Matrix of Information Technology Strategic Plan 2017 Challenges and Recommendations

Challenge One Meeting the customer where they are. “Online not in line.”
Challenge Two Selecting the right product or products
Challenge Three Securing IT Systems and Data
Challenge Four Supporting the use of County IT systems
Challenge Five Improving efficiencies in our IT practices
Recommendation 1A Continue to emphasize Web-based services through the IT Innovations program.  The IT
Innovation program’s focus on moving services online in support of providing service
delivery “Online not in line” should continue. Departments should also incorporate this
emphasis wherever possible into their practice, regardless of whether Innovation funds
are involved or not
Recommendation 1B Seek opportunities to make online services more accessible and usable via mobile
devices such as smartphones and tablet computers
Recommendation 2A Cloud services should be considered for most, if not all, future acquisitions of IT systems
or services
Recommendation 3A Inventory all entry points to the County network, Internet connections,
and connections to third party networks
Recommendation 3B Contract with a reputable IT Auditor to conduct a security assessment
Recommendation 3C Evaluate findings from 3B and implement needed changes as soon as practicable
Recommendation 3D Require logging of all inbound and outbound traffic through the entry points identified in
3A as well as alerting of any suspicious activity associated with that traffic
Recommendation 3E Research, procure and implement and require the routine use of internal vulnerability
assessment tools
Recommendation 3F Conduct peer-reviewed internal evaluations of compliance with security policy
Recommendation 3G Implement a comprehensive internal software catalog
Recommendation 3H Develop and implement secure software development standards
Recommendation 3I Research, procure and implement and require the use of a software security assessment
tool for all new software developed in-house and for-hire
Recommendation 3J Hire a dedicated Cybersecurity Officer (CSO) with county-wide responsibility and
Recommendation 3K The CSO will develop and conduct mandatory cybersecurity training for all County staff.
Staff will be required to attend these trainings every three years. Information
Technology staff should be trained more frequently – at least every 24 months
Recommendation 3L Implement an internal Critical Incident Response Team (CIRT) including the CSO, County
Security Officer and Terrorism Liaison Officer who train and practice incident response
and have jurisdiction when cybersecurity issues are suspected
Recommendation 3M Update the County IT security policy with elements from these recommendations,
acknowledging the authority of the Cybersecurity Officer and CIRT
Recommendation 4A Investigate alternatives to the existing management practice for the County’s Oracle
Financial Management System and PeopleSoft Human Resources Management System
Recommendation 4B Develop sustainability plans for significant IT expenditures
Recommendation 4C Evaluate the effectiveness of the Stanislaus County IT classification structure
Recommendation 4D Evaluate strategies for improving the success rate of IT recruitments, especially for the
Software Developer class
Recommendation 4E Evaluate the role that IT technical training and IT certifications could play in building a
highly competent IT workforce
Recommendation 5A Implement a single sign-on solution County-wide
Recommendation 5B Implement a County-wide email system using Microsoft’s Office 365 product
Next Page Previous Page

Table of Contents