DEF CON 29 Voting Village - Sang Oun Lee - Keeping Your Information Security Policy Up to Date

Information security policy (ISP) is the highest directive of the cybersecurity posture of an organization. ISPs play a role by providing a subset of administrative, operational, and technical controls to mitigate omnidirectional cyber risks. Local government, which provides a wide range of public services with various functions, is a double-edged sword. On the one hand, its public impact on every activity is wide enough to influence a far broader audience with multiple interests. On the other hand, this wider audience than private organizations allows salient cyberattacks such as influence operations with social media, conveyance of wrongful policy information, a breach in personal health information (PHI) and privacy, and so forth - protecting a local government is both protection of an organization and its residents. This presentation suggests a method to revise existing ISP to make contributions for ISP staying up-to-date, align to the latest industry standards and regulations to be compliant, and narrowing down newly identified gaps from the local government perspective.