Agency for Enterprise Information Technology
Office of Information Security
Security Rule 71A-1
o Two public meetings have been held. The Security Rule is scheduled to be completed in
Enterprise IT Security Strategic Plan in final draft
o The Enterprise IT Strategic Plan has been completed. It was sent to ISMs for comment
and the final will be made available via the website after the printer has formatted the
Agencies Security Strategic Plan and Operational Plan
o 282.318 requires the state agencies to submit to AEIT annually by July 31, the agency's
strategic and operational information security plans developed pursuant to the rules and
guidelines established by the office (AEIT).
o AEIT has formed a workgroup of Information Security Managers to update and streamline
the process and standardize the deliverables. This project will be complete in May 2011.
o The workgroup is holding training for the ISMs on the templates – May 26 and 27 ,
invitation have gone out to the ISMs to sign up.
Service Level Agreement Security Check sheet template
o An Information Security Manager workgroup has created and distributed a Template to
agencies to use as a guide for identifying potential security requirements as they move
through data center consolidation.
o FREE - Florida’s Digital Summit will be held May 12-13 at the FSU Turnbull Center.
Amongst other presentations, there will be two on information security
Information Leakage – Symantec Corporation
Cybercrime Trends – Federal Bureau of Investigation
o There will be an InfraGard Meeting - August 24, 2010: The National Institute of Standards
and Technology (NIST) will present on how to apply security strategies to protect your
data. This meeting is open to the public.
o FREE - Florida Government Technology Conference – Cyber Summit ; October 19 ,
Cyber Summit October 20 Four keynotes on Cyber Security on Oct 20
Enterprise Security Services Implementation Plan
This is a proposed implementation plan for information technology security and has been
assigned by the legislature to AEIT The completion date is December 31, 2010. . The agency
shall describe the scope of operation, conduct costs and requirements analyses, conduct an
inventory of all existing security information technology resources, and develop strategies,
timeframes, and resources necessary for statewide migration.
Recent CBS Printer Scanners news report
A recent CBS investigative report on Multi-function devices (MFD) pointed out some issues with
the storage of information on hard drives located within these copiers. As a result, AEIT has
been working with DMS to provide security language for the DMS RFQ MFD procurement.
In addition, AEIT has created a best practice whitepaper on this subject.