|
ADMINISTRATIVE
COMMITTEE |
||||
|
|
||||
|
2. |
RECEIVE CYBERSECURITY
VULNERABILITY ASSESSMENT AND SECURITY POSTURE REPORT |
|||
|
|
||||
|
Meeting
Date: |
May 9, 2022 |
Budgeted: |
Yes |
|
|
|
||||
|
From: |
David J. Stoldt,
General
Manager |
Program/ Line Item No. |
Information Technology
|
|
|
|
||||
|
Prepared
By: |
Suresh
Prasad |
Cost Estimate: |
$0 |
|
|
|
||||
|
Committee
Recommendation: The Administrative
Committee reviewed this item on May 9, 2022 and recommended
__________________. |
||||
|
CEQA Compliance: This action does not constitute a project
as defined by the California Environmental Quality Act Guidelines Section
15378. |
||||
SUMMARY: Due to surge in ransomware activities around the world, on September 20, 2021, Board authorized staff to complete a Cybersecurity Vulnerability Assessment (CVA) study that could potentially identity security gaps in the District’s Information Technology (IT) network infrastructure. The study was conducted by DeVeera Inc., the District’s current IT consultant.
The study has been completed and
the results of the findings and recommendations are being shared with the
Board. There are two parts to the report, an Executive Summary Report (attached
as an Exhibit) and a full comprehensive analysis report. Due to security concerns, the comprehensive
detailed report will not be shared in the public domain, but will remain as a
confidential report with the District management.
Representatives from DeVeera Inc., will be available
at the meeting to discuss the details of the report.
RECOMMENDATION: The Administrative Committee should recommend that the Board receive the Cybersecurity Vulnerability Assessment Report.
IMPACT TO STAFF/RESOURCES: None.
BACKGROUND: The District’s IT Infrastructure supports all facets of District’s computing needs including e-mail, Data Storage, Network and Data Security, Water Demand Database Application, GIS Application and Storage, Web Hosting, Financial Applications, SQL server databases and numerous other needs.
It is extremely important for the District to maintain its IT systems and address any security vulnerability that may exist within the system. DeVeera Inc. has been the District’s IT consultant for past 2 years and fully understands the District IT network infrastructure. The CVA consultant that primarily completed the report has been in the cybersecurity business for two decades.
EXHIBIT
2-A Cybersecurity Vulnerability Assessment and Security Posture Report
U:\staff\Board_Committees\Admin\2022\20220509\02\Item-2.docx