<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:496504588;
mso-list-type:hybrid;
mso-list-template-ids:-933491078 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:1946450930;
mso-list-type:hybrid;
mso-list-template-ids:-1457866192 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Good afternoon:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thank you to those able to attend our quarterly meeting. We had some great discussions, highlights are captured below. Please let me know if you have any additions or corrections. If you have suggestions for
next quarters meeting, please send them to me as well. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level1 lfo1">
Mark J. (CSS) provided an update on SOC activities<o:p></o:p></li><ul style="margin-top:0in" type="circle">
<li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level2 lfo1">
Local government partners who utilize Tenable IO and are interested in CISA Cyber Hygiene- Vulnerability Scanning (attached overview) can contact Mark for more information.<o:p></o:p></li></ul>
<li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level1 lfo1">
Reminder of CISA Shields Up campaign <o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level1 lfo1">
IT ecosystem- Who has access <o:p></o:p></li><ul style="margin-top:0in" type="circle">
<li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level2 lfo1">
Group discussed challenges of getting a complete view of their IT ecosystem and ways to assist in getting that view. Suggestions to assist in identifying the IT ecosystem are:<o:p></o:p></li><ul style="margin-top:0in" type="square">
<li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level3 lfo1">
CISA risk assessment can help assist identifying systems<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level3 lfo1">
Have a systems inventory<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level3 lfo1">
Have access agreements (vendors and third parties)<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level3 lfo1">
Establish standard operating procedures (SOP)<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level3 lfo1">
Document interconnections (interconnection tables)<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level3 lfo1">
Document System Security Plans<o:p></o:p></li></ul>
<li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level2 lfo1">
Nancy said she uses a tool that provides a Systems Security Plan and an executive presentation.
<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level2 lfo1">
Richard mentioned he recommends using Security Studio – Contact Richard for more information.<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level2 lfo1">
Group discussed how vendors are not always as supportive as initially believed. Organizations need to understand specifically what they receive with “vendor support” and should have expectations documented.<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level2 lfo1">
Group also discussed the need for knowledge transfer. Several report that there is a reliance on staff with historical knowledge and access. There is a need to move to a knowledge transfer to lessen risk.
<o:p></o:p></li></ul>
<li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level1 lfo1">
Group discussed challenges:<o:p></o:p></li><ul style="margin-top:0in" type="circle">
<li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level2 lfo1">
Changes are occurring to cyber insurance. Insurers have added questions to the supplemental addendum that are more granular and sometimes appear to not provide an accurate depiction of the risk. Organizations should discuss with the insurer the risk.<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level2 lfo1">
Executives have competing priorities and providing them a wholistic view of cyber and the associate risk can be difficult. Having ways to communicate such as presentations or speaking points would be helpful. The group discussed having a dashboard or report
card would be helpful. <o:p></o:p></li><ul style="margin-top:0in" type="square">
<li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level3 lfo1">
Anthony stated he uses a toll developed by Treasury.<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l1 level3 lfo1">
Anthony will send the tool set (attached). Josh reported he uses the CSF tool. He will send an example<o:p></o:p></li></ul>
</ul>
</ul>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Next Quarter<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l0 level1 lfo2">
Kim M. will share next quarter on Lane Counties initiative/agreement with National Guard<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l0 level1 lfo2">
Mutual Aid Sub – workgroup update<o:p></o:p></li><li class="MsoListParagraph" style="color:#1F497D;margin-left:0in;mso-list:l0 level1 lfo2">
Fusion Center briefing<o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Regards, </span><span style="color:#1F497D"><o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="702" style="width:526.5pt;border-collapse:collapse">
<tbody>
<tr style="height:72.45pt">
<td width="136" valign="top" style="width:101.7pt;padding:0in 5.4pt 0in 5.4pt;height:72.45pt">
<p class="MsoNormal" style="line-height:105%"><o:p> </o:p></p>
<p class="MsoNormal" style="line-height:105%"><img width="121" height="87" style="width:1.2638in;height:.9097in" id="Picture_x0020_1" src="cid:image001.png@01D850DD.BB904B60"><o:p></o:p></p>
</td>
<td width="566" valign="top" style="width:5.9in;padding:0in 5.4pt 0in 5.4pt;height:72.45pt">
<p class="MsoNormal" style="line-height:105%"><b><o:p> </o:p></b></p>
<p class="MsoNormal" style="line-height:105%"><b>Cinnamon Albin<o:p></o:p></b></p>
<p class="MsoNormal" style="line-height:105%">Cyber Security<o:p></o:p></p>
<p class="MsoNormal" style="line-height:105%">Enterprise Information Services<o:p></o:p></p>
<p class="MsoNormal" style="line-height:105%">Cyber Security Services (CSS)<o:p></o:p></p>
<p class="MsoNormal" style="line-height:105%">Desk: (503)373-1496<o:p></o:p></p>
<p class="MsoNormal" style="line-height:105%">Cell: (971)707-1966<o:p></o:p></p>
</td>
</tr>
<tr>
<td width="702" colspan="2" valign="top" style="width:526.5pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" style="line-height:105%"><i><span style="color:#2E74B5">“Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians.”<o:p></o:p></span></i></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>