QUESTION
What is the extent to which agencies can share data and how is the data shared?
0:34:50
·
74 sec
Kelly Moan explains that the ability for agencies to share data depends on the specific use case.
- Data sharing may involve existing mechanisms like file transfer sites with security protections in place.
- For new technologies, there are security review processes to vet solutions and implement necessary security controls before rollout.
- The theme of cybersecurity is to enable agency needs while managing risks.
- Specifics on notification processes for sharing personal information or inter-agency data sharing were not provided.
Jennifer GutiƩrrez
0:34:50
My next series of questions are related to data and personal information.
0:34:54
We know that often that information is shared between agencies through, you know, data sharing agreements.
0:35:01
Can you describe the extent to which agencies can share data and how the data is shared?
0:35:06
From a technical standpoint.
Kelly Moan
0:35:09
So it really depend on the use case.
0:35:11
I think cybersecurity our our ethos and sort of theme of cybersecurity is to be an enabler, not a blocker.
0:35:20
And so from a business perspective, when an agency wants to endeavor, of share information.
0:35:25
Right?
0:35:25
Sometimes that is a relatively easy mechanism that's already in place, such as a a file transfer sharing site.
0:35:33
Or availability of that capability that already has relevant security protections in place.
0:35:39
And sometimes that's an agency that endeavors to take advantage of a new technology or system and wants to deploy something new in their environment.
0:35:48
And we have relevant security review processes and procedures to work collaboratively with that agency, to vet the solution, and assist them in any implementation of security control that need to be met prior to rollout.