|
ITEM: |
CONSENT CALENDAR |
||||
|
|
|||||
|
6. |
RECEIVE CYBERSECURITY
VULNERABILITY ASSESSMENT AND SECURITY POSTURE REPORT |
||||
|
|
|||||
|
Meeting
Date: |
July 18, 2022 |
Budgeted: |
Yes |
||
|
|
|||||
|
From: |
David J. Stoldt,
General
Manager |
Program/ Line Item No. |
Information Technology
|
||
|
|
|||||
|
Prepared
By: |
Suresh
Prasad |
Cost Estimate: |
$0 |
||
|
|
|||||
|
Committee
Recommendation: The Administrative
Committee reviewed this item on May 9, 2022 and recommended the report be
shared with full Board in closed session. |
|||||
|
CEQA Compliance: This action does not constitute a project
as defined by the California Environmental Quality Act Guidelines Section
15378. |
|||||
SUMMARY: Due to surge in ransomware activities around the world, on September 20, 2021, Board authorized staff to complete a Cybersecurity Vulnerability Assessment (CVA) study that could potentially identity security gaps in the District’s Information Technology (IT) network infrastructure. The study was conducted by DeVeera Inc., the District’s current IT consultant.
The study has been completed and
the results of the findings and recommendations are being shared with the
Board. There are two parts to the report, an Executive Summary Report (attached
as an Exhibit) and a full comprehensive analysis report. Due to security concerns, the comprehensive
detailed report will not be shared in the public domain, but will remain as a
confidential report with the District management. The full comprehensive
detailed report was presented to the Board in closed session meeting.
Representatives from DeVeera Inc. will be available at the meeting to discuss the details of the full comprehensive report to the Board in closed session meeting.
The action by the Board is to
receive the report. Implementation
strategy will be discussed at a later date.
RECOMMENDATION: Staff recommends receiving the Cybersecurity Vulnerability Assessment Report. Implementation strategy is not part of this action.
IMPACT TO STAFF/RESOURCES: None.
BACKGROUND: The District’s IT Infrastructure supports all facets of District’s computing needs including e-mail, Data Storage, Network and Data Security, Water Demand Database Application, GIS Application and Storage, Web Hosting, Financial Applications, SQL server databases and numerous other needs.
It is extremely important for the District to maintain its IT systems and address any security vulnerability that may exist within the system. DeVeera Inc. has been the District’s IT consultant for past 2 years and fully understands the District IT network infrastructure. The CVA consultant that primarily completed the report has been in the cybersecurity business for two decades.
EXHIBIT:
6-A Cybersecurity Vulnerability Assessment and
Security Posture Report
U:\staff\Boardpacket\2022\20220718\Consent
Calendar\06\Item-6.docx