Laserfiche WebLink
3. All staff read and acknowledge the City's IT Security Policy. Currently, I do send out occasional <br />emails when threat levels that we monitor start going up. <br />4. City IT has hardened filter policies and domain and email reputation to block malware at the <br />perimeter and via email as much as possible without impeding work. All City computers run <br />Webroot antivirus. We have actually had multiple "zero day" events and they have been <br />immediately isolated and contained with no impact on services. A "zero day" event is where we <br />are the first to be hit with something new and "unidentified" that is potentially destructive. Prior <br />to running Webroot, the City did have 2 ransomeware encryption events within 6 months of <br />each other in 2015 on our previous vendor, TrendAV. We survived those events in 2015 with <br />minimal operational impact, and without paying a ransom. We learned a lot. We changed <br />vendors and upped our game significantly. <br />5. City has a subscription to Barracuda email SPAM filtering. Based on Barracuda reporting 60% of <br />all inbound email to the City is SPAM and is immediately quarantined or discarded. This <br />percentage has been about the same since I started in 2013. We do get lots of complaints about <br />how aggressive the SPAM filter is, but for us in IT, it cannot be aggressive enough. We could <br />stand to do more education in this area because it is misunderstood by staff, and it requires <br />many hours of ticket resolution and intervention on the part of IT to keep the system and users <br />happy (blacklisting, whitelisting, etc.). <br />6. We have converted all firewalls to Palo Alto application firewalls with intrusion detection <br />capabilities and active monitoring, logging and auditing. We use a combination of Netmotion <br />and Palo Alto VPN for all remote sessions. <br />7. City SCADA operations are also 100% isolated via firewall from City network and the Internet to <br />ensure that integrity is maintained for all our water and wastewater services. <br />So when you hear me say "just keeping the lights on"...these are things that keep us operationally busy <br />and keep all City tech services up and running 24-7-365. 1 believe we are doing better than most <br />agencies, but there is always room for continuous improvement, especially in the case of security. It is a <br />thread of everything we do. We try to identify holes by practicing often through scenario based disaster <br />recovery and business continuity drills to make sure we are not missing anything. The fact is, we are <br />always under attack from an unlimited amount of vectors, and the bad guys definitely have more time <br />and money than we do. <br />My goal is to never be the guy in front of the camera and microphone explaining how we did not do <br />enough O. It keeps myself and my staff up most nights, because we have all seen first-hand how ugly it <br />can get. <br />Hope this helps your Trustee understand our scope and the efforts that are underway to keep all our <br />lines of business up and running 24-7-365. <br />Chris Neves <br />Director of Information Technology <br />