QUESTION
What are the cybersecurity protocols and measures, and are they publicly available or kept confidential for security reasons?
1:16:38
·
42 sec
Chief Information Security Officer Kelly Moan explains that specific incident response plans and procedures are not made publicly available in order to prevent potential threat actors from gaining insight into their response strategies.
- These plans are internally circulated within New York City agencies.
- Agencies maintain their own specific incident response procedures in close collaboration with New York City Cyber Command.
- The citywide policy requires annual updates to these cybersecurity protocols and procedures.
- Updates may also occur after tabletop exercises or when necessary changes arise.
Joann Ariola
1:16:38
I wanna go back to the cybersecurity protocols.
1:16:41
So the you talked about protocols and measures that are in place.
1:16:46
Are they publicly available or is that would that be not available publicly because of security reasons?
Kelly Moan
1:16:53
So typically, in specific incident response plans and procedures aren't made publicly available.
1:17:00
We also don't want to promote threat actors having an understanding of what we would do should an incident arise with to a certain severity level.
1:17:09
But those are internally circulated and agents teams also maintain specific incident response procedures for downstream with their agency and close collaboration with us as well.
