With over 31 terabytes of data and more than $3.3 trillion in cash management processed through the system each year, the security of the Financial Information System for California (FI$Cal) data and systems is a top priority within the department. The Department of FISCal continues to work to protect this vital data by aligning with the Governor’s recently announced Roadmap to Cyber Security, Cal-Secure, and by maintaining a team of experts, including a new chief of information security, to ensure the security and integrity of the state’s data.
Cal-Secure acts as a guideline for all departments, providing both a method and a vision to address gaps in the state’s information and cybersecurity programs, while ensuring the state can manage existing and future threats more effectively. This roadmap outlines a way for departments to strengthen their cybersecurity measures, and uplifts and prioritizes important resources available to manage risk and safeguard services for Californians, customers and end users.
With the announcement in December of Ken Ketsdever as our new Chief of Information Security, FI$Cal is focused on implementing a multi-layered approach to cyber and information security, and continuing to align itself with the Governor’s agenda.
“Cal-Secure provides year by year baselines for state entities to reach that will facilitate an overall maturation of the state’s cybersecurity posture. This increased awareness and guidance provides the groundwork for a collaborative effort to improve the state’s ability to protect our citizen’s data and the state IT infrastructure,” Ketsdever said.
The Cal-Secure plan identifies three primary categories: people, process, and technology. “People” focuses both on developing a world-class cyber security workforce, and ensuring staff at all levels are trained and prepared in the newest tactics, in order to recognize and avoid threats. “Process” focuses on creating a hybrid governance structure, that balances a centralized and federated system, which will encourage both collaboration and communication among California’s cybersecurity leadership, and the development of strategic plans at all levels throughout the state. “Technology” focuses on ensuring a baseline of technical capabilities across the state, modernization of legacy processes and systems, and collaboration among departments to tackle threats across the state. Over the next five years, the Governor’s office will focus on these categories to improve its cybersecurity and identify and manage risks to the state.
FI$Cal continues to align with this approach, taking a multi-layered approach to cyber security, in order to avert threats. The department is constantly evaluating the tools we have, and any additional tools we may need, to best protect and monitor our systems. Many of these layers may be technical in nature, but at its core, the people element outlined in Cal-Secure, and implemented at FI$Cal, is vital.
“People are the most important layer,” Ketsdever said. “Keeping staff trained and abreast of the most recent threats and means of gaining unauthorized access is important, so they can help protect our systems.”
Ensuring regular training and preparation turns staff into a firewall of protection against bad actors. The ways in which antagonists try to break through defenses are always evolving, and FI$Cal is continuously providing its staff with the training and tools to thwart those efforts.
With more than 25 years of IT experience, and 15 years working in information technology for the State, Ketsdever said he was “pleasantly surprised” by the dedication to security at FI$Cal. “This makes the job of the Information Security Officer easier, knowing that security is a priority of the leadership and the department as a whole.”
Read Cal-Secure, the Governor’s Roadmap to Cyber Security.