About
Cyber Security Services (CSS) brings together enterprise security capabilities into a single organization.
CSS is responsible for enterprise security policy, security monitoring of the state network, enterprise incident response, and enterprise security architecture, as well as dissemination of security training, policy, and best practices across state government. CSS works collaboratively with Data Center Services and agencies to support information security functions and ensure the security of the state network and information technology infrastructure.
While all agencies are collectively responsible for information security, the work of CSS supports and increases the collective impact and resilience of state agencies. Moving forward, CSS is focused on the seamless integration of information security, solutions, and personnel into a coordinated multi-sector approach that recognizes cybersecurity as a public good.
Overarching Services
Policy and Standards
Enterprise Information Services (EIS) has responsibility for statewide information and cybersecurity standards, and policies on information security, under the authority of Oregon Revised Statute 276A.300.
As part of EIS, Cyber Security Services (CSS) is responsible for creation and maintenance of the Statewide Information and Cyber Security Standards. CSS sets the statewide direction for cybersecurity and follows guidance from National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS) as well as other cybersecurity organizations such as the Cloud Security Alliance (CSA) where appropriate.
Please see our Guidance for State Agencies page for more information.
Consulting
CSS provides consulting assistance on a voluntary basis to state agencies, boards, and commissions. The purpose of these services is to promote cybersecurity preparedness, risk mitigation, and incident response capabilities in state government through stakeholder partnerships and direct assistance activities. CSS maintains central and embedded security resources.
CSS security resources:
- Cultivate partnerships with participating organizations and initiate information sharing.
- Introduce organizations to various cybersecurity products and services, along with other resources, and act as liaisons to the organization’s leadership.
- Provide working group support and offer leadership at existing forums and working groups, engaging stakeholders with in-place cybersecurity initiatives and information sharing groups.
Requesting Services
To receive more information specific to your agency about any of these services, send a request for the service to
ESO.INFO@das.oregon.gov.