensitive information security resources with government entities.

The resources published on AgencyNet are designed to help

  • Information Security
  • Technology Recovery
  • Privacy Program
  • California Compliance and Security Incident Reporting System (Cal-CSIRS) designees

Resources

Templates

ASP oversees creating and maintaining information security policy and plan templates that are available to the California government information security community on OIS AgencyNet.

These templates are created to provide a baseline on specific information security topics and are designed to ensure all end users and networks within an entity meet minimum information security, data privacy and data protection requirements that are established by the State Administrative Manual (SAM), Statewide Information Management Manual (SIMM) and NIST.

Inter-Agency Security Group (IASG)

The Inter-Agency Security Group (IASG) exists to promote collaboration among information security professionals across the public sector within the State of California.

The IASG is open to anyone in the California state or local government information security community. Membership is not open to vendors.

Requests to join the IASG should be submitted via email to: ciooisadvisoryservices@state.ca.gov

FAQs

How much does it cost to engage with the Advisory Services Program?

There is no charge to state entities for engaging with the Advisory Services Program.

Contact us

Mail
Office of Information Security, California Department of Technology
P.O. Box 1810, Mail Stop Y-01
Rancho Cordova, CA
95741-1810
Email
ciooisadvisoryservices@state.ca.gov