Security and Data Management
Facts

Department:

City Services

What We Do

Information Security

Photo of login and password process taking place

Information Security Office

The Information Security Office (ISO) is part of the Department of Innovation and Technology (DoIT) and is primarily responsible for evaluating and responding to cyber risks to the City’s technical estate.

The ISO was created in 2013, consists of four people and is in the process of building the technical foundations necessary to perform enterprise security monitoring and response. The ISO’s scope of responsibilities includes the “corporate” functions of the City and most departments. Aviation, Water, CPD, OEMC and Fire are “non-corporate” departments are being brought into scope for receiving ISO delivered services.. As the ISO works in a “Shared Services” model, information on the risks and vulnerabilities within the City are centrally evaluated and addressed. This model creates a center of excellence within ISO and results in significant operational efficiencies and cost savings over department driven responses.

ISOs Key Objectives:

  • Develop and enforce an information security strategy, framework, polies and procedures that align City of Chicago business need, legislative and regulatory requirements and industry best practices
  • Assist City of Chicago IT projects and functional areas with the development of efficient processes that are required to meet requirements as defined by the Information Security Office and/or regulatory standards
  • Develop and support a NIST 800-30 and NIST 800-53 risk management framework to be used in information security solutions and asset prioritization
  • Develop a security awareness program to ensure that City of Chicago users understand their responsibility in protecting City of Chicago assets and information
  • Ensure that information security controls assist privacy efforts
  • Provide information security consulting and support to City of Chicago agencies in the area of compliance review, requirements definition, security risk assessment/measurement, security architecture and operational processes
  • Monitor and measure information security vulnerabilities and incidents and provide timely response to ensure confidentiality, integrity, availability and accountability of City of Chicago and its third-parties
  • Communicate the occurrence of significant security incidents, news, Information Security Office decisions and actions with City of Chicago

Confidentiality and Acceptable Use Policy

Information Security Policy

Services

Supporting Information

Department Main Office

Innovation and Technology