Matrix of Information Technology Strategic Plan 2017 Challenges and Recommendations
| Challenge One | Meeting the customer where they are. “Online not in line.” |
| Challenge Two | Selecting the right product or products |
| Challenge Three | Securing IT Systems and Data |
| Challenge Four | Supporting the use of County IT systems |
| Challenge Five | Improving efficiencies in our IT practices |
| Recommendation 1A | Continue to emphasize Web-based services through the IT Innovations program. The IT Innovation program’s focus on moving services online in support of providing service delivery “Online not in line” should continue. Departments should also incorporate this emphasis wherever possible into their practice, regardless of whether Innovation funds are involved or not |
| Recommendation 1B | Seek opportunities to make online services more accessible and usable via mobile devices such as smartphones and tablet computers |
| Recommendation 2A | Cloud services should be considered for most, if not all, future acquisitions of IT systems or services |
| Recommendation 3A | Inventory all entry points to the County network, Internet connections, and connections to third party networks |
| Recommendation 3B | Contract with a reputable IT Auditor to conduct a security assessment |
| Recommendation 3C | Evaluate findings from 3B and implement needed changes as soon as practicable |
| Recommendation 3D | Require logging of all inbound and outbound traffic through the entry points identified in 3A as well as alerting of any suspicious activity associated with that traffic |
| Recommendation 3E | Research, procure and implement and require the routine use of internal vulnerability assessment tools |
| Recommendation 3F | Conduct peer-reviewed internal evaluations of compliance with security policy |
| Recommendation 3G | Implement a comprehensive internal software catalog |
| Recommendation 3H | Develop and implement secure software development standards |
| Recommendation 3I | Research, procure and implement and require the use of a software security assessment tool for all new software developed in-house and for-hire |
| Recommendation 3J | Hire a dedicated Cybersecurity Officer (CSO) with county-wide responsibility and authority |
| Recommendation 3K | The CSO will develop and conduct mandatory cybersecurity training for all County staff. Staff will be required to attend these trainings every three years. Information Technology staff should be trained more frequently – at least every 24 months |
| Recommendation 3L | Implement an internal Critical Incident Response Team (CIRT) including the CSO, County Security Officer and Terrorism Liaison Officer who train and practice incident response and have jurisdiction when cybersecurity issues are suspected |
| Recommendation 3M | Update the County IT security policy with elements from these recommendations, acknowledging the authority of the Cybersecurity Officer and CIRT |
| Recommendation 4A | Investigate alternatives to the existing management practice for the County’s Oracle Financial Management System and PeopleSoft Human Resources Management System |
| Recommendation 4B | Develop sustainability plans for significant IT expenditures |
| Recommendation 4C | Evaluate the effectiveness of the Stanislaus County IT classification structure |
| Recommendation 4D | Evaluate strategies for improving the success rate of IT recruitments, especially for the Software Developer class |
| Recommendation 4E | Evaluate the role that IT technical training and IT certifications could play in building a highly competent IT workforce |
| Recommendation 5A | Implement a single sign-on solution County-wide |
| Recommendation 5B | Implement a County-wide email system using Microsoft’s Office 365 product |
Table of Contents
