Office of Security Services
The Office of Security Services is located in the State Information Technology Services Division (SITSD) in the Department of Administration (DOA), we are responsible for protecting the State's cyber assets and securing the State's cyber services to the citizens of Montana. The Office of Security Services is comprised of two sections:
Incident Response & Technical Security
- Provides incident response and technical security services to the State of Montana.
- Provides investigative services utilizing digital forensic techniques.
- Acts as subject matter experts for technical security inquiries.
- Performs vulnerability and compliance scanning of information systems.
- Administers and investigates next-generation Anti-Virus.
Policy & Risk Management
- Provides security policy and risk management services to the State of Montana.
- Creates a framework of safeguards and information
security best practices based on by the National Institute of Standards and
Technology (NIST) as well as other national standards.
- Promotes adoption of consistent information
security policies throughout all state agencies.
- Furthers information security awareness and
skills among State of Montana employees.
- Enhances the overall posture of information security
within state agencies.
- Encourages collaboration between state agencies
through the Montana Information Security Advisory Council (MT-ISAC).
Chief Information Security Officer
Andy Hanks, CGEIT, CISM, CRISC, CISA, CCSK, COBIT 5 Foundation
Contact me: Email | LinkedIn Profile
Incident Response & Technical Security Bureau Chief
James Zito, CISSP-ISSAP, GCFE, Security+, Network+, A+
Contact me: Email
Policy & Risk Management Bureau Chief
Joe Frohlich, CISSP, CAP
Contact me: Email
Mission, Vision, and Goals
We align our Mission, Vision, and Goals with those from the Department of Administration (DOA) and the State Information Technology Services Division (SITSD). The core of "what we do, how we do it, and why we do it" is governed by a central theme: "Protect State information assets and citizen's data".
Our mission is to protect and preserve the confidentiality, integrity, and
availability of the State's information assets by managing risks, hunting threats, and mitigating vulnerabilities before they are exploited to harm the State's people, processes, or technology.
Our vision is to provide a secure environment for the State to conduct business and provide services to the citizens of Montana.
Our primary goal is to enhance information security by implementing standardized best practices to protect systems, assets, and data in a cost-effective manner.
- Objective 1.1 Develop and implement security standards, common controls, and best practices for information systems.
- Objective 1.2 Enhance the enterprise information security training and awareness program.
- Objective 1.3 Protect information systems across the state by leveraging the public-private partnerships established by MT-ISAC to enhance information sharing, outreach, and risk awareness.
- Objective 1.4 Develop the internal review and compliance program to provide data that proves efficient security controls or identifies security gaps to remediate.
- Objective 1.5 Develop automated processes in continuous monitoring and risk management to identify threats, gain efficiencies, and overcome resource limitations.
- Objective 1.6 Perform a cybersecurity cost analysis for the State of Montana, including investment recommendations.
SITSD Service Catalog