The Governor's Goal Council 5 (GC5) Cyber Security Group was formed September 5, 2017 with the goal of raising the statewide RiskSense score to 700 by December 2017. The State achieved this goal on December 31, 2017 with a final score of 728.
Following that achievement, the next phase of the group was to improve and standardize processes to ensure sustainment and continuous improvement of the statewide score. This means maintaining a minimum of a 725 RiskSense score for every state agency by December 2018. With all the agencies participation and support, GC5 maintained a 725 RiskSense score for every state agency before the end of 2018.
In February 2019, the Enterprise Security Program Advisory Council (ESPAC) was formed. ESPAC is a unified cyber security strategy initiated by the Governor's office for the benefit of all State agencies. The group has been collaborating on enterprise security initiatives with its overall mission to help develop an enterprise cyber security strategy and help oversee enterprise cyber security operations.
Today, ESPAC helps identify the necessary components of a management system and provide recommendations on enterprise security controls and policies to the State Chief Information Security Officer (CISO).
Members are appointed from Agency Information Security stakeholders and subject matter experts, who then select and guide the creation of subcommittees.
The ESPAC Subcommittees are where the bulk of the program work gets done. There is one committee per task/control/tool. It is made up of staff from agencies with various lines of business in order to obtain enterprise perspective.
The State CISO is responsible for the overall strategic direction of the Enterprise Security Program (ESP). He/she provides final approval of the committee's recommendation and leads the ESPAC and ASET Enterprise Security Team.