QUESTION
How often are city-wide cybersecurity policies reviewed and updated by the Office of Technology and Innovation (OTI)?
1:52:59
·
60 sec
The council member inquires about the frequency of reviews and updates to city-wide cybersecurity policies by OTI. The CISO from OTI explains that policies are updated periodically, citing the recent update to the internal password policy as an example.
- Policies are reviewed and updated as needed based on new tactics, processes or changes in the cybersecurity industry
- OTI has a policy team dedicated to reviewing and updating policies
- The goal is to balance new and emerging password requirements with the needs of city agencies
- Updates aim to keep policies aligned with evolving cybersecurity tactics and approaches
Jennifer GutiƩrrez
1:52:59
Regarding city wide cybersecurity protocols.
1:53:03
How often does OTI review and update those policies?
1:53:09
Periodically,
Kelly Moan
1:53:10
just this year, we we update dated our internal password policy, which was a lot of hours and a lot of hard hard work to make sure that we're balancing both the new and emerging landscape of passwords, but also our our agencies as well.
1:53:28
So that's just one example of many.
Jennifer GutiƩrrez
1:53:30
They're reviewed periodically, but are they updated?
1:53:32
They're not
Kelly Moan
1:53:33
updated periodically as well.
1:53:35
Okay.
1:53:35
We have a a policy team that reviews and updates where necessary for new tactics, new processes that are in place.
1:53:48
Or just again that the technology or the cybersecurity industry has changed tactics or approach on a certain matter.
1:53:56
Making sure that we're building new policies to impact.
