Cybersecurity About Us

About Us

Office of Security Services

The Office of Security Services is located in the State Information Technology Services Division (SITSD) in the Department of Administration (DOA), we are responsible for protecting the State's cyber assets and securing the State's cyber services to the citizens of Montana. The Office of Security Services is comprised of two sections:

Incident Response & Technical Security

  • Provides incident response and technical security services to the State of Montana.
  • Provides investigative services utilizing digital forensic techniques.
  • Acts as subject matter experts for technical security inquiries.
  • Performs vulnerability and compliance scanning of information systems.
  • Administers and investigates next-generation Anti-Virus.

Policy & Risk Management

  • Provides security policy and risk management services to the State of Montana.
  • Creates a framework of safeguards and information security best practices based on by the National Institute of Standards and Technology (NIST) as well as other national standards.
  • Promotes adoption of consistent information security policies throughout all state agencies.
  • Furthers information security awareness and skills among State of Montana employees.
  • Enhances the overall posture of information security within state agencies.
  • Encourages collaboration between state agencies through the Montana Information Security Advisory Council (MT-ISAC).


Leadership


Chief Information Security Officer

Andy Hanks, CGEIT, CISM, CRISC, CISA, CCSK, COBIT 5 Foundation

Contact me: Email | LinkedIn Profile


Incident Response & Technical Security Supervisor

James Zito, GCFE, CompTia A+, Network+, Security+

Contact me: Email


Security Policy & Risk Management Supervisor

Joe Frohlich, CISSP

Contact me: Email


Mission, Vision, and Goals

We align our Mission, Vision, and Goals with those from the Department of Administration (DOA) and the State Information Technology Services Division (SITSD).  The core of "what we do, how we do it, and why we do it" is governed by a central theme: "Protect State information assets and citizen's data".


Our Mission

Our mission is to protect and preserve the confidentiality, integrity, and availability of the State's information assets by managing risks, hunting threats, and mitigating vulnerabilities before they are exploited to harm the State's people, processes, or technology.


Our Vision

Our vision is to provide a secure environment for the State to conduct business and provide services to the citizens of Montana.


Our Goals

Our primary goal is to enhance information security by implementing standardized best practices to protect systems, assets, and data in a cost-effective manner.

  • Objective 1.1 Develop and implement security standards, common controls, and best practices for information systems.
  • Objective 1.2 Enhance the enterprise information security training and awareness program. 
  • Objective 1.3 Protect information systems across the state by leveraging the public-private partnerships established by MT-ISAC to enhance information sharing, outreach, and risk awareness. 
  • Objective 1.4 Develop the internal review and compliance program to provide data that proves efficient security controls or identifies security gaps to remediate.                                                     
  • Objective 1.5 Develop automated processes in continuous monitoring and risk management to identify threats, gain efficiencies, and overcome resource limitations.
  • Objective 1.6 Perform a cybersecurity cost analysis for the State of Montana, including investment recommendations.


Service Offerings

SITSD Service Catalog


Our Website

Security Services Webmaster

Tom Murphy

Contact me: Email