The cybersecurity threats faced by many organizations and governments have only increased and evolved in recent years (especially with teleworkers). In response to these growing threats the ITA Information Security Office Integrated Security Operation Center (ITA-ISO ISOC) has been pivotal in identifying, mitigating, and coordinating response for Cybersecurity Incidents. The primary role of the ISOC is to work as the integration point for the various security teams throughout the city.
In addition to helping create a more unified and standardized Cybersecurity response, the ISOC has been critical in a number of city wide projects to help protect the city, some of those projects include:
Connect2LACity - The ISOC team has been heavily involved in helping not only quickly deploy the original remote access solution at the beginning of covid, but to help maintain and run the remote access solution for over 24,000 employees across 42 departments that is critical in these trying times
Cyber Watch List / Department Risk Portal - Each year there are over 22,000 new vulnerabilities in various systems that the City of Los Angeles uses which are potentially targets for Cybersecurity attacks. Due to the overwhelming number of systems and vulnerabilities we are facing, the ISOC has created an easy to use Metric system for the various 42 different department to quickly identify their overall risk associated with the vulnerabilities in relation to the City Average
Endpoint Protection and Response - In light of the ever evolving Cybersecurity threats, the ISOC team has identified a number of potential deficiencies in the previous endpoint protection, or antivirus solution which was widely deployed through the City. The ISOC has evaluated, tested, and deployed a number of solutions and identified the current endpoint protection standard that will help protect the City users while working in the office or remote.
Protecting users on the Web - One of the primary ways a City of Los Angeles employee may be infected by malicious code or targeted by Malicious Actors is through the internet. In order to help combat the constant threat to users who now work both on-site or remotely, the ISOC has tested and deployed a new cloud-base Web proxy to replace our aging on-prem devices
Protecting our users through email - Social engineering and Phishing attacks, or ways for Malicious Actors to steal information from over 24,000 employees across 42 departments, have grown increasingly sophisticated in their methods and techniques. The ISOC works ever-vigilant in identifying and mitigating these attacks which can bypass our current email security tools and filters. In addition, we have deployed an easy way for users to quickly report emails and get a response back on the initial analysis for most emails in under 5 minutes in a couple of quick clicks.
The ISOC provides various other important security roles, such as helping coordinate with our local, regional, state, and federal partners. One of the latest major coordinating efforts led by the ISOC was the recent Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) Risk and Vulnerability Assessment that helped identify a number of potential vulnerabilities and threats facing the 42 departments. The ISOC is working on coordinating the remediation and helping prioritize the most critical of the findings across the various departments.
The hard working ITA-ISO ISOC Team members are:
Daniel Clark Lee