CYBERSECURITY UPDATE September 27, 2022 PETER MANTOS, STATE CIO

CYBERSECURITY UPDATE September 27, 2022 PETER MANTOS, STATE CIO RAJA SAMBANDAM, STATE CISO

2 Statewide Cybersecurity updates 70 agencies onboarded to Vulnerability Management Program Average RS3 Score trending above 760 Ransomware Mitigation Campaign initiated 34 agencies have at least one device exposed to Ransomware Email campaign initiated to quickly address exposure

3 Statewide Cybersecurity updates Statewide Attack Surface Management (ASM) program implemented Statewide annual Network and Application penetration testing contract signed Security Operations Center (SOC) gap analysis is ongoing Security Information and Event Management evaluation in process Priority 1 – DoIT and DoIT supported agencies Priority 2 – All other state agencies (need support from agencies to share system log information for monitoring) Priority 3 &4 – To onboard Schools and local Governments*

4 Statewide Cybersecurity updates Recurring Funding request for 10 million (annually) to sustain existing and inflight Cybersecurity measures Funding DoIT operations by 8 Million will reduce IT cost by about 12% to all agencies DoIT act updates for Cybersecurity and Broadband Collaboration with Broadband for Cybersecurity measure to protect the Broadband infrastructure Planned migration to NM.GOV (Federal mandate) Multifactor Authentication for state user community (15k) Enterprise IT/Security Risk Assessment (annual)

5 Thank You QUESTIONS?