The mission of OIT's Office of Information Security (OIS) is directly aligned with the goals and objectives of the National Strategy to Secure Cyberspace and is the single state source for cyber security readiness and awareness. Working closely with federal, state, local and private sector partners, the Office of Information Security actively gathers and analyzes information on cyber threats and vulnerabilities that present risk to the state's information systems or the critical information managed within.
The CISO is responsible for enterprise-wide Colorado Information Security Program (CISP) which includes governance, risk, compliance and risk management. Jonathan Trull is the CISO for the State of Colorado.
The OIS Security Management is responsible for security risk management across state departments. This group manages State Informaiton Security Policies, Security Standards, onsets with agencies on technical matters, and manages enterprise projects to meet security requirements.
The OIS Compliance Program has oversight of applicable regulatory compliance to include compliance with federal and state laws, regulations, and Colorado Information Security Policy.
Application Security Program
The OIS Application Security Program is responsible for the creation of secure coding best practices to protect Colorado's information systems and mission critical applications.